« back to all changes in this revision
Viewing changes to serverguide/po/ca.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/ca.po
1
# Catalan translation for ubuntu-docs
2
# Copyright (c) 2006 Rosetta Contributors and Canonical Ltd 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-08-16 03:16+0000\n"
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
"Language-Team: Catalan <ca@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:44+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (projecte de documentació de l'Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Guia del servidor de l'Ubuntu"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30-09-2007"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Xarxes del Windows"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"Les xarxes d'ordinadors són molt sovint heterogènies, i tot i que una xarxa "
48
"que només fos de clients i servidors amb l'Ubuntu seria realment "
49
"interessant, hi ha xarxes que han de ser mixtes, amb ordinadors amb Ubuntu i "
50
"d'altres amb el <trademark class=\"registered\">Windows</trademark> de "
51
"<trademark class=\"registered\">Microsoft</trademark> treballant junts en "
52
"harmonia. Aquesta secció de la Guia per a servidors de "
53
"l'<phrase>Ubuntu</phrase> introdueix els principis i les eines emprades per "
54
"a configurar el vostre servidor Ubuntu per a compartir recursos de xarxa amb "
55
"els ordinadors Windows."
56
57
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
58
msgid "Introduction"
59
msgstr "Introducció"
60
61
#: serverguide/C/windows-networking.xml:27(para)
62
msgid ""
63
"Successfully networking your Ubuntu system with Windows clients involves "
64
"providing and integrating with services common to Windows environments. Such "
65
"services assist the sharing of data and information about the computers and "
66
"users involved in the network, and may be classified under three major "
67
"categories of functionality:"
68
msgstr ""
69
"Emprar el vostre sistema amb Ubuntu en una xarxa de clients Windows implica "
70
"proporcionar i integrar serveis comuns als entorns Windows. Aquests serveis "
71
"permeten la compartició de dades i informació sobre els ordinadors i usuaris "
72
"de xarxa, i es poden classificar en tres categories principals a nivell de "
73
"funcionalitat:"
74
75
#: serverguide/C/windows-networking.xml:35(para)
76
msgid ""
77
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
78
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
79
"folders, volumes, and the sharing of printers throughout the network."
80
msgstr ""
81
"<emphasis role=\"bold\">Serveis de compartició de fitxers i "
82
"impressores</emphasis>. A través de la utilització del protocol «Server "
83
"Message Block» (SMB) per a facilitar la compartició de fitxers, carpetes, "
84
"volums, així com d'impressores, per la xarxa."
85
86
#: serverguide/C/windows-networking.xml:41(para)
87
msgid ""
88
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
89
"information about the computers and users of the network with such "
90
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
91
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
92
msgstr ""
93
"<emphasis role=\"bold\">Serveis de directori</emphasis>. Compartint "
94
"informació vital sobre els ordinadors i usuaris de la xarxa amb tecnologies "
95
"com el protocol Lightweight Directory Access Protocol (LDAP) i l'<trademark "
96
"class=\"registered\">Active Directory</trademark> de Microsoft ."
97
98
#: serverguide/C/windows-networking.xml:48(para)
99
msgid ""
100
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
101
"the identity of a computer or user of the network and determining the "
102
"information the computer or user is authorized to access using such "
103
"principles and technologies as file permissions, group policies, and the "
104
"Kerberos authentication service."
105
msgstr ""
106
"<emphasis role=\"bold\">Autenticació i accés</emphasis>. Establint la "
107
"identitat d'un ordinador o un usuari de la xarxa i determinant la informació "
108
"a què l'ordinador o l'usuari està autoritzat a accedir emprant principis i "
109
"tecnologies com l'accés a arxius, polítiques de grup i el servei "
110
"d'autenticació Kerberos."
111
112
#: serverguide/C/windows-networking.xml:56(para)
113
msgid ""
114
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
115
"clients and share network resources among them. One of the principal pieces "
116
"of software your Ubuntu system includes for Windows networking is the Samba "
117
"suite of SMB server applications and tools."
118
msgstr ""
119
"El sistema Ubuntu pot proporcionar totes aquestes aplicacions per clients "
120
"Windows i compartir els recursos de xarxa entre aquests darrers. Una de les "
121
"peces principals de programari que el sistema Ubuntu inclou per a xarxes "
122
"Windows es el paquet Samba d'aplicacions i eines de servidor SMB."
123
124
#: serverguide/C/windows-networking.xml:62(para)
125
msgid ""
126
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
127
"of the common Samba use cases, and how to install and configure the "
128
"necessary packages. Additional detailed documentation and information on "
129
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
130
"website</ulink>."
131
msgstr ""
132
"Aquest apartat de la guia del servidor de l'<phrase>Ubuntu</phrase> presenta "
133
"els usos més freqüents del Samba i la manera d'instal·lar i configurar els "
134
"paquets necessaris. Podeu trobar informació i documentació més detallada a "
135
"<ulink url=\"http://www.samba.org\">la pàgina web del Samba</ulink>."
136
137
#: serverguide/C/windows-networking.xml:70(title)
138
msgid "Samba File Server"
139
msgstr "Servidor de fitxers Samba"
140
141
#: serverguide/C/windows-networking.xml:72(para)
142
msgid ""
143
"One of the most common ways to network Ubuntu and Windows computers is to "
144
"configure Samba as a File Server. This section covers setting up a "
145
"<application>Samba</application> server to share files with Windows clients."
146
msgstr ""
147
"Configurar el Samba com un servidor de fitxers es una de les maneres més "
148
"habituals de connectar en xarxa ordinadors Ubuntu i Windows. Aquest apartat "
149
"descriu com configurar un servidor <application> Samba</application> per a "
150
"compartir fitxers amb clients del Windows."
151
152
#: serverguide/C/windows-networking.xml:77(para)
153
msgid ""
154
"The server will be configured to share files with any client on the network "
155
"without prompting for a password. If your environment requires stricter "
156
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
157
msgstr ""
158
"El servidor es configurarà per a compartir fitxers amb qualsevol client de "
159
"la xarxa sense demanar contrasenya. Si el vostre entorn requereix controls "
160
"d'accés més estrictes, consulteu <xref linkend=\"samba-fileprint-security\"/>"
161
162
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
163
msgid "Installation"
164
msgstr "Instal·lació"
165
166
#: serverguide/C/windows-networking.xml:85(para)
167
msgid ""
168
"The first step is to install the <application>samba</application> package. "
169
"From a terminal prompt enter:"
170
msgstr ""
171
"El primer pas és instal·lar el paquet <application>samba</application>. En "
172
"un terminal, introduïu:"
173
174
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
175
msgid "sudo apt-get install samba"
176
msgstr "sudo apt-get install samba"
177
178
#: serverguide/C/windows-networking.xml:93(para)
179
msgid ""
180
"That's all there is to it; you are now ready to configure Samba to share "
181
"files."
182
msgstr "I ja està; ja podeu configurar el Samba per a compartir fitxers."
183
184
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
185
msgid "Configuration"
186
msgstr "Configuració"
187
188
#: serverguide/C/windows-networking.xml:101(para)
189
msgid ""
190
"The main Samba configuration file is located in "
191
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
192
"a significant amount of comments in order to document various configuration "
193
"directives."
194
msgstr ""
195
"El fitxer de configuració principal del Samba és a "
196
"<filename>/etc/samba/smb.conf</filename>. E fitxer de cofiguració "
197
"predeterminat conté una gran quantitat de comentaris que documenten diverses "
198
"directives de configuració."
199
200
#: serverguide/C/windows-networking.xml:106(para)
201
msgid ""
202
"Not all the available options are included in the default configuration "
203
"file. See the <filename>smb.conf</filename><application>man</application> "
204
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
205
"Collection/\">Samba HOWTO Collection</ulink> for more details."
206
msgstr ""
207
"Al fitxer de configuració predeterminat no s'hi inclouen totes les opcions. "
208
"Vegeu la pàgina de manual (<application>man</application>) del fitxer "
209
"<filename>smb.conf</filename> o la <ulink "
210
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Colecció de "
211
"COM ES FA del Samba</ulink> per a obtenir-ne és detalls."
212
213
#: serverguide/C/windows-networking.xml:116(para)
214
msgid ""
215
"First, edit the following key/value pairs in the "
216
"<emphasis>[global]</emphasis> section of "
217
"<filename>/etc/samba/smb.conf</filename>:"
218
msgstr ""
219
"Primer, editeu la següent parella de clau/valor a la secció "
220
"<emphasis>[global]</emphasis> del fitxer "
221
"<filename>/etc/samba/smb.conf</filename>:"
222
223
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
224
#, no-wrap
225
msgid ""
226
"\n"
227
" workgroup = EXAMPLE\n"
228
" ...\n"
229
" security = user\n"
230
msgstr ""
231
"\n"
232
" workgroup = EXEMPLE\n"
233
" ...\n"
234
" security = user\n"
235
236
#: serverguide/C/windows-networking.xml:127(para)
237
msgid ""
238
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
239
"section, and is commented by default. Also, change "
240
"<emphasis>EXAMPLE</emphasis> to better match your environment."
241
msgstr ""
242
243
#: serverguide/C/windows-networking.xml:135(para)
244
msgid ""
245
"Create a new section at the bottom of the file, or uncomment one of the "
246
"examples, for the directory to be shared:"
247
msgstr ""
248
249
#: serverguide/C/windows-networking.xml:139(programlisting)
250
#, no-wrap
251
msgid ""
252
"\n"
253
"[share]\n"
254
" comment = Ubuntu File Server Share\n"
255
" path = /srv/samba/share\n"
256
" browsable = yes\n"
257
" guest ok = yes\n"
258
" read only = no\n"
259
" create mask = 0755\n"
260
msgstr ""
261
"\n"
262
"[share]\n"
263
" comment = Compartició del servidor de fitxers Ubuntu\n"
264
" path = /srv/samba/share\n"
265
" browsable = yes\n"
266
" guest ok = yes\n"
267
" read only = no\n"
268
" create mask = 0755\n"
269
270
#: serverguide/C/windows-networking.xml:151(para)
271
msgid ""
272
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
273
"fit your needs."
274
msgstr ""
275
"<emphasis>comment:</emphasis> una descripció curta del recurs compartit. "
276
"Adapteu-la a les vostres necessitats."
277
278
#: serverguide/C/windows-networking.xml:156(para)
279
msgid "<emphasis>path:</emphasis> the path to the directory to share."
280
msgstr ""
281
"<emphasis>path:</emphasis> el camí al directori que es vol compartir."
282
283
#: serverguide/C/windows-networking.xml:159(para)
284
msgid ""
285
"This example uses <filename>/srv/samba/sharename</filename> because, "
286
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
287
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
288
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
289
"specific data should be served. Technically Samba shares can be placed "
290
"anywhere on the filesystem as long as the permissions are correct, but "
291
"adhering to standards is recommended."
292
msgstr ""
293
"Aquest exemple utilitza <filename>/srv/samba/sharename</filename> perquè, "
294
"d'acord amb la <emphasis>jerarquia estàndard del sistema de fitxers "
295
"(FHS)</emphasis>, <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
296
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> és on s'han "
297
"d'oferir les dades pròpies de sistema. Tècnicament, els recursos compartits "
298
"del Samba poden ser a qualsevol lloc del sistema de fitxers, mentre els "
299
"permisos siguin els correctes, però és recomanable respectar els estàndards."
300
301
#: serverguide/C/windows-networking.xml:168(para)
302
msgid ""
303
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
304
"directory using <application>Windows Explorer</application>."
305
msgstr ""
306
"<emphasis>browsable:</emphasis> habilita els clients del Windows a navegar "
307
"pel directori compartit emprant l'<application>explorador del "
308
"Windows</application>."
309
310
#: serverguide/C/windows-networking.xml:174(para)
311
msgid ""
312
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
313
"without supplying a password."
314
msgstr ""
315
"<emphasis>guest ok:</emphasis> permet als clients connectar-se al recurs "
316
"compartit sense haver de proporcionar cap contrasenya."
317
318
#: serverguide/C/windows-networking.xml:179(para)
319
msgid ""
320
"<emphasis>read only:</emphasis> determines if the share is read only or if "
321
"write privileges are granted. Write privileges are allowed only when the "
322
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
323
"is <emphasis>yes</emphasis>, then access to the share is read only."
324
msgstr ""
325
326
#: serverguide/C/windows-networking.xml:184(para)
327
msgid ""
328
"<emphasis>create mask:</emphasis> determines the permissions new files will "
329
"have when created."
330
msgstr ""
331
"<emphasis>create mask:</emphasis> determina els permisos que els fitxers "
332
"nous tenen en el moment de creació."
333
334
#: serverguide/C/windows-networking.xml:193(para)
335
msgid ""
336
"Now that <application>Samba</application> is configured, the directory needs "
337
"to be created and the permissions changed. From a terminal enter:"
338
msgstr ""
339
"Ara que s'ha configurat el <application>Samba</application>, cal crear un "
340
"directori i canviar-ne els permisos. En un terminal introduïu:"
341
342
#: serverguide/C/windows-networking.xml:199(command)
343
msgid "sudo mkdir -p /srv/samba/share"
344
msgstr "sudo mkdir -p /srv/samba/share"
345
346
#: serverguide/C/windows-networking.xml:200(command)
347
msgid "sudo chown nobody.nogroup /srv/samba/share/"
348
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
349
350
#: serverguide/C/windows-networking.xml:204(para)
351
msgid ""
352
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
353
"directory tree if it doesn't exist. Change the share name to fit your "
354
"environment."
355
msgstr ""
356
"L'opció <emphasis>-p</emphasis> indica a mkdir que s'ha de crear l'arbre del "
357
"directori complet en cas que no existeixi. Canvieu el nom a compartir per "
358
"adaptar-lo al vostre entorn."
359
360
#: serverguide/C/windows-networking.xml:213(para)
361
msgid ""
362
"Finally, restart the <application>samba</application> services to enable the "
363
"new configuration:"
364
msgstr ""
365
"Finalment reinicieu els serveis <application>samba</application> per a "
366
"habilitar la configuració nova:"
367
368
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
369
msgid "sudo restart smbd"
370
msgstr ""
371
372
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
373
msgid "sudo restart nmbd"
374
msgstr ""
375
376
#: serverguide/C/windows-networking.xml:226(para)
377
msgid ""
378
"Once again, the above configuration gives all access to any client on the "
379
"local network. For a more secure configuration see <xref linkend=\"samba-"
380
"fileprint-security\"/>."
381
msgstr ""
382
"La configuració anterior dóna accés complet a qualsevol client de la xarxa "
383
"local. Per a utilitzar una configuració més segura vegeu: <xref "
384
"linkend=\"samba-fileprint-security\"/>."
385
386
#: serverguide/C/windows-networking.xml:232(para)
387
msgid ""
388
"From a Windows client you should now be able to browse to the Ubuntu file "
389
"server and see the shared directory. To check that everything is working try "
390
"creating a directory from Windows."
391
msgstr ""
392
"Des d'un client del Windows hauria de ser possible ara navegar cap al "
393
"servidor de fitxers Ubuntu i veure'n el directori compartit. Per assegurar-"
394
"vos que tot funciona, creeu un directori nou des del Windows."
395
396
#: serverguide/C/windows-networking.xml:237(para)
397
msgid ""
398
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
399
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
400
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
401
"share actually exists and the permissions are correct."
402
msgstr ""
403
"Per a crear comparticions addicionals creeu una secció "
404
"<emphasis>[dir]</emphasis> nova al fitxer "
405
"<filename>/etc/samba/smb.conf</filename>, i reinicieu el "
406
"<emphasis>Samba</emphasis>. Assegureu-vos que el directori que voleu "
407
"compartir existeix i que els permisos són correctes."
408
409
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
410
msgid "Resources"
411
msgstr "Recursos"
412
413
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
414
msgid ""
415
"For in depth Samba configurations see the <ulink "
416
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
417
"Collection</ulink>"
418
msgstr ""
419
"Per una configuració més acurada del Samba vegeu <ulink "
420
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">la "
421
"col·lecció de guies del Samba</ulink>"
422
423
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
424
msgid ""
425
"The guide is also available in <ulink "
426
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
427
"format</ulink>."
428
msgstr ""
429
"La guia també està disponible en <ulink "
430
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">format en "
431
"paper</ulink>."
432
433
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
434
msgid ""
435
"O'Reilly's <ulink "
436
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
437
"another good reference."
438
msgstr ""
439
"El llibre <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
440
"Samba</ulink> d'O'Reilly és una altra bona referència."
441
442
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
443
msgid ""
444
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
445
"</ulink> page."
446
msgstr ""
447
448
#: serverguide/C/windows-networking.xml:275(title)
449
msgid "Samba Print Server"
450
msgstr "Servidor d'impressió Samba"
451
452
#: serverguide/C/windows-networking.xml:277(para)
453
msgid ""
454
"Another common use of Samba is to configure it to share printers installed, "
455
"either locally or over the network, on an Ubuntu server. Similar to <xref "
456
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
457
"any client on the local network to use the installed printers without "
458
"prompting for a username and password."
459
msgstr ""
460
"Un altre ús habitual del Samba és la compartició d'impressores instal·lades "
461
"en un servidor Ubuntu, ja sigui localment o a través de la xarxa. De manera "
462
"similar a <xref linkend=\"samba-fileserver\"/> aquest apartat descriu com "
463
"configurar el Samba per a permetre que qualsevol client de la xarxa utilitzi "
464
"les impressores instal·lades sense sol·licitar el nom d'usuari ni la "
465
"contrasenya."
466
467
#: serverguide/C/windows-networking.xml:283(para)
468
msgid ""
469
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
470
"security\"/>."
471
msgstr ""
472
"Per una configuració més segura vegeu <xref linkend=\"samba-fileprint-"
473
"security\"/>."
474
475
#: serverguide/C/windows-networking.xml:290(para)
476
msgid ""
477
"Before installing and configuring Samba it is best to already have a working "
478
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
479
"for details."
480
msgstr ""
481
"Abans d'instal·lar i configurar el Samba es recomanable tenir una "
482
"instal·lació funcional del <application>CUPS</application>.Vegeu <xref "
483
"linkend=\"cups\"/> per a obtenir-ne més detalls."
484
485
#: serverguide/C/windows-networking.xml:295(para)
486
msgid ""
487
"To install the <application>samba</application> package, from a terminal "
488
"enter:"
489
msgstr ""
490
"Per a instal·lar el paquet <application>samba</application> en un terminal "
491
"introduïu:"
492
493
#: serverguide/C/windows-networking.xml:306(para)
494
msgid ""
495
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
496
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
497
"network, and change <emphasis>security</emphasis> to <emphasis "
498
"role=\"italic\">share</emphasis>:"
499
msgstr ""
500
"Després d'instal·lar el Samba editeu el fitxer "
501
"<filename>/etc/samba/smb.conf</filename>. Canvieu-ne l'atribut "
502
"<emphasis>workgroup</emphasis> per un nom més adequat per la vostra xarxa. "
503
"Canvieu també <emphasis>security</emphasis> per <emphasis "
504
"role=\"italic\">share</emphasis>:"
505
506
#: serverguide/C/windows-networking.xml:318(para)
507
msgid ""
508
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
509
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
510
msgstr ""
511
"En l'apartat <emphasis>[printers]</emphasis> canvieu l'opció <emphasis>guest "
512
"ok</emphasis> per <emphasis role=\"italic\">yes</emphasis>:"
513
514
#: serverguide/C/windows-networking.xml:322(programlisting)
515
#, no-wrap
516
msgid ""
517
"\n"
518
" browsable = yes\n"
519
" guest ok = yes\n"
520
msgstr ""
521
"\n"
522
" browsable = yes\n"
523
" guest ok = yes\n"
524
525
#: serverguide/C/windows-networking.xml:327(para)
526
msgid "After editing <filename>smb.conf</filename> restart Samba:"
527
msgstr ""
528
"Després d'editar el fitxer <filename>smb.conf</filename> reinicieu el Samba:"
529
530
#: serverguide/C/windows-networking.xml:336(para)
531
msgid ""
532
"The default Samba configuration will automatically share any printers "
533
"installed. Simply install the printer locally on your Windows clients."
534
msgstr ""
535
"La configuracio predeterminada del Samba compartirà automàticament qualsevol "
536
"impressora instal·lada. Simplement instal·leu l'impressora localment als "
537
"vostres clients Windows."
538
539
#: serverguide/C/windows-networking.xml:365(para)
540
msgid ""
541
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
542
"more information on configuring CUPS."
543
msgstr ""
544
"Vegeu també el <ulink url=\"http://www.cups.org/\">lloc web del CUPS</ulink> "
545
"per a obtenir més informació sobre com configurar-lo."
546
547
#: serverguide/C/windows-networking.xml:379(title)
548
msgid "Securing a Samba File and Print Server"
549
msgstr "Com fer que un servidor de fitxers i impressores Samba sigui segur"
550
551
#: serverguide/C/windows-networking.xml:382(title)
552
msgid "Samba Security Modes"
553
msgstr "Modes de seguretat del Samba"
554
555
#: serverguide/C/windows-networking.xml:384(para)
556
msgid ""
557
"There are two security levels available to the Common Internet Filesystem "
558
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
559
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
560
"allows more flexibility, providing four ways of implementing user-level "
561
"security and one way to implement share-level:"
562
msgstr ""
563
564
#: serverguide/C/windows-networking.xml:393(para)
565
msgid ""
566
"<emphasis>security = user:</emphasis> requires clients to supply a username "
567
"and password to connect to shares. Samba user accounts are separate from "
568
"system accounts, but the <application>libpam-smbpass</application> package "
569
"will sync system users and passwords with the Samba user database."
570
msgstr ""
571
"<emphasis>security = user:</emphasis> obliga els clients a proporcionar un "
572
"nom d'usuari i una contrasenya per accedir a les comparticions. Els comptes "
573
"d'usuaris del Samba es troben separats dels comptes del sistema, però el "
574
"paquet <application>libpam-smbpass</application> sincronitza els usuaris i "
575
"les respectives contrasenyes del sistema amb la base de dades dels usuaris "
576
"del Samba."
577
578
#: serverguide/C/windows-networking.xml:400(para)
579
msgid ""
580
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
581
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
582
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
583
"linkend=\"samba-dc\"/> for further information."
584
msgstr ""
585
"<emphasis>security = domain:</emphasis> aquest mode permet que el servidor "
586
"Samba aparegui en els clients Windows com un Primary Domain Controller "
587
"(PDC), Backup Domain Controller (BDC), o com un Domain Member Server (DMS). "
588
"Per a més informació vegeu: <xref linkend=\"samba-dc\"/>."
589
590
#: serverguide/C/windows-networking.xml:407(para)
591
msgid ""
592
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
593
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
594
"integration\"/> for details."
595
msgstr ""
596
"<emphasis>security = ADS:</emphasis> permet al servidor Samba d'unir-se a un "
597
"domini de Directori actiu com un membre nadiu. Vegeu <xref linkend=\"samba-"
598
"ad-integration\"/> per a obtenir-ne més detalls."
599
600
#: serverguide/C/windows-networking.xml:413(para)
601
msgid ""
602
"<emphasis>security = server:</emphasis> this mode is left over from before "
603
"Samba could become a member server, and due to some security issues should "
604
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
605
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
606
"of the Samba guide for more details."
607
msgstr ""
608
"<emphasis>security = server:</emphasis> aquest mode ha esdevingut obsolet i "
609
"a causa d'alguns aspectes de seguretat no s'hauria d'utilitzar . Vegeu "
610
"l'apartat <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
611
"Collection/ServerType.html#id349531\">Server Security</ulink> de la guia del "
612
"Samba per a obtenir-ne més informació."
613
614
#: serverguide/C/windows-networking.xml:421(para)
615
msgid ""
616
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
617
"without supplying a username and password."
618
msgstr ""
619
"<emphasis>security = share:</emphasis> permet que els clients es connectin "
620
"als recursos compartits sense proporcionar cap nom d'usuari ni contrasenya."
621
622
#: serverguide/C/windows-networking.xml:428(para)
623
msgid ""
624
"The security mode you choose will depend on your environment and what you "
625
"need the Samba server to accomplish."
626
msgstr ""
627
"El mode de seguretat que trieu dependrà de l'entorn i de la funció que us "
628
"calgui que faci el servidor Samba."
629
630
#: serverguide/C/windows-networking.xml:434(title)
631
msgid "Security = User"
632
msgstr "Security = User"
633
634
#: serverguide/C/windows-networking.xml:436(para)
635
msgid ""
636
"This section will reconfigure the Samba file and print server, from <xref "
637
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
638
"require authentication."
639
msgstr ""
640
"En aquest apartat es reconfigurarà el servidor de fitxers i d'impressió del "
641
"Samba de <xref linkend=\"samba-fileserver\"/> i <xref linkend=\"samba-"
642
"printserver\"/>, per a accedir-hi mitjançant l'autenticació."
643
644
#: serverguide/C/windows-networking.xml:441(para)
645
msgid ""
646
"First, install the <application>libpam-smbpass</application> package which "
647
"will sync the system users to the Samba user database:"
648
msgstr ""
649
"Primer instal·leu el paquet <application>libpam-smbpass</application>, el "
650
"qual possibilita la sincronització dels usuaris del sistema amb la base de "
651
"dades dels usuaris del Samba:"
652
653
#: serverguide/C/windows-networking.xml:447(command)
654
msgid "sudo apt-get install libpam-smbpass"
655
msgstr "sudo apt-get install libpam-smbpass"
656
657
#: serverguide/C/windows-networking.xml:451(para)
658
msgid ""
659
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
660
"<application>libpam-smbpass</application> is already installed."
661
msgstr ""
662
"Si heu escollit la tasca <emphasis>Samba Server</emphasis>durant la "
663
"instal·lació, el <application>libpam-smbpass</application> ja es troba "
664
"instal·lat."
665
666
#: serverguide/C/windows-networking.xml:457(para)
667
msgid ""
668
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
669
"<emphasis>[share]</emphasis> section change:"
670
msgstr ""
671
"Editeu el fitxer <filename>/etc/samba/smb.conf</filename> i en l'apartat "
672
"<emphasis>[share]</emphasis> canvieu:"
673
674
#: serverguide/C/windows-networking.xml:461(programlisting)
675
#, no-wrap
676
msgid ""
677
"\n"
678
" guest ok = no\n"
679
msgstr ""
680
"\n"
681
" guest ok = no\n"
682
683
#: serverguide/C/windows-networking.xml:465(para)
684
msgid "Finally, restart Samba for the new settings to take effect:"
685
msgstr ""
686
"Finalment, reinicieu el Samba de manera que els paràmetres nous tinguin "
687
"efecte:"
688
689
#: serverguide/C/windows-networking.xml:474(para)
690
msgid ""
691
"Now when connecting to the shared directories or printers you should be "
692
"prompted for a username and password."
693
msgstr ""
694
"Ara si us connecteu als directoris compartits o a les impressores el sistema "
695
"us hauria de demanar el nom d'usuari i la contrasenya."
696
697
#: serverguide/C/windows-networking.xml:479(para)
698
msgid ""
699
"If you choose to map a network drive to the share you can check the "
700
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
701
"enter the username and password once, at least until the password changes."
702
msgstr ""
703
704
#: serverguide/C/windows-networking.xml:487(title)
705
msgid "Share Security"
706
msgstr "Seguretat dels recursos compartits"
707
708
#: serverguide/C/windows-networking.xml:489(para)
709
msgid ""
710
"There are several options available to increase the security for each "
711
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
712
"this section will cover some common options."
713
msgstr ""
714
715
#: serverguide/C/windows-networking.xml:495(title)
716
msgid "Groups"
717
msgstr "Grups"
718
719
#: serverguide/C/windows-networking.xml:497(para)
720
msgid ""
721
"Groups define a collection of computers or users which have a common level "
722
"of access to particular network resources and offer a level of granularity "
723
"in controlling access to such resources. For example, if a group <emphasis "
724
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
725
"role=\"italic\">freda</emphasis>, <emphasis "
726
"role=\"italic\">danika</emphasis>, and <emphasis "
727
"role=\"italic\">rob</emphasis> and a second group <emphasis "
728
"role=\"italic\">support</emphasis> is defined and consists of users "
729
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
730
"role=\"italic\">jeremy</emphasis>, and <emphasis "
731
"role=\"italic\">vincent</emphasis> then certain network resources configured "
732
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
733
"subsequently enable access by freda, danika, and rob, but not jeremy or "
734
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
735
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
736
"role=\"italic\">support</emphasis> groups, she will be able to access "
737
"resources configured for access by both groups, whereas all other users will "
738
"have only access to resources explicitly allowing the group they are part of."
739
msgstr ""
740
"Els grups defineixen un conjunt d'ordinadors o usuaris que tenen un nivell "
741
"d'accés equivalent a recursos concrets de la xarxa i ofereix un nivell de "
742
"granularitat en controlar l'accés a aquest recursos. Per exemple si es "
743
"defineix un grup anomenat<emphasis role=\"italic\">qa</emphasis>, els "
744
"usuaris del qual són <emphasis role=\"italic\">marta</emphasis>, <emphasis "
745
"role=\"italic\">laura</emphasis> i <emphasis "
746
"role=\"italic\">jordi</emphasis> i es defineix un segon grup "
747
"anomenat<emphasis role=\"italic\">manteniment</emphasis> amb els usuaris "
748
"<emphasis role=\"italic\">laura</emphasis>, <emphasis "
749
"role=\"italic\">pere</emphasis> i <emphasis "
750
"role=\"italic\">vicent</emphasis> llavors alguns recursos de la xarxa "
751
"configurats per permetre l'accés al grup <emphasis "
752
"role=\"italic\">qa</emphasis> només seran accessibles per a la marta, la "
753
"laura i en jordi però no per a en pere o en vicent. Atès que l'usuària "
754
"<emphasis role=\"italic\">laura</emphasis> pertany a ambdós grups <emphasis "
755
"role=\"italic\">qa</emphasis> i <emphasis "
756
"role=\"italic\">manteniment</emphasis> podrà accedir als recursos "
757
"configurats pels dos grups, mentre que la resta d'usuaris només podran "
758
"accedir als recursos autoritzats explícitament al grup al qual pertanyen."
759
760
#: serverguide/C/windows-networking.xml:511(para)
761
msgid ""
762
"By default Samba looks for the local system groups defined in "
763
"<filename>/etc/group</filename> to determine which users belong to which "
764
"groups. For more information on adding and removing users from groups see "
765
"<xref linkend=\"adding-deleting-users\"/>."
766
msgstr ""
767
"De manera predeterminada, el Samba cerca al sistema local grups definits al "
768
"fitxer <filename>/etc/group</filename> per a determinar quins usuaris "
769
"pertanyen a quin grup. Per més informació sobre com afegir i suprimir "
770
"usuaris d'un grup vegeu <xref linkend=\"adding-deleting-users\"/>."
771
772
#: serverguide/C/windows-networking.xml:517(para)
773
msgid ""
774
"When defining groups in the Samba configuration file, "
775
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
776
"preface the group name with an \"@\" symbol. For example, if you wished to "
777
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
778
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
779
"do so by entering the group name as <emphasis "
780
"role=\"bold\">@sysadmin</emphasis>."
781
msgstr ""
782
"Si es vol definir un grup en el fitxer de configuració del Samba, "
783
"<filename>/etc/samba/smb.conf</filename> empreu la sintaxi correcta tot "
784
"posant \"@\" davant del nom del grup. Per exemple, si voleu definir un grup "
785
"anomenat <emphasis role=\"italic\">sysadmin</emphasis> en un apartat concret "
786
"del fitxer <filename>/etc/samba/smb.conf</filename> heu d'introduir el nom "
787
"del grup de la manera següent: <emphasis role=\"bold\">@sysadmin</emphasis>."
788
789
#: serverguide/C/windows-networking.xml:526(title)
790
msgid "File Permissions"
791
msgstr "Permisos de fitxer"
792
793
#: serverguide/C/windows-networking.xml:528(para)
794
msgid ""
795
"File Permissions define the explicit rights a computer or user has to a "
796
"particular directory, file, or set of files. Such permissions may be defined "
797
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
798
"the explicit permissions of a defined file share."
799
msgstr ""
800
"Els permisos de fitxers defineixen els drets explícits que un ordinador o un "
801
"usuari tenen sobre un directori, fitxer o conjunt de fitxers concrets. "
802
"Aquests permisos es poden definir editant el fitxer "
803
"<filename>/etc/samba/smb.conf</filename>. En aquest fitxer es poden "
804
"especificar els permisos explícits d'un fitxer compartit."
805
806
#: serverguide/C/windows-networking.xml:534(para)
807
msgid ""
808
"For example, if you have defined a Samba share called "
809
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
810
"only</emphasis> permissions to the group of users known as <emphasis "
811
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
812
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
813
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
814
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
815
"under the <emphasis>[share]</emphasis> entry:"
816
msgstr ""
817
"Per exemple, si heu definit una carpeta compartida del Samba anomenada "
818
"<emphasis>share</emphasis> i desitgeu donar permisos <emphasis "
819
"role=\"italic\">només de lectura</emphasis> al grup d'usuaris anomenat "
820
"<emphasis role=\"italic\">qa</emphasis> però voleu permetre'n l'escriptura "
821
"al grup anomenat <emphasis role=\"italic\">sysadmin</emphasis> i a l'usuari "
822
"<emphasis role=\"italic\">vicent</emphasis>, podeu editar el fitxer "
823
"<filename>/etc/samba/smb.conf</filename> i afegir-hi les següents entrades "
824
"sota <emphasis>[share]</emphasis>"
825
826
#: serverguide/C/windows-networking.xml:543(programlisting)
827
#, no-wrap
828
msgid ""
829
"\n"
830
" read list = @qa\n"
831
" write list = @sysadmin, vincent\n"
832
msgstr ""
833
"\n"
834
" read list = @qa\n"
835
" write list = @sysadmin, vincent\n"
836
837
#: serverguide/C/windows-networking.xml:548(para)
838
msgid ""
839
"Another possible Samba permission is to declare "
840
"<emphasis>administrative</emphasis> permissions to a particular shared "
841
"resource. Users having administrative permissions may read, write, or modify "
842
"any information contained in the resource the user has been given explicit "
843
"administrative permissions to."
844
msgstr ""
845
"Una altra possibilitat d'atorgar permisos en el Samba es declarar permisos "
846
"<emphasis>administratius</emphasis> a un recurs compartit concret. Els "
847
"usuaris que tinguin permisos administratius poden llegir, escriure o "
848
"modificar qualsevol informació inclosa en el recurs pel qual l'usuari hagi "
849
"obtingut permisos administratius explícits."
850
851
#: serverguide/C/windows-networking.xml:554(para)
852
msgid ""
853
"For example, if you wanted to give the user <emphasis "
854
"role=\"italic\">melissa</emphasis> administrative permissions to the "
855
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
856
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
857
"under the <emphasis>[share]</emphasis> entry:"
858
msgstr ""
859
"Per exemple, si voleu atorgar permisos administratius a l'usuari <emphasis "
860
"role=\"italic\">anna</emphasis> en l'exemple <emphasis "
861
"role=\"italic\">share</emphasis> anterior, editeu el fitxer "
862
"<filename>/etc/samba/smb.conf</filename> i afegiu-hi la línia següent sota "
863
"el l'entrada <emphasis>[share]</emphasis>"
864
865
#: serverguide/C/windows-networking.xml:561(programlisting)
866
#, no-wrap
867
msgid ""
868
"\n"
869
" admin users = melissa\n"
870
msgstr ""
871
"\n"
872
" admin users = anna\n"
873
874
#: serverguide/C/windows-networking.xml:565(para)
875
msgid ""
876
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
877
"the changes to take effect:"
878
msgstr ""
879
"Després d'editar el fitxer <filename>/etc/samba/smb.conf</filename> "
880
"reinicieu el Samba perquè els canvis tinguin efecte:"
881
882
#: serverguide/C/windows-networking.xml:575(para)
883
msgid ""
884
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
885
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
886
"<emphasis role=\"italic\">security = share</emphasis>"
887
msgstr ""
888
"Per fer que les llistes <emphasis>read list</emphasis> i <emphasis>write "
889
"list</emphasis> funcionin, el mode de seguretat del Samba "
890
"<emphasis>no</emphasis> s'ha de definir com a <emphasis "
891
"role=\"italic\">security = share</emphasis>"
892
893
#: serverguide/C/windows-networking.xml:581(para)
894
msgid ""
895
"Now that Samba has been configured to limit which groups have access to the "
896
"shared directory, the filesystem permissions need to be updated."
897
msgstr ""
898
"Ara que Samba s'ha configurat per a limitar l'accés dels grups als "
899
"directoris compartits és necessari actualitzar els permisos del sistema de "
900
"fitxers."
901
902
#: serverguide/C/windows-networking.xml:586(para)
903
msgid ""
904
"Traditional Linux file permissions do not map well to Windows NT Access "
905
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
906
"providing more fine grained control. For example, to enable ACLs on "
907
"<filename>/srv</filename> an EXT3 filesystem, edit "
908
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
909
msgstr ""
910
"Els permisos de fitxer tradicionals del Linux no coincideixen totalment amb "
911
"les llistes de control d'accés del Windows NT (ACL). Per sort els servidors "
912
"Ubuntu disposen d'ACL POSIX que proporcionen un control més acurat. Per "
913
"exemple, per a habilitar ACL a <filename>/srv</filename> en un sistema de "
914
"fitxer EXT3, editeu el fitxer <filename>/etc/fstab</filename> i afegiu "
915
"l'opció <emphasis>acl</emphasis>:"
916
917
#: serverguide/C/windows-networking.xml:593(programlisting)
918
#, no-wrap
919
msgid ""
920
"\n"
921
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
922
"0 1\n"
923
msgstr ""
924
"\n"
925
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
926
"0 1\n"
927
928
#: serverguide/C/windows-networking.xml:597(para)
929
msgid "Then remount the partition:"
930
msgstr "Després torneu a muntar la partició:"
931
932
#: serverguide/C/windows-networking.xml:602(command)
933
msgid "sudo mount -v -o remount /srv"
934
msgstr "sudo mount -v -o remount /srv"
935
936
#: serverguide/C/windows-networking.xml:606(para)
937
msgid ""
938
"The above example assumes <filename>/srv</filename> on a separate partition. "
939
"If <filename>/srv</filename>, or wherever you have configured your share "
940
"path, is part of the <filename>/</filename> partition a reboot may be "
941
"required."
942
msgstr ""
943
"L'exemple anterior pressuposa que el fitxer <filename>/srv</filename> es "
944
"troba en una partició separada. Si el fitxer <filename>/srv</filename> o el "
945
"lloc on hàgiu configurat el vostre camí compartit es part de la partició "
946
"<filename>/</filename>, pot ser que hàgiu de reiniciar l'ordinador."
947
948
#: serverguide/C/windows-networking.xml:613(para)
949
msgid ""
950
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
951
"group will be given read, write, and execute permissions to "
952
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
953
"will be given read and execute permissions, and the files will be owned by "
954
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
955
msgstr ""
956
957
#: serverguide/C/windows-networking.xml:621(command)
958
msgid "sudo chown -R melissa /srv/samba/share/"
959
msgstr "sudo chown -R anna /srv/samba/share/"
960
961
#: serverguide/C/windows-networking.xml:622(command)
962
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
963
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
964
965
#: serverguide/C/windows-networking.xml:623(command)
966
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
967
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
968
969
#: serverguide/C/windows-networking.xml:627(para)
970
msgid ""
971
"The <application>setfacl</application> command above gives "
972
"<emphasis>execute</emphasis> permissions to all files in the "
973
"<filename>/srv/samba/share</filename> directory, which you may or may not "
974
"want."
975
msgstr ""
976
977
#: serverguide/C/windows-networking.xml:633(para)
978
msgid ""
979
"Now from a Windows client you should notice the new file permissions are "
980
"implemented. See the <application>acl</application> and "
981
"<application>setfacl</application> man pages for more information on POSIX "
982
"ACLs."
983
msgstr ""
984
985
#: serverguide/C/windows-networking.xml:641(title)
986
msgid "Samba AppArmor Profile"
987
msgstr "Perfil AppArmor del Samba"
988
989
#: serverguide/C/windows-networking.xml:643(para)
990
msgid ""
991
"Ubuntu comes with the <application>AppArmor</application> security module, "
992
"which provides mandatory access controls. The default AppArmor profile for "
993
"Samba will need to be adapted to your configuration. For more details on "
994
"using AppArmor see <xref linkend=\"apparmor\"/>."
995
msgstr ""
996
997
#: serverguide/C/windows-networking.xml:649(para)
998
msgid ""
999
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1000
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1001
"of the <application>apparmor-profiles</application> packages. To install the "
1002
"package, from a terminal prompt enter:"
1003
msgstr ""
1004
1005
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
1006
msgid "sudo apt-get install apparmor-profiles"
1007
msgstr "sudo apt-get install apparmor-profiles"
1008
1009
#: serverguide/C/windows-networking.xml:660(para)
1010
msgid "This package contains profiles for several other binaries."
1011
msgstr ""
1012
1013
#: serverguide/C/windows-networking.xml:665(para)
1014
msgid ""
1015
"By default the profiles for <application>smbd</application> and "
1016
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1017
"allowing Samba to work without modifying the profile, and only logging "
1018
"errors. To place the <application>smbd</application> profile into "
1019
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1020
"profile will need to be modified to reflect any directories that are shared."
1021
msgstr ""
1022
1023
#: serverguide/C/windows-networking.xml:672(para)
1024
msgid ""
1025
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1026
"for <emphasis>[share]</emphasis> from the file server example:"
1027
msgstr ""
1028
1029
#: serverguide/C/windows-networking.xml:677(programlisting)
1030
#, no-wrap
1031
msgid ""
1032
"\n"
1033
" /srv/samba/share/ r,\n"
1034
" /srv/samba/share/** rwkix,\n"
1035
msgstr ""
1036
"\n"
1037
" /srv/samba/share/ r,\n"
1038
" /srv/samba/share/** rwkix,\n"
1039
1040
#: serverguide/C/windows-networking.xml:682(para)
1041
msgid ""
1042
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1043
msgstr ""
1044
1045
#: serverguide/C/windows-networking.xml:687(command)
1046
msgid "sudo aa-enforce /usr/sbin/smbd"
1047
msgstr "sudo aa-enforce /usr/sbin/smbd"
1048
1049
#: serverguide/C/windows-networking.xml:688(command)
1050
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1051
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1052
1053
#: serverguide/C/windows-networking.xml:691(para)
1054
msgid ""
1055
"You should now be able to read, write, and execute files in the shared "
1056
"directory as normal, and the <application>smbd</application> binary will "
1057
"have access to only the configured files and directories. Be sure to add "
1058
"entries for each directory you configure Samba to share. Also, any errors "
1059
"will be logged to <filename>/var/log/syslog</filename>."
1060
msgstr ""
1061
1062
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
1063
msgid ""
1064
"O'Reilly's <ulink "
1065
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1066
"also a good reference."
1067
msgstr ""
1068
"El llibre d'O'Reilly <ulink "
1069
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> és "
1070
"també una bona referència."
1071
1072
#: serverguide/C/windows-networking.xml:722(para)
1073
msgid ""
1074
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1075
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1076
"security."
1077
msgstr ""
1078
"El capítol 18 de l'enllaç <ulink url=\"http://samba.org/samba/docs/man/Samba-"
1079
"HOWTO-Collection/securing-samba.html\"> de la col·lecció HOWTO del Samba "
1080
"tracta sobre seguretat."
1081
1082
#: serverguide/C/windows-networking.xml:728(para)
1083
msgid ""
1084
"For more information on Samba and ACLs see the <ulink "
1085
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1086
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1087
msgstr ""
1088
1089
#: serverguide/C/windows-networking.xml:744(title)
1090
msgid "Samba as a Domain Controller"
1091
msgstr "El Samba com a controlador de dominis"
1092
1093
#: serverguide/C/windows-networking.xml:746(para)
1094
msgid ""
1095
"Although it cannot act as an Active Directory Primary Domain Controller "
1096
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1097
"domain controller. A major advantage of this configuration is the ability to "
1098
"centralize user and machine credentials. Samba can also use multiple "
1099
"backends to store the user information."
1100
msgstr ""
1101
1102
#: serverguide/C/windows-networking.xml:753(title)
1103
msgid "Primary Domain Controller"
1104
msgstr ""
1105
1106
#: serverguide/C/windows-networking.xml:755(para)
1107
msgid ""
1108
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1109
"using the default smbpasswd backend."
1110
msgstr ""
1111
1112
#: serverguide/C/windows-networking.xml:762(para)
1113
msgid ""
1114
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1115
"the user accounts, by entering the following in a terminal prompt:"
1116
msgstr ""
1117
1118
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1119
msgid "sudo apt-get install samba libpam-smbpass"
1120
msgstr "sudo apt-get install samba libpam-smbpass"
1121
1122
#: serverguide/C/windows-networking.xml:774(para)
1123
msgid ""
1124
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1125
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1126
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1127
"should relate to your organization:"
1128
msgstr ""
1129
1130
#: serverguide/C/windows-networking.xml:789(para)
1131
msgid ""
1132
"In the commented <quote>Domains</quote> section add or uncomment the "
1133
"following:"
1134
msgstr ""
1135
1136
#: serverguide/C/windows-networking.xml:793(programlisting)
1137
#, no-wrap
1138
msgid ""
1139
"\n"
1140
" domain logons = yes\n"
1141
" logon path = \\\\%N\\%U\\profile\n"
1142
" logon drive = H:\n"
1143
" logon home = \\\\%N\\%U\n"
1144
" logon script = logon.cmd\n"
1145
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1146
"/var/lib/samba -s /bin/false %u\n"
1147
msgstr ""
1148
"\n"
1149
" domain logons = yes\n"
1150
" logon path = \\\\%N\\%U\\profile\n"
1151
" logon drive = H:\n"
1152
" logon home = \\\\%N\\%U\n"
1153
" logon script = logon.cmd\n"
1154
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1155
"/var/lib/samba -s /bin/false %u\n"
1156
1157
#: serverguide/C/windows-networking.xml:804(para)
1158
msgid ""
1159
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1160
"Samba to act as a domain controller."
1161
msgstr ""
1162
"<emphasis>domain logons:</emphasis> proporciona el servei netlogon, que fa "
1163
"que el Samba actuï com un controlador de domini."
1164
1165
#: serverguide/C/windows-networking.xml:809(para)
1166
msgid ""
1167
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1168
"their home directory. It is also possible to configure a "
1169
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1170
"directory."
1171
msgstr ""
1172
"<emphasis>logon path:</emphasis> situa el perfil de l'usuari del Windows al "
1173
"seu directori personal. També existeix la possibilitat de configurar un "
1174
"recurs compartit <emphasis>[profiles]</emphasis> que englobi tots els "
1175
"perfils dins d'un directori."
1176
1177
#: serverguide/C/windows-networking.xml:815(para)
1178
msgid ""
1179
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1180
msgstr ""
1181
"<emphasis>logon drive:</emphasis> especifica el camí local del directori de "
1182
"l'usuari."
1183
1184
#: serverguide/C/windows-networking.xml:820(para)
1185
msgid ""
1186
"<emphasis>logon home:</emphasis> specifies the home directory location."
1187
msgstr ""
1188
"<emphasis>logon home:</emphasis> especifica la ubicació del directori de "
1189
"l'usuari."
1190
1191
#: serverguide/C/windows-networking.xml:825(para)
1192
msgid ""
1193
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1194
"once a user has logged in. The script needs to be placed in the "
1195
"<emphasis>[netlogon]</emphasis> share."
1196
msgstr ""
1197
"<emphasis>logon script:</emphasis> determina l'script que s'executarà tan "
1198
"bon punt l'usuari iniciï la sessió. L'script s'ha de col·locar dins del "
1199
"recurs compartit <emphasis>[netlogon]</emphasis>."
1200
1201
#: serverguide/C/windows-networking.xml:831(para)
1202
msgid ""
1203
"<emphasis>add machine script:</emphasis> a script that will automatically "
1204
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1205
"workstation to join the domain."
1206
msgstr ""
1207
1208
#: serverguide/C/windows-networking.xml:835(para)
1209
msgid ""
1210
"In this example the <emphasis>machines</emphasis> group will need to be "
1211
"created using the <application>addgroup</application> utility see <xref "
1212
"linkend=\"adding-deleting-users\"/> for details."
1213
msgstr ""
1214
1215
#: serverguide/C/windows-networking.xml:839(para)
1216
msgid ""
1217
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1218
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1219
"(and other admin functions) to work. This is achieved by executing:"
1220
msgstr ""
1221
1222
#: serverguide/C/windows-networking.xml:844(command)
1223
msgid ""
1224
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1225
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1226
"SeRemoteShutdownPrivilege"
1227
msgstr ""
1228
1229
#: serverguide/C/windows-networking.xml:851(para)
1230
msgid ""
1231
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1232
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1233
"commented."
1234
msgstr ""
1235
1236
#: serverguide/C/windows-networking.xml:860(para)
1237
msgid ""
1238
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1239
"role=\"italic\">logon home</emphasis> to be mapped:"
1240
msgstr ""
1241
1242
#: serverguide/C/windows-networking.xml:865(programlisting)
1243
#, no-wrap
1244
msgid ""
1245
"\n"
1246
"[homes]\n"
1247
" comment = Home Directories\n"
1248
" browseable = no\n"
1249
" read only = no\n"
1250
" create mask = 0700\n"
1251
" directory mask = 0700\n"
1252
" valid users = %S\n"
1253
msgstr ""
1254
"\n"
1255
"[homes]\n"
1256
" comment = Home Directories\n"
1257
" browseable = no\n"
1258
" read only = no\n"
1259
" create mask = 0700\n"
1260
" directory mask = 0700\n"
1261
" valid users = %S\n"
1262
1263
#: serverguide/C/windows-networking.xml:878(para)
1264
msgid ""
1265
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1266
"share needs to be configured. To enable the share, uncomment:"
1267
msgstr ""
1268
1269
#: serverguide/C/windows-networking.xml:883(programlisting)
1270
#, no-wrap
1271
msgid ""
1272
"\n"
1273
"[netlogon]\n"
1274
" comment = Network Logon Service\n"
1275
" path = /srv/samba/netlogon\n"
1276
" guest ok = yes\n"
1277
" read only = yes\n"
1278
" share modes = no\n"
1279
msgstr ""
1280
1281
#: serverguide/C/windows-networking.xml:893(para)
1282
msgid ""
1283
"The original <emphasis>netlogon</emphasis> share path is "
1284
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1285
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1286
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1287
"location for site-specific data provided by the system."
1288
msgstr ""
1289
1290
#: serverguide/C/windows-networking.xml:904(para)
1291
msgid ""
1292
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1293
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1294
msgstr ""
1295
1296
#: serverguide/C/windows-networking.xml:910(command)
1297
msgid "sudo mkdir -p /srv/samba/netlogon"
1298
msgstr "sudo mkdir -p /srv/samba/netlogon"
1299
1300
#: serverguide/C/windows-networking.xml:911(command)
1301
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1302
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1303
1304
#: serverguide/C/windows-networking.xml:914(para)
1305
msgid ""
1306
"You can enter any normal Windows logon script commands in "
1307
"<filename>logon.cmd</filename> to customize the client's environment."
1308
msgstr ""
1309
1310
#: serverguide/C/windows-networking.xml:922(para)
1311
msgid ""
1312
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1313
"workstation to the domain, a system group needs to be mapped to the Windows "
1314
"<emphasis>Domain Admins</emphasis> group. Using the "
1315
"<application>net</application> utility, from a terminal enter:"
1316
msgstr ""
1317
1318
#: serverguide/C/windows-networking.xml:929(command)
1319
msgid ""
1320
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1321
"type=d"
1322
msgstr ""
1323
1324
#: serverguide/C/windows-networking.xml:933(para)
1325
msgid ""
1326
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1327
"prefer. Also, the user used to join the domain needs to be a member of the "
1328
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1329
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1330
"allows <application>sudo</application> use."
1331
msgstr ""
1332
1333
#: serverguide/C/windows-networking.xml:944(para)
1334
msgid "Finally, restart Samba to enable the new domain controller:"
1335
msgstr ""
1336
1337
#: serverguide/C/windows-networking.xml:956(para)
1338
msgid ""
1339
"You should now be able to join Windows clients to the Domain in the same "
1340
"manner as joining them to an NT4 domain running on a Windows server."
1341
msgstr ""
1342
1343
#: serverguide/C/windows-networking.xml:966(title)
1344
msgid "Backup Domain Controller"
1345
msgstr ""
1346
1347
#: serverguide/C/windows-networking.xml:968(para)
1348
msgid ""
1349
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1350
"Backup Domain Controller (BDC) as well. This will allow clients to "
1351
"authenticate in case the PDC becomes unavailable."
1352
msgstr ""
1353
1354
#: serverguide/C/windows-networking.xml:973(para)
1355
msgid ""
1356
"When configuring Samba as a BDC you need a way to sync account information "
1357
"with the PDC. There are multiple ways of accomplishing this "
1358
"<application>scp</application>, <application>rsync</application>, or by "
1359
"using <application>LDAP</application> as the <emphasis>passdb "
1360
"backend</emphasis>."
1361
msgstr ""
1362
1363
#: serverguide/C/windows-networking.xml:979(para)
1364
msgid ""
1365
"Using LDAP is the most robust way to sync account information, because both "
1366
"domain controllers can use the same information in real time. However, "
1367
"setting up a LDAP server may be overly complicated for a small number of "
1368
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1369
msgstr ""
1370
1371
#: serverguide/C/windows-networking.xml:988(para)
1372
msgid ""
1373
"First, install <application>samba</application> and <application>libpam-"
1374
"smbpass</application>. From a terminal enter:"
1375
msgstr ""
1376
1377
#: serverguide/C/windows-networking.xml:999(para)
1378
msgid ""
1379
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1380
"following in the <emphasis>[global]</emphasis>:"
1381
msgstr ""
1382
1383
#: serverguide/C/windows-networking.xml:1012(para)
1384
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1385
msgstr ""
1386
1387
#: serverguide/C/windows-networking.xml:1016(programlisting)
1388
#, no-wrap
1389
msgid ""
1390
"\n"
1391
" domain logons = yes\n"
1392
" domain master = no\n"
1393
msgstr ""
1394
1395
#: serverguide/C/windows-networking.xml:1024(para)
1396
msgid ""
1397
"Make sure a user has rights to read the files in "
1398
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1399
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1400
"files, enter:"
1401
msgstr ""
1402
1403
#: serverguide/C/windows-networking.xml:1030(command)
1404
msgid "sudo chgrp -R admin /var/lib/samba"
1405
msgstr "sudo chgrp -R admin /var/lib/samba"
1406
1407
#: serverguide/C/windows-networking.xml:1036(para)
1408
msgid ""
1409
"Next, sync the user accounts, using <application>scp</application> to copy "
1410
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1411
msgstr ""
1412
1413
#: serverguide/C/windows-networking.xml:1042(command)
1414
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1415
msgstr "sudo scp -r nomusuari@pdc:/var/lib/samba /var/lib"
1416
1417
#: serverguide/C/windows-networking.xml:1046(para)
1418
msgid ""
1419
"Replace <emphasis>username</emphasis> with a valid username and "
1420
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1421
msgstr ""
1422
1423
#: serverguide/C/windows-networking.xml:1055(para)
1424
msgid "Finally, restart <application>samba</application>:"
1425
msgstr ""
1426
1427
#: serverguide/C/windows-networking.xml:1067(para)
1428
msgid ""
1429
"You can test that your Backup Domain controller is working by stopping the "
1430
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1431
"the domain."
1432
msgstr ""
1433
1434
#: serverguide/C/windows-networking.xml:1072(para)
1435
msgid ""
1436
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1437
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1438
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1439
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1440
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1441
msgstr ""
1442
1443
#: serverguide/C/windows-networking.xml:1102(para)
1444
msgid ""
1445
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1446
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1447
"up a Primary Domain Controller."
1448
msgstr ""
1449
1450
#: serverguide/C/windows-networking.xml:1108(para)
1451
msgid ""
1452
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1453
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1454
"explains setting up a Backup Domain Controller."
1455
msgstr ""
1456
1457
#: serverguide/C/windows-networking.xml:1123(title)
1458
msgid "Samba Active Directory Integration"
1459
msgstr ""
1460
1461
#: serverguide/C/windows-networking.xml:1126(title)
1462
msgid "Accessing a Samba Share"
1463
msgstr ""
1464
1465
#: serverguide/C/windows-networking.xml:1128(para)
1466
msgid ""
1467
"Another, use for Samba is to integrate into an existing Windows network. "
1468
"Once part of an Active Directory domain, Samba can provide file and print "
1469
"services to AD users."
1470
msgstr ""
1471
1472
#: serverguide/C/windows-networking.xml:1133(para)
1473
msgid ""
1474
"The simplest way to join an AD domain is to use <application>Likewise-"
1475
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1476
"open\"/>."
1477
msgstr ""
1478
1479
#: serverguide/C/windows-networking.xml:1138(para)
1480
msgid ""
1481
"Once part of the domain, enter the following command in the terminal prompt:"
1482
msgstr ""
1483
1484
#: serverguide/C/windows-networking.xml:1143(command)
1485
msgid "sudo apt-get install samba smbfs smbclient"
1486
msgstr "sudo apt-get install samba smbfs smbclient"
1487
1488
#: serverguide/C/windows-networking.xml:1146(para)
1489
msgid ""
1490
"Since the <application>likewise-open</application> and "
1491
"<application>samba</application> packages use separate "
1492
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1493
"<filename role=\"directory\">/var/lib/samba</filename>:"
1494
msgstr ""
1495
1496
#: serverguide/C/windows-networking.xml:1152(command)
1497
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1498
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1499
1500
#: serverguide/C/windows-networking.xml:1153(command)
1501
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1502
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1503
1504
#: serverguide/C/windows-networking.xml:1156(para)
1505
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1506
msgstr ""
1507
1508
#: serverguide/C/windows-networking.xml:1160(programlisting)
1509
#, no-wrap
1510
msgid ""
1511
"\n"
1512
" workgroup = EXAMPLE\n"
1513
" ...\n"
1514
" security = ads\n"
1515
" realm = EXAMPLE.COM\n"
1516
" ...\n"
1517
" idmap backend = lwopen\n"
1518
" idmap uid = 50-9999999999\n"
1519
" idmap gid = 50-9999999999\n"
1520
msgstr ""
1521
"\n"
1522
" workgroup = EXEMPLE\n"
1523
" ...\n"
1524
" security = ads\n"
1525
" realm = EXEMPLE.CAT\n"
1526
" ...\n"
1527
" idmap backend = lwopen\n"
1528
" idmap uid = 50-9999999999\n"
1529
" idmap gid = 50-9999999999\n"
1530
1531
#: serverguide/C/windows-networking.xml:1171(para)
1532
msgid ""
1533
"Restart <application>samba</application> for the new settings to take effect:"
1534
msgstr ""
1535
1536
#: serverguide/C/windows-networking.xml:1180(para)
1537
msgid ""
1538
"You should now be able to access any <application>Samba</application> shares "
1539
"from a Windows client. However, be sure to give the appropriate AD users or "
1540
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1541
"security\"/> for more details."
1542
msgstr ""
1543
1544
#: serverguide/C/windows-networking.xml:1188(title)
1545
msgid "Accessing a Windows Share"
1546
msgstr ""
1547
1548
#: serverguide/C/windows-networking.xml:1190(para)
1549
msgid ""
1550
"Now that the Samba server is part of the Active Directory domain you can "
1551
"access any Windows server shares:"
1552
msgstr ""
1553
1554
#: serverguide/C/windows-networking.xml:1197(para)
1555
msgid ""
1556
"To mount a Windows file share enter the following in a terminal prompt:"
1557
msgstr ""
1558
1559
#: serverguide/C/windows-networking.xml:1201(command)
1560
msgid "mount.cifs //fs01.example.com/share mount_point"
1561
msgstr ""
1562
1563
#: serverguide/C/windows-networking.xml:1204(para)
1564
msgid ""
1565
"It is also possible to access shares on computers not part of an AD domain, "
1566
"but a username and password will need to be provided."
1567
msgstr ""
1568
1569
#: serverguide/C/windows-networking.xml:1212(para)
1570
msgid ""
1571
"To mount the share during boot place an entry in "
1572
"<filename>/etc/fstab</filename>, for example:"
1573
msgstr ""
1574
1575
#: serverguide/C/windows-networking.xml:1216(programlisting)
1576
#, no-wrap
1577
msgid ""
1578
"\n"
1579
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1580
"0 0\n"
1581
msgstr ""
1582
1583
#: serverguide/C/windows-networking.xml:1223(para)
1584
msgid ""
1585
"Another way to copy files from a Windows server is to use the "
1586
"<application>smbclient</application> utility. To list the files in a Windows "
1587
"share:"
1588
msgstr ""
1589
1590
#: serverguide/C/windows-networking.xml:1229(command)
1591
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1592
msgstr ""
1593
1594
#: serverguide/C/windows-networking.xml:1235(para)
1595
msgid "To copy a file from the share, enter:"
1596
msgstr ""
1597
1598
#: serverguide/C/windows-networking.xml:1240(command)
1599
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1600
msgstr ""
1601
1602
#: serverguide/C/windows-networking.xml:1243(para)
1603
msgid ""
1604
"This will copy the <filename>file.txt</filename> into the current directory."
1605
msgstr ""
1606
1607
#: serverguide/C/windows-networking.xml:1250(para)
1608
msgid "And to copy a file to the share:"
1609
msgstr ""
1610
1611
#: serverguide/C/windows-networking.xml:1255(command)
1612
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1613
msgstr ""
1614
1615
#: serverguide/C/windows-networking.xml:1258(para)
1616
msgid ""
1617
"This will copy the <filename>/etc/hosts</filename> to "
1618
"<filename>//fs01.example.com/share/hosts</filename>."
1619
msgstr ""
1620
1621
#: serverguide/C/windows-networking.xml:1265(para)
1622
msgid ""
1623
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1624
"<application>smbclient</application> command all at once. This is useful for "
1625
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1626
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1627
"and directory commands, simply execute:"
1628
msgstr ""
1629
1630
#: serverguide/C/windows-networking.xml:1272(command)
1631
msgid "smbclient //fs01.example.com/share -k"
1632
msgstr ""
1633
1634
#: serverguide/C/windows-networking.xml:1279(para)
1635
msgid ""
1636
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1637
"<emphasis>//192.168.0.5/share</emphasis>, "
1638
"<emphasis>username=steve,password=secret</emphasis>, and "
1639
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1640
"file name, and an actual username and password with rights to the share."
1641
msgstr ""
1642
1643
#: serverguide/C/windows-networking.xml:1290(para)
1644
msgid ""
1645
"For more <application>smbclient</application> options see the man page: "
1646
"<command>man smbclient</command>, also available <ulink "
1647
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1648
">online</ulink>."
1649
msgstr ""
1650
1651
#: serverguide/C/windows-networking.xml:1295(para)
1652
msgid ""
1653
"The <application>mount.cifs</application><ulink "
1654
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1655
"\">man page</ulink> is also useful for more detailed information."
1656
msgstr ""
1657
1658
#: serverguide/C/windows-networking.xml:1308(title)
1659
msgid "Likewise Open"
1660
msgstr ""
1661
1662
#: serverguide/C/windows-networking.xml:1310(para)
1663
msgid ""
1664
"<application>Likewise Open</application> simplifies the necessary "
1665
"configuration needed to authenticate a Linux machine to an Active Directory "
1666
"domain. Based on <application>winbind</application>, the "
1667
"<application>likewise-open</application> package takes the pain out of "
1668
"integrating Ubuntu authentication into an existing Windows network."
1669
msgstr ""
1670
1671
#: serverguide/C/windows-networking.xml:1319(para)
1672
msgid ""
1673
"There are two ways to use Likewise Open, <application>likewise-"
1674
"open</application> the command line utility and <application>likewise-open-"
1675
"gui</application>. This section focuses on the command line utility."
1676
msgstr ""
1677
1678
#: serverguide/C/windows-networking.xml:1324(para)
1679
msgid ""
1680
"To install the <application>likewise-open</application> package, open a "
1681
"terminal prompt and enter:"
1682
msgstr ""
1683
1684
#: serverguide/C/windows-networking.xml:1329(command)
1685
msgid "sudo apt-get install likewise-open"
1686
msgstr "sudo apt-get install likewise-open"
1687
1688
#: serverguide/C/windows-networking.xml:1334(title)
1689
msgid "Joining a Domain"
1690
msgstr ""
1691
1692
#: serverguide/C/windows-networking.xml:1336(para)
1693
msgid ""
1694
"The main executable file of the <application>likewise-open</application> "
1695
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1696
"join your computer to the domain. Before you join a domain you will need to "
1697
"make sure you have:"
1698
msgstr ""
1699
1700
#: serverguide/C/windows-networking.xml:1344(para)
1701
msgid ""
1702
"Access to an Active Directory user with appropriate rights to join the "
1703
"domain."
1704
msgstr ""
1705
1706
#: serverguide/C/windows-networking.xml:1349(para)
1707
msgid ""
1708
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1709
"you want to join. If your AD domain does not match a valid domain such as "
1710
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1711
"the form of <emphasis>domainname.local</emphasis>."
1712
msgstr ""
1713
1714
#: serverguide/C/windows-networking.xml:1356(para)
1715
msgid ""
1716
"DNS for the domain setup properly. In a production AD environment this "
1717
"should be the case. Proper Microsoft DNS is needed so that client "
1718
"workstations can determine the Active Directory domain is available."
1719
msgstr ""
1720
1721
#: serverguide/C/windows-networking.xml:1360(para)
1722
msgid ""
1723
"If you don't have a Windows DNS server on your network, see <xref "
1724
"linkend=\"likewise-open-ms-dns\"/> for details."
1725
msgstr ""
1726
1727
#: serverguide/C/windows-networking.xml:1367(para)
1728
msgid "To join a domain, from a terminal prompt enter:"
1729
msgstr ""
1730
1731
#: serverguide/C/windows-networking.xml:1372(command)
1732
msgid "sudo domainjoin-cli join example.com Administrator"
1733
msgstr ""
1734
1735
#: serverguide/C/windows-networking.xml:1376(para)
1736
msgid ""
1737
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1738
"<emphasis>Administrator</emphasis> with the appropriate user name."
1739
msgstr ""
1740
1741
#: serverguide/C/windows-networking.xml:1382(para)
1742
msgid ""
1743
"You will then be prompted for the user's password. If all goes well a "
1744
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1745
msgstr ""
1746
1747
#: serverguide/C/windows-networking.xml:1388(para)
1748
msgid ""
1749
"After joining the domain, it is necessary to reboot before attempting to "
1750
"authenticate against the domain."
1751
msgstr ""
1752
1753
#: serverguide/C/windows-networking.xml:1394(para)
1754
msgid ""
1755
"After successfully joining an Ubuntu machine to an Active Directory domain "
1756
"you can authenticate using any valid AD user. To login you will need to "
1757
"enter the user name as 'domain\\username'. For example to ssh to a server "
1758
"joined to the domain enter:"
1759
msgstr ""
1760
1761
#: serverguide/C/windows-networking.xml:1401(command)
1762
msgid "ssh 'example\\steve'@hostname"
1763
msgstr ""
1764
1765
#: serverguide/C/windows-networking.xml:1405(para)
1766
msgid ""
1767
"If configuring a Desktop the user name will need to be prefixed with "
1768
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1769
msgstr ""
1770
1771
#: serverguide/C/windows-networking.xml:1411(para)
1772
msgid ""
1773
"To make likewise-open use a default domain, you can add the following "
1774
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1775
msgstr ""
1776
1777
#: serverguide/C/windows-networking.xml:1415(programlisting)
1778
#, no-wrap
1779
msgid ""
1780
"\n"
1781
"winbind use default domain = yes\n"
1782
msgstr ""
1783
1784
#: serverguide/C/windows-networking.xml:1419(para)
1785
msgid "Then restart the <application>likewise-open</application> daemons:"
1786
msgstr ""
1787
1788
#: serverguide/C/windows-networking.xml:1424(command)
1789
msgid "sudo /etc/init.d/likewise-open restart"
1790
msgstr "sudo /etc/init.d/likewise-open restart"
1791
1792
#: serverguide/C/windows-networking.xml:1428(para)
1793
msgid ""
1794
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1795
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1796
"using only their username."
1797
msgstr ""
1798
1799
#: serverguide/C/windows-networking.xml:1434(para)
1800
msgid ""
1801
"The <application>domainjoin-cli</application> utility can also be used to "
1802
"leave the domain. From a terminal:"
1803
msgstr ""
1804
1805
#: serverguide/C/windows-networking.xml:1439(command)
1806
msgid "sudo domainjoin-cli leave"
1807
msgstr "sudo domainjoin-cli leave"
1808
1809
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1810
msgid "Other Utilities"
1811
msgstr ""
1812
1813
#: serverguide/C/windows-networking.xml:1446(para)
1814
msgid ""
1815
"The <application>likewise-open</application> package comes with a few other "
1816
"utilities that may be useful for gathering information about the Active "
1817
"Directory environment. These utilities are used to join the machine to the "
1818
"domain, and are the same as those available in the <application>samba-"
1819
"common</application> and <application>winbind</application> packages:"
1820
msgstr ""
1821
1822
#: serverguide/C/windows-networking.xml:1455(para)
1823
msgid ""
1824
"<application>lwinet</application>: Returns information about the network and "
1825
"the domain."
1826
msgstr ""
1827
1828
#: serverguide/C/windows-networking.xml:1460(para)
1829
msgid ""
1830
"<application>lwimsg</application>: Allows interaction with the "
1831
"<application>likewise-winbindd</application> daemon."
1832
msgstr ""
1833
1834
#: serverguide/C/windows-networking.xml:1465(para)
1835
msgid ""
1836
"<application>lwiinfo</application>: Displays information about various parts "
1837
"of the Domain."
1838
msgstr ""
1839
1840
#: serverguide/C/windows-networking.xml:1471(para)
1841
msgid "Please refer to each utility's man page specific for details."
1842
msgstr ""
1843
1844
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1845
msgid "Troubleshooting"
1846
msgstr ""
1847
1848
#: serverguide/C/windows-networking.xml:1481(para)
1849
msgid ""
1850
"If the client has trouble joining the domain, double check that the "
1851
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1852
"example:"
1853
msgstr ""
1854
1855
#: serverguide/C/windows-networking.xml:1486(programlisting)
1856
#, no-wrap
1857
msgid ""
1858
"\n"
1859
"nameserver 192.168.0.1\n"
1860
msgstr ""
1861
1862
#: serverguide/C/windows-networking.xml:1491(para)
1863
msgid ""
1864
"For more information when joining a domain, use the <emphasis>--loglevel "
1865
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1866
"<application>domainjoin-cli</application> utility:"
1867
msgstr ""
1868
1869
#: serverguide/C/windows-networking.xml:1497(command)
1870
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1871
msgstr ""
1872
1873
#: serverguide/C/windows-networking.xml:1501(para)
1874
msgid ""
1875
"If an Active Directory user has trouble logging in, check the "
1876
"<filename>/var/log/auth.log</filename> for details."
1877
msgstr ""
1878
1879
#: serverguide/C/windows-networking.xml:1506(para)
1880
msgid ""
1881
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1882
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1883
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1884
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1885
"<emphasis>hosts</emphasis> option. For example:"
1886
msgstr ""
1887
1888
#: serverguide/C/windows-networking.xml:1512(programlisting)
1889
#, no-wrap
1890
msgid ""
1891
"\n"
1892
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1893
msgstr ""
1894
1895
#: serverguide/C/windows-networking.xml:1516(para)
1896
msgid "Change the above to:"
1897
msgstr ""
1898
1899
#: serverguide/C/windows-networking.xml:1520(programlisting)
1900
#, no-wrap
1901
msgid ""
1902
"\n"
1903
"hosts: files dns [NOTFOUND=return]\n"
1904
msgstr ""
1905
1906
#: serverguide/C/windows-networking.xml:1524(para)
1907
msgid "Then restart networking by entering:"
1908
msgstr "Després reinicieu la xarxa. Per a fer-ho, introduïu:"
1909
1910
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1911
msgid "sudo /etc/init.d/networking restart"
1912
msgstr "sudo /etc/init.d/networking restart"
1913
1914
#: serverguide/C/windows-networking.xml:1532(para)
1915
msgid "You should now be able to join the Active Directory domain."
1916
msgstr ""
1917
1918
#: serverguide/C/windows-networking.xml:1540(title)
1919
msgid "Microsoft DNS"
1920
msgstr ""
1921
1922
#: serverguide/C/windows-networking.xml:1542(para)
1923
msgid ""
1924
"The following are instructions for installing DNS on an Active Directory "
1925
"domain controller running Windows Server 2003, but the instructions should "
1926
"be similar for other versions:"
1927
msgstr ""
1928
1929
#: serverguide/C/windows-networking.xml:1551(para)
1930
msgid ""
1931
"Click "
1932
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1933
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1934
"This will open the <application>Server Role Mangement</application> utility."
1935
msgstr ""
1936
1937
#: serverguide/C/windows-networking.xml:1559(para)
1938
msgid "Click <guilabel>Add or remove a role</guilabel>"
1939
msgstr ""
1940
1941
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1942
msgid "Click Next"
1943
msgstr ""
1944
1945
#: serverguide/C/windows-networking.xml:1561(para)
1946
msgid "Select \"DNS Server\""
1947
msgstr ""
1948
1949
#: serverguide/C/windows-networking.xml:1563(para)
1950
msgid "Click Next again to proceed"
1951
msgstr ""
1952
1953
#: serverguide/C/windows-networking.xml:1564(para)
1954
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1955
msgstr ""
1956
1957
#: serverguide/C/windows-networking.xml:1566(para)
1958
msgid ""
1959
"Make sure \"This server maintains the zone\" is selected and click Next."
1960
msgstr ""
1961
1962
#: serverguide/C/windows-networking.xml:1567(para)
1963
msgid "Enter your domain name and click Next"
1964
msgstr ""
1965
1966
#: serverguide/C/windows-networking.xml:1568(para)
1967
msgid "Click Next to \"Allow only secure dynamic updates\""
1968
msgstr ""
1969
1970
#: serverguide/C/windows-networking.xml:1570(para)
1971
msgid ""
1972
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1973
"should not forward queries\" and click Next."
1974
msgstr ""
1975
1976
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1977
msgid "Click Finish"
1978
msgstr ""
1979
1980
#: serverguide/C/windows-networking.xml:1577(para)
1981
msgid ""
1982
"DNS is now installed and can be further configured using the "
1983
"<application>Microsoft Management Console</application> DNS snap-in."
1984
msgstr ""
1985
1986
#: serverguide/C/windows-networking.xml:1585(para)
1987
msgid "Click Start"
1988
msgstr ""
1989
1990
#: serverguide/C/windows-networking.xml:1586(para)
1991
msgid "Control Panel"
1992
msgstr ""
1993
1994
#: serverguide/C/windows-networking.xml:1587(para)
1995
msgid "Network Connections"
1996
msgstr ""
1997
1998
#: serverguide/C/windows-networking.xml:1588(para)
1999
msgid "Right Click \"Local Area Connection\""
2000
msgstr ""
2001
2002
#: serverguide/C/windows-networking.xml:1589(para)
2003
msgid "Click Properties"
2004
msgstr ""
2005
2006
#: serverguide/C/windows-networking.xml:1590(para)
2007
msgid "Double click \"Internet Protocol (TCP/IP)\""
2008
msgstr ""
2009
2010
#: serverguide/C/windows-networking.xml:1591(para)
2011
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2012
msgstr ""
2013
2014
#: serverguide/C/windows-networking.xml:1592(para)
2015
msgid "Click Ok"
2016
msgstr ""
2017
2018
#: serverguide/C/windows-networking.xml:1593(para)
2019
msgid "Click Ok again to save the settings"
2020
msgstr ""
2021
2022
#: serverguide/C/windows-networking.xml:1582(para)
2023
msgid ""
2024
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2025
msgstr ""
2026
2027
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2028
msgid "References"
2029
msgstr "Referències"
2030
2031
#: serverguide/C/windows-networking.xml:1602(para)
2032
msgid ""
2033
"Please refer to the <ulink "
2034
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2035
"further information."
2036
msgstr ""
2037
2038
#: serverguide/C/windows-networking.xml:1606(para)
2039
msgid ""
2040
"For more <application>domainjoin-cli</application> options see the man page: "
2041
"<command>man domainjoin-cli</command>."
2042
msgstr ""
2043
2044
#: serverguide/C/windows-networking.xml:1610(para)
2045
msgid ""
2046
"Also, see the <ulink "
2047
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2048
"LikewiseOpen</ulink> page."
2049
msgstr ""
2050
2051
#: serverguide/C/web-servers.xml:13(title)
2052
msgid "Web Servers"
2053
msgstr ""
2054
2055
#: serverguide/C/web-servers.xml:14(para)
2056
msgid ""
2057
"A Web server is a software responsible for accepting HTTP requests from "
2058
"clients, which are known as Web browsers, and serving them HTTP responses "
2059
"along with optional data contents, which usually are Web pages such as HTML "
2060
"documents and linked objects (images, etc.)."
2061
msgstr ""
2062
2063
#: serverguide/C/web-servers.xml:19(title)
2064
msgid "HTTPD - Apache2 Web Server"
2065
msgstr ""
2066
2067
#: serverguide/C/web-servers.xml:20(para)
2068
msgid ""
2069
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2070
"are used to serve Web Pages requested by client computers. Clients typically "
2071
"request and view Web Pages using Web Browser applications such as "
2072
"<application>Firefox</application>, <application>Opera</application>, or "
2073
"<application>Mozilla</application>."
2074
msgstr ""
2075
2076
#: serverguide/C/web-servers.xml:24(para)
2077
msgid ""
2078
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2079
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2080
"resource. For example, to view the home page of the <ulink "
2081
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2082
"the FQDN. To request specific information about <ulink "
2083
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2084
"enter the FQDN followed by a path."
2085
msgstr ""
2086
2087
#: serverguide/C/web-servers.xml:29(para)
2088
msgid ""
2089
"The most common protocol used to transfer Web pages is the Hyper Text "
2090
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2091
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2092
"protocol for uploading and downloading files, are also supported."
2093
msgstr ""
2094
2095
#: serverguide/C/web-servers.xml:33(para)
2096
msgid ""
2097
"Apache Web Servers are often used in combination with the "
2098
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2099
"(<application>PHP</application>) scripting language, and other popular "
2100
"scripting languages such as <application>Python</application> and "
2101
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2102
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2103
"for the development and deployment of Web-based applications."
2104
msgstr ""
2105
2106
#: serverguide/C/web-servers.xml:42(para)
2107
msgid ""
2108
"The <application>Apache2</application> web server is available in Ubuntu "
2109
"Linux. To install Apache2:"
2110
msgstr ""
2111
2112
#: serverguide/C/web-servers.xml:48(para)
2113
msgid "At a terminal prompt enter the following command:"
2114
msgstr ""
2115
2116
#: serverguide/C/web-servers.xml:53(command)
2117
msgid "sudo apt-get install apache2"
2118
msgstr "sudo apt-get install apache2"
2119
2120
#: serverguide/C/web-servers.xml:63(para)
2121
msgid ""
2122
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2123
"text configuration files. These <emphasis>directives</emphasis> are "
2124
"separated between the following files and directories:"
2125
msgstr ""
2126
2127
#: serverguide/C/web-servers.xml:71(para)
2128
msgid ""
2129
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2130
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2131
msgstr ""
2132
2133
#: serverguide/C/web-servers.xml:77(para)
2134
msgid ""
2135
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2136
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2137
"serve content may add files, or symlinks, to this directory."
2138
msgstr ""
2139
2140
#: serverguide/C/web-servers.xml:83(para)
2141
msgid ""
2142
"<emphasis>envvars:</emphasis> file where Apache2 "
2143
"<emphasis>environment</emphasis> variables are set."
2144
msgstr ""
2145
2146
#: serverguide/C/web-servers.xml:88(para)
2147
msgid ""
2148
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2149
"file, named after the <application>httpd</application> daemon. The file can "
2150
"be used for <emphasis>user specific</emphasis> configuration options that "
2151
"globally effect Apache2."
2152
msgstr ""
2153
2154
#: serverguide/C/web-servers.xml:95(para)
2155
msgid ""
2156
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2157
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2158
"modules will have specific configuration files, however."
2159
msgstr ""
2160
2161
#: serverguide/C/web-servers.xml:101(para)
2162
msgid ""
2163
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2164
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2165
"configuration file is symlinked it will be enabled the next time "
2166
"<application>apache2</application> is restarted."
2167
msgstr ""
2168
2169
#: serverguide/C/web-servers.xml:108(para)
2170
msgid ""
2171
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2172
"TCP ports Apache2 is listening on."
2173
msgstr ""
2174
2175
#: serverguide/C/web-servers.xml:113(para)
2176
msgid ""
2177
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2178
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2179
"to be configured for multiple sites that have separate configurations."
2180
msgstr ""
2181
2182
#: serverguide/C/web-servers.xml:119(para)
2183
msgid ""
2184
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2185
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2186
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2187
"a configuration file in sites-available is symlinked, the site configured by "
2188
"it will be active once Apache2 is restarted."
2189
msgstr ""
2190
2191
#: serverguide/C/web-servers.xml:127(para)
2192
msgid ""
2193
"In addition, other configuration files may be added using the "
2194
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2195
"many configuration files. Any directive may be placed in any of these "
2196
"configuration files. Changes to the main configuration files are only "
2197
"recognized by Apache2 when it is started or restarted."
2198
msgstr ""
2199
2200
#: serverguide/C/web-servers.xml:136(para)
2201
msgid ""
2202
"The server also reads a file containing mime document types; the filename is "
2203
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2204
"<filename>/etc/mime.types</filename> by default."
2205
msgstr ""
2206
2207
#: serverguide/C/web-servers.xml:141(title)
2208
msgid "Basic Settings"
2209
msgstr ""
2210
2211
#: serverguide/C/web-servers.xml:142(para)
2212
msgid ""
2213
"This section explains Apache2 server essential configuration parameters. "
2214
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2215
"Documentation</ulink> for more details."
2216
msgstr ""
2217
2218
#: serverguide/C/web-servers.xml:150(para)
2219
msgid ""
2220
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2221
"it is configured with a single default virtual host (using the "
2222
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2223
"if you have a single site, or used as a template for additional virtual "
2224
"hosts if you have multiple sites. If left alone, the default virtual host "
2225
"will serve as your default site, or the site users will see if the URL they "
2226
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2227
"your custom sites. To modify the default virtual host, edit the file "
2228
"<filename>/etc/apache2/sites-available/default</filename>."
2229
msgstr ""
2230
2231
#: serverguide/C/web-servers.xml:163(para)
2232
msgid ""
2233
"The directives set for a virtual host only apply to that particular virtual "
2234
"host. If a directive is set server-wide and not defined within the virtual "
2235
"host settings, the default setting is used. For example, you can define a "
2236
"Webmaster email address and not define individual email addresses for each "
2237
"virtual host."
2238
msgstr ""
2239
2240
#: serverguide/C/web-servers.xml:171(para)
2241
msgid ""
2242
"If you wish to configure a new virtual host or site, copy that file into the "
2243
"same directory with a name you choose. For example:"
2244
msgstr ""
2245
2246
#: serverguide/C/web-servers.xml:177(command)
2247
msgid ""
2248
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2249
"available/mynewsite"
2250
msgstr ""
2251
2252
#: serverguide/C/web-servers.xml:180(para)
2253
msgid ""
2254
"Edit the new file to configure the new site using some of the directives "
2255
"described below."
2256
msgstr ""
2257
2258
#: serverguide/C/web-servers.xml:187(para)
2259
msgid ""
2260
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2261
"to be advertised for the server's administrator. The default value is "
2262
"webmaster@localhost. This should be changed to an email address that is "
2263
"delivered to you (if you are the server's administrator). If your website "
2264
"has a problem, Apache2 will display an error message containing this email "
2265
"address to report the problem to. Find this directive in your site's "
2266
"configuration file in /etc/apache2/sites-available."
2267
msgstr ""
2268
2269
#: serverguide/C/web-servers.xml:198(para)
2270
msgid ""
2271
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2272
"the IP address, Apache2 should listen on. If the IP address is not "
2273
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2274
"it runs on. The default value for the Listen directive is 80. Change this to "
2275
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2276
"that it will not be available to the Internet, to (for example) 81 to change "
2277
"the port that it listens on, or leave it as is for normal operation. This "
2278
"directive can be found and changed in its own file, "
2279
"<filename>/etc/apache2/ports.conf</filename>"
2280
msgstr ""
2281
2282
#: serverguide/C/web-servers.xml:211(para)
2283
msgid ""
2284
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2285
"FQDN your site should answer to. The default virtual host has no ServerName "
2286
"directive specified, so it will respond to all requests that do not match a "
2287
"ServerName directive in another virtual host. If you have just acquired the "
2288
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2289
"value of the ServerName directive in your virtual host configuration file "
2290
"should be ubunturocks.com. Add this directive to the new virtual host file "
2291
"you created earlier (<filename>/etc/apache2/sites-"
2292
"available/mynewsite</filename>)."
2293
msgstr ""
2294
2295
#: serverguide/C/web-servers.xml:223(para)
2296
msgid ""
2297
"You may also want your site to respond to www.ubunturocks.com, since many "
2298
"users will assume the www prefix is appropriate. Use the "
2299
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2300
"wildcards in the ServerAlias directive."
2301
msgstr ""
2302
2303
#: serverguide/C/web-servers.xml:230(para)
2304
msgid ""
2305
"For example, the following configuration will cause your site to respond to "
2306
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2307
msgstr ""
2308
2309
#: serverguide/C/web-servers.xml:236(programlisting)
2310
#, no-wrap
2311
msgid ""
2312
"\n"
2313
"ServerAlias *.ubunturocks.com\n"
2314
msgstr ""
2315
2316
#: serverguide/C/web-servers.xml:242(para)
2317
msgid ""
2318
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2319
"should look for the files that make up the site. The default value is "
2320
"/var/www. No site is configured there, but if you uncomment the "
2321
"<emphasis>RedirectMatch</emphasis> directive in "
2322
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2323
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2324
"this value in your site's virtual host file, and remember to create that "
2325
"directory if necessary!"
2326
msgstr ""
2327
2328
#: serverguide/C/web-servers.xml:254(para)
2329
msgid ""
2330
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2331
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2332
"enabled point to \"available\" sites."
2333
msgstr ""
2334
2335
#: serverguide/C/web-servers.xml:260(para)
2336
msgid ""
2337
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2338
"<application>a2ensite</application> utility and restart Apache2:"
2339
msgstr ""
2340
2341
#: serverguide/C/web-servers.xml:266(command)
2342
msgid "sudo a2ensite mynewsite"
2343
msgstr ""
2344
2345
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2346
msgid "sudo /etc/init.d/apache2 restart"
2347
msgstr "sudo /etc/init.d/apache2 restart"
2348
2349
#: serverguide/C/web-servers.xml:271(para)
2350
msgid ""
2351
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2352
"name for the VirtualHost. One method is to name the file after the "
2353
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2354
msgstr ""
2355
2356
#: serverguide/C/web-servers.xml:278(para)
2357
msgid ""
2358
"Similarly, use the <application>a2dissite</application> utility to disable "
2359
"sites. This is can be useful when troubleshooting configuration problems "
2360
"with multiple VirtualHosts:"
2361
msgstr ""
2362
2363
#: serverguide/C/web-servers.xml:284(command)
2364
msgid "sudo a2dissite mynewsite"
2365
msgstr ""
2366
2367
#: serverguide/C/web-servers.xml:290(title)
2368
msgid "Default Settings"
2369
msgstr ""
2370
2371
#: serverguide/C/web-servers.xml:292(para)
2372
msgid ""
2373
"This section explains configuration of the Apache2 server default settings. "
2374
"For example, if you add a virtual host, the settings you configure for the "
2375
"virtual host take precedence for that virtual host. For a directive not "
2376
"defined within the virtual host settings, the default value is used."
2377
msgstr ""
2378
2379
#: serverguide/C/web-servers.xml:304(para)
2380
msgid ""
2381
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2382
"server when a user requests an index of a directory by specifying a forward "
2383
"slash (/) at the end of the directory name."
2384
msgstr ""
2385
2386
#: serverguide/C/web-servers.xml:311(para)
2387
msgid ""
2388
"For example, when a user requests the page "
2389
"http://www.example.com/this_directory/, he or she will get either the "
2390
"DirectoryIndex page if it exists, a server-generated directory list if it "
2391
"does not and the Indexes option is specified, or a Permission Denied page if "
2392
"neither is true. The server will try to find one of the files listed in the "
2393
"DirectoryIndex directive and will return the first one it finds. If it does "
2394
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2395
"set for that directory, the server will generate and return a list, in HTML "
2396
"format, of the subdirectories and files in the directory. The default value, "
2397
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2398
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2399
"Apache2 finds a file in a requested directory matching any of these names, "
2400
"the first will be displayed."
2401
msgstr ""
2402
2403
#: serverguide/C/web-servers.xml:332(para)
2404
msgid ""
2405
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2406
"file for Apache2 to use for specific error events. For example, if a user "
2407
"requests a resource that does not exist, a 404 error will occur, and per "
2408
"Apache2's default configuration, the file "
2409
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2410
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2411
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2412
"redirects requests to the /error directory to "
2413
"<filename>/usr/share/apache2/error/</filename>."
2414
msgstr ""
2415
2416
#: serverguide/C/web-servers.xml:344(para)
2417
msgid ""
2418
"To see a list of the default ErrorDocument directives, use this command:"
2419
msgstr ""
2420
2421
#: serverguide/C/web-servers.xml:350(command)
2422
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2423
msgstr ""
2424
2425
#: serverguide/C/web-servers.xml:355(para)
2426
msgid ""
2427
"By default, the server writes the transfer log to the file "
2428
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2429
"per-site basis in your virtual host configuration files with the "
2430
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2431
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2432
"specify the file to which errors are logged, via the "
2433
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2434
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2435
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2436
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2437
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2438
"/etc/apache2/apache2.conf</filename> for the default value)."
2439
msgstr ""
2440
2441
#: serverguide/C/web-servers.xml:370(para)
2442
msgid ""
2443
"Some options are specified on a per-directory basis rather than per-server. "
2444
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2445
"is enclosed in XML-like tags, like so:"
2446
msgstr ""
2447
2448
#: serverguide/C/web-servers.xml:376(programlisting)
2449
#, no-wrap
2450
msgid ""
2451
"\n"
2452
"<Directory /var/www/mynewsite>\n"
2453
"...\n"
2454
"</Directory>\n"
2455
msgstr ""
2456
2457
#: serverguide/C/web-servers.xml:382(para)
2458
msgid ""
2459
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2460
"one or more of the following values (among others), separated by spaces:"
2461
msgstr ""
2462
2463
#: serverguide/C/web-servers.xml:394(para)
2464
msgid ""
2465
"Most files should not be executed as CGI scripts. This would be very "
2466
"dangerous. CGI scripts should kept in a directory separate from and outside "
2467
"your DocumentRoot, and only this directory should have the ExecCGI option "
2468
"set. This is the default, and the default location for CGI scripts is "
2469
"<filename>/usr/lib/cgi-bin</filename>."
2470
msgstr ""
2471
2472
#: serverguide/C/web-servers.xml:389(para)
2473
msgid ""
2474
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2475
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2476
msgstr ""
2477
2478
#: serverguide/C/web-servers.xml:405(para)
2479
msgid ""
2480
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2481
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2482
"other files. This is not a common option. See <ulink "
2483
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2484
"HOWTO</ulink> for more information."
2485
msgstr ""
2486
2487
#: serverguide/C/web-servers.xml:414(para)
2488
msgid ""
2489
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2490
"includes, but disable the <emphasis>#exec</emphasis> and "
2491
"<emphasis>#include</emphasis> commands in CGI scripts."
2492
msgstr ""
2493
2494
#: serverguide/C/web-servers.xml:426(para)
2495
msgid ""
2496
"For security reasons, this should usually not be set, and certainly should "
2497
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2498
"per-directory basis only if you are certain you want users to see the entire "
2499
"contents of the directory."
2500
msgstr ""
2501
2502
#: serverguide/C/web-servers.xml:421(para)
2503
msgid ""
2504
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2505
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2506
"index.html) exists in the requested directory. <placeholder-1/>"
2507
msgstr ""
2508
2509
#: serverguide/C/web-servers.xml:436(para)
2510
msgid ""
2511
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2512
"multiviews; this option is disabled by default for security reasons. See the "
2513
"<ulink "
2514
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2515
"Apache2 documentation on this option</ulink>."
2516
msgstr ""
2517
2518
#: serverguide/C/web-servers.xml:444(para)
2519
msgid ""
2520
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2521
"symbolic links if the target file or directory has the same owner as the "
2522
"link."
2523
msgstr ""
2524
2525
#: serverguide/C/web-servers.xml:456(title)
2526
msgid "httpd Settings"
2527
msgstr ""
2528
2529
#: serverguide/C/web-servers.xml:458(para)
2530
msgid ""
2531
"This section explains some basic <application>httpd</application> daemon "
2532
"configuration settings."
2533
msgstr ""
2534
2535
#: serverguide/C/web-servers.xml:462(para)
2536
msgid ""
2537
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2538
"the path to the lockfile used when the server is compiled with either "
2539
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2540
"stored on the local disk. It should be left to the default value unless the "
2541
"logs directory is located on an NFS share. If this is the case, the default "
2542
"value should be changed to a location on the local disk and to a directory "
2543
"that is readable only by root."
2544
msgstr ""
2545
2546
#: serverguide/C/web-servers.xml:471(para)
2547
msgid ""
2548
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2549
"file in which the server records its process ID (pid). This file should only "
2550
"be readable by root. In most cases, it should be left to the default value."
2551
msgstr ""
2552
2553
#: serverguide/C/web-servers.xml:477(para)
2554
msgid ""
2555
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2556
"used by the server to answer requests. This setting determines the server's "
2557
"access. Any files inaccessible to this user will also be inaccessible to "
2558
"your website's visitors. The default value for User is www-data."
2559
msgstr ""
2560
2561
#: serverguide/C/web-servers.xml:484(para)
2562
msgid ""
2563
"Unless you know exactly what you are doing, do not set the User directive to "
2564
"root. Using root as the User will create large security holes for your Web "
2565
"server."
2566
msgstr ""
2567
2568
#: serverguide/C/web-servers.xml:490(para)
2569
msgid ""
2570
"The Group directive is similar to the User directive. Group sets the group "
2571
"under which the server will answer requests. The default group is also www-"
2572
"data."
2573
msgstr ""
2574
2575
#: serverguide/C/web-servers.xml:496(title)
2576
msgid "Apache2 Modules"
2577
msgstr ""
2578
2579
#: serverguide/C/web-servers.xml:498(para)
2580
msgid ""
2581
"Apache2 is a modular server. This implies that only the most basic "
2582
"functionality is included in the core server. Extended features are "
2583
"available through modules which can be loaded into Apache2. By default, a "
2584
"base set of modules is included in the server at compile-time. If the server "
2585
"is compiled to use dynamically loaded modules, then modules can be compiled "
2586
"separately, and added at any time using the LoadModule directive. Otherwise, "
2587
"Apache2 must be recompiled to add or remove modules."
2588
msgstr ""
2589
2590
#: serverguide/C/web-servers.xml:510(para)
2591
msgid ""
2592
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2593
"Configuration directives may be conditionally included on the presence of a "
2594
"particular module by enclosing them in an "
2595
"<emphasis><IfModule></emphasis> block."
2596
msgstr ""
2597
2598
#: serverguide/C/web-servers.xml:517(para)
2599
msgid ""
2600
"You can install additional Apache2 modules and use them with your Web "
2601
"server. For example, run the following command from a terminal prompt to "
2602
"install the <emphasis>MySQL Authentication</emphasis> module:"
2603
msgstr ""
2604
2605
#: serverguide/C/web-servers.xml:524(command)
2606
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2607
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2608
2609
#: serverguide/C/web-servers.xml:527(para)
2610
msgid ""
2611
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2612
"additional modules."
2613
msgstr ""
2614
2615
#: serverguide/C/web-servers.xml:531(para)
2616
msgid ""
2617
"Use the <application>a2enmod</application> utility to enable a module:"
2618
msgstr ""
2619
2620
#: serverguide/C/web-servers.xml:537(command)
2621
msgid "sudo a2enmod auth_mysql"
2622
msgstr "sudo a2enmod auth_mysql"
2623
2624
#: serverguide/C/web-servers.xml:541(para)
2625
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2626
msgstr ""
2627
2628
#: serverguide/C/web-servers.xml:546(command)
2629
msgid "sudo a2dismod auth_mysql"
2630
msgstr "sudo a2dismod auth_mysql"
2631
2632
#: serverguide/C/web-servers.xml:553(title)
2633
msgid "HTTPS Configuration"
2634
msgstr ""
2635
2636
#: serverguide/C/web-servers.xml:555(para)
2637
msgid ""
2638
"The <application>mod_ssl</application> module adds an important feature to "
2639
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2640
"browser is communicating using SSL, the https:// prefix is used at the "
2641
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2642
"bar."
2643
msgstr ""
2644
2645
#: serverguide/C/web-servers.xml:564(para)
2646
msgid ""
2647
"The <application>mod_ssl</application> module is available in "
2648
"<application>apache2-common</application> package. Execute the following "
2649
"command from a terminal prompt to enable the "
2650
"<application>mod_ssl</application> module:"
2651
msgstr ""
2652
2653
#: serverguide/C/web-servers.xml:571(command)
2654
msgid "sudo a2enmod ssl"
2655
msgstr "sudo a2enmod ssl"
2656
2657
#: serverguide/C/web-servers.xml:574(para)
2658
msgid ""
2659
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2660
"available/default-ssl</filename>. In order for "
2661
"<application>Apache2</application> to provide HTTPS, a "
2662
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2663
"needed. The default HTTPS configuration will use a certificate and key "
2664
"generated by the <application>ssl-cert</application> package. They are good "
2665
"for testing, but the auto-generated certificate and key should be replaced "
2666
"by a certificate specific to the site or server. For information on "
2667
"generating a key and obtaining a certificate see <xref "
2668
"linkend=\"certificates-and-security\"/>"
2669
msgstr ""
2670
2671
#: serverguide/C/web-servers.xml:584(para)
2672
msgid ""
2673
"To configure <application>Apache2</application> for HTTPS, enter the "
2674
"following:"
2675
msgstr ""
2676
2677
#: serverguide/C/web-servers.xml:589(command)
2678
msgid "sudo a2ensite default-ssl"
2679
msgstr "sudo a2ensite default-ssl"
2680
2681
#: serverguide/C/web-servers.xml:593(para)
2682
msgid ""
2683
"The directories <filename>/etc/ssl/certs</filename> and "
2684
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2685
"install the certificate and key in another directory make sure to change "
2686
"<emphasis>SSLCertificateFile</emphasis> and "
2687
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2688
msgstr ""
2689
2690
#: serverguide/C/web-servers.xml:600(para)
2691
msgid ""
2692
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2693
"settings:"
2694
msgstr ""
2695
2696
#: serverguide/C/web-servers.xml:611(para)
2697
msgid ""
2698
"Depending on how you obtained your certificate you may need to enter a "
2699
"passphrase when <application>Apache2</application> starts."
2700
msgstr ""
2701
2702
#: serverguide/C/web-servers.xml:617(para)
2703
msgid ""
2704
"You can access the secure server pages by typing https://your_hostname/url/ "
2705
"in your browser address bar."
2706
msgstr ""
2707
2708
#: serverguide/C/web-servers.xml:628(para)
2709
msgid ""
2710
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2711
"Documentation</ulink> contains in depth information on Apache2 configuration "
2712
"directives. Also, see the <application>apache2-doc</application> package for "
2713
"the official Apache2 docs."
2714
msgstr ""
2715
2716
#: serverguide/C/web-servers.xml:635(para)
2717
msgid ""
2718
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2719
"Documentation</ulink> site for more SSL related information."
2720
msgstr ""
2721
2722
#: serverguide/C/web-servers.xml:641(para)
2723
msgid ""
2724
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2725
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2726
"configurations."
2727
msgstr ""
2728
2729
#: serverguide/C/web-servers.xml:647(para)
2730
msgid ""
2731
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2732
"server</emphasis> IRC channel on <ulink "
2733
"url=\"http://freenode.net/\">freenode.net</ulink>."
2734
msgstr ""
2735
2736
#: serverguide/C/web-servers.xml:653(para)
2737
msgid ""
2738
"Usually integrated with PHP and MySQL the <ulink "
2739
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2740
"Ubuntu Wiki </ulink> page is a good resource."
2741
msgstr ""
2742
2743
#: serverguide/C/web-servers.xml:664(title)
2744
msgid "PHP5 - Scripting Language"
2745
msgstr ""
2746
2747
#: serverguide/C/web-servers.xml:665(para)
2748
msgid ""
2749
"PHP is a general-purpose scripting language suited for Web development. The "
2750
"PHP script can be embedded into HTML. This section explains how to install "
2751
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2752
msgstr ""
2753
2754
#: serverguide/C/web-servers.xml:669(para)
2755
msgid ""
2756
"This section assumes you have installed and configured Apache2 Web Server "
2757
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2758
"sections in this document to install and configure Apache2 and MySQL "
2759
"respectively."
2760
msgstr ""
2761
2762
#: serverguide/C/web-servers.xml:676(para)
2763
msgid "The PHP5 is available in Ubuntu Linux."
2764
msgstr ""
2765
2766
#: serverguide/C/web-servers.xml:678(para)
2767
msgid ""
2768
"To install PHP5 you can enter the following command in the terminal prompt: "
2769
"<screen>\n"
2770
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2771
"</screen>"
2772
msgstr ""
2773
"Per a instal·lar el PHP5 podeu introduir l'ordre següent en un terminal: "
2774
"<screen>\n"
2775
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2776
"</screen>"
2777
2778
#: serverguide/C/web-servers.xml:687(para)
2779
msgid ""
2780
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2781
"line you should install <application>php5-cli</application> package. To "
2782
"install <application>php5-cli</application> you can enter the following "
2783
"command in the terminal prompt: <screen>\n"
2784
"<command>sudo apt-get install php5-cli</command>\n"
2785
"</screen>"
2786
msgstr ""
2787
2788
#: serverguide/C/web-servers.xml:696(para)
2789
msgid ""
2790
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2791
"accomplish this, you should install <application>php5-cgi</application> "
2792
"package. You can run the following command in a terminal prompt to install "
2793
"<application>php5-cgi</application> package: <screen>\n"
2794
"<command>sudo apt-get install php5-cgi</command>\n"
2795
"</screen>"
2796
msgstr ""
2797
2798
#: serverguide/C/web-servers.xml:706(para)
2799
msgid ""
2800
"To use <application>MySQL</application> with PHP5 you should install "
2801
"<application>php5-mysql</application> package. To install <application>php5-"
2802
"mysql</application> you can enter the following command in the terminal "
2803
"prompt: <screen>\n"
2804
"<command>sudo apt-get install php5-mysql</command>\n"
2805
"</screen>"
2806
msgstr ""
2807
2808
#: serverguide/C/web-servers.xml:714(para)
2809
msgid ""
2810
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2811
"install <application>php5-pgsql</application> package. To install "
2812
"<application>php5-pgsql</application> you can enter the following command in "
2813
"the terminal prompt: <screen>\n"
2814
"<command>sudo apt-get install php5-pgsql</command>\n"
2815
"</screen>"
2816
msgstr ""
2817
2818
#: serverguide/C/web-servers.xml:727(para)
2819
msgid ""
2820
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2821
"you have installed <application>php5-cli</application> package, you can run "
2822
"PHP5 scripts from your command prompt."
2823
msgstr ""
2824
2825
#: serverguide/C/web-servers.xml:734(para)
2826
msgid ""
2827
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2828
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2829
"when you install the module. Please verify if the files "
2830
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2831
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2832
"not exists, you can enable the module using <command>a2enmod</command> "
2833
"command."
2834
msgstr ""
2835
2836
#: serverguide/C/web-servers.xml:745(para)
2837
msgid ""
2838
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2839
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2840
"following command at a terminal prompt to restart your web server: "
2841
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2842
msgstr ""
2843
2844
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2845
msgid "Testing"
2846
msgstr ""
2847
2848
#: serverguide/C/web-servers.xml:754(para)
2849
msgid ""
2850
"To verify your installation, you can run following PHP5 phpinfo script:"
2851
msgstr ""
2852
2853
#: serverguide/C/web-servers.xml:757(programlisting)
2854
#, no-wrap
2855
msgid ""
2856
"\n"
2857
"<?php\n"
2858
" phpinfo();\n"
2859
"?>\n"
2860
msgstr ""
2861
2862
#: serverguide/C/web-servers.xml:762(para)
2863
msgid ""
2864
"You can save the content in a file <filename>phpinfo.php</filename> and "
2865
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2866
"server. When point your browser to "
2867
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2868
"various PHP5 configuration parameters."
2869
msgstr ""
2870
2871
#: serverguide/C/web-servers.xml:776(para)
2872
msgid ""
2873
"For more in depth information see <ulink "
2874
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2875
msgstr ""
2876
2877
#: serverguide/C/web-servers.xml:781(para)
2878
msgid ""
2879
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2880
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2881
"5</ulink> and the <ulink "
2882
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2883
msgstr ""
2884
2885
#: serverguide/C/web-servers.xml:788(para)
2886
msgid ""
2887
"Also, see the <ulink "
2888
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2889
"Ubuntu Wiki</ulink> page for more information."
2890
msgstr ""
2891
2892
#: serverguide/C/web-servers.xml:799(title)
2893
msgid "Squid - Proxy Server"
2894
msgstr ""
2895
2896
#: serverguide/C/web-servers.xml:800(para)
2897
msgid ""
2898
"Squid is a full-featured web proxy cache server application which provides "
2899
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2900
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2901
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2902
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2903
"caching. Squid also supports a wide variety of caching protocols, such as "
2904
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2905
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2906
"Protocol. (WCCP)"
2907
msgstr ""
2908
2909
#: serverguide/C/web-servers.xml:808(para)
2910
msgid ""
2911
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2912
"and caching server needs, and scales from the branch office to enterprise "
2913
"level networks while providing extensive, granular access control mechanisms "
2914
"and monitoring of critical parameters via the Simple Network Management "
2915
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2916
"Squid proxy, or caching servers, ensure your system is configured with a "
2917
"large amount of physical memory, as Squid maintains an in-memory cache for "
2918
"increased performance."
2919
msgstr ""
2920
2921
#: serverguide/C/web-servers.xml:817(para)
2922
msgid ""
2923
"At a terminal prompt, enter the following command to install the Squid "
2924
"server:"
2925
msgstr ""
2926
2927
#: serverguide/C/web-servers.xml:822(command)
2928
msgid "sudo apt-get install squid"
2929
msgstr "sudo apt-get install squid"
2930
2931
#: serverguide/C/web-servers.xml:828(para)
2932
msgid ""
2933
"Squid is configured by editing the directives contained within the "
2934
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2935
"examples illustrate some of the directives which may be modified to affect "
2936
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2937
"see the References section."
2938
msgstr ""
2939
"Per configurar l'Squid, editeu les directives del fitxer de configuració "
2940
"<filename>/etc/squid/squid.conf</filename>. Els exemples següents il·lustren "
2941
"algunes de les directives que es poden modificar per alterar el comportament "
2942
"del servidor Squid. Per configurar-lo detalladament, vegeu l'apartat de "
2943
"referències."
2944
2945
#: serverguide/C/web-servers.xml:834(para)
2946
msgid ""
2947
"Prior to editing the configuration file, you should make a copy of the "
2948
"original file and protect it from writing so you will have the original "
2949
"settings as a reference, and to re-use as necessary."
2950
msgstr ""
2951
2952
#: serverguide/C/web-servers.xml:837(para)
2953
msgid ""
2954
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2955
"writing with the following commands entered at a terminal prompt:"
2956
msgstr ""
2957
2958
#: serverguide/C/web-servers.xml:842(command)
2959
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2960
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2961
2962
#: serverguide/C/web-servers.xml:843(command)
2963
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2964
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
2965
2966
#: serverguide/C/web-servers.xml:849(para)
2967
msgid ""
2968
"To set your Squid server to listen on TCP port 8888 instead of the default "
2969
"TCP port 3128, change the http_port directive as such:"
2970
msgstr ""
2971
2972
#: serverguide/C/web-servers.xml:853(programlisting)
2973
#, no-wrap
2974
msgid ""
2975
"\n"
2976
"http_port 8888\n"
2977
msgstr ""
2978
2979
#: serverguide/C/web-servers.xml:858(para)
2980
msgid ""
2981
"Change the visible_hostname directive in order to give the Squid server a "
2982
"specific hostname. This hostname does not necessarily need to be the "
2983
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2984
msgstr ""
2985
2986
#: serverguide/C/web-servers.xml:862(programlisting)
2987
#, no-wrap
2988
msgid ""
2989
"\n"
2990
"visible_hostname weezie\n"
2991
msgstr ""
2992
2993
#: serverguide/C/web-servers.xml:867(para)
2994
msgid ""
2995
"Using Squid's access control, you may configure use of Internet services "
2996
"proxied by Squid to be available only users with certain Internet Protocol "
2997
"(IP) addresses. For example, we will illustrate access by users of the "
2998
"192.168.42.0/24 subnetwork only:"
2999
msgstr ""
3000
3001
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3002
msgid ""
3003
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3004
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3005
msgstr ""
3006
3007
#: serverguide/C/web-servers.xml:875(programlisting)
3008
#, no-wrap
3009
msgid ""
3010
"\n"
3011
"acl fortytwo_network src 192.168.42.0/24\n"
3012
msgstr ""
3013
3014
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3015
msgid ""
3016
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3017
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3018
msgstr ""
3019
3020
#: serverguide/C/web-servers.xml:882(programlisting)
3021
#, no-wrap
3022
msgid ""
3023
"\n"
3024
"http_access allow fortytwo_network\n"
3025
msgstr ""
3026
3027
#: serverguide/C/web-servers.xml:887(para)
3028
msgid ""
3029
"Using the excellent access control features of Squid, you may configure use "
3030
"of Internet services proxied by Squid to be available only during normal "
3031
"business hours. For example, we'll illustrate access by employees of a "
3032
"business which is operating between 9:00AM and 5:00PM, Monday through "
3033
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3034
msgstr ""
3035
3036
#: serverguide/C/web-servers.xml:895(programlisting)
3037
#, no-wrap
3038
msgid ""
3039
"\n"
3040
"acl biz_network src 10.1.42.0/24\n"
3041
"acl biz_hours time M T W T F 9:00-17:00\n"
3042
msgstr ""
3043
3044
#: serverguide/C/web-servers.xml:903(programlisting)
3045
#, no-wrap
3046
msgid ""
3047
"\n"
3048
"http_access allow biz_network biz_hours\n"
3049
msgstr ""
3050
3051
#: serverguide/C/web-servers.xml:910(para)
3052
msgid ""
3053
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3054
"save the file and restart the <application>squid</application> server "
3055
"application to effect the changes using the following command entered at a "
3056
"terminal prompt:"
3057
msgstr ""
3058
3059
#: serverguide/C/web-servers.xml:917(command)
3060
msgid "sudo /etc/init.d/squid restart"
3061
msgstr "sudo /etc/init.d/squid restart"
3062
3063
#: serverguide/C/web-servers.xml:924(ulink)
3064
msgid "Squid Website"
3065
msgstr ""
3066
3067
#: serverguide/C/web-servers.xml:926(para)
3068
msgid ""
3069
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3070
"Squid</ulink> page."
3071
msgstr ""
3072
3073
#: serverguide/C/web-servers.xml:933(title)
3074
msgid "Ruby on Rails"
3075
msgstr ""
3076
3077
#: serverguide/C/web-servers.xml:934(para)
3078
msgid ""
3079
"Ruby on Rails is an open source web framework for developing database backed "
3080
"web applications. It is optimized for sustainable productivity of the "
3081
"programmer since it lets the programmer to write code by favouring "
3082
"convention over configuration."
3083
msgstr ""
3084
3085
#: serverguide/C/web-servers.xml:941(para)
3086
msgid ""
3087
"Before installing <application>Rails</application> you should install "
3088
"<application>Apache</application> and <application>MySQL</application>. To "
3089
"install the <application>Apache</application> package, please refer to <xref "
3090
"linkend=\"httpd\"/>. For instructions on installing "
3091
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3092
msgstr ""
3093
3094
#: serverguide/C/web-servers.xml:949(para)
3095
msgid ""
3096
"Once you have <application>Apache</application> and "
3097
"<application>MySQL</application> packages installed, you are ready to "
3098
"install <application>Ruby on Rails</application> package."
3099
msgstr ""
3100
3101
#: serverguide/C/web-servers.xml:956(para)
3102
msgid ""
3103
"To install the <application>Ruby</application> base packages and "
3104
"<application>Ruby on Rails</application>, you can enter the following "
3105
"command in the terminal prompt:"
3106
msgstr ""
3107
3108
#: serverguide/C/web-servers.xml:962(command)
3109
msgid "sudo apt-get install rails"
3110
msgstr "sudo apt-get install rails"
3111
3112
#: serverguide/C/web-servers.xml:968(para)
3113
msgid ""
3114
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3115
"configuration file to setup your domains."
3116
msgstr ""
3117
3118
#: serverguide/C/web-servers.xml:972(para)
3119
msgid ""
3120
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3121
msgstr ""
3122
3123
#: serverguide/C/web-servers.xml:976(programlisting)
3124
#, no-wrap
3125
msgid ""
3126
"\n"
3127
"DocumentRoot /path/to/rails/application/public\n"
3128
msgstr ""
3129
3130
#: serverguide/C/web-servers.xml:979(para)
3131
msgid ""
3132
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3133
"directive:"
3134
msgstr ""
3135
3136
#: serverguide/C/web-servers.xml:983(programlisting)
3137
#, no-wrap
3138
msgid ""
3139
"\n"
3140
"<Directory \"/path/to/rails/application/public\">\n"
3141
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3142
" AllowOverride All\n"
3143
" Order allow,deny\n"
3144
" allow from all\n"
3145
" AddHandler cgi-script .cgi\n"
3146
"</Directory>\n"
3147
msgstr ""
3148
3149
#: serverguide/C/web-servers.xml:993(para)
3150
msgid ""
3151
"You should also enable the <application>mod_rewrite</application> module for "
3152
"Apache. To enable <application>mod_rewrite</application> module, please "
3153
"enter the following command in a terminal prompt:"
3154
msgstr ""
3155
3156
#: serverguide/C/web-servers.xml:999(command)
3157
msgid "sudo a2enmod rewrite"
3158
msgstr "sudo a2enmod rewrite"
3159
3160
#: serverguide/C/web-servers.xml:1002(para)
3161
msgid ""
3162
"Finally you will need to change the ownership of the "
3163
"<filename>/path/to/rails/application/public</filename> and "
3164
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3165
"used to run the <application>Apache</application> process:"
3166
msgstr ""
3167
3168
#: serverguide/C/web-servers.xml:1008(command)
3169
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3170
msgstr ""
3171
3172
#: serverguide/C/web-servers.xml:1009(command)
3173
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3174
msgstr ""
3175
3176
#: serverguide/C/web-servers.xml:1012(para)
3177
msgid ""
3178
"That's it! Now you have your Server ready for your <application>Ruby on "
3179
"Rails</application> applications."
3180
msgstr ""
3181
3182
#: serverguide/C/web-servers.xml:1021(para)
3183
msgid ""
3184
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3185
"for more information."
3186
msgstr ""
3187
3188
#: serverguide/C/web-servers.xml:1026(para)
3189
msgid ""
3190
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3191
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3192
"resource."
3193
msgstr ""
3194
3195
#: serverguide/C/web-servers.xml:1032(para)
3196
msgid ""
3197
"Another place for more information is the <ulink "
3198
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3199
"Wiki</ulink> page."
3200
msgstr ""
3201
3202
#: serverguide/C/web-servers.xml:1043(title)
3203
msgid "Apache Tomcat"
3204
msgstr ""
3205
3206
#: serverguide/C/web-servers.xml:1044(para)
3207
msgid ""
3208
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3209
"JSP (Java Server Pages) web applications."
3210
msgstr ""
3211
3212
#: serverguide/C/web-servers.xml:1046(para)
3213
msgid ""
3214
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3215
"different ways of running Tomcat. You can install them as a classic unique "
3216
"system-wide instance, that will be started at boot time and will run as the "
3217
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3218
"will run with your own user rights, and that you should start and stop by "
3219
"yourself. This second way is particularly useful in a development server "
3220
"context where multiple users need to test on their own private Tomcat "
3221
"instances."
3222
msgstr ""
3223
3224
#: serverguide/C/web-servers.xml:1056(title)
3225
msgid "System-wide installation"
3226
msgstr ""
3227
3228
#: serverguide/C/web-servers.xml:1057(para)
3229
msgid ""
3230
"To install the <application>Tomcat</application> server, you can enter the "
3231
"following command in the terminal prompt:"
3232
msgstr ""
3233
3234
#: serverguide/C/web-servers.xml:1060(command)
3235
msgid "sudo apt-get install tomcat6"
3236
msgstr "sudo apt-get install tomcat6"
3237
3238
#: serverguide/C/web-servers.xml:1062(para)
3239
msgid ""
3240
"This will install a Tomcat server with just a default ROOT webapp that "
3241
"displays a minimal \"It works\" page by default."
3242
msgstr ""
3243
3244
#: serverguide/C/web-servers.xml:1068(para)
3245
msgid ""
3246
"Tomcat configuration files can be found in "
3247
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3248
"will be described here, please see <ulink "
3249
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3250
"documentation</ulink> for more."
3251
msgstr ""
3252
3253
#: serverguide/C/web-servers.xml:1074(title)
3254
msgid "Changing default ports"
3255
msgstr ""
3256
3257
#: serverguide/C/web-servers.xml:1075(para)
3258
msgid ""
3259
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3260
"connector on port 8009. You might want to change those default ports to "
3261
"avoid conflict with another server on the system. This is done by changing "
3262
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3263
msgstr ""
3264
3265
#: serverguide/C/web-servers.xml:1080(programlisting)
3266
#, no-wrap
3267
msgid ""
3268
"\n"
3269
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3270
" connectionTimeout=\"20000\" \n"
3271
" redirectPort=\"8443\" />\n"
3272
"...\n"
3273
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3274
"/>\n"
3275
msgstr ""
3276
3277
#: serverguide/C/web-servers.xml:1089(title)
3278
msgid "Changing JVM used"
3279
msgstr ""
3280
3281
#: serverguide/C/web-servers.xml:1090(para)
3282
msgid ""
3283
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3284
"then try some other JVMs. If you have various JVMs installed, you can set "
3285
"which should be used by setting JAVA_HOME in "
3286
"<filename>/etc/default/tomcat6</filename>:"
3287
msgstr ""
3288
3289
#: serverguide/C/web-servers.xml:1094(programlisting)
3290
#, no-wrap
3291
msgid ""
3292
"\n"
3293
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3294
msgstr ""
3295
3296
#: serverguide/C/web-servers.xml:1099(title)
3297
msgid "Declaring users and roles"
3298
msgstr ""
3299
3300
#: serverguide/C/web-servers.xml:1100(para)
3301
msgid ""
3302
"Usernames, passwords and roles (groups) can be defined centrally in a "
3303
"Servlet container. In Tomcat 6.0 this is done in the "
3304
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3305
msgstr ""
3306
3307
#: serverguide/C/web-servers.xml:1103(programlisting)
3308
#, no-wrap
3309
msgid ""
3310
"\n"
3311
"<role rolename=\"admin\"/>\n"
3312
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3313
msgstr ""
3314
3315
#: serverguide/C/web-servers.xml:1111(title)
3316
msgid "Using Tomcat standard webapps"
3317
msgstr ""
3318
3319
#: serverguide/C/web-servers.xml:1112(para)
3320
msgid ""
3321
"Tomcat is shipped with webapps that you can install for documentation, "
3322
"administration or demo purposes."
3323
msgstr ""
3324
3325
#: serverguide/C/web-servers.xml:1115(title)
3326
msgid "Tomcat documentation"
3327
msgstr ""
3328
3329
#: serverguide/C/web-servers.xml:1116(para)
3330
msgid ""
3331
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3332
"documentation, packaged as a webapp that you can access by default at "
3333
"http://yourserver:8080/docs. You can install it by entering the following "
3334
"command in the terminal prompt:"
3335
msgstr ""
3336
3337
#: serverguide/C/web-servers.xml:1121(command)
3338
msgid "sudo apt-get install tomcat6-docs"
3339
msgstr "sudo apt-get install tomcat6-docs"
3340
3341
#: serverguide/C/web-servers.xml:1125(title)
3342
msgid "Tomcat administration webapps"
3343
msgstr ""
3344
3345
#: serverguide/C/web-servers.xml:1126(para)
3346
msgid ""
3347
"The <application>tomcat6-admin</application> package contains two webapps "
3348
"that can be used to administer the Tomcat server using a web interface. You "
3349
"can install them by entering the following command in the terminal prompt:"
3350
msgstr ""
3351
3352
#: serverguide/C/web-servers.xml:1131(command)
3353
msgid "sudo apt-get install tomcat6-admin"
3354
msgstr "sudo apt-get install tomcat6-admin"
3355
3356
#: serverguide/C/web-servers.xml:1133(para)
3357
msgid ""
3358
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3359
"access by default at http://yourserver:8080/manager/html. It is primarily "
3360
"used to get server status and restart webapps."
3361
msgstr ""
3362
3363
#: serverguide/C/web-servers.xml:1136(para)
3364
msgid ""
3365
"Access to the <emphasis>manager</emphasis> application is protected by "
3366
"default: you need to define a user with the role \"manager\" in "
3367
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3368
msgstr ""
3369
3370
#: serverguide/C/web-servers.xml:1140(para)
3371
msgid ""
3372
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3373
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3374
"used to create virtual hosts dynamically."
3375
msgstr ""
3376
3377
#: serverguide/C/web-servers.xml:1144(para)
3378
msgid ""
3379
"Access to the <emphasis>host-manager</emphasis> application is also "
3380
"protected by default: you need to define a user with the role \"admin\" in "
3381
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3382
msgstr ""
3383
3384
#: serverguide/C/web-servers.xml:1149(para)
3385
msgid ""
3386
"For security reasons, the tomcat6 user cannot write to the "
3387
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3388
"these admin webapps (application deployment, virtual host creation) need "
3389
"write access to that directory. If you want to use these features execute "
3390
"the following, to give users in the tomcat6 group the necessary rights:"
3391
msgstr ""
3392
3393
#: serverguide/C/web-servers.xml:1156(command)
3394
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3395
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
3396
3397
#: serverguide/C/web-servers.xml:1157(command)
3398
msgid "sudo chmod -R g+w /etc/tomcat6"
3399
msgstr "sudo chmod -R g+w /etc/tomcat6"
3400
3401
#: serverguide/C/web-servers.xml:1162(title)
3402
msgid "Tomcat examples webapps"
3403
msgstr ""
3404
3405
#: serverguide/C/web-servers.xml:1163(para)
3406
msgid ""
3407
"The <application>tomcat6-examples</application> package contains two webapps "
3408
"that can be used to test or demonstrate Servlets and JSP features, which you "
3409
"can access them by default at http://yourserver:8080/examples. You can "
3410
"install them by entering the following command in the terminal prompt:"
3411
msgstr ""
3412
3413
#: serverguide/C/web-servers.xml:1169(command)
3414
msgid "sudo apt-get install tomcat6-examples"
3415
msgstr "sudo apt-get install tomcat6-examples"
3416
3417
#: serverguide/C/web-servers.xml:1175(title)
3418
msgid "Using private instances"
3419
msgstr ""
3420
3421
#: serverguide/C/web-servers.xml:1176(para)
3422
msgid ""
3423
"Tomcat is heavily used in development and testing scenarios where using a "
3424
"single system-wide instance doesn't meet the requirements of multiple users "
3425
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3426
"help deploy your own user-oriented instances, allowing every user on a "
3427
"system to run (without root rights) separate private instances while still "
3428
"using the system-installed libraries."
3429
msgstr ""
3430
3431
#: serverguide/C/web-servers.xml:1183(para)
3432
msgid ""
3433
"It is possible to run the system-wide instance and the private instances in "
3434
"parallel, as long as they do not use the same TCP ports."
3435
msgstr ""
3436
3437
#: serverguide/C/web-servers.xml:1187(title)
3438
msgid "Installing private instance support"
3439
msgstr ""
3440
3441
#: serverguide/C/web-servers.xml:1188(para)
3442
msgid ""
3443
"You can install everything necessary to run private instances by entering "
3444
"the following command in the terminal prompt:"
3445
msgstr ""
3446
3447
#: serverguide/C/web-servers.xml:1191(command)
3448
msgid "sudo apt-get install tomcat6-user"
3449
msgstr "sudo apt-get install tomcat6-user"
3450
3451
#: serverguide/C/web-servers.xml:1195(title)
3452
msgid "Creating a private instance"
3453
msgstr ""
3454
3455
#: serverguide/C/web-servers.xml:1196(para)
3456
msgid ""
3457
"You can create a private instance directory by entering the following "
3458
"command in the terminal prompt:"
3459
msgstr ""
3460
3461
#: serverguide/C/web-servers.xml:1199(command)
3462
msgid "tomcat6-instance-create my-instance"
3463
msgstr ""
3464
3465
#: serverguide/C/web-servers.xml:1201(para)
3466
msgid ""
3467
"This will create a new <filename>my-instance</filename> directory with all "
3468
"the necessary subdirectories and scripts. You can for example install your "
3469
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3470
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3471
"are deployed by default."
3472
msgstr ""
3473
3474
#: serverguide/C/web-servers.xml:1209(title)
3475
msgid "Configuring your private instance"
3476
msgstr ""
3477
3478
#: serverguide/C/web-servers.xml:1210(para)
3479
msgid ""
3480
"You will find the classic Tomcat configuration files for your private "
3481
"instance in the <filename>conf/</filename> subdirectory. You should for "
3482
"example certainly edit the <filename>conf/server.xml</filename> file to "
3483
"change the default ports used by your private Tomcat instance to avoid "
3484
"conflict with other instances that might be running."
3485
msgstr ""
3486
3487
#: serverguide/C/web-servers.xml:1218(title)
3488
msgid "Starting/stopping your private instance"
3489
msgstr ""
3490
3491
#: serverguide/C/web-servers.xml:1219(para)
3492
msgid ""
3493
"You can start your private instance by entering the following command in the "
3494
"terminal prompt (supposing your instance is located in the <filename>my-"
3495
"instance</filename> directory):"
3496
msgstr ""
3497
3498
#: serverguide/C/web-servers.xml:1223(command)
3499
msgid "my-instance/bin/startup.sh"
3500
msgstr ""
3501
3502
#: serverguide/C/web-servers.xml:1225(para)
3503
msgid ""
3504
"You should check the <filename>logs/</filename> subdirectory for any error. "
3505
"If you have a <emphasis>java.net.BindException: Address already in "
3506
"use<null>:8080</emphasis> error, it means that the port you're using "
3507
"is already taken and that you should change it."
3508
msgstr ""
3509
3510
#: serverguide/C/web-servers.xml:1230(para)
3511
msgid ""
3512
"You can stop your instance by entering the following command in the terminal "
3513
"prompt (supposing your instance is located in the <filename>my-"
3514
"instance</filename> directory):"
3515
msgstr ""
3516
3517
#: serverguide/C/web-servers.xml:1234(command)
3518
msgid "my-instance/bin/shutdown.sh"
3519
msgstr ""
3520
3521
#: serverguide/C/web-servers.xml:1243(para)
3522
msgid ""
3523
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3524
"website for more information."
3525
msgstr ""
3526
3527
#: serverguide/C/web-servers.xml:1248(para)
3528
msgid ""
3529
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3530
"Definitive Guide</ulink> is a good resource for building web applications "
3531
"with Tomcat."
3532
msgstr ""
3533
3534
#: serverguide/C/web-servers.xml:1254(para)
3535
msgid ""
3536
"For additional books see the <ulink "
3537
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3538
"page."
3539
msgstr ""
3540
3541
#: serverguide/C/web-servers.xml:1259(para)
3542
msgid ""
3543
"Also, see the<ulink "
3544
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3545
"Tomcat</ulink> page."
3546
msgstr ""
3547
3548
#: serverguide/C/vpn.xml:13(title)
3549
msgid "VPN"
3550
msgstr "VPN"
3551
3552
#: serverguide/C/vpn.xml:15(para)
3553
msgid ""
3554
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3555
"network connection between two or more networks. There are several ways to "
3556
"create a VPN using software as well as dedicated hardware appliances. This "
3557
"chapter will cover installing and configuring "
3558
"<application>OpenVPN</application> to create a VPN between two servers."
3559
msgstr ""
3560
3561
#: serverguide/C/vpn.xml:23(title)
3562
msgid "OpenVPN"
3563
msgstr "OpenVPN"
3564
3565
#: serverguide/C/vpn.xml:25(para)
3566
msgid ""
3567
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3568
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3569
"clients through a bridge interface on the VPN server. This guide will assume "
3570
"that one VPN node, the server in this case, has a bridge interface "
3571
"configured. For more information on setting up a bridge see <xref "
3572
"linkend=\"bridging\"/>."
3573
msgstr ""
3574
3575
#: serverguide/C/vpn.xml:35(para)
3576
msgid "To install <application>openvpn</application> in a terminal enter:"
3577
msgstr ""
3578
3579
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3580
msgid "sudo apt-get install openvpn"
3581
msgstr "sudo apt-get install openvpn"
3582
3583
#: serverguide/C/vpn.xml:45(title)
3584
msgid "Server Certificates"
3585
msgstr ""
3586
3587
#: serverguide/C/vpn.xml:47(para)
3588
msgid ""
3589
"Now that the <application>openvpn</application> package is installed, the "
3590
"certificates for the VPN server need to be created."
3591
msgstr ""
3592
"Ara que heu instal·lat el paquet <application>openvpn</application>, heu de "
3593
"crear els certificats per al servidor VPN."
3594
3595
#: serverguide/C/vpn.xml:52(para)
3596
msgid ""
3597
"First, copy the <filename>easy-rsa</filename> directory to "
3598
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3599
"scripts will not be lost when the package is updated. You will also need to "
3600
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3601
"the current user permission to create files. From a terminal enter:"
3602
msgstr ""
3603
3604
#: serverguide/C/vpn.xml:59(command)
3605
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3606
msgstr "sudo mkdir /etc/openvpn/easy-rsa/"
3607
3608
#: serverguide/C/vpn.xml:60(command)
3609
msgid ""
3610
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3611
"rsa/"
3612
msgstr ""
3613
3614
#: serverguide/C/vpn.xml:61(command)
3615
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3616
msgstr ""
3617
3618
#: serverguide/C/vpn.xml:64(para)
3619
msgid ""
3620
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3621
"following to your environment:"
3622
msgstr ""
3623
"Després editeu el fitxer <filename>/etc/openvpn/easy-rsa/vars</filename> i "
3624
"ajusteu el següent al vostre entorn:"
3625
3626
#: serverguide/C/vpn.xml:68(programlisting)
3627
#, no-wrap
3628
msgid ""
3629
"\n"
3630
"export KEY_COUNTRY=\"US\"\n"
3631
"export KEY_PROVINCE=\"NC\"\n"
3632
"export KEY_CITY=\"Winston-Salem\"\n"
3633
"export KEY_ORG=\"Example Company\"\n"
3634
"export KEY_EMAIL=\"steve@example.com\"\n"
3635
msgstr ""
3636
3637
#: serverguide/C/vpn.xml:76(para)
3638
msgid "Enter the following to create the server certificates:"
3639
msgstr ""
3640
3641
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3642
msgid "cd /etc/openvpn/easy-rsa/"
3643
msgstr "cd /etc/openvpn/easy-rsa/"
3644
3645
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3646
msgid "source vars"
3647
msgstr ""
3648
3649
#: serverguide/C/vpn.xml:83(command)
3650
msgid "./clean-all"
3651
msgstr ""
3652
3653
#: serverguide/C/vpn.xml:84(command)
3654
msgid "./build-dh"
3655
msgstr ""
3656
3657
#: serverguide/C/vpn.xml:85(command)
3658
msgid "./pkitool --initca"
3659
msgstr ""
3660
3661
#: serverguide/C/vpn.xml:86(command)
3662
msgid "./pkitool --server server"
3663
msgstr ""
3664
3665
#: serverguide/C/vpn.xml:87(command)
3666
msgid "cd keys"
3667
msgstr ""
3668
3669
#: serverguide/C/vpn.xml:88(command)
3670
msgid "openvpn --genkey --secret ta.key"
3671
msgstr "openvpn --genkey --secret ta.key"
3672
3673
#: serverguide/C/vpn.xml:89(command)
3674
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3675
msgstr "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3676
3677
#: serverguide/C/vpn.xml:94(title)
3678
msgid "Client Certificates"
3679
msgstr ""
3680
3681
#: serverguide/C/vpn.xml:96(para)
3682
msgid ""
3683
"The VPN client will also need a certificate to authenticate itself to the "
3684
"server. To create the certificate, enter the following in a terminal:"
3685
msgstr ""
3686
"El client de la VPN també necessita un certificat per autenticar-se al "
3687
"servidor. Per a crear el certificat, introduïu el següent en un terminal:"
3688
3689
#: serverguide/C/vpn.xml:104(command)
3690
msgid "./pkitool hostname"
3691
msgstr ""
3692
3693
#: serverguide/C/vpn.xml:108(para)
3694
msgid ""
3695
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3696
"machine connecting to the VPN."
3697
msgstr ""
3698
"Reemplaceu <emphasis>hostname</emphasis> amb el nom actual de l'amfitrió de "
3699
"la màquina connectada a la VPN."
3700
3701
#: serverguide/C/vpn.xml:113(para)
3702
msgid "Copy the following files to the client:"
3703
msgstr ""
3704
3705
#: serverguide/C/vpn.xml:118(para)
3706
msgid "/etc/openvpn/ca.crt"
3707
msgstr ""
3708
3709
#: serverguide/C/vpn.xml:119(para)
3710
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3711
msgstr ""
3712
3713
#: serverguide/C/vpn.xml:120(para)
3714
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3715
msgstr ""
3716
3717
#: serverguide/C/vpn.xml:121(para)
3718
msgid "/etc/openvpn/ta.key"
3719
msgstr ""
3720
3721
#: serverguide/C/vpn.xml:125(para)
3722
msgid ""
3723
"Remember to adjust the above file names for your client machine's "
3724
"<emphasis>hostname</emphasis>."
3725
msgstr ""
3726
3727
#: serverguide/C/vpn.xml:130(para)
3728
msgid ""
3729
"It is best to use a secure method to copy the certificate and key files. The "
3730
"<application>scp</application> utility is a good choice, but copying the "
3731
"files to removable media then to the client, also works well."
3732
msgstr ""
3733
3734
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3735
msgid "Server Configuration"
3736
msgstr ""
3737
3738
#: serverguide/C/vpn.xml:143(para)
3739
msgid ""
3740
"Now configure the <application>openvpn</application> server by creating "
3741
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3742
"terminal enter:"
3743
msgstr ""
3744
"Ara configureu el servidor <application>openvpn</application> tot creant "
3745
"<filename>/etc/openvpn/server.conf</filename> a partir del fitxer d'exemple. "
3746
"En un terminal, introduïu:"
3747
3748
#: serverguide/C/vpn.xml:149(command)
3749
msgid ""
3750
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3751
"/etc/openvpn/"
3752
msgstr ""
3753
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3754
"/etc/openvpn/"
3755
3756
#: serverguide/C/vpn.xml:150(command)
3757
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3758
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
3759
3760
#: serverguide/C/vpn.xml:153(para)
3761
msgid ""
3762
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3763
"options to:"
3764
msgstr ""
3765
3766
#: serverguide/C/vpn.xml:157(programlisting)
3767
#, no-wrap
3768
msgid ""
3769
"\n"
3770
"local 172.18.100.101\n"
3771
"dev tap0\n"
3772
"up \"/etc/openvpn/up.sh br0\"\n"
3773
"down \"/etc/openvpn/down.sh br0\"\n"
3774
";server 10.8.0.0 255.255.255.0\n"
3775
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3776
"push \"route 172.18.100.1 255.255.255.0\"\n"
3777
"push \"dhcp-option DNS 172.18.100.20\"\n"
3778
"push \"dhcp-option DOMAIN example.com\"\n"
3779
"tls-auth ta.key 0 # This file is secret\n"
3780
"user nobody\n"
3781
"group nogroup\n"
3782
msgstr ""
3783
3784
#: serverguide/C/vpn.xml:174(para)
3785
msgid ""
3786
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3787
msgstr ""
3788
3789
#: serverguide/C/vpn.xml:179(para)
3790
msgid ""
3791
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3792
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3793
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3794
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3795
"to clients."
3796
msgstr ""
3797
3798
#: serverguide/C/vpn.xml:186(para)
3799
msgid ""
3800
"<emphasis>push</emphasis>: are directives to add networking options for "
3801
"clients."
3802
msgstr ""
3803
"<emphasis>push</emphasis>: són directives per afegir opcions de xarxa per "
3804
"als clients."
3805
3806
#: serverguide/C/vpn.xml:191(para)
3807
msgid ""
3808
"<emphasis>user and group</emphasis>: configure which user and group the "
3809
"<application>openvpn</application> daemon executes as."
3810
msgstr ""
3811
3812
#: serverguide/C/vpn.xml:198(para)
3813
msgid ""
3814
"Replace all IP addresses and domain names above with those of your network."
3815
msgstr ""
3816
3817
#: serverguide/C/vpn.xml:203(para)
3818
msgid ""
3819
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3820
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3821
msgstr ""
3822
"Ara creeu un parell d'scripts d'ajuda per afegir la interfície "
3823
"<emphasis>tap</emphasis> al pont. Creeu l'script "
3824
"<filename>/etc/openvpn/up.sh</filename>:"
3825
3826
#: serverguide/C/vpn.xml:207(programlisting)
3827
#, no-wrap
3828
msgid ""
3829
"\n"
3830
"#!/bin/sh\n"
3831
"\n"
3832
"BR=$1\n"
3833
"DEV=$2\n"
3834
"MTU=$3\n"
3835
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3836
"/usr/sbin/brctl addif $BR $DEV\n"
3837
msgstr ""
3838
3839
#: serverguide/C/vpn.xml:217(para)
3840
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3841
msgstr "I <filename>/etc/openvpn/down.sh</filename>:"
3842
3843
#: serverguide/C/vpn.xml:221(programlisting)
3844
#, no-wrap
3845
msgid ""
3846
"\n"
3847
"#!/bin/sh\n"
3848
"\n"
3849
"BR=$1\n"
3850
"DEV=$2\n"
3851
"\n"
3852
"/usr/sbin/brctl delif $BR $DEV\n"
3853
"/sbin/ifconfig $DEV down\n"
3854
msgstr ""
3855
3856
#: serverguide/C/vpn.xml:231(para)
3857
msgid "Then make them executable:"
3858
msgstr ""
3859
3860
#: serverguide/C/vpn.xml:236(command)
3861
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3862
msgstr "sudo chmod 755 /etc/openvpn/down.sh"
3863
3864
#: serverguide/C/vpn.xml:237(command)
3865
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3866
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
3867
3868
#: serverguide/C/vpn.xml:240(para)
3869
msgid ""
3870
"After configuring the server, restart <application>openvpn</application> by "
3871
"entering:"
3872
msgstr ""
3873
"Després de configurar el servidor, reinicieu "
3874
"l'<application>openvpn</application> tot introduïnt:"
3875
3876
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3877
msgid "sudo /etc/init.d/openvpn restart"
3878
msgstr "sudo /etc/init.d/openvpn restart"
3879
3880
#: serverguide/C/vpn.xml:250(title)
3881
msgid "Client Configuration"
3882
msgstr ""
3883
3884
#: serverguide/C/vpn.xml:252(para)
3885
msgid "First, install <application>openvpn</application> on the client:"
3886
msgstr ""
3887
3888
#: serverguide/C/vpn.xml:260(para)
3889
msgid ""
3890
"Then with the server configured and the client certificates copied to the "
3891
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3892
"file by copying the example. In a terminal on the client machine enter:"
3893
msgstr ""
3894
3895
#: serverguide/C/vpn.xml:266(command)
3896
msgid ""
3897
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3898
"/etc/openvpn"
3899
msgstr ""
3900
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3901
"/etc/openvpn"
3902
3903
#: serverguide/C/vpn.xml:269(para)
3904
msgid ""
3905
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3906
"following options:"
3907
msgstr ""
3908
"Ara editeu el fitxer <filename>/etc/openvpn/client.conf</filename> i canvieu-"
3909
"ne les opcions següents:"
3910
3911
#: serverguide/C/vpn.xml:273(programlisting)
3912
#, no-wrap
3913
msgid ""
3914
"\n"
3915
"dev tap\n"
3916
"remote vpn.example.com 1194\n"
3917
"cert hostname.crt\n"
3918
"key hostname.key\n"
3919
"tls-auth ta.key 1\n"
3920
msgstr ""
3921
3922
#: serverguide/C/vpn.xml:282(para)
3923
msgid ""
3924
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3925
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3926
"key filenames."
3927
msgstr ""
3928
3929
#: serverguide/C/vpn.xml:288(para)
3930
msgid "Finally, restart <application>openvpn</application>:"
3931
msgstr "Finalment, reinicieu l'<application>openvpn</application>:"
3932
3933
#: serverguide/C/vpn.xml:296(para)
3934
msgid "You should now be able to connect to the remote LAN through the VPN."
3935
msgstr ""
3936
"Ara hauria de ser possible connectar-se a la LAN remota mitjançant la VPN."
3937
3938
#: serverguide/C/vpn.xml:307(para)
3939
msgid ""
3940
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3941
"additional information."
3942
msgstr ""
3943
"Per a obtenir més informació, vegeu el lloc web de l'<ulink "
3944
"url=\"http://openvpn.net/\">OpenVPN</ulink>"
3945
3946
#: serverguide/C/vpn.xml:312(para)
3947
msgid ""
3948
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3949
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3950
msgstr ""
3951
3952
#: serverguide/C/vpn.xml:318(para)
3953
msgid ""
3954
"Another source of further information is the <ulink "
3955
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3956
"OpenVPN</ulink> page."
3957
msgstr ""
3958
3959
#: serverguide/C/virtualization.xml:13(title)
3960
msgid "Virtualization"
3961
msgstr "Virtualització"
3962
3963
#: serverguide/C/virtualization.xml:14(para)
3964
msgid ""
3965
"Virtualization is being adopted in many different environments and "
3966
"situations. If you are a developer, virtualization can provide you with a "
3967
"contained environment where you can safely do almost any sort of development "
3968
"safe from messing up your main working environment. If you are a systems "
3969
"administrator, you can use virtualization to more easily separate your "
3970
"services and move them around based on demand."
3971
msgstr ""
3972
3973
#: serverguide/C/virtualization.xml:20(para)
3974
msgid ""
3975
"The default virtualization technology supported in Ubuntu is "
3976
"<application>KVM</application>, a technology that takes advantage of "
3977
"virtualization extensions built into Intel and AMD hardware. For hardware "
3978
"without virtualization extensions <application>Xen</application> and "
3979
"<application>Qemu</application> are popular solutions."
3980
msgstr ""
3981
3982
#: serverguide/C/virtualization.xml:27(title)
3983
msgid "libvirt"
3984
msgstr ""
3985
3986
#: serverguide/C/virtualization.xml:28(para)
3987
msgid ""
3988
"The <application>libvirt</application> library is used to interface with "
3989
"different virtualization technologies. Before getting started with "
3990
"<application>libvirt</application> it is best to make sure your hardware "
3991
"supports the necessary virtualization extensions for "
3992
"<application>KVM</application>. Enter the following from a terminal prompt:"
3993
msgstr ""
3994
3995
#: serverguide/C/virtualization.xml:35(command)
3996
msgid "kvm-ok"
3997
msgstr ""
3998
3999
#: serverguide/C/virtualization.xml:37(para)
4000
msgid ""
4001
"A message will be printed informing you if your CPU "
4002
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4003
"virtualization."
4004
msgstr ""
4005
4006
#: serverguide/C/virtualization.xml:41(para)
4007
msgid ""
4008
"On most computer whose processor supports virtualization, it is necessary to "
4009
"activate an option in the BIOS to enable it."
4010
msgstr ""
4011
4012
#: serverguide/C/virtualization.xml:47(title)
4013
msgid "Virtual Networking"
4014
msgstr "Xarxes virtuals"
4015
4016
#: serverguide/C/virtualization.xml:49(para)
4017
msgid ""
4018
"There are a few different ways to allow a virtual machine access to the "
4019
"external network. The default virtual network configuration is "
4020
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4021
"traffic is NATed through the host interface to the outside network."
4022
msgstr ""
4023
4024
#: serverguide/C/virtualization.xml:54(para)
4025
msgid ""
4026
"To enable external hosts to directly access services on virtual machines a "
4027
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4028
"interfaces to connect to the outside network through the physical interface, "
4029
"making them appear as normal hosts to the rest of the network. For "
4030
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4031
msgstr ""
4032
4033
#: serverguide/C/virtualization.xml:63(para)
4034
msgid "To install the necessary packages, from a terminal prompt enter:"
4035
msgstr ""
4036
4037
#: serverguide/C/virtualization.xml:67(command)
4038
msgid "sudo apt-get install kvm libvirt-bin"
4039
msgstr "sudo apt-get install kvm libvirt-bin"
4040
4041
#: serverguide/C/virtualization.xml:69(para)
4042
msgid ""
4043
"After installing <application>libvirt-bin</application>, the user used to "
4044
"manage virtual machines will need to be added to the "
4045
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4046
"the advanced networking options."
4047
msgstr ""
4048
4049
#: serverguide/C/virtualization.xml:73(para)
4050
msgid "In a terminal enter:"
4051
msgstr ""
4052
4053
#: serverguide/C/virtualization.xml:77(command)
4054
msgid "sudo adduser $USER libvirtd"
4055
msgstr "sudo adduser $USUARI libvirtd"
4056
4057
#: serverguide/C/virtualization.xml:80(para)
4058
msgid ""
4059
"If the user chosen is the current user, you will need to log out and back in "
4060
"for the new group membership to take effect."
4061
msgstr ""
4062
4063
#: serverguide/C/virtualization.xml:84(para)
4064
msgid ""
4065
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4066
"Installing a virtual machine follows the same process as installing the "
4067
"operating system directly on the hardware. You either need a way to automate "
4068
"the installation, or a keyboard and monitor will need to be attached to the "
4069
"physical machine."
4070
msgstr ""
4071
4072
#: serverguide/C/virtualization.xml:89(para)
4073
msgid ""
4074
"In the case of virtual machines a Graphical User Interface (GUI) is "
4075
"analogous to using a physical keyboard and mouse. Instead of installing a "
4076
"GUI the <application>virt-viewer</application> application can be used to "
4077
"connect to a virtual machine's console using <application>VNC</application>. "
4078
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4079
msgstr ""
4080
4081
#: serverguide/C/virtualization.xml:94(para)
4082
msgid ""
4083
"There are several ways to automate the Ubuntu installation process, for "
4084
"example using preseeds, kickstart, etc. Refer to the <ulink "
4085
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4086
"Installation Guide</ulink> for details."
4087
msgstr ""
4088
4089
#: serverguide/C/virtualization.xml:98(para)
4090
msgid ""
4091
"Yet another way to install an Ubuntu virtual machine is to use "
4092
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4093
"builder</application> allows you to setup advanced partitions, execute "
4094
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4095
"vmbuilder\"/>"
4096
msgstr ""
4097
4098
#: serverguide/C/virtualization.xml:104(title)
4099
msgid "virt-install"
4100
msgstr ""
4101
4102
#: serverguide/C/virtualization.xml:105(para)
4103
msgid ""
4104
"<application>virt-install</application> is part of the <application>python-"
4105
"virtinst</application> package. To install it, from a terminal prompt enter:"
4106
msgstr ""
4107
4108
#: serverguide/C/virtualization.xml:109(command)
4109
msgid "sudo apt-get install python-virtinst"
4110
msgstr "sudo apt-get install python-virtinst"
4111
4112
#: serverguide/C/virtualization.xml:111(para)
4113
msgid ""
4114
"There are several options available when using <application>virt-"
4115
"install</application>. For example:"
4116
msgstr ""
4117
4118
#: serverguide/C/virtualization.xml:115(command)
4119
msgid ""
4120
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4121
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4122
msgstr ""
4123
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4124
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4125
4126
#: serverguide/C/virtualization.xml:122(para)
4127
msgid ""
4128
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4129
"be <emphasis>web_devel</emphasis> in this example."
4130
msgstr ""
4131
4132
#: serverguide/C/virtualization.xml:127(para)
4133
msgid ""
4134
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4135
"machine will use."
4136
msgstr ""
4137
4138
#: serverguide/C/virtualization.xml:132(para)
4139
msgid ""
4140
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4141
"disk which can be a file, partition, or logical volume. In this example a "
4142
"file named <filename>web_devel.img</filename>."
4143
msgstr ""
4144
4145
#: serverguide/C/virtualization.xml:138(para)
4146
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4147
msgstr ""
4148
4149
#: serverguide/C/virtualization.xml:143(para)
4150
msgid ""
4151
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4152
"file can be either an ISO file or the path to the host's CDROM device."
4153
msgstr ""
4154
4155
#: serverguide/C/virtualization.xml:149(para)
4156
msgid ""
4157
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4158
"technologies."
4159
msgstr ""
4160
4161
#: serverguide/C/virtualization.xml:154(para)
4162
msgid ""
4163
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4164
msgstr ""
4165
4166
#: serverguide/C/virtualization.xml:159(para)
4167
msgid ""
4168
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4169
"virtual machine's console."
4170
msgstr ""
4171
4172
#: serverguide/C/virtualization.xml:164(para)
4173
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4174
msgstr ""
4175
4176
#: serverguide/C/virtualization.xml:169(para)
4177
msgid ""
4178
"After launching <application>virt-install</application> you can connect to "
4179
"the virtual machine's console either locally using a GUI or with the "
4180
"<application>virt-viewer</application> utility."
4181
msgstr ""
4182
4183
#: serverguide/C/virtualization.xml:175(title)
4184
msgid "virt-clone"
4185
msgstr ""
4186
4187
#: serverguide/C/virtualization.xml:176(para)
4188
msgid ""
4189
"The <application>virt-clone</application> application can be used to copy "
4190
"one virtual machine to another. For example:"
4191
msgstr ""
4192
4193
#: serverguide/C/virtualization.xml:180(command)
4194
msgid ""
4195
"sudo virt-clone -o web_devel -n database_devel -f "
4196
"/path/to/database_devel.img --connect=qemu:///system"
4197
msgstr ""
4198
"sudo virt-clone -o web_devel -n database_devel -f "
4199
"/path/to/database_devel.img --connect=qemu:///system"
4200
4201
#: serverguide/C/virtualization.xml:184(para)
4202
msgid "<emphasis>-o:</emphasis> original virtual machine."
4203
msgstr ""
4204
4205
#: serverguide/C/virtualization.xml:189(para)
4206
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4207
msgstr ""
4208
4209
#: serverguide/C/virtualization.xml:194(para)
4210
msgid ""
4211
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4212
"be used by the new virtual machine."
4213
msgstr ""
4214
4215
#: serverguide/C/virtualization.xml:199(para)
4216
msgid ""
4217
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4218
msgstr ""
4219
4220
#: serverguide/C/virtualization.xml:204(para)
4221
msgid ""
4222
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4223
"help troubleshoot problems with <application>virt-clone</application>."
4224
msgstr ""
4225
4226
#: serverguide/C/virtualization.xml:209(para)
4227
msgid ""
4228
"Replace <emphasis>web_devel</emphasis> and "
4229
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4230
msgstr ""
4231
4232
#: serverguide/C/virtualization.xml:215(title)
4233
msgid "Virtual Machine Management"
4234
msgstr ""
4235
4236
#: serverguide/C/virtualization.xml:217(title)
4237
msgid "virsh"
4238
msgstr ""
4239
4240
#: serverguide/C/virtualization.xml:218(para)
4241
msgid ""
4242
"There are several utilities available to manage virtual machines and "
4243
"<application>libvirt</application>. The <application>virsh</application> "
4244
"utility can be used from the command line. Some examples:"
4245
msgstr ""
4246
4247
#: serverguide/C/virtualization.xml:224(para)
4248
msgid "To list running virtual machines:"
4249
msgstr ""
4250
4251
#: serverguide/C/virtualization.xml:228(command)
4252
msgid "virsh -c qemu:///system list"
4253
msgstr ""
4254
4255
#: serverguide/C/virtualization.xml:232(para)
4256
msgid "To start a virtual machine:"
4257
msgstr ""
4258
4259
#: serverguide/C/virtualization.xml:236(command)
4260
msgid "virsh -c qemu:///system start web_devel"
4261
msgstr ""
4262
4263
#: serverguide/C/virtualization.xml:240(para)
4264
msgid "Similarly, to start a virtual machine at boot:"
4265
msgstr ""
4266
4267
#: serverguide/C/virtualization.xml:244(command)
4268
msgid "virsh -c qemu:///system autostart web_devel"
4269
msgstr ""
4270
4271
#: serverguide/C/virtualization.xml:248(para)
4272
msgid "Reboot a virtual machine with:"
4273
msgstr ""
4274
4275
#: serverguide/C/virtualization.xml:252(command)
4276
msgid "virsh -c qemu:///system reboot web_devel"
4277
msgstr ""
4278
4279
#: serverguide/C/virtualization.xml:256(para)
4280
msgid ""
4281
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4282
"order to be restored later. The following will save the virtual machine "
4283
"state into a file named according to the date:"
4284
msgstr ""
4285
4286
#: serverguide/C/virtualization.xml:261(command)
4287
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4288
msgstr ""
4289
4290
#: serverguide/C/virtualization.xml:263(para)
4291
msgid "Once saved the virtual machine will no longer be running."
4292
msgstr ""
4293
4294
#: serverguide/C/virtualization.xml:268(para)
4295
msgid "A saved virtual machine can be restored using:"
4296
msgstr ""
4297
4298
#: serverguide/C/virtualization.xml:272(command)
4299
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4300
msgstr ""
4301
4302
#: serverguide/C/virtualization.xml:276(para)
4303
msgid "To shutdown a virtual machine do:"
4304
msgstr ""
4305
4306
#: serverguide/C/virtualization.xml:280(command)
4307
msgid "virsh -c qemu:///system shutdown web_devel"
4308
msgstr ""
4309
4310
#: serverguide/C/virtualization.xml:284(para)
4311
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4312
msgstr ""
4313
4314
#: serverguide/C/virtualization.xml:288(command)
4315
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4316
msgstr ""
4317
4318
#: serverguide/C/virtualization.xml:293(para)
4319
msgid ""
4320
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4321
"appropriate virtual machine name, and <filename>web_devel-"
4322
"022708.state</filename> with a descriptive file name."
4323
msgstr ""
4324
4325
#: serverguide/C/virtualization.xml:300(title)
4326
msgid "Virtual Machine Manager"
4327
msgstr ""
4328
4329
#: serverguide/C/virtualization.xml:301(para)
4330
msgid ""
4331
"The <application>virt-manager</application> package contains a graphical "
4332
"utility to manage local and remote virtual machines. To install virt-manager "
4333
"enter:"
4334
msgstr ""
4335
4336
#: serverguide/C/virtualization.xml:306(command)
4337
msgid "sudo apt-get install virt-manager"
4338
msgstr "sudo apt-get install virt-manager"
4339
4340
#: serverguide/C/virtualization.xml:308(para)
4341
msgid ""
4342
"Since <application>virt-manager</application> requires a Graphical User "
4343
"Interface (GUI) environment it is recommended to be installed on a "
4344
"workstation or test machine instead of a production server. To connect to "
4345
"the local <application>libvirt</application> service enter:"
4346
msgstr ""
4347
4348
#: serverguide/C/virtualization.xml:314(command)
4349
msgid "virt-manager -c qemu:///system"
4350
msgstr ""
4351
4352
#: serverguide/C/virtualization.xml:316(para)
4353
msgid ""
4354
"You can connect to the <application>libvirt</application> service running on "
4355
"another host by entering the following in a terminal prompt:"
4356
msgstr ""
4357
4358
#: serverguide/C/virtualization.xml:320(command)
4359
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4360
msgstr ""
4361
4362
#: serverguide/C/virtualization.xml:323(para)
4363
msgid ""
4364
"The above example assumes that <application>SSH</application> connectivity "
4365
"between the management system and virtnode1.mydomain.com has already been "
4366
"configured, and uses SSH keys for authentication. SSH "
4367
"<emphasis>keys</emphasis> are needed because "
4368
"<application>libvirt</application> sends the password prompt to another "
4369
"process. For details on configuring <application>SSH</application> see <xref "
4370
"linkend=\"openssh-server\"/>"
4371
msgstr ""
4372
4373
#: serverguide/C/virtualization.xml:333(title)
4374
msgid "Virtual Machine Viewer"
4375
msgstr ""
4376
4377
#: serverguide/C/virtualization.xml:334(para)
4378
msgid ""
4379
"The <application>virt-viewer</application> application allows you to connect "
4380
"to a virtual machine's console. <application>virt-viewer</application> does "
4381
"require a Graphical User Interface (GUI) to interface with the virtual "
4382
"machine."
4383
msgstr ""
4384
4385
#: serverguide/C/virtualization.xml:338(para)
4386
msgid ""
4387
"To install <application>virt-viewer</application> from a terminal enter:"
4388
msgstr ""
4389
4390
#: serverguide/C/virtualization.xml:342(command)
4391
msgid "sudo apt-get install virt-viewer"
4392
msgstr "sudo apt-get install virt-viewer"
4393
4394
#: serverguide/C/virtualization.xml:344(para)
4395
msgid ""
4396
"Once a virtual machine is installed and running you can connect to the "
4397
"virtual machine's console by using:"
4398
msgstr ""
4399
4400
#: serverguide/C/virtualization.xml:348(command)
4401
msgid "virt-viewer -c qemu:///system web_devel"
4402
msgstr ""
4403
4404
#: serverguide/C/virtualization.xml:350(para)
4405
msgid ""
4406
"Similar to <application>virt-manager</application>, <application>virt-"
4407
"viewer</application> can connect to a remote host using "
4408
"<emphasis>SSH</emphasis> with key authentication, as well:"
4409
msgstr ""
4410
4411
#: serverguide/C/virtualization.xml:355(command)
4412
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4413
msgstr ""
4414
4415
#: serverguide/C/virtualization.xml:357(para)
4416
msgid ""
4417
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4418
"appropriate virtual machine name."
4419
msgstr ""
4420
4421
#: serverguide/C/virtualization.xml:360(para)
4422
msgid ""
4423
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4424
"can also setup <application>SSH</application> access to the virtual machine. "
4425
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4426
"more details."
4427
msgstr ""
4428
4429
#: serverguide/C/virtualization.xml:369(para)
4430
msgid ""
4431
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4432
"for more details."
4433
msgstr ""
4434
4435
#: serverguide/C/virtualization.xml:374(para)
4436
msgid ""
4437
"For more information on <application>libvirt</application> see the <ulink "
4438
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4439
msgstr ""
4440
4441
#: serverguide/C/virtualization.xml:379(para)
4442
msgid ""
4443
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4444
"Manager</ulink> site has more information on <application>virt-"
4445
"manager</application> development."
4446
msgstr ""
4447
4448
#: serverguide/C/virtualization.xml:385(para)
4449
msgid ""
4450
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4451
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4452
"technology in Ubuntu."
4453
msgstr ""
4454
4455
#: serverguide/C/virtualization.xml:391(para)
4456
msgid ""
4457
"Another good resource is the <ulink "
4458
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4459
msgstr ""
4460
4461
#: serverguide/C/virtualization.xml:399(title)
4462
msgid "JeOS and vmbuilder"
4463
msgstr ""
4464
4465
#: serverguide/C/virtualization.xml:405(title)
4466
msgid "What is JeOS"
4467
msgstr ""
4468
4469
#: serverguide/C/virtualization.xml:407(para)
4470
msgid ""
4471
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4472
"variant of the Ubuntu Server operating system, configured specifically for "
4473
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4474
"only as an option either:"
4475
msgstr ""
4476
4477
#: serverguide/C/virtualization.xml:414(para)
4478
msgid ""
4479
"While installing from the Server Edition ISO (pressing "
4480
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4481
"installation\", which is the package selection equivalent to JeOS)."
4482
msgstr ""
4483
4484
#: serverguide/C/virtualization.xml:420(para)
4485
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4486
msgstr ""
4487
4488
#: serverguide/C/virtualization.xml:426(para)
4489
msgid ""
4490
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4491
"kernel that only contains the base elements needed to run within a "
4492
"virtualized environment."
4493
msgstr ""
4494
4495
#: serverguide/C/virtualization.xml:431(para)
4496
msgid ""
4497
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4498
"in the latest virtualization products from VMware. This combination of "
4499
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4500
"delivers a highly efficient use of server resources in large virtual "
4501
"deployments."
4502
msgstr ""
4503
4504
#: serverguide/C/virtualization.xml:437(para)
4505
msgid ""
4506
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4507
"can configure their supporting OS exactly as they require. They have the "
4508
"peace of mind that updates, whether for security or enhancement reasons, "
4509
"will be limited to the bare minimum of what is required in their specific "
4510
"environment. In turn, users deploying virtual appliances built on top of "
4511
"JeOS will have to go through fewer updates and therefore less maintenance "
4512
"than they would have had to with a standard full installation of a server."
4513
msgstr ""
4514
4515
#: serverguide/C/virtualization.xml:446(title)
4516
msgid "What is vmbuilder"
4517
msgstr ""
4518
4519
#: serverguide/C/virtualization.xml:448(para)
4520
msgid ""
4521
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4522
"will fetch the various package and build a virtual machine tailored for your "
4523
"needs in about a minute. vmbuilder is a script that automates the process of "
4524
"creating a ready to use Linux based VM. The currently supported hypervisors "
4525
"are KVM and Xen."
4526
msgstr ""
4527
4528
#: serverguide/C/virtualization.xml:454(para)
4529
msgid ""
4530
"You can pass command line options to add extra packages, remove packages, "
4531
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4532
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4533
"a local mirror, you can bootstrap a VM in less than a minute."
4534
msgstr ""
4535
4536
#: serverguide/C/virtualization.xml:460(para)
4537
msgid ""
4538
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4539
"vm-builder</application> started with little emphasis as a hack to help "
4540
"developers test their new code in a virtual machine without having to "
4541
"restart from scratch each time. As a few Ubuntu administrators started to "
4542
"notice this script, a few of them went on improving it and adapting it for "
4543
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4544
"virtualization specialist, not the golf player) decided to rewrite it from "
4545
"scratch for Intrepid as a python script with a few new design goals:"
4546
msgstr ""
4547
4548
#: serverguide/C/virtualization.xml:470(para)
4549
msgid "Develop it so that it can be reused by other distributions."
4550
msgstr ""
4551
4552
#: serverguide/C/virtualization.xml:475(para)
4553
msgid ""
4554
"Use a plugin mechanisms for all virtualization interactions so that others "
4555
"can easily add logic for other virtualization environments."
4556
msgstr ""
4557
4558
#: serverguide/C/virtualization.xml:480(para)
4559
msgid ""
4560
"Provide an easy to maintain web interface as an option to the command line "
4561
"interface."
4562
msgstr ""
4563
4564
#: serverguide/C/virtualization.xml:486(para)
4565
msgid "But the general principles and commands remain the same."
4566
msgstr ""
4567
4568
#: serverguide/C/virtualization.xml:493(title)
4569
msgid "Initial Setup"
4570
msgstr ""
4571
4572
#: serverguide/C/virtualization.xml:495(para)
4573
msgid ""
4574
"It is assumed that you have installed and configured "
4575
"<application>libvirt</application> and <application>KVM</application> "
4576
"locally on the machine you are using. For details on how to perform this, "
4577
"please refer to:"
4578
msgstr ""
4579
4580
#: serverguide/C/virtualization.xml:507(para)
4581
msgid ""
4582
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4583
"page."
4584
msgstr ""
4585
4586
#: serverguide/C/virtualization.xml:513(para)
4587
msgid ""
4588
"We also assume that you know how to use a text based text editor such as "
4589
"nano or vi. If you have not used any of them before, you can get an overview "
4590
"of the various text editors available by reading the <ulink "
4591
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4592
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4593
"principle should remain on other virtualization technologies."
4594
msgstr ""
4595
4596
#: serverguide/C/virtualization.xml:521(title)
4597
msgid "Install vmbuilder"
4598
msgstr ""
4599
4600
#: serverguide/C/virtualization.xml:523(para)
4601
msgid ""
4602
"The name of the package that we need to install is <application>python-vm-"
4603
"builder</application>. In a terminal prompt enter:"
4604
msgstr ""
4605
4606
#: serverguide/C/virtualization.xml:528(command)
4607
msgid "sudo apt-get install python-vm-builder"
4608
msgstr "sudo apt-get install python-vm-builder"
4609
4610
#: serverguide/C/virtualization.xml:532(para)
4611
msgid ""
4612
"If you are running Hardy, you can still perform most of this using the older "
4613
"version of the package named <application>ubuntu-vm-builder</application>, "
4614
"there are only a few changes to the syntax of the tool."
4615
msgstr ""
4616
4617
#: serverguide/C/virtualization.xml:541(title)
4618
msgid "Defining Your Virtual Machine"
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:543(para)
4622
msgid ""
4623
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4624
"are a few thing to consider:"
4625
msgstr ""
4626
4627
#: serverguide/C/virtualization.xml:549(para)
4628
msgid ""
4629
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4630
"will know how to extend disk size to fit their need, so either plan for a "
4631
"large virtual disk to allow for your appliance to grow, or explain fairly "
4632
"well in your documentation how to allocate more space. It might actually be "
4633
"a good idea to store data on some separate external storage."
4634
msgstr ""
4635
4636
#: serverguide/C/virtualization.xml:556(para)
4637
msgid ""
4638
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4639
"whatever you think is a safe minimum for your appliance."
4640
msgstr ""
4641
4642
#: serverguide/C/virtualization.xml:562(para)
4643
msgid ""
4644
"The <application>vmbuilder</application> command has 2 main parameters: the "
4645
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4646
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4647
"and can be found using the following command:"
4648
msgstr ""
4649
4650
#: serverguide/C/virtualization.xml:568(command)
4651
msgid "vmbuilder --help"
4652
msgstr ""
4653
4654
#: serverguide/C/virtualization.xml:572(title)
4655
msgid "Base Parameters"
4656
msgstr ""
4657
4658
#: serverguide/C/virtualization.xml:574(para)
4659
msgid ""
4660
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4661
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4662
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4663
msgstr ""
4664
4665
#: serverguide/C/virtualization.xml:580(command)
4666
msgid ""
4667
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4668
"-libvirt qemu:///system"
4669
msgstr ""
4670
4671
#: serverguide/C/virtualization.xml:583(para)
4672
msgid ""
4673
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4674
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4675
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4676
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4677
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4678
"libvirt</emphasis> tells to inform the local virtualization environment to "
4679
"add the resulting VM to the list of available machines."
4680
msgstr ""
4681
4682
#: serverguide/C/virtualization.xml:591(para)
4683
msgid "Notes:"
4684
msgstr ""
4685
4686
#: serverguide/C/virtualization.xml:597(para)
4687
msgid ""
4688
"Because of the nature of operations performed by vmbuilder, it needs to have "
4689
"root privilege, hence the use of sudo."
4690
msgstr ""
4691
4692
#: serverguide/C/virtualization.xml:602(para)
4693
msgid ""
4694
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4695
"a 64 bit machine (--arch amd64)."
4696
msgstr ""
4697
4698
#: serverguide/C/virtualization.xml:607(para)
4699
msgid ""
4700
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4701
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4702
"use <emphasis>--flavour</emphasis> server instead."
4703
msgstr ""
4704
4705
#: serverguide/C/virtualization.xml:615(title)
4706
msgid "JeOS Installation Parameters"
4707
msgstr ""
4708
4709
#: serverguide/C/virtualization.xml:618(title)
4710
msgid "JeOS Networking"
4711
msgstr "Xarxes del JeOS"
4712
4713
#: serverguide/C/virtualization.xml:621(title)
4714
msgid "Assigning a fixed IP address"
4715
msgstr ""
4716
4717
#: serverguide/C/virtualization.xml:623(para)
4718
msgid ""
4719
"As a virtual appliance that may be deployed on various very different "
4720
"networks, it is very difficult to know what the actual network will look "
4721
"like. In order to simplify configuration, it is a good idea to take an "
4722
"approach similar to what network hardware vendors usually do, namely "
4723
"assigning an initial fixed IP address to the appliance in a private class "
4724
"network that you will provide in your documentation. An address in the range "
4725
"192.168.0.0/255 is usually a good choice."
4726
msgstr ""
4727
4728
#: serverguide/C/virtualization.xml:630(para)
4729
msgid "To do this we'll use the following parameters:"
4730
msgstr ""
4731
4732
#: serverguide/C/virtualization.xml:636(para)
4733
msgid ""
4734
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4735
"dhcp if not specified)"
4736
msgstr ""
4737
4738
#: serverguide/C/virtualization.xml:641(para)
4739
msgid ""
4740
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4741
"255.255.255.0)"
4742
msgstr ""
4743
4744
#: serverguide/C/virtualization.xml:646(para)
4745
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4746
msgstr ""
4747
4748
#: serverguide/C/virtualization.xml:651(para)
4749
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4750
msgstr ""
4751
4752
#: serverguide/C/virtualization.xml:656(para)
4753
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4754
msgstr ""
4755
4756
#: serverguide/C/virtualization.xml:661(para)
4757
msgid ""
4758
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4759
msgstr ""
4760
4761
#: serverguide/C/virtualization.xml:667(para)
4762
msgid ""
4763
"We assume for now that default values are good enough, so the resulting "
4764
"invocation becomes:"
4765
msgstr ""
4766
4767
#: serverguide/C/virtualization.xml:672(command)
4768
msgid ""
4769
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4770
"-libvirt qemu:///system --ip 192.168.0.100"
4771
msgstr ""
4772
4773
#: serverguide/C/virtualization.xml:677(title)
4774
msgid "Modifying the libvirt Template to use Bridging"
4775
msgstr ""
4776
4777
#: serverguide/C/virtualization.xml:679(para)
4778
msgid ""
4779
"Because our appliance will be likely to need to be accessed by remote hosts, "
4780
"we need to configure libvirt so that the appliance uses bridge networking. "
4781
"To do this we use vmbuilder template mechanism to modify the default one."
4782
msgstr ""
4783
4784
#: serverguide/C/virtualization.xml:684(para)
4785
msgid ""
4786
"In our working directory we create the template hierarchy and copy the "
4787
"default template:"
4788
msgstr ""
4789
4790
#: serverguide/C/virtualization.xml:689(command)
4791
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4792
msgstr ""
4793
4794
#: serverguide/C/virtualization.xml:690(command)
4795
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4796
msgstr ""
4797
4798
#: serverguide/C/virtualization.xml:693(para)
4799
msgid ""
4800
"We can then edit "
4801
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4802
"change:"
4803
msgstr ""
4804
4805
#: serverguide/C/virtualization.xml:697(programlisting)
4806
#, no-wrap
4807
msgid ""
4808
"\n"
4809
" <interface type='network'>\n"
4810
" <source network='default'/>\n"
4811
" </interface>\n"
4812
msgstr ""
4813
4814
#: serverguide/C/virtualization.xml:703(para)
4815
msgid "To:"
4816
msgstr ""
4817
4818
#: serverguide/C/virtualization.xml:707(programlisting)
4819
#, no-wrap
4820
msgid ""
4821
"\n"
4822
" <interface type='bridge'>\n"
4823
" <source bridge='br0'/>\n"
4824
" </interface>\n"
4825
msgstr ""
4826
4827
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4828
msgid "Partitioning"
4829
msgstr ""
4830
4831
#: serverguide/C/virtualization.xml:719(para)
4832
msgid ""
4833
"Partitioning of the virtual appliance will have to take into consideration "
4834
"what you are planning to do with is. Because most appliances want to have a "
4835
"separate storage for data, having a separate <filename>/var</filename> would "
4836
"make sense."
4837
msgstr ""
4838
4839
#: serverguide/C/virtualization.xml:724(para)
4840
msgid ""
4841
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4842
msgstr ""
4843
4844
#: serverguide/C/virtualization.xml:728(programlisting)
4845
#, no-wrap
4846
msgid ""
4847
"\n"
4848
"--part PATH\n"
4849
" Allows you to specify a partition table in a partition file, located at "
4850
"PATH. Each line of the partition file should specify\n"
4851
" (root first):\n"
4852
" mountpoint size\n"
4853
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4854
"disk starts on a\n"
4855
" line with ’---’. ie :\n"
4856
" root 1000\n"
4857
" /opt 1000\n"
4858
" swap 256\n"
4859
" ---\n"
4860
" /var 2000\n"
4861
" /log 1500\n"
4862
msgstr ""
4863
4864
#: serverguide/C/virtualization.xml:743(para)
4865
msgid ""
4866
"In our case we will define a text file name "
4867
"<filename>vmbuilder.partition</filename> which will contain the following:"
4868
msgstr ""
4869
4870
#: serverguide/C/virtualization.xml:747(programlisting)
4871
#, no-wrap
4872
msgid ""
4873
"\n"
4874
"root 8000\n"
4875
"swap 4000\n"
4876
"---\n"
4877
"/var 20000\n"
4878
msgstr ""
4879
4880
#: serverguide/C/virtualization.xml:755(para)
4881
msgid ""
4882
"Note that as we are using virtual disk images, the actual sizes that we put "
4883
"here are maximum sizes for these volumes."
4884
msgstr ""
4885
4886
#: serverguide/C/virtualization.xml:760(para)
4887
msgid "Our command line now looks like:"
4888
msgstr ""
4889
4890
#: serverguide/C/virtualization.xml:765(command)
4891
msgid ""
4892
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4893
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4894
msgstr ""
4895
4896
#: serverguide/C/virtualization.xml:770(para)
4897
msgid ""
4898
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4899
"next line."
4900
msgstr ""
4901
4902
#: serverguide/C/virtualization.xml:777(title)
4903
msgid "User and Password"
4904
msgstr ""
4905
4906
#: serverguide/C/virtualization.xml:779(para)
4907
msgid ""
4908
"Again setting up a virtual appliance, you will need to provide a default "
4909
"user and password that is generic so that you can include it in your "
4910
"documentation. We will see later on in this tutorial how we will provide "
4911
"some security by defining a script that will be run the first time a user "
4912
"actually logs in the appliance, that will, among other things, ask him to "
4913
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4914
"as my user name, and <emphasis>'default'</emphasis> as the password."
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:787(para)
4918
msgid "To do this we use the following optional parameters:"
4919
msgstr ""
4920
4921
#: serverguide/C/virtualization.xml:793(para)
4922
msgid ""
4923
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4924
"Default: ubuntu."
4925
msgstr ""
4926
4927
#: serverguide/C/virtualization.xml:798(para)
4928
msgid ""
4929
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4930
"added. Default: Ubuntu."
4931
msgstr ""
4932
4933
#: serverguide/C/virtualization.xml:803(para)
4934
msgid ""
4935
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4936
"Default: ubuntu."
4937
msgstr ""
4938
4939
#: serverguide/C/virtualization.xml:809(para)
4940
msgid "Our resulting command line becomes:"
4941
msgstr ""
4942
4943
#: serverguide/C/virtualization.xml:814(command)
4944
msgid ""
4945
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4946
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4947
"-user user --name user --pass default"
4948
msgstr ""
4949
4950
#: serverguide/C/virtualization.xml:822(title)
4951
msgid "Installing Required Packages"
4952
msgstr ""
4953
4954
#: serverguide/C/virtualization.xml:824(para)
4955
msgid ""
4956
"In this example we will be installing a package "
4957
"<application>(Limesurvey)</application> that accesses a "
4958
"<application>MySQL</application> database and has a web interface. We will "
4959
"therefore require our OS to provide us with:"
4960
msgstr ""
4961
4962
#: serverguide/C/virtualization.xml:831(para)
4963
msgid "Apache"
4964
msgstr ""
4965
4966
#: serverguide/C/virtualization.xml:832(para)
4967
msgid "PHP"
4968
msgstr ""
4969
4970
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4971
msgid "MySQL"
4972
msgstr "MySQL"
4973
4974
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4975
msgid "OpenSSH Server"
4976
msgstr "Servidor OpenSSH"
4977
4978
#: serverguide/C/virtualization.xml:835(para)
4979
msgid "Limesurvey (as an example application that we have packaged)"
4980
msgstr ""
4981
4982
#: serverguide/C/virtualization.xml:838(para)
4983
msgid ""
4984
"This is done using vmbuilder by specifying the --addpkg option multiple "
4985
"times:"
4986
msgstr ""
4987
4988
#: serverguide/C/virtualization.xml:842(programlisting)
4989
#, no-wrap
4990
msgid ""
4991
"\n"
4992
"--addpkg PKG\n"
4993
" Install PKG into the guest (can be specfied multiple times)\n"
4994
msgstr ""
4995
"\n"
4996
"--addpkg PQT\n"
4997
" Instal·la el PQT a l'amfitrió (es pot especificar diverses vegades)\n"
4998
4999
#: serverguide/C/virtualization.xml:847(para)
5000
msgid ""
5001
"However, due to the way vmbuilder operates, packages that have to ask "
5002
"questions to the user during the post install phase are not supported and "
5003
"should instead be installed while interactivity can occur. This is the case "
5004
"of Limesurvey, which we will have to install later, once the user logs in."
5005
msgstr ""
5006
5007
#: serverguide/C/virtualization.xml:853(para)
5008
msgid ""
5009
"Other packages that ask simple debconf question, such as <application>mysql-"
5010
"server</application> asking to set a password, the package can be installed "
5011
"immediately, but we will have to reconfigure it the first time the user logs "
5012
"in."
5013
msgstr ""
5014
5015
#: serverguide/C/virtualization.xml:859(para)
5016
msgid ""
5017
"If some packages that we need to install are not in main, we need to enable "
5018
"the additional repositories using --comp and --ppa:"
5019
msgstr ""
5020
5021
#: serverguide/C/virtualization.xml:863(programlisting)
5022
#, no-wrap
5023
msgid ""
5024
"\n"
5025
"--components COMP1,COMP2,...,COMPN\n"
5026
" A comma separated list of distro components to include (e.g. "
5027
"main,universe). This defaults\n"
5028
" to \"main\"\n"
5029
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:870(para)
5033
msgid ""
5034
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5035
"PPA (personal package archive) address so that it is added to the VM "
5036
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5037
"to the command line:"
5038
msgstr ""
5039
5040
#: serverguide/C/virtualization.xml:876(command)
5041
msgid ""
5042
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5043
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5044
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5045
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5046
"server --ppa nijaba"
5047
msgstr ""
5048
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5049
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5050
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5051
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5052
"server --ppa nijaba"
5053
5054
#: serverguide/C/virtualization.xml:883(title)
5055
msgid "OpenSSH"
5056
msgstr ""
5057
5058
#: serverguide/C/virtualization.xml:885(para)
5059
msgid ""
5060
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5061
"it will allow our admins to access the appliance remotely. However, pushing "
5062
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5063
"security risk as all these server will share the same secret key, making it "
5064
"very easy for hackers to target our appliance with all the tools they need "
5065
"to crack it open in a breeze. As for the user password, we will instead rely "
5066
"on a script that will install OpenSSH the first time a user logs in so that "
5067
"the key generated will be different for each appliance. For this we'll use a "
5068
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5069
"interaction."
5070
msgstr ""
5071
5072
#: serverguide/C/virtualization.xml:897(title)
5073
msgid "Speed Considerations"
5074
msgstr ""
5075
5076
#: serverguide/C/virtualization.xml:900(title)
5077
msgid "Package Caching"
5078
msgstr ""
5079
5080
#: serverguide/C/virtualization.xml:902(para)
5081
msgid ""
5082
"When vmbuilder creates builds your system, it has to go fetch each one of "
5083
"the packages that composes it over the network to one of the official "
5084
"repositories, which, depending on your internet connection speed and the "
5085
"load of the mirror, can have a big impact on the actual build time. In order "
5086
"to reduce this, it is recommended to either have a local repository (which "
5087
"can be created using <application>apt-mirror</application>) or using a "
5088
"caching proxy such as <application>apt-proxy</application>. The later option "
5089
"being much simpler to implement and requiring less disk space, it is the one "
5090
"we will pick in this tutorial. To install it, simply type:"
5091
msgstr ""
5092
5093
#: serverguide/C/virtualization.xml:912(command)
5094
msgid "sudo apt-get install apt-proxy"
5095
msgstr "sudo apt-get install apt-proxy"
5096
5097
#: serverguide/C/virtualization.xml:915(para)
5098
msgid ""
5099
"Once this is complete, your (empty) proxy is ready for use on "
5100
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5101
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5102
"option:"
5103
msgstr ""
5104
5105
#: serverguide/C/virtualization.xml:920(programlisting)
5106
#, no-wrap
5107
msgid ""
5108
"\n"
5109
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5110
" is http://archive.ubuntu.com/ubuntu for official\n"
5111
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5112
" otherwise\n"
5113
msgstr ""
5114
5115
#: serverguide/C/virtualization.xml:927(para)
5116
msgid "So we add to the command line:"
5117
msgstr ""
5118
5119
#: serverguide/C/virtualization.xml:932(command)
5120
msgid "--mirror http://mirroraddress:9999/ubuntu"
5121
msgstr ""
5122
5123
#: serverguide/C/virtualization.xml:936(para)
5124
msgid ""
5125
"The mirror address specified here will also be used in the "
5126
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5127
"is useful to specify here an address that can be resolved by the guest or to "
5128
"plan on reseting this address later on, such as in a <emphasis>--"
5129
"firstboot</emphasis> script."
5130
msgstr ""
5131
5132
#: serverguide/C/virtualization.xml:945(title)
5133
msgid "Install a Local Mirror"
5134
msgstr ""
5135
5136
#: serverguide/C/virtualization.xml:947(para)
5137
msgid ""
5138
"If we are in a larger environment, it may make sense to setup a local mirror "
5139
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5140
"script that will handle the mirroring for you. You should plan on having "
5141
"about 20 gigabyte of free space per supported release and architecture."
5142
msgstr ""
5143
5144
#: serverguide/C/virtualization.xml:953(para)
5145
msgid ""
5146
"By default, <application>apt-mirror</application> uses the configuration "
5147
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5148
"replicate only the architecture of the local machine. If you would like to "
5149
"support other architectures on your mirror, simply duplicate the lines "
5150
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5151
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5152
"archives as well, you will have:"
5153
msgstr ""
5154
5155
#: serverguide/C/virtualization.xml:960(programlisting)
5156
#, no-wrap
5157
msgid ""
5158
"\n"
5159
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5160
"multiverse \n"
5161
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5162
"universe multiverse\n"
5163
"\n"
5164
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5165
"universe multiverse \n"
5166
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5167
"universe multiverse \n"
5168
"\n"
5169
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5170
"universe multiverse \n"
5171
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5172
"restricted universe multiverse \n"
5173
"\n"
5174
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5175
"universe multiverse \n"
5176
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5177
"restricted universe multiverse \n"
5178
"\n"
5179
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5180
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5181
"installer \n"
5182
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5183
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5184
"installer \n"
5185
msgstr ""
5186
5187
#: serverguide/C/virtualization.xml:977(para)
5188
msgid ""
5189
"Notice that the source packages are not mirrored as they are seldom used "
5190
"compared to the binaries and they do take a lot more space, but they can be "
5191
"easily added to the list."
5192
msgstr ""
5193
5194
#: serverguide/C/virtualization.xml:982(para)
5195
msgid ""
5196
"Once the mirror has finished replicating (and this can be quite long), you "
5197
"need to configure Apache so that your mirror files (in "
5198
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5199
"default), are published by your Apache server. For more information on "
5200
"Apache see <xref linkend=\"httpd\"/>."
5201
msgstr ""
5202
5203
#: serverguide/C/virtualization.xml:991(title)
5204
msgid "Installing in a RAM Disk"
5205
msgstr ""
5206
5207
#: serverguide/C/virtualization.xml:993(para)
5208
msgid ""
5209
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5210
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5211
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5212
"-tmpfs</emphasis> will help you do just that:"
5213
msgstr ""
5214
5215
#: serverguide/C/virtualization.xml:999(programlisting)
5216
#, no-wrap
5217
msgid ""
5218
"\n"
5219
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5220
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5221
msgstr ""
5222
5223
#: serverguide/C/virtualization.xml:1004(para)
5224
msgid ""
5225
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5226
"have 1G of free ram."
5227
msgstr ""
5228
5229
#: serverguide/C/virtualization.xml:1011(title)
5230
msgid "Package the Application"
5231
msgstr ""
5232
5233
#: serverguide/C/virtualization.xml:1013(para)
5234
msgid "Two option are available to us:"
5235
msgstr ""
5236
5237
#: serverguide/C/virtualization.xml:1019(para)
5238
msgid ""
5239
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5240
"package. Since this is outside of the scope of this tutorial, we will not "
5241
"perform this here and invite the reader to read the documentation on how to "
5242
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5243
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5244
"repository for your package so that updates can be conveniently pulled from "
5245
"it. See the <ulink url=\"http://www.debian-"
5246
"administration.org/articles/286\">Debian Administration</ulink> article for "
5247
"a tutorial on this."
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1028(para)
5251
msgid ""
5252
"Manually install the application under <filename>/opt</filename> as "
5253
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5254
"guidelines</ulink>."
5255
msgstr ""
5256
5257
#: serverguide/C/virtualization.xml:1035(para)
5258
msgid ""
5259
"In our case we'll use <application>Limesurvey</application> as example web "
5260
"application for which we wish to provide a virtual appliance. As noted "
5261
"before, we've made a version of the package available in a PPA (Personal "
5262
"Package Archive)."
5263
msgstr ""
5264
5265
#: serverguide/C/virtualization.xml:1042(title)
5266
msgid "Finishing Install"
5267
msgstr ""
5268
5269
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5270
msgid "First Boot"
5271
msgstr ""
5272
5273
#: serverguide/C/virtualization.xml:1047(para)
5274
msgid ""
5275
"As we mentioned earlier, the first time the machine boots we'll need to "
5276
"install <application>openssh-server</application> so that the key generated "
5277
"for it is unique for each machine. To do this, we'll write a script called "
5278
"<filename>boot.sh</filename> as follows:"
5279
msgstr ""
5280
5281
#: serverguide/C/virtualization.xml:1053(programlisting)
5282
#, no-wrap
5283
msgid ""
5284
"\n"
5285
"# This script will run the first time the virtual machine boots\n"
5286
"# It is ran as root.\n"
5287
"\n"
5288
"apt-get update\n"
5289
"apt-get install -qqy --force-yes openssh-server\n"
5290
msgstr ""
5291
5292
#: serverguide/C/virtualization.xml:1061(para)
5293
msgid ""
5294
"And we add the <command>--firstboot boot.sh</command> option to our command "
5295
"line."
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1067(title)
5299
msgid "First Login"
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1069(para)
5303
msgid ""
5304
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5305
"set them up the first time a user logs in using a script named login.sh. "
5306
"We'll also use this script to let the user specify:"
5307
msgstr ""
5308
5309
#: serverguide/C/virtualization.xml:1075(para)
5310
msgid "His own password"
5311
msgstr ""
5312
5313
#: serverguide/C/virtualization.xml:1076(para)
5314
msgid "Define the keyboard and other locale info he wants to use"
5315
msgstr ""
5316
5317
#: serverguide/C/virtualization.xml:1079(para)
5318
msgid "So we'll define <filename>login.sh</filename> as follows:"
5319
msgstr ""
5320
5321
#: serverguide/C/virtualization.xml:1083(programlisting)
5322
#, no-wrap
5323
msgid ""
5324
"\n"
5325
"# This script is ran the first time a user logs in\n"
5326
"\n"
5327
"echo \"Your appliance is about to be finished to be set up.\"\n"
5328
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5329
"echo \"starting by changing your user password.\"\n"
5330
"\n"
5331
"passwd\n"
5332
"\n"
5333
"#give the opportunity to change the keyboard\n"
5334
"sudo dpkg-reconfigure console-setup\n"
5335
"\n"
5336
"#configure the mysql server root password\n"
5337
"sudo dpkg-reconfigure mysql-server-5.0\n"
5338
"\n"
5339
"#install limesurvey\n"
5340
"sudo apt-get install -qqy --force-yes limesurvey\n"
5341
"\n"
5342
"echo \"Your appliance is now configured. To use it point your\"\n"
5343
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5344
msgstr ""
5345
5346
#: serverguide/C/virtualization.xml:1105(para)
5347
msgid ""
5348
"And we add the <command>--firstlogin login.sh</command> option to our "
5349
"command line."
5350
msgstr ""
5351
5352
#: serverguide/C/virtualization.xml:1112(title)
5353
msgid "Useful Additions"
5354
msgstr ""
5355
5356
#: serverguide/C/virtualization.xml:1115(title)
5357
msgid "Configuring Automatic Updates"
5358
msgstr "Configuració de les actualitzacions automàtiques"
5359
5360
#: serverguide/C/virtualization.xml:1117(para)
5361
msgid ""
5362
"To have your system be configured to update itself on a regular basis, we "
5363
"will just install <application>unattended-upgrades</application>, so we add "
5364
"the following option to our command line:"
5365
msgstr ""
5366
5367
#: serverguide/C/virtualization.xml:1123(command)
5368
msgid "--addpkg unattended-upgrades"
5369
msgstr "--addpkg unattended-upgrades"
5370
5371
#: serverguide/C/virtualization.xml:1126(para)
5372
msgid ""
5373
"As we have put our application package in a PPA, the process will update not "
5374
"only the system, but also the application each time we update the version in "
5375
"the PPA."
5376
msgstr ""
5377
5378
#: serverguide/C/virtualization.xml:1133(title)
5379
msgid "ACPI Event Handling"
5380
msgstr ""
5381
5382
#: serverguide/C/virtualization.xml:1135(para)
5383
msgid ""
5384
"For your virtual machine to be able to handle restart and shutdown events it "
5385
"is being sent, it is a good idea to install the acpid package as well. To do "
5386
"this we just add the following option:"
5387
msgstr ""
5388
5389
#: serverguide/C/virtualization.xml:1141(command)
5390
msgid "--addpkg acpid"
5391
msgstr "--addpkg acpid"
5392
5393
#: serverguide/C/virtualization.xml:1147(title)
5394
msgid "Final Command"
5395
msgstr ""
5396
5397
#: serverguide/C/virtualization.xml:1149(para)
5398
msgid "Here is the command with all the options discussed above:"
5399
msgstr ""
5400
5401
#: serverguide/C/virtualization.xml:1154(command)
5402
msgid ""
5403
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5404
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5405
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5406
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5407
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5408
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5409
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5410
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5411
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5412
"firstlogin login.sh"
5413
msgstr ""
5414
5415
#: serverguide/C/virtualization.xml:1169(para)
5416
msgid ""
5417
"If you are interested in learning more, have questions or suggestions, "
5418
"please contact the Ubuntu Server Team at:"
5419
msgstr ""
5420
5421
#: serverguide/C/virtualization.xml:1174(para)
5422
msgid "IRC: #ubuntu-server on freenode"
5423
msgstr ""
5424
5425
#: serverguide/C/virtualization.xml:1179(para)
5426
msgid ""
5427
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5428
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5429
msgstr ""
5430
5431
#: serverguide/C/virtualization.xml:1184(para)
5432
msgid ""
5433
"Also, see the <ulink "
5434
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5435
"Wiki</ulink> page."
5436
msgstr ""
5437
5438
#: serverguide/C/virtualization.xml:1192(title)
5439
msgid "UEC"
5440
msgstr ""
5441
5442
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5443
msgid "Overview"
5444
msgstr "Resum"
5445
5446
#: serverguide/C/virtualization.xml:1197(para)
5447
msgid ""
5448
"This tutorial covers <application>UEC</application> installation from the "
5449
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5450
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5451
"and one or more nodes attached."
5452
msgstr ""
5453
5454
#: serverguide/C/virtualization.xml:1202(para)
5455
msgid ""
5456
"From this Tutorial you will learn how to install, configure, register and "
5457
"perform several operations on a basic <application>UEC</application> setup "
5458
"that results in a cloud with a one controller <emphasis>\"front-"
5459
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5460
"instances. You will also use examples to help get you started using your own "
5461
"private compute cloud."
5462
msgstr ""
5463
5464
#: serverguide/C/virtualization.xml:1210(title)
5465
msgid "Prerequisites"
5466
msgstr ""
5467
5468
#: serverguide/C/virtualization.xml:1212(para)
5469
msgid ""
5470
"To deploy a minimal cloud infrastructure, you’ll need at least "
5471
"<emphasis>two</emphasis> dedicated systems:"
5472
msgstr ""
5473
5474
#: serverguide/C/virtualization.xml:1218(para)
5475
msgid "A front end."
5476
msgstr ""
5477
5478
#: serverguide/C/virtualization.xml:1223(para)
5479
msgid "One or more node(s)."
5480
msgstr ""
5481
5482
#: serverguide/C/virtualization.xml:1229(para)
5483
msgid ""
5484
"The following are recommendations, rather than fixed requirements. However, "
5485
"our experience in developing this documentation indicated the following "
5486
"suggestions."
5487
msgstr ""
5488
5489
#: serverguide/C/virtualization.xml:1234(title)
5490
msgid "Front End Requirements"
5491
msgstr ""
5492
5493
#: serverguide/C/virtualization.xml:1236(para)
5494
msgid "Use the following table for a system that will run one or more of:"
5495
msgstr ""
5496
5497
#: serverguide/C/virtualization.xml:1241(para)
5498
msgid "Cloud Controller (CLC)"
5499
msgstr ""
5500
5501
#: serverguide/C/virtualization.xml:1242(para)
5502
msgid "Cluster Controller (CC)"
5503
msgstr ""
5504
5505
#: serverguide/C/virtualization.xml:1243(para)
5506
msgid "Walrus (the S3-like storage service)"
5507
msgstr ""
5508
5509
#: serverguide/C/virtualization.xml:1244(para)
5510
msgid "Storage Controller (SC)"
5511
msgstr ""
5512
5513
#: serverguide/C/virtualization.xml:1248(title)
5514
msgid "UEC Front End Requirements"
5515
msgstr ""
5516
5517
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5518
msgid "Hardware"
5519
msgstr ""
5520
5521
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5522
msgid "Minimum"
5523
msgstr ""
5524
5525
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5526
msgid "Suggested"
5527
msgstr ""
5528
5529
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5530
msgid "Notes"
5531
msgstr ""
5532
5533
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5534
msgid "CPU"
5535
msgstr ""
5536
5537
#: serverguide/C/virtualization.xml:1265(para)
5538
msgid "1 GHz"
5539
msgstr ""
5540
5541
#: serverguide/C/virtualization.xml:1266(para)
5542
msgid "2 x 2 GHz"
5543
msgstr ""
5544
5545
#: serverguide/C/virtualization.xml:1267(para)
5546
msgid ""
5547
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5548
"a dual core processor."
5549
msgstr ""
5550
5551
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5552
msgid "Memory"
5553
msgstr ""
5554
5555
#: serverguide/C/virtualization.xml:1271(para)
5556
msgid "2 GB"
5557
msgstr ""
5558
5559
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5560
msgid "4 GB"
5561
msgstr ""
5562
5563
#: serverguide/C/virtualization.xml:1273(para)
5564
msgid "The Java web front end benefits from lots of available memory."
5565
msgstr ""
5566
5567
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5568
msgid "Disk"
5569
msgstr ""
5570
5571
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5572
msgid "5400 RPM IDE"
5573
msgstr ""
5574
5575
#: serverguide/C/virtualization.xml:1278(para)
5576
msgid "7200 RPM SATA"
5577
msgstr ""
5578
5579
#: serverguide/C/virtualization.xml:1279(para)
5580
msgid ""
5581
"Slower disks will work, but will yield much longer instance startup times."
5582
msgstr ""
5583
5584
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5585
msgid "Disk Space"
5586
msgstr ""
5587
5588
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5589
msgid "40 GB"
5590
msgstr ""
5591
5592
#: serverguide/C/virtualization.xml:1284(para)
5593
msgid "200 GB"
5594
msgstr ""
5595
5596
#: serverguide/C/virtualization.xml:1285(para)
5597
msgid ""
5598
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5599
"does not like to run out of disk space."
5600
msgstr ""
5601
5602
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5603
msgid "Networking"
5604
msgstr "Xarxes"
5605
5606
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5607
msgid "100 Mbps"
5608
msgstr ""
5609
5610
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5611
msgid "1000 Mbps"
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5615
msgid ""
5616
"Machine images are hundreds of MB, and need to be copied over the network to "
5617
"nodes."
5618
msgstr ""
5619
5620
#: serverguide/C/virtualization.xml:1299(title)
5621
msgid "Node Requirements"
5622
msgstr ""
5623
5624
#: serverguide/C/virtualization.xml:1301(para)
5625
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5626
msgstr ""
5627
5628
#: serverguide/C/virtualization.xml:1306(para)
5629
msgid "the Node Controller (NC)"
5630
msgstr ""
5631
5632
#: serverguide/C/virtualization.xml:1310(title)
5633
msgid "UEC Node Requirements"
5634
msgstr ""
5635
5636
#: serverguide/C/virtualization.xml:1327(para)
5637
msgid "VT Extensions"
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:1328(para)
5641
msgid "VT, 64-bit, Multicore"
5642
msgstr ""
5643
5644
#: serverguide/C/virtualization.xml:1329(para)
5645
msgid ""
5646
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5647
"only run 1 VM per CPU core on a Node."
5648
msgstr ""
5649
5650
#: serverguide/C/virtualization.xml:1333(para)
5651
msgid "1 GB"
5652
msgstr ""
5653
5654
#: serverguide/C/virtualization.xml:1335(para)
5655
msgid "Additional memory means more, and larger guests."
5656
msgstr ""
5657
5658
#: serverguide/C/virtualization.xml:1340(para)
5659
msgid "7200 RPM SATA or SCSI"
5660
msgstr ""
5661
5662
#: serverguide/C/virtualization.xml:1341(para)
5663
msgid ""
5664
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5665
"bottleneck."
5666
msgstr ""
5667
5668
#: serverguide/C/virtualization.xml:1346(para)
5669
msgid "100 GB"
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1347(para)
5673
msgid ""
5674
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5675
"space."
5676
msgstr ""
5677
5678
#: serverguide/C/virtualization.xml:1363(title)
5679
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5680
msgstr ""
5681
5682
#: serverguide/C/virtualization.xml:1367(para)
5683
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5684
msgstr ""
5685
5686
#: serverguide/C/virtualization.xml:1372(para)
5687
msgid ""
5688
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5689
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5690
"components are present."
5691
msgstr ""
5692
5693
#: serverguide/C/virtualization.xml:1377(para)
5694
msgid ""
5695
"You can then choose which components to install, based on your chosen <ulink "
5696
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5697
msgstr ""
5698
5699
#: serverguide/C/virtualization.xml:1382(para)
5700
msgid ""
5701
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5702
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5703
msgstr ""
5704
5705
#: serverguide/C/virtualization.xml:1388(para)
5706
msgid ""
5707
"It will ask two other cloud-specific questions during the course of the "
5708
"install:"
5709
msgstr ""
5710
5711
#: serverguide/C/virtualization.xml:1393(para)
5712
msgid "Name of your cluster."
5713
msgstr ""
5714
5715
#: serverguide/C/virtualization.xml:1396(para)
5716
msgid "e.g. <emphasis>cluster1</emphasis>."
5717
msgstr ""
5718
5719
#: serverguide/C/virtualization.xml:1399(para)
5720
msgid ""
5721
"A range of public IP addresses on the LAN that the cloud can allocate to "
5722
"instances."
5723
msgstr ""
5724
5725
#: serverguide/C/virtualization.xml:1402(para)
5726
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5727
msgstr ""
5728
5729
#: serverguide/C/virtualization.xml:1410(title)
5730
msgid "Installing the Node Controller(s)"
5731
msgstr ""
5732
5733
#: serverguide/C/virtualization.xml:1412(para)
5734
msgid ""
5735
"The node controller install is even simpler. Just make sure that you are "
5736
"connected to the network on which the cloud/cluster controller is already "
5737
"running."
5738
msgstr ""
5739
5740
#: serverguide/C/virtualization.xml:1418(para)
5741
msgid "Boot from the same ISO on the node(s)."
5742
msgstr ""
5743
5744
#: serverguide/C/virtualization.xml:1423(para)
5745
msgid ""
5746
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5747
msgstr ""
5748
5749
#: serverguide/C/virtualization.xml:1428(para)
5750
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5751
msgstr ""
5752
5753
#: serverguide/C/virtualization.xml:1433(para)
5754
msgid ""
5755
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5756
"install for you."
5757
msgstr ""
5758
5759
#: serverguide/C/virtualization.xml:1438(para)
5760
msgid "Confirm the partitioning scheme."
5761
msgstr ""
5762
5763
#: serverguide/C/virtualization.xml:1443(para)
5764
msgid ""
5765
"The rest of the installation should proceed uninterrupted; complete the "
5766
"installation and reboot the node."
5767
msgstr ""
5768
5769
#: serverguide/C/virtualization.xml:1451(title)
5770
msgid "Register the Node(s)"
5771
msgstr ""
5772
5773
#: serverguide/C/virtualization.xml:1456(para)
5774
msgid ""
5775
"Nodes are the physical systems within <application>UEC</application> that "
5776
"actually run the virtual machine instances of the cloud."
5777
msgstr ""
5778
5779
#: serverguide/C/virtualization.xml:1460(para)
5780
msgid "All component registration should be automatic, assuming:"
5781
msgstr ""
5782
5783
#: serverguide/C/virtualization.xml:1466(para)
5784
msgid "Public SSH keys have been exchanged properly."
5785
msgstr ""
5786
5787
#: serverguide/C/virtualization.xml:1471(para)
5788
msgid "The services are configured properly."
5789
msgstr ""
5790
5791
#: serverguide/C/virtualization.xml:1476(para)
5792
msgid ""
5793
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5794
msgstr ""
5795
5796
#: serverguide/C/virtualization.xml:1481(para)
5797
msgid "Verify Registration."
5798
msgstr ""
5799
5800
#: serverguide/C/virtualization.xml:1487(para)
5801
msgid ""
5802
"Steps a to e should only be required if you're using the <ulink "
5803
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5804
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5805
"should already be completed automatically for you, and therefore you can "
5806
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5807
msgstr ""
5808
5809
#: serverguide/C/virtualization.xml:1495(para)
5810
msgid "Exchange Public Keys"
5811
msgstr ""
5812
5813
#: serverguide/C/virtualization.xml:1497(para)
5814
msgid ""
5815
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5816
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5817
"Controller as the eucalyptus user."
5818
msgstr ""
5819
5820
#: serverguide/C/virtualization.xml:1502(para)
5821
msgid ""
5822
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5823
"ssh key by:"
5824
msgstr ""
5825
5826
#: serverguide/C/virtualization.xml:1508(para)
5827
msgid ""
5828
"On the target controller, temporarily set a password for the eucalyptus user:"
5829
msgstr ""
5830
5831
#: serverguide/C/virtualization.xml:1512(command)
5832
msgid "sudo passwd eucalyptus"
5833
msgstr ""
5834
5835
#: serverguide/C/virtualization.xml:1516(para)
5836
msgid "Then, on the Cloud Controller:"
5837
msgstr ""
5838
5839
#: serverguide/C/virtualization.xml:1520(command)
5840
msgid ""
5841
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5842
"eucalyptus@<IP_OF_NODE>"
5843
msgstr ""
5844
5845
#: serverguide/C/virtualization.xml:1524(para)
5846
msgid ""
5847
"You can now remove the password of the eucalyptus account on the target "
5848
"controller, if you wish:"
5849
msgstr ""
5850
5851
#: serverguide/C/virtualization.xml:1528(command)
5852
msgid "sudo passwd -d eucalyptus"
5853
msgstr ""
5854
5855
#: serverguide/C/virtualization.xml:1535(para)
5856
msgid "Configuring the Services"
5857
msgstr ""
5858
5859
#: serverguide/C/virtualization.xml:1537(para)
5860
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5861
msgstr ""
5862
5863
#: serverguide/C/virtualization.xml:1543(para)
5864
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5865
msgstr ""
5866
5867
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5868
msgid ""
5869
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5870
"cc.conf</filename>"
5871
msgstr ""
5872
5873
#: serverguide/C/virtualization.xml:1549(para)
5874
msgid ""
5875
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5876
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5877
"addresses."
5878
msgstr ""
5879
5880
#: serverguide/C/virtualization.xml:1556(para)
5881
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5882
msgstr ""
5883
5884
#: serverguide/C/virtualization.xml:1560(para)
5885
msgid ""
5886
"Define the shell variable WALRUS_IP_ADDR in "
5887
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5888
"address."
5889
msgstr ""
5890
5891
#: serverguide/C/virtualization.xml:1565(para)
5892
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5893
msgstr ""
5894
5895
#: serverguide/C/virtualization.xml:1571(para)
5896
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5897
msgstr ""
5898
5899
#: serverguide/C/virtualization.xml:1577(para)
5900
msgid ""
5901
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5902
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5903
"addresses."
5904
msgstr ""
5905
5906
#: serverguide/C/virtualization.xml:1587(para)
5907
msgid "Publish"
5908
msgstr ""
5909
5910
#: serverguide/C/virtualization.xml:1589(para)
5911
msgid "Now start the publication services."
5912
msgstr ""
5913
5914
#: serverguide/C/virtualization.xml:1595(emphasis)
5915
msgid "Walrus Controller:"
5916
msgstr ""
5917
5918
#: serverguide/C/virtualization.xml:1597(command)
5919
msgid "sudo start eucalyptus-walrus-publication"
5920
msgstr ""
5921
5922
#: serverguide/C/virtualization.xml:1601(emphasis)
5923
msgid "Cluster Controller:"
5924
msgstr ""
5925
5926
#: serverguide/C/virtualization.xml:1603(command)
5927
msgid "sudo start eucalyptus-cc-publication"
5928
msgstr ""
5929
5930
#: serverguide/C/virtualization.xml:1607(emphasis)
5931
msgid "Storage Controller:"
5932
msgstr ""
5933
5934
#: serverguide/C/virtualization.xml:1609(command)
5935
msgid "sudo start eucalyptus-sc-publication"
5936
msgstr ""
5937
5938
#: serverguide/C/virtualization.xml:1613(emphasis)
5939
msgid "Node Controller:"
5940
msgstr ""
5941
5942
#: serverguide/C/virtualization.xml:1615(command)
5943
msgid "sudo start eucalyptus-nc-publication"
5944
msgstr ""
5945
5946
#: serverguide/C/virtualization.xml:1622(para)
5947
msgid "Start the Listener"
5948
msgstr ""
5949
5950
#: serverguide/C/virtualization.xml:1624(para)
5951
msgid ""
5952
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5953
"Controller(s)</emphasis>, run:"
5954
msgstr ""
5955
5956
#: serverguide/C/virtualization.xml:1629(command)
5957
msgid "sudo start uec-component-listener"
5958
msgstr ""
5959
5960
#: serverguide/C/virtualization.xml:1634(para)
5961
msgid "Verify Registration"
5962
msgstr ""
5963
5964
#: serverguide/C/virtualization.xml:1637(command)
5965
msgid "cat /var/log/eucalyptus/registration.log"
5966
msgstr ""
5967
5968
#: serverguide/C/virtualization.xml:1638(computeroutput)
5969
#, no-wrap
5970
msgid ""
5971
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5972
"10.1.1.75\n"
5973
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5974
"0\n"
5975
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5976
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5977
"0\n"
5978
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5979
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5980
"returned 0\n"
5981
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5982
"10.1.1.71\n"
5983
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5984
msgstr ""
5985
5986
#: serverguide/C/virtualization.xml:1649(para)
5987
msgid "The output on your machine will vary from the example above."
5988
msgstr ""
5989
5990
#: serverguide/C/virtualization.xml:1659(title)
5991
msgid "Obtain Credentials"
5992
msgstr ""
5993
5994
#: serverguide/C/virtualization.xml:1661(para)
5995
msgid ""
5996
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5997
"users of the cloud will need to retrieve their credentials. This can be done "
5998
"either through a web browser, or at the command line."
5999
msgstr ""
6000
6001
#: serverguide/C/virtualization.xml:1667(title)
6002
msgid "From a Web Browser"
6003
msgstr ""
6004
6005
#: serverguide/C/virtualization.xml:1671(para)
6006
msgid ""
6007
"From your web browser (either remotely or on your Ubuntu server) access the "
6008
"following URL:"
6009
msgstr ""
6010
6011
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6012
#, no-wrap
6013
msgid ""
6014
"\n"
6015
"https://<cloud-controller-ip-address>:8443/\n"
6016
msgstr ""
6017
6018
#: serverguide/C/virtualization.xml:1679(para)
6019
msgid ""
6020
"You must use a secure connection, so make sure you use \"https\" not "
6021
"\"http\" in your URL. You will get a security certificate warning. You will "
6022
"have to add an exception to view the page. If you do not accept it you will "
6023
"not be able to view the Eucalyptus configuration page."
6024
msgstr ""
6025
6026
#: serverguide/C/virtualization.xml:1687(para)
6027
msgid ""
6028
"Use username <emphasis>'admin'</emphasis> and password "
6029
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6030
"to change your password)."
6031
msgstr ""
6032
6033
#: serverguide/C/virtualization.xml:1693(para)
6034
msgid ""
6035
"Then follow the on-screen instructions to update the admin password and "
6036
"email address."
6037
msgstr ""
6038
6039
#: serverguide/C/virtualization.xml:1698(para)
6040
msgid ""
6041
"Once the first time configuration process is completed, click the "
6042
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6043
"the screen."
6044
msgstr ""
6045
6046
#: serverguide/C/virtualization.xml:1704(para)
6047
msgid ""
6048
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6049
"certificates."
6050
msgstr ""
6051
6052
#: serverguide/C/virtualization.xml:1709(para)
6053
msgid "Save them to <filename>~/.euca</filename>."
6054
msgstr ""
6055
6056
#: serverguide/C/virtualization.xml:1714(para)
6057
msgid ""
6058
"Unzip the downloaded zip file into a safe location "
6059
"(<filename>~/.euca</filename>)."
6060
msgstr ""
6061
6062
#: serverguide/C/virtualization.xml:1718(command)
6063
msgid "unzip -d ~/.euca mycreds.zip"
6064
msgstr ""
6065
6066
#: serverguide/C/virtualization.xml:1725(title)
6067
msgid "From a Command Line"
6068
msgstr ""
6069
6070
#: serverguide/C/virtualization.xml:1729(para)
6071
msgid ""
6072
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6073
"Controller</emphasis>, you can run:"
6074
msgstr ""
6075
6076
#: serverguide/C/virtualization.xml:1733(command)
6077
msgid "mkdir -p ~/.euca"
6078
msgstr ""
6079
6080
#: serverguide/C/virtualization.xml:1734(command)
6081
msgid "chmod 700 ~/.euca"
6082
msgstr ""
6083
6084
#: serverguide/C/virtualization.xml:1735(command)
6085
msgid "cd ~/.euca"
6086
msgstr ""
6087
6088
#: serverguide/C/virtualization.xml:1736(command)
6089
msgid "sudo euca_conf --get-credentials mycreds.zip"
6090
msgstr ""
6091
6092
#: serverguide/C/virtualization.xml:1737(command)
6093
msgid "unzip mycreds.zip"
6094
msgstr ""
6095
6096
#: serverguide/C/virtualization.xml:1738(command)
6097
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6098
msgstr ""
6099
6100
#: serverguide/C/virtualization.xml:1739(command)
6101
msgid "cd -"
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:1746(title)
6105
msgid "Extracting and Using Your Credentials"
6106
msgstr ""
6107
6108
#: serverguide/C/virtualization.xml:1748(para)
6109
msgid ""
6110
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6111
"certificates."
6112
msgstr ""
6113
6114
#: serverguide/C/virtualization.xml:1754(para)
6115
msgid "Install the required cloud user tools:"
6116
msgstr ""
6117
6118
#: serverguide/C/virtualization.xml:1758(command)
6119
msgid "sudo apt-get install euca2ools"
6120
msgstr ""
6121
6122
#: serverguide/C/virtualization.xml:1762(para)
6123
msgid ""
6124
"To validate that everything is working correctly, get the local cluster "
6125
"availability details:"
6126
msgstr ""
6127
6128
#: serverguide/C/virtualization.xml:1766(command)
6129
msgid ". ~/.euca/eucarc"
6130
msgstr ""
6131
6132
#: serverguide/C/virtualization.xml:1767(command)
6133
msgid "euca-describe-availability-zones verbose"
6134
msgstr ""
6135
6136
#: serverguide/C/virtualization.xml:1768(computeroutput)
6137
#, no-wrap
6138
msgid ""
6139
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6140
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6141
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6142
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6143
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6144
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6145
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6146
msgstr ""
6147
6148
#: serverguide/C/virtualization.xml:1778(para)
6149
msgid "Your output from the above command will vary."
6150
msgstr ""
6151
6152
#: serverguide/C/virtualization.xml:1788(title)
6153
msgid "Install an Image from the Store"
6154
msgstr ""
6155
6156
#: serverguide/C/virtualization.xml:1790(para)
6157
msgid ""
6158
"The following is by far the simplest way to install an image. However, "
6159
"advanced users may be interested in learning how to <ulink "
6160
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6161
"own image</ulink>."
6162
msgstr ""
6163
6164
#: serverguide/C/virtualization.xml:1795(para)
6165
msgid ""
6166
"The simplest way to add an image to <application>UEC</application> is to "
6167
"install it from the Image Store on the UEC web interface."
6168
msgstr ""
6169
6170
#: serverguide/C/virtualization.xml:1801(para)
6171
msgid ""
6172
"Access the web interface at the following URL (Make sure you specify https):"
6173
msgstr ""
6174
6175
#: serverguide/C/virtualization.xml:1809(para)
6176
msgid ""
6177
"Enter your login and password (if requested, as you may still be logged in "
6178
"from earlier)."
6179
msgstr ""
6180
6181
#: serverguide/C/virtualization.xml:1814(para)
6182
msgid "Click on the <emphasis>Store</emphasis> tab."
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:1819(para)
6186
msgid "Browse available images."
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:1824(para)
6190
msgid "Click on <emphasis>install</emphasis> for the image you want."
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:1830(para)
6194
msgid ""
6195
"Once the image has been downloaded and installed, you can click on "
6196
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6197
"button to view the command to execute to instantiate (start) this image. The "
6198
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6199
"tab."
6200
msgstr ""
6201
6202
#: serverguide/C/virtualization.xml:1838(title)
6203
msgid "Run an Image"
6204
msgstr ""
6205
6206
#: serverguide/C/virtualization.xml:1840(para)
6207
msgid "There are multiple ways to instantiate an image in UEC:"
6208
msgstr ""
6209
6210
#: serverguide/C/virtualization.xml:1845(para)
6211
msgid "Use the command line."
6212
msgstr ""
6213
6214
#: serverguide/C/virtualization.xml:1846(para)
6215
msgid ""
6216
"Use one of the UEC compatible management tools such as "
6217
"<emphasis>Landscape</emphasis>."
6218
msgstr ""
6219
6220
#: serverguide/C/virtualization.xml:1848(para)
6221
msgid ""
6222
"Use the <ulink "
6223
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6224
"extension to Firefox."
6225
msgstr ""
6226
6227
#: serverguide/C/virtualization.xml:1854(para)
6228
msgid "Here we will describe the process from the command line:"
6229
msgstr ""
6230
6231
#: serverguide/C/virtualization.xml:1860(para)
6232
msgid ""
6233
"Before running an instance of your image, you should first create a "
6234
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6235
"instance as root, once it boots. The key is stored, so you will only have to "
6236
"do this once."
6237
msgstr ""
6238
6239
#: serverguide/C/virtualization.xml:1864(para)
6240
msgid "Run the following command:"
6241
msgstr ""
6242
6243
#: serverguide/C/virtualization.xml:1867(programlisting)
6244
#, no-wrap
6245
msgid ""
6246
"\n"
6247
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6248
" mkdir -p -m 700 ~/.euca\n"
6249
" touch ~/.euca/mykey.priv\n"
6250
" chmod 0600 ~/.euca/mykey.priv\n"
6251
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6252
"fi\n"
6253
msgstr ""
6254
6255
#: serverguide/C/virtualization.xml:1876(para)
6256
msgid ""
6257
"You can call your key whatever you like (in this example, the key is called "
6258
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6259
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6260
"a list of created keys stored in the system."
6261
msgstr ""
6262
6263
#: serverguide/C/virtualization.xml:1883(para)
6264
msgid "You must also allow access to port 22 in your instances:"
6265
msgstr ""
6266
6267
#: serverguide/C/virtualization.xml:1887(command)
6268
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6269
msgstr ""
6270
6271
#: serverguide/C/virtualization.xml:1891(para)
6272
msgid "Next, you can create instances of your registered image:"
6273
msgstr ""
6274
6275
#: serverguide/C/virtualization.xml:1895(command)
6276
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6277
msgstr ""
6278
6279
#: serverguide/C/virtualization.xml:1898(para)
6280
msgid ""
6281
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6282
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6283
"on the <emphasis>Store</emphasis> page to see the sample command."
6284
msgstr ""
6285
6286
#: serverguide/C/virtualization.xml:1905(para)
6287
msgid ""
6288
"The first time you run an instance, the system will be setting up caches for "
6289
"the image from which it will be created. This can often take some time the "
6290
"first time an instance is run given that VM images are usually quite large."
6291
msgstr ""
6292
6293
#: serverguide/C/virtualization.xml:1909(para)
6294
msgid "To monitor the state of your instance, run:"
6295
msgstr ""
6296
6297
#: serverguide/C/virtualization.xml:1913(command)
6298
msgid "watch -n5 euca-describe-instances"
6299
msgstr ""
6300
6301
#: serverguide/C/virtualization.xml:1915(para)
6302
msgid ""
6303
"In the output, you should see information about the instance, including its "
6304
"state. While first-time caching is being performed, the instance's state "
6305
"will be <emphasis>'pending'</emphasis>."
6306
msgstr ""
6307
6308
#: serverguide/C/virtualization.xml:1921(para)
6309
msgid ""
6310
"When the instance is fully started, the above state will become "
6311
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6312
"instance in the output, then connect to it:"
6313
msgstr ""
6314
6315
#: serverguide/C/virtualization.xml:1926(command)
6316
msgid ""
6317
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6318
"'{print $4}')"
6319
msgstr ""
6320
6321
#: serverguide/C/virtualization.xml:1927(command)
6322
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6323
msgstr ""
6324
6325
#: serverguide/C/virtualization.xml:1931(para)
6326
msgid ""
6327
"And when you are done with this instance, exit your SSH connection, then "
6328
"terminate your instance:"
6329
msgstr ""
6330
6331
#: serverguide/C/virtualization.xml:1935(command)
6332
msgid ""
6333
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6334
"awk '{print $2}')"
6335
msgstr ""
6336
6337
#: serverguide/C/virtualization.xml:1936(command)
6338
msgid "euca-terminate-instances $INSTANCEID"
6339
msgstr ""
6340
6341
#: serverguide/C/virtualization.xml:1944(para)
6342
msgid ""
6343
"The <application>cloud-init</application> package provides \"first boot\" "
6344
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6345
"generic filesystem image that is booting and customizing it for this "
6346
"particular instance. That includes things like:"
6347
msgstr ""
6348
6349
#: serverguide/C/virtualization.xml:1952(para)
6350
msgid "Setting the hostname."
6351
msgstr ""
6352
6353
#: serverguide/C/virtualization.xml:1957(para)
6354
msgid ""
6355
"Putting the provided ssh public keys into "
6356
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6357
msgstr ""
6358
6359
#: serverguide/C/virtualization.xml:1962(para)
6360
msgid "Running a user provided script, or otherwise modifying the image."
6361
msgstr ""
6362
6363
#: serverguide/C/virtualization.xml:1968(para)
6364
msgid ""
6365
"Setting hostname and configuring a system so the person who launched it can "
6366
"actually log into it are not terribly interesting. The interesting things "
6367
"that can be done with <application>cloud-init</application> are made "
6368
"possible by data provided at launch time called <ulink "
6369
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6370
"85\">user-data</ulink>."
6371
msgstr ""
6372
6373
#: serverguide/C/virtualization.xml:1974(para)
6374
msgid "First, install the <application>cloud-init</application> package:"
6375
msgstr ""
6376
6377
#: serverguide/C/virtualization.xml:1979(command)
6378
msgid "sudo apt-get install cloud-init"
6379
msgstr ""
6380
6381
#: serverguide/C/virtualization.xml:1982(para)
6382
msgid ""
6383
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6384
"stored and executed as root late in the boot process of the instance's first "
6385
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6386
"directed to the console."
6387
msgstr ""
6388
6389
#: serverguide/C/virtualization.xml:1987(para)
6390
msgid ""
6391
"For example, create a file named <filename>ud.txt</filename> containing:"
6392
msgstr ""
6393
6394
#: serverguide/C/virtualization.xml:1991(programlisting)
6395
#, no-wrap
6396
msgid ""
6397
"\n"
6398
"#!/bin/sh\n"
6399
"echo ========== Hello World: $(date) ==========\n"
6400
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6401
msgstr ""
6402
6403
#: serverguide/C/virtualization.xml:1997(para)
6404
msgid ""
6405
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6406
msgstr ""
6407
6408
#: serverguide/C/virtualization.xml:2002(command)
6409
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6410
msgstr ""
6411
6412
#: serverguide/C/virtualization.xml:2005(para)
6413
msgid ""
6414
"Wait now for the system to come up and console to be available. To see the "
6415
"result of the data file commands enter:"
6416
msgstr ""
6417
6418
#: serverguide/C/virtualization.xml:2010(command)
6419
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6420
msgstr ""
6421
6422
#: serverguide/C/virtualization.xml:2011(computeroutput)
6423
#, no-wrap
6424
msgid ""
6425
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6426
"I have been up for 28.26 sec"
6427
msgstr ""
6428
6429
#: serverguide/C/virtualization.xml:2016(para)
6430
msgid "Your output may vary."
6431
msgstr ""
6432
6433
#: serverguide/C/virtualization.xml:2021(para)
6434
msgid ""
6435
"The simple approach shown above gives a great deal of power. The user-data "
6436
"can contain a script in any language where an interpreter already exists in "
6437
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6438
")."
6439
msgstr ""
6440
6441
#: serverguide/C/virtualization.xml:2026(para)
6442
msgid ""
6443
"For many cases, the user may not be interested in writing a program. For "
6444
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6445
"configuration based approach towards customization. To utilize the cloud-"
6446
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6447
"config'</emphasis>."
6448
msgstr ""
6449
6450
#: serverguide/C/virtualization.xml:2031(para)
6451
msgid ""
6452
"For example, create a text file named <filename>clout-config.txt</filename> "
6453
"containing:"
6454
msgstr ""
6455
6456
#: serverguide/C/virtualization.xml:2035(programlisting)
6457
#, no-wrap
6458
msgid ""
6459
"\n"
6460
"#cloud-config\n"
6461
"apt_upgrade: true\n"
6462
"apt_sources:\n"
6463
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6464
"\n"
6465
"packages:\n"
6466
"- build-essential\n"
6467
"- pastebinit\n"
6468
"\n"
6469
"runcmd:\n"
6470
"- echo ======= Hello World =====\n"
6471
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6472
msgstr ""
6473
6474
#: serverguide/C/virtualization.xml:2050(para)
6475
msgid "Create a new instance:"
6476
msgstr ""
6477
6478
#: serverguide/C/virtualization.xml:2055(command)
6479
msgid ""
6480
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6481
"config.txt"
6482
msgstr ""
6483
6484
#: serverguide/C/virtualization.xml:2058(para)
6485
msgid "Now, when the above system is booted, it will have:"
6486
msgstr ""
6487
6488
#: serverguide/C/virtualization.xml:2063(para)
6489
msgid "Added the Apache Edgers PPA."
6490
msgstr ""
6491
6492
#: serverguide/C/virtualization.xml:2064(para)
6493
msgid "Run an upgrade to get all updates available"
6494
msgstr ""
6495
6496
#: serverguide/C/virtualization.xml:2065(para)
6497
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6498
msgstr ""
6499
6500
#: serverguide/C/virtualization.xml:2066(para)
6501
msgid "Printed a similar message to the script above"
6502
msgstr ""
6503
6504
#: serverguide/C/virtualization.xml:2070(para)
6505
msgid ""
6506
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6507
"the latest version of Apache from upstream source repositories. Package "
6508
"versions in the PPA are unsupported, and depending on your situation, this "
6509
"may or may not be desirable. See the <ulink "
6510
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6511
"Edgers</ulink> web page for more details."
6512
msgstr ""
6513
6514
#: serverguide/C/virtualization.xml:2077(para)
6515
msgid ""
6516
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6517
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6518
"It is present to allow you to get the full power of a scripting language if "
6519
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6520
msgstr ""
6521
6522
#: serverguide/C/virtualization.xml:2082(para)
6523
msgid ""
6524
"For more information on what kinds of things can be done with "
6525
"<application>cloud-config</application>, see <ulink "
6526
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6527
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6528
msgstr ""
6529
6530
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6531
msgid "More Information"
6532
msgstr ""
6533
6534
#: serverguide/C/virtualization.xml:2093(para)
6535
msgid ""
6536
"How to use the <ulink "
6537
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6538
"Controller</ulink>"
6539
msgstr ""
6540
6541
#: serverguide/C/virtualization.xml:2097(para)
6542
msgid "Controlling eucalyptus services:"
6543
msgstr ""
6544
6545
#: serverguide/C/virtualization.xml:2102(para)
6546
msgid ""
6547
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6548
msgstr ""
6549
6550
#: serverguide/C/virtualization.xml:2103(para)
6551
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6552
msgstr ""
6553
6554
#: serverguide/C/virtualization.xml:2106(para)
6555
msgid "Locations of some important files:"
6556
msgstr ""
6557
6558
#: serverguide/C/virtualization.xml:2113(emphasis)
6559
msgid "Log files:"
6560
msgstr ""
6561
6562
#: serverguide/C/virtualization.xml:2116(para)
6563
msgid "/var/log/eucalyptus"
6564
msgstr ""
6565
6566
#: serverguide/C/virtualization.xml:2121(emphasis)
6567
msgid "Configuration files:"
6568
msgstr ""
6569
6570
#: serverguide/C/virtualization.xml:2124(para)
6571
msgid "/etc/eucalyptus"
6572
msgstr ""
6573
6574
#: serverguide/C/virtualization.xml:2129(emphasis)
6575
msgid "Database:"
6576
msgstr ""
6577
6578
#: serverguide/C/virtualization.xml:2132(para)
6579
msgid "/var/lib/eucalyptus/db"
6580
msgstr ""
6581
6582
#: serverguide/C/virtualization.xml:2137(emphasis)
6583
msgid "Keys:"
6584
msgstr ""
6585
6586
#: serverguide/C/virtualization.xml:2140(para)
6587
msgid "/var/lib/eucalyptus"
6588
msgstr ""
6589
6590
#: serverguide/C/virtualization.xml:2141(para)
6591
msgid "/var/lib/eucalyptus/.ssh"
6592
msgstr ""
6593
6594
#: serverguide/C/virtualization.xml:2147(para)
6595
msgid ""
6596
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6597
"running the client tools."
6598
msgstr ""
6599
6600
#: serverguide/C/virtualization.xml:2158(para)
6601
msgid ""
6602
"For information on loading instances see the <ulink "
6603
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6604
"page."
6605
msgstr ""
6606
6607
#: serverguide/C/virtualization.xml:2163(para)
6608
msgid ""
6609
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6610
"documentation, downloads)</ulink>."
6611
msgstr ""
6612
6613
#: serverguide/C/virtualization.xml:2168(para)
6614
msgid ""
6615
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6616
"(bugs, code)</ulink>."
6617
msgstr ""
6618
6619
#: serverguide/C/virtualization.xml:2173(para)
6620
msgid ""
6621
"<ulink "
6622
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6623
"ptus Troubleshooting (1.5)</ulink>."
6624
msgstr ""
6625
6626
#: serverguide/C/virtualization.xml:2178(para)
6627
msgid ""
6628
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6629
"Cloud_Infrastructures/Eucalyptus/03-"
6630
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6631
"RightScale</ulink>."
6632
msgstr ""
6633
6634
#: serverguide/C/virtualization.xml:2184(para)
6635
msgid ""
6636
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6637
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6638
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6639
msgstr ""
6640
6641
#: serverguide/C/virtualization.xml:2193(title)
6642
msgid "Glossary"
6643
msgstr ""
6644
6645
#: serverguide/C/virtualization.xml:2195(para)
6646
msgid ""
6647
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6648
"unfamiliar to some readers. This page is intended to provide a glossary of "
6649
"such terms and acronyms."
6650
msgstr ""
6651
6652
#: serverguide/C/virtualization.xml:2202(para)
6653
msgid ""
6654
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6655
"computing resources through virtual machines, provisioned and recollected "
6656
"dynamically."
6657
msgstr ""
6658
6659
#: serverguide/C/virtualization.xml:2208(para)
6660
msgid ""
6661
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6662
"provides the web UI (an https server on port 8443), and implements the "
6663
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6664
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6665
"cloud</application> package."
6666
msgstr ""
6667
6668
#: serverguide/C/virtualization.xml:2215(para)
6669
msgid ""
6670
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6671
"Cluster Controller. There can be more than one Cluster in an installation of "
6672
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6673
"floor2, floor2)."
6674
msgstr ""
6675
6676
#: serverguide/C/virtualization.xml:2221(para)
6677
msgid ""
6678
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6679
"manages collections of node resources. This service is provided by the "
6680
"Ubuntu <application>eucalyptus-cc</application> package."
6681
msgstr ""
6682
6683
#: serverguide/C/virtualization.xml:2227(para)
6684
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6685
msgstr ""
6686
6687
#: serverguide/C/virtualization.xml:2232(para)
6688
msgid ""
6689
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6690
"pay-by-the-gigabyte public cloud computing offering."
6691
msgstr ""
6692
6693
#: serverguide/C/virtualization.xml:2237(para)
6694
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6695
msgstr ""
6696
6697
#: serverguide/C/virtualization.xml:2242(para)
6698
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6699
msgstr ""
6700
6701
#: serverguide/C/virtualization.xml:2247(para)
6702
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6703
msgstr ""
6704
6705
#: serverguide/C/virtualization.xml:2252(para)
6706
msgid ""
6707
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6708
"Linking Your Programs To Useful Systems. An open source project originally "
6709
"from the University of California at Santa Barbara, now supported by "
6710
"Eucalyptus Systems, a Canonical Partner."
6711
msgstr ""
6712
6713
#: serverguide/C/virtualization.xml:2259(para)
6714
msgid ""
6715
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6716
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6717
"cluster controller)."
6718
msgstr ""
6719
6720
#: serverguide/C/virtualization.xml:2265(para)
6721
msgid ""
6722
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6723
"running virtual machines, running a node controller. Within Ubuntu, this "
6724
"generally means that the CPU has VT extensions, and can run the KVM "
6725
"hypervisor."
6726
msgstr ""
6727
6728
#: serverguide/C/virtualization.xml:2271(para)
6729
msgid ""
6730
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6731
"on nodes which host the virtual machines that comprise the cloud. This "
6732
"service is provided by the Ubuntu package <application>eucalyptus-"
6733
"nc</application>."
6734
msgstr ""
6735
6736
#: serverguide/C/virtualization.xml:2277(para)
6737
msgid ""
6738
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6739
"gigabyte persistent storage solution for EC2."
6740
msgstr ""
6741
6742
#: serverguide/C/virtualization.xml:2282(para)
6743
msgid ""
6744
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6745
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6746
"installation can have its own Storage Controller. This component is provided "
6747
"by the <application>eucalyptus-sc</application> package."
6748
msgstr ""
6749
6750
#: serverguide/C/virtualization.xml:2289(para)
6751
msgid ""
6752
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6753
"solution, based on Eucalyptus."
6754
msgstr ""
6755
6756
#: serverguide/C/virtualization.xml:2294(para)
6757
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6758
msgstr ""
6759
6760
#: serverguide/C/virtualization.xml:2299(para)
6761
msgid ""
6762
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6763
"some modern CPUs, allowing for accelerated virtual machine hosting."
6764
msgstr ""
6765
6766
#: serverguide/C/virtualization.xml:2304(para)
6767
msgid ""
6768
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6769
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6770
"put/get abstractions."
6771
msgstr ""
6772
6773
#: serverguide/C/vcs.xml:13(title)
6774
msgid "Version Control System"
6775
msgstr "Sistema de control de versions"
6776
6777
#: serverguide/C/vcs.xml:14(para)
6778
msgid ""
6779
"Version control is the art of managing changes to information. It has long "
6780
"been a critical tool for programmers, who typically spend their time making "
6781
"small changes to software and then undoing those changes the next day. But "
6782
"the usefulness of version control software extends far beyond the bounds of "
6783
"the software development world. Anywhere you can find people using computers "
6784
"to manage information that changes often, there is room for version control."
6785
msgstr ""
6786
6787
#: serverguide/C/vcs.xml:17(title)
6788
msgid "Bazaar"
6789
msgstr ""
6790
6791
#: serverguide/C/vcs.xml:18(para)
6792
msgid ""
6793
"Bazaar is a new version control system sponsored by Canonical, the "
6794
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6795
"support a central repository model, Bazaar also supports "
6796
"<emphasis>distributed version control</emphasis>, giving people the ability "
6797
"to collaborate more efficiently. In particular, Bazaar is designed to "
6798
"maximize the level of community participation in open source projects."
6799
msgstr ""
6800
6801
#: serverguide/C/vcs.xml:29(para)
6802
msgid ""
6803
"At a terminal prompt, enter the following command to install "
6804
"<application>bzr</application>: <screen>\n"
6805
"<command>sudo apt-get install bzr</command>\n"
6806
"</screen>"
6807
msgstr ""
6808
6809
#: serverguide/C/vcs.xml:40(para)
6810
msgid ""
6811
"To introduce yourself to <application>bzr</application>, use the "
6812
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6813
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6814
"</screen>"
6815
msgstr ""
6816
6817
#: serverguide/C/vcs.xml:49(title)
6818
msgid "Learning Bazaar"
6819
msgstr ""
6820
6821
#: serverguide/C/vcs.xml:50(para)
6822
msgid ""
6823
"Bazaar comes with bundled documentation installed into "
6824
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6825
"is a good place to start. The <application>bzr</application> command also "
6826
"comes with built-in help: <screen>\n"
6827
"<command>$ bzr help</command>\n"
6828
"</screen>"
6829
msgstr ""
6830
6831
#: serverguide/C/vcs.xml:60(para)
6832
msgid ""
6833
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6834
"<command>$ bzr help foo</command>\n"
6835
"</screen>"
6836
msgstr ""
6837
6838
#: serverguide/C/vcs.xml:68(title)
6839
msgid "Launchpad Integration"
6840
msgstr ""
6841
6842
#: serverguide/C/vcs.xml:69(para)
6843
msgid ""
6844
"While highly useful as a stand-alone system, Bazaar has good, optional "
6845
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6846
"the collaborative development system used by Canonical and the broader open "
6847
"source community to manage and extend Ubuntu itself. For information on how "
6848
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6849
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6850
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6851
msgstr ""
6852
6853
#: serverguide/C/vcs.xml:81(title)
6854
msgid "Subversion"
6855
msgstr ""
6856
6857
#: serverguide/C/vcs.xml:82(para)
6858
msgid ""
6859
"Subversion is an open source version control system. Using Subversion, you "
6860
"can record the history of source files and documents. It manages files and "
6861
"directories over time. A tree of files is placed into a central repository. "
6862
"The repository is much like an ordinary file server, except that it "
6863
"remembers every change ever made to files and directories."
6864
msgstr ""
6865
6866
#: serverguide/C/vcs.xml:87(para)
6867
msgid ""
6868
"To access Subversion repository using the HTTP protocol, you must install "
6869
"and configure a web server. Apache2 is proven to work with Subversion. "
6870
"Please refer to the HTTP subsection in the Apache2 section to install and "
6871
"configure Apache2. To access the Subversion repository using the HTTPS "
6872
"protocol, you must install and configure a digital certificate in your "
6873
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6874
"section to install and configure the digital certificate."
6875
msgstr ""
6876
6877
#: serverguide/C/vcs.xml:96(para)
6878
msgid ""
6879
"To install Subversion, run the following command from a terminal prompt:"
6880
msgstr ""
6881
6882
#: serverguide/C/vcs.xml:101(command)
6883
msgid "sudo apt-get install subversion libapache2-svn"
6884
msgstr "sudo apt-get install subversion libapache2-svn"
6885
6886
#: serverguide/C/vcs.xml:108(para)
6887
msgid ""
6888
"This step assumes you have installed above mentioned packages on your "
6889
"system. This section explains how to create a Subversion repository and "
6890
"access the project."
6891
msgstr ""
6892
6893
#: serverguide/C/vcs.xml:111(title)
6894
msgid "Create Subversion Repository"
6895
msgstr ""
6896
6897
#: serverguide/C/vcs.xml:112(para)
6898
msgid ""
6899
"The Subversion repository can be created using the following command from a "
6900
"terminal prompt:"
6901
msgstr ""
6902
6903
#: serverguide/C/vcs.xml:116(command)
6904
msgid "svnadmin create /path/to/repos/project"
6905
msgstr ""
6906
6907
#: serverguide/C/vcs.xml:121(title)
6908
msgid "Importing Files"
6909
msgstr ""
6910
6911
#: serverguide/C/vcs.xml:122(para)
6912
msgid ""
6913
"Once you create the repository you can <emphasis>import</emphasis> files "
6914
"into the repository. To import a directory, enter the following from a "
6915
"terminal prompt: <screen>\n"
6916
"<command>svn import /path/to/import/directory "
6917
"file:///path/to/repos/project</command>\n"
6918
"</screen>"
6919
msgstr ""
6920
6921
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6922
msgid "Access Methods"
6923
msgstr ""
6924
6925
#: serverguide/C/vcs.xml:135(para)
6926
msgid ""
6927
"Subversion repositories can be accessed (checked out) through many different "
6928
"methods --on local disk, or through various network protocols. A repository "
6929
"location, however, is always a URL. The table describes how different URL "
6930
"schemes map to the available access methods."
6931
msgstr ""
6932
6933
#: serverguide/C/vcs.xml:146(para)
6934
msgid "Schema"
6935
msgstr ""
6936
6937
#: serverguide/C/vcs.xml:147(para)
6938
msgid "Access Method"
6939
msgstr ""
6940
6941
#: serverguide/C/vcs.xml:152(para)
6942
msgid "file://"
6943
msgstr ""
6944
6945
#: serverguide/C/vcs.xml:153(para)
6946
msgid "direct repository access (on local disk)"
6947
msgstr ""
6948
6949
#: serverguide/C/vcs.xml:156(para)
6950
msgid "http://"
6951
msgstr ""
6952
6953
#: serverguide/C/vcs.xml:157(para)
6954
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6955
msgstr ""
6956
6957
#: serverguide/C/vcs.xml:160(para)
6958
msgid "https://"
6959
msgstr ""
6960
6961
#: serverguide/C/vcs.xml:161(para)
6962
msgid "Same as http://, but with SSL encryption"
6963
msgstr ""
6964
6965
#: serverguide/C/vcs.xml:164(para)
6966
msgid "svn://"
6967
msgstr ""
6968
6969
#: serverguide/C/vcs.xml:165(para)
6970
msgid "Access via custom protocol to an svnserve server"
6971
msgstr ""
6972
6973
#: serverguide/C/vcs.xml:168(para)
6974
msgid "svn+ssh://"
6975
msgstr ""
6976
6977
#: serverguide/C/vcs.xml:169(para)
6978
msgid "Same as svn://, but through an SSH tunnel"
6979
msgstr ""
6980
6981
#: serverguide/C/vcs.xml:175(para)
6982
msgid ""
6983
"In this section, we will see how to configure Subversion for all these "
6984
"access methods. Here, we cover the basics. For more advanced usage details, "
6985
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6986
msgstr ""
6987
6988
#: serverguide/C/vcs.xml:182(title)
6989
msgid "Direct repository access (file://)"
6990
msgstr ""
6991
6992
#: serverguide/C/vcs.xml:183(para)
6993
msgid ""
6994
"This is the simplest of all access methods. It does not require any "
6995
"Subversion server process to be running. This access method is used to "
6996
"access Subversion from the same machine. The syntax of the command, entered "
6997
"at a terminal prompt, is as follows:"
6998
msgstr ""
6999
7000
#: serverguide/C/vcs.xml:190(command)
7001
msgid "svn co file:///path/to/repos/project"
7002
msgstr ""
7003
7004
#: serverguide/C/vcs.xml:193(para)
7005
msgid "or"
7006
msgstr ""
7007
7008
#: serverguide/C/vcs.xml:196(command)
7009
msgid "svn co file://localhost/path/to/repos/project"
7010
msgstr ""
7011
7012
#: serverguide/C/vcs.xml:200(para)
7013
msgid ""
7014
"If you do not specify the hostname, there are three forward slashes (///) -- "
7015
"two for the protocol (file, in this case) plus the leading slash in the "
7016
"path. If you specify the hostname, you must use two forward slashes (//)."
7017
msgstr ""
7018
7019
#: serverguide/C/vcs.xml:202(para)
7020
msgid ""
7021
"The repository permissions depend on filesystem permissions. If the user has "
7022
"read/write permission, he can checkout from and commit to the repository."
7023
msgstr ""
7024
7025
#: serverguide/C/vcs.xml:205(title)
7026
msgid "Access via WebDAV protocol (http://)"
7027
msgstr ""
7028
7029
#: serverguide/C/vcs.xml:206(para)
7030
msgid ""
7031
"To access the Subversion repository via WebDAV protocol, you must configure "
7032
"your Apache 2 web server. Add the following snippet between the "
7033
"<emphasis><VirtualHost></emphasis> and "
7034
"<emphasis></VirtualHost></emphasis> elements in "
7035
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7036
"VirtualHost file:"
7037
msgstr ""
7038
7039
#: serverguide/C/vcs.xml:212(programlisting)
7040
#, no-wrap
7041
msgid ""
7042
"\n"
7043
" <Location /svn>\n"
7044
" DAV svn\n"
7045
" SVNPath /home/svn\n"
7046
" AuthType Basic\n"
7047
" AuthName \"Your repository name\"\n"
7048
" AuthUserFile /etc/subversion/passwd\n"
7049
" Require valid-user\n"
7050
" </Location> \n"
7051
msgstr ""
7052
7053
#: serverguide/C/vcs.xml:223(para)
7054
msgid ""
7055
"The above configuration snippet assumes that Subversion repositories are "
7056
"created under <filename>/home/svn/</filename> directory using "
7057
"<command>svnadmin</command> command. They can be accessible using "
7058
"<command>http://hostname/svn/repos_name</command> url."
7059
msgstr ""
7060
7061
#: serverguide/C/vcs.xml:229(para)
7062
msgid ""
7063
"To import or commit files to your Subversion repository over HTTP, the "
7064
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7065
"HTTP user is <command>www-data</command>. To change the ownership of the "
7066
"repository files enter the following command from terminal prompt:"
7067
msgstr ""
7068
7069
#: serverguide/C/vcs.xml:238(command)
7070
msgid "sudo chown -R www-data:www-data /path/to/repos"
7071
msgstr "sudo chown -R www-data:www-data /camí/dels/dipòsits"
7072
7073
#: serverguide/C/vcs.xml:241(para)
7074
msgid ""
7075
"By changing the ownership of repository as <command>www-data</command> you "
7076
"will not be able to import or commit files into the repository by running "
7077
"<command>svn import file:///</command> command as any user other than "
7078
"<command>www-data</command>."
7079
msgstr ""
7080
7081
#: serverguide/C/vcs.xml:250(para)
7082
msgid ""
7083
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7084
"that will contain user authentication details. To create a file issue the "
7085
"following command at a command prompt (which will create the file and add "
7086
"the first user):"
7087
msgstr ""
7088
7089
#: serverguide/C/vcs.xml:256(command)
7090
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7091
msgstr "sudo htpasswd -c /etc/subversion/passwd nom_usuari"
7092
7093
#: serverguide/C/vcs.xml:259(para)
7094
msgid ""
7095
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7096
"option replaces the old file. Instead use this form:"
7097
msgstr ""
7098
7099
#: serverguide/C/vcs.xml:264(command)
7100
msgid "sudo htpasswd /etc/subversion/password user_name"
7101
msgstr "sudo htpasswd /etc/subversion/password nom_usuari"
7102
7103
#: serverguide/C/vcs.xml:268(para)
7104
msgid ""
7105
"This command will prompt you to enter the password. Once you enter the "
7106
"password, the user is added. Now, to access the repository you can run the "
7107
"following command:"
7108
msgstr ""
7109
7110
#: serverguide/C/vcs.xml:269(command)
7111
msgid "svn co http://servername/svn"
7112
msgstr ""
7113
7114
#: serverguide/C/vcs.xml:271(para)
7115
msgid ""
7116
"The password is transmitted as plain text. If you are worried about password "
7117
"snooping, you are advised to use SSL encryption. For details, please refer "
7118
"next section."
7119
msgstr ""
7120
7121
#: serverguide/C/vcs.xml:277(title)
7122
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7123
msgstr ""
7124
7125
#: serverguide/C/vcs.xml:278(para)
7126
msgid ""
7127
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7128
"(https://) is similar to http:// except that you must install and configure "
7129
"the digital certificate in your Apache2 web server. To use SSL with "
7130
"Subversion add the above Apache2 configuration to "
7131
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7132
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7133
"configuration\"/>."
7134
msgstr ""
7135
7136
#: serverguide/C/vcs.xml:287(para)
7137
msgid ""
7138
"You can install a digital certificate issued by a signing authority. "
7139
"Alternatively, you can install your own self-signed certificate."
7140
msgstr ""
7141
7142
#: serverguide/C/vcs.xml:292(para)
7143
msgid ""
7144
"This step assumes you have installed and configured a digital certificate in "
7145
"your Apache 2 web server. Now, to access the Subversion repository, please "
7146
"refer to the above section! The access methods are exactly the same, except "
7147
"the protocol. You must use https:// to access the Subversion repository."
7148
msgstr ""
7149
7150
#: serverguide/C/vcs.xml:302(title)
7151
msgid "Access via custom protocol (svn://)"
7152
msgstr ""
7153
7154
#: serverguide/C/vcs.xml:303(para)
7155
msgid ""
7156
"Once the Subversion repository is created, you can configure the access "
7157
"control. You can edit the <filename> "
7158
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7159
"access control. For example, to set up authentication, you can uncomment the "
7160
"following lines in the configuration file:"
7161
msgstr ""
7162
7163
#: serverguide/C/vcs.xml:310(programlisting)
7164
#, no-wrap
7165
msgid ""
7166
"# [general]\n"
7167
"# password-db = passwd"
7168
msgstr ""
7169
7170
#: serverguide/C/vcs.xml:313(para)
7171
msgid ""
7172
"After uncommenting the above lines, you can maintain the user list in the "
7173
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7174
"directory and add the new user. The syntax is as follows:"
7175
msgstr ""
7176
7177
#: serverguide/C/vcs.xml:319(programlisting)
7178
#, no-wrap
7179
msgid "username = password"
7180
msgstr ""
7181
7182
#: serverguide/C/vcs.xml:320(para)
7183
msgid "For more details, please refer to the file."
7184
msgstr ""
7185
7186
#: serverguide/C/vcs.xml:324(para)
7187
msgid ""
7188
"Now, to access Subversion via the svn:// custom protocol, either from the "
7189
"same machine or a different machine, you can run svnserver using svnserve "
7190
"command. The syntax is as follows:"
7191
msgstr ""
7192
7193
#: serverguide/C/vcs.xml:329(programlisting)
7194
#, no-wrap
7195
msgid ""
7196
"$ svnserve -d --foreground -r /path/to/repos\n"
7197
"# -d -- daemon mode\n"
7198
"# --foreground -- run in foreground (useful for debugging)\n"
7199
"# -r -- root of directory to serve\n"
7200
"\n"
7201
"For more usage details, please refer to:\n"
7202
"$ svnserve --help"
7203
msgstr ""
7204
7205
#: serverguide/C/vcs.xml:337(para)
7206
msgid ""
7207
"Once you run this command, Subversion starts listening on default port "
7208
"(3690). To access the project repository, you must run the following command "
7209
"from a terminal prompt:"
7210
msgstr ""
7211
7212
#: serverguide/C/vcs.xml:340(command)
7213
msgid "svn co svn://hostname/project project --username user_name"
7214
msgstr ""
7215
7216
#: serverguide/C/vcs.xml:343(para)
7217
msgid ""
7218
"Based on server configuration, it prompts for password. Once you are "
7219
"authenticated, it checks out the code from Subversion repository. To "
7220
"synchronize the project repository with the local copy, you can run the "
7221
"<command>update</command> sub-command. The syntax of the command, entered at "
7222
"a terminal prompt, is as follows:"
7223
msgstr ""
7224
7225
#: serverguide/C/vcs.xml:351(command)
7226
msgid "cd project_dir ; svn update"
7227
msgstr ""
7228
7229
#: serverguide/C/vcs.xml:354(para)
7230
msgid ""
7231
"For more details about using each Subversion sub-command, you can refer to "
7232
"the manual. For example, to learn more about the co (checkout) command, "
7233
"please run the following command from a terminal prompt:"
7234
msgstr ""
7235
7236
#: serverguide/C/vcs.xml:358(command)
7237
msgid "svn co help"
7238
msgstr ""
7239
7240
#: serverguide/C/vcs.xml:362(title)
7241
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7242
msgstr ""
7243
7244
#: serverguide/C/vcs.xml:363(para)
7245
msgid ""
7246
"The configuration and server process is same as in the svn:// method. For "
7247
"details, please refer to the above section. This step assumes you have "
7248
"followed the above step and started the Subversion server using "
7249
"<application>svnserve</application> command."
7250
msgstr ""
7251
7252
#: serverguide/C/vcs.xml:369(para)
7253
msgid ""
7254
"It is also assumed that the ssh server is running on that machine and that "
7255
"it is allowing incoming connections. To confirm, please try to login to that "
7256
"machine using ssh. If you can login, everything is perfect. If you cannot "
7257
"login, please address it before continuing further."
7258
msgstr ""
7259
7260
#: serverguide/C/vcs.xml:375(para)
7261
msgid ""
7262
"The svn+ssh:// protocol is used to access the Subversion repository using "
7263
"SSL encryption. The data transfer is encrypted using this method. To access "
7264
"the project repository (for example with a checkout), you must use the "
7265
"following command syntax:"
7266
msgstr ""
7267
7268
#: serverguide/C/vcs.xml:382(command)
7269
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7270
msgstr ""
7271
7272
#: serverguide/C/vcs.xml:386(para)
7273
msgid ""
7274
"You must use the full path (/path/to/repos/project) to access the Subversion "
7275
"repository using this access method."
7276
msgstr ""
7277
7278
#: serverguide/C/vcs.xml:389(para)
7279
msgid ""
7280
"Based on server configuration, it prompts for password. You must enter the "
7281
"password you use to login via ssh. Once you are authenticated, it checks out "
7282
"the code from the Subversion repository."
7283
msgstr ""
7284
7285
#: serverguide/C/vcs.xml:399(title)
7286
msgid "CVS Server"
7287
msgstr ""
7288
7289
#: serverguide/C/vcs.xml:400(para)
7290
msgid ""
7291
"CVS is a version control system. You can use it to record the history of "
7292
"source files."
7293
msgstr ""
7294
7295
#: serverguide/C/vcs.xml:406(para)
7296
msgid ""
7297
"To install <application>CVS</application>, run the following command from a "
7298
"terminal prompt: <screen>\n"
7299
"<command>sudo apt-get install cvs</command>\n"
7300
"</screen> After you install <application>cvs</application>, you should "
7301
"install <application>xinetd</application> to start/stop the cvs server. At "
7302
"the prompt, enter the following command to install "
7303
"<application>xinetd</application>: <screen>\n"
7304
"<command>sudo apt-get install xinetd</command>\n"
7305
"</screen>"
7306
msgstr ""
7307
7308
#: serverguide/C/vcs.xml:439(programlisting)
7309
#, no-wrap
7310
msgid ""
7311
"\n"
7312
"service cvspserver\n"
7313
"{\n"
7314
" port = 2401\n"
7315
" socket_type = stream\n"
7316
" protocol = tcp\n"
7317
" user = root\n"
7318
" wait = no\n"
7319
" type = UNLISTED\n"
7320
" server = /usr/bin/cvs\n"
7321
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7322
" disable = no\n"
7323
"}\n"
7324
msgstr ""
7325
7326
#: serverguide/C/vcs.xml:455(para)
7327
msgid ""
7328
"Be sure to edit the repository if you have changed the default repository "
7329
"(<application>/var/lib/cvs</application>) directory."
7330
msgstr ""
7331
7332
#: serverguide/C/vcs.xml:424(para)
7333
msgid ""
7334
"Once you install cvs, the repository will be automatically initialized. By "
7335
"default, the repository resides under the "
7336
"<application>/var/lib/cvs</application> directory. You can change this path "
7337
"by running following command: <screen>\n"
7338
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7339
"</screen> Once the initial repository is set up, you can configure "
7340
"<application>xinetd</application> to start the CVS server. You can copy the "
7341
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7342
"<placeholder-1/><placeholder-2/> Once you have configured "
7343
"<application>xinetd</application> you can start the cvs server by running "
7344
"following command: <screen>\n"
7345
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7346
"</screen>"
7347
msgstr ""
7348
7349
#: serverguide/C/vcs.xml:468(para)
7350
msgid ""
7351
"You can confirm that the CVS server is running by issuing the following "
7352
"command:"
7353
msgstr ""
7354
7355
#: serverguide/C/vcs.xml:475(command)
7356
msgid "sudo netstat -tap | grep cvs"
7357
msgstr "sudo netstat -tap | grep cvs"
7358
7359
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7360
msgid ""
7361
"When you run this command, you should see the following line or something "
7362
"similar:"
7363
msgstr ""
7364
7365
#: serverguide/C/vcs.xml:484(programlisting)
7366
#, no-wrap
7367
msgid ""
7368
"\n"
7369
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7370
msgstr ""
7371
7372
#: serverguide/C/vcs.xml:488(para)
7373
msgid ""
7374
"From here you can continue to add users, add new projects, and manage the "
7375
"CVS server."
7376
msgstr ""
7377
7378
#: serverguide/C/vcs.xml:493(para)
7379
msgid ""
7380
"CVS allows the user to add users independently of the underlying OS "
7381
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7382
"although it has potential security issues. Please refer to the CVS manual "
7383
"for details."
7384
msgstr ""
7385
7386
#: serverguide/C/vcs.xml:503(title)
7387
msgid "Add Projects"
7388
msgstr ""
7389
7390
#: serverguide/C/vcs.xml:515(para)
7391
msgid ""
7392
"You can use the CVSROOT environment variable to store the CVS root "
7393
"directory. Once you export the CVSROOT environment variable, you can avoid "
7394
"using -d option in the above cvs command."
7395
msgstr ""
7396
7397
#: serverguide/C/vcs.xml:527(para)
7398
msgid ""
7399
"When you add a new project, the CVS user you use must have write access to "
7400
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7401
"the <application>src</application> group has write access to the CVS "
7402
"repository. So, you can add the user to this group, and he can then add and "
7403
"manage projects in the CVS repository."
7404
msgstr ""
7405
7406
#: serverguide/C/vcs.xml:504(para)
7407
msgid ""
7408
"This section explains how to add new project to the CVS repository. Create "
7409
"the directory and add necessary document and source files to the directory. "
7410
"Now, run the following command to add this project to CVS repository: "
7411
"<screen>\n"
7412
"<command>cd your/project</command>\n"
7413
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7414
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7415
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7416
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7417
"purpose in this context, but since CVS requires them, they must be present. "
7418
"<placeholder-2/>"
7419
msgstr ""
7420
7421
#: serverguide/C/vcs.xml:540(ulink)
7422
msgid "Bazaar Home Page"
7423
msgstr ""
7424
7425
#: serverguide/C/vcs.xml:541(ulink)
7426
msgid "Launchpad"
7427
msgstr ""
7428
7429
#: serverguide/C/vcs.xml:542(ulink)
7430
msgid "Subversion Home Page"
7431
msgstr ""
7432
7433
#: serverguide/C/vcs.xml:543(ulink)
7434
msgid "Subversion Book"
7435
msgstr ""
7436
7437
#: serverguide/C/vcs.xml:545(ulink)
7438
msgid "CVS Manual"
7439
msgstr ""
7440
7441
#: serverguide/C/vcs.xml:546(ulink)
7442
msgid "Easy Bazaar Ubuntu Wiki page"
7443
msgstr ""
7444
7445
#: serverguide/C/vcs.xml:547(ulink)
7446
msgid "Ubuntu Wiki Subversion page"
7447
msgstr ""
7448
7449
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7450
msgid "Credits and License"
7451
msgstr ""
7452
7453
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7454
msgid ""
7455
"This document is maintained by the Ubuntu documentation team "
7456
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7457
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7458
msgstr ""
7459
7460
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7461
msgid ""
7462
"This document is made available under the Creative Commons ShareAlike 2.5 "
7463
"License (CC-BY-SA)."
7464
msgstr ""
7465
7466
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7467
msgid ""
7468
"You are free to modify, extend, and improve the Ubuntu documentation source "
7469
"code under the terms of this license. All derivative works must be released "
7470
"under this license."
7471
msgstr ""
7472
7473
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7474
msgid ""
7475
"This documentation is distributed in the hope that it will be useful, but "
7476
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7477
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7478
msgstr ""
7479
7480
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7481
msgid ""
7482
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7483
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7484
msgstr ""
7485
7486
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7487
msgid "2010"
7488
msgstr ""
7489
7490
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7491
msgid "Ubuntu Documentation Project"
7492
msgstr ""
7493
7494
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7495
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7496
msgstr ""
7497
7498
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7499
msgid "The Ubuntu Documentation Project"
7500
msgstr ""
7501
7502
#: serverguide/C/serverguide.xml:17(para)
7503
msgid ""
7504
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7505
"information on how to install and configure various server applications on "
7506
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7507
"guide for configuring and customizing your system."
7508
msgstr ""
7509
"Us donem la benvinguda a la <emphasis>Guia del servidor Ubuntu</emphasis>. "
7510
"Aquesta conté informació sobre com instal·lar i configurar diverses "
7511
"aplicacions de servidor en el vostre sistema Ubuntu de la manera que "
7512
"s'adeqüin a les vostres necessitats. És una guia pas a pas, orientada a "
7513
"tasques per a configurar i personalitzar el vostre sistema."
7514
7515
#: serverguide/C/security.xml:13(title)
7516
msgid "Security"
7517
msgstr "Seguretat"
7518
7519
#: serverguide/C/security.xml:14(para)
7520
msgid ""
7521
"Security should always be considered when installing, deploying, and using "
7522
"any type of computer system. Although a fresh installation of Ubuntu is "
7523
"relatively safe for immediate use on the Internet, it is important to have a "
7524
"balanced understanding of your systems security posture based on how it will "
7525
"be used after deployment."
7526
msgstr ""
7527
7528
#: serverguide/C/security.xml:17(para)
7529
msgid ""
7530
"This chapter provides an overview of security related topics as they pertain "
7531
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7532
"protect your server and network from any number of potential security "
7533
"threats."
7534
msgstr ""
7535
7536
#: serverguide/C/security.xml:21(title)
7537
msgid "User Management"
7538
msgstr ""
7539
7540
#: serverguide/C/security.xml:22(para)
7541
msgid ""
7542
"User management is a critical part of maintaining a secure system. "
7543
"Ineffective user and privilege management often lead many systems into being "
7544
"compromised. Therefore, it is important that you understand how you can "
7545
"protect your server through simple and effective user account management "
7546
"techniques."
7547
msgstr ""
7548
7549
#: serverguide/C/security.xml:26(title)
7550
msgid "Where is root?"
7551
msgstr ""
7552
7553
#: serverguide/C/security.xml:27(para)
7554
msgid ""
7555
"Ubuntu developers made a conscientious decision to disable the "
7556
"administrative root account by default in all Ubuntu installations. This "
7557
"does not mean that the root account has been deleted or that it may not be "
7558
"accessed. It merely has been given a password which matches no possible "
7559
"encrypted value, therefore may not log in directly by itself."
7560
msgstr ""
7561
7562
#: serverguide/C/security.xml:30(para)
7563
msgid ""
7564
"Instead, users are encouraged to make use of a tool by the name of "
7565
"<application>sudo</application> to carry out system administrative duties. "
7566
"<application>Sudo</application> allows an authorized user to temporarily "
7567
"elevate their privileges using their own password instead of having to know "
7568
"the password belonging to the root account. This simple yet effective "
7569
"methodology provides accountability for all user actions, and gives the "
7570
"administrator granular control over which actions a user can perform with "
7571
"said privileges."
7572
msgstr ""
7573
7574
#: serverguide/C/security.xml:35(para)
7575
msgid ""
7576
"If for some reason you wish to enable the root account, simply give it a "
7577
"password:"
7578
msgstr ""
7579
7580
#: serverguide/C/security.xml:39(command)
7581
msgid "sudo passwd"
7582
msgstr "sudo passwd"
7583
7584
#: serverguide/C/security.xml:41(para)
7585
msgid ""
7586
"Sudo will prompt you for your password, and then ask you to supply a new "
7587
"password for root as shown below:"
7588
msgstr ""
7589
7590
#: serverguide/C/security.xml:44(userinput)
7591
#, no-wrap
7592
msgid "(enter your own password)"
7593
msgstr ""
7594
7595
#: serverguide/C/security.xml:45(userinput)
7596
#, no-wrap
7597
msgid "(enter a new password for root)"
7598
msgstr ""
7599
7600
#: serverguide/C/security.xml:46(userinput)
7601
#, no-wrap
7602
msgid "(repeat new password for root)"
7603
msgstr ""
7604
7605
#: serverguide/C/security.xml:44(computeroutput)
7606
#, no-wrap
7607
msgid ""
7608
"[sudo] password for username: <placeholder-1/>\n"
7609
"Enter new UNIX password: <placeholder-2/>\n"
7610
"Retype new UNIX password: <placeholder-3/>\n"
7611
"passwd: password updated successfully"
7612
msgstr ""
7613
7614
#: serverguide/C/security.xml:51(para)
7615
msgid "To disable the root account, use the following passwd syntax:"
7616
msgstr ""
7617
7618
#: serverguide/C/security.xml:55(command)
7619
msgid "sudo passwd -l root"
7620
msgstr "sudo passwd -l root"
7621
7622
#: serverguide/C/security.xml:59(para)
7623
msgid ""
7624
"You should read more on <application>Sudo</application> by checking out it's "
7625
"man page:"
7626
msgstr ""
7627
7628
#: serverguide/C/security.xml:63(command)
7629
msgid "man sudo"
7630
msgstr "man sudo"
7631
7632
#: serverguide/C/security.xml:67(para)
7633
msgid ""
7634
"By default, the initial user created by the Ubuntu installer is a member of "
7635
"the group \"admin\" which is added to the file "
7636
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7637
"give any other account full root access through "
7638
"<application>sudo</application>, simply add them to the admin group."
7639
msgstr ""
7640
7641
#: serverguide/C/security.xml:73(title)
7642
msgid "Adding and Deleting Users"
7643
msgstr ""
7644
7645
#: serverguide/C/security.xml:74(para)
7646
msgid ""
7647
"The process for managing local users and groups is straight forward and "
7648
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7649
"other Debian based distributions, encourage the use of the \"adduser\" "
7650
"package for account management."
7651
msgstr ""
7652
7653
#: serverguide/C/security.xml:79(para)
7654
msgid ""
7655
"To add a user account, use the following syntax, and follow the prompts to "
7656
"give the account a password and identifiable characteristics such as a full "
7657
"name, phone number, etc."
7658
msgstr ""
7659
7660
#: serverguide/C/security.xml:83(command)
7661
msgid "sudo adduser username"
7662
msgstr "sudo adduser nomusuari"
7663
7664
#: serverguide/C/security.xml:87(para)
7665
msgid ""
7666
"To delete a user account and its primary group, use the following syntax:"
7667
msgstr ""
7668
7669
#: serverguide/C/security.xml:91(command)
7670
msgid "sudo deluser username"
7671
msgstr "sudo deluser nomusuari"
7672
7673
#: serverguide/C/security.xml:93(para)
7674
msgid ""
7675
"Deleting an account does not remove their respective home folder. It is up "
7676
"to you whether or not you wish to delete the folder manually or keep it "
7677
"according to your desired retention policies."
7678
msgstr ""
7679
7680
#: serverguide/C/security.xml:96(para)
7681
msgid ""
7682
"Remember, any user added later on with the same UID/GID as the previous "
7683
"owner will now have access to this folder if you have not taken the "
7684
"necessary precautions."
7685
msgstr ""
7686
7687
#: serverguide/C/security.xml:99(para)
7688
msgid ""
7689
"You may want to change these UID/GID values to something more appropriate, "
7690
"such as the root account, and perhaps even relocate the folder to avoid "
7691
"future conflicts:"
7692
msgstr ""
7693
7694
#: serverguide/C/security.xml:103(command)
7695
msgid "sudo chown -R root:root /home/username/"
7696
msgstr "sudo chown -R root:root /home/nomusuari/"
7697
7698
#: serverguide/C/security.xml:104(command)
7699
msgid "sudo mkdir /home/archived_users/"
7700
msgstr "sudo mkdir /home/usuaris_arxivats/"
7701
7702
#: serverguide/C/security.xml:105(command)
7703
msgid "sudo mv /home/username /home/archived_users/"
7704
msgstr "sudo mv /home/username /home/usuaris_arxivats/"
7705
7706
#: serverguide/C/security.xml:109(para)
7707
msgid ""
7708
"To temporarily lock or unlock a user account, use the following syntax, "
7709
"respectively:"
7710
msgstr ""
7711
7712
#: serverguide/C/security.xml:113(command)
7713
msgid "sudo passwd -l username"
7714
msgstr "sudo passwd -l nomusari"
7715
7716
#: serverguide/C/security.xml:114(command)
7717
msgid "sudo passwd -u username"
7718
msgstr "sudo passwd -u nomusari"
7719
7720
#: serverguide/C/security.xml:118(para)
7721
msgid ""
7722
"To add or delete a personalized group, use the following syntax, "
7723
"respectively:"
7724
msgstr ""
7725
7726
#: serverguide/C/security.xml:122(command)
7727
msgid "sudo addgroup groupname"
7728
msgstr "sudo addgroup nomgrup"
7729
7730
#: serverguide/C/security.xml:123(command)
7731
msgid "sudo delgroup groupname"
7732
msgstr "sudo delgroup nomgrup"
7733
7734
#: serverguide/C/security.xml:127(para)
7735
msgid "To add a user to a group, use the following syntax:"
7736
msgstr ""
7737
7738
#: serverguide/C/security.xml:131(command)
7739
msgid "sudo adduser username groupname"
7740
msgstr "sudo adduser nomusuari nomgrup"
7741
7742
#: serverguide/C/security.xml:138(title)
7743
msgid "User Profile Security"
7744
msgstr "Seguretat del perfil d'usuari"
7745
7746
#: serverguide/C/security.xml:139(para)
7747
msgid ""
7748
"When a new user is created, the adduser utility creates a brand new home "
7749
"directory named <filename class=\"directory\">/home/username</filename>, "
7750
"respectively. The default profile is modeled after the contents found in the "
7751
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7752
"includes all profile basics."
7753
msgstr ""
7754
7755
#: serverguide/C/security.xml:142(para)
7756
msgid ""
7757
"If your server will be home to multiple users, you should pay close "
7758
"attention to the user home directory permissions to ensure confidentiality. "
7759
"By default, user home directories in Ubuntu are created with world "
7760
"read/execute permissions. This means that all users can browse and access "
7761
"the contents of other users home directories. This may not be suitable for "
7762
"your environment."
7763
msgstr ""
7764
7765
#: serverguide/C/security.xml:147(para)
7766
msgid ""
7767
"To verify your current users home directory permissions, use the following "
7768
"syntax:"
7769
msgstr ""
7770
7771
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7772
msgid "ls -ld /home/username"
7773
msgstr ""
7774
7775
#: serverguide/C/security.xml:153(para)
7776
msgid ""
7777
"The following output shows that the directory <filename "
7778
"class=\"directory\">/home/username</filename> has world readable permissions:"
7779
msgstr ""
7780
7781
#: serverguide/C/security.xml:156(computeroutput)
7782
#, no-wrap
7783
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7784
msgstr ""
7785
7786
#: serverguide/C/security.xml:160(para)
7787
msgid ""
7788
"You can remove the world readable permissions using the following syntax:"
7789
msgstr ""
7790
7791
#: serverguide/C/security.xml:164(command)
7792
msgid "sudo chmod 0750 /home/username"
7793
msgstr "sudo chmod 0750 /home/nomusuari"
7794
7795
#: serverguide/C/security.xml:167(para)
7796
msgid ""
7797
"Some people tend to use the recursive option (-R) indiscriminately which "
7798
"modifies all child folders and files, but this is not necessary, and may "
7799
"yield other undesirable results. The parent directory alone is sufficient "
7800
"for preventing unauthorized access to anything below the parent."
7801
msgstr ""
7802
7803
#: serverguide/C/security.xml:171(para)
7804
msgid ""
7805
"A much more efficient approach to the matter would be to modify the "
7806
"<application>adduser</application> global default permissions when creating "
7807
"user home folders. Simply edit the file "
7808
"<filename>/etc/adduser.conf</filename> and modify the "
7809
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7810
"new home directories will receive the correct permissions."
7811
msgstr ""
7812
7813
#: serverguide/C/security.xml:174(programlisting)
7814
#, no-wrap
7815
msgid ""
7816
"\n"
7817
"DIR_MODE=0750\n"
7818
msgstr ""
7819
7820
#: serverguide/C/security.xml:179(para)
7821
msgid ""
7822
"After correcting the directory permissions using any of the previously "
7823
"mentioned techniques, verify the results using the following syntax:"
7824
msgstr ""
7825
7826
#: serverguide/C/security.xml:185(para)
7827
msgid ""
7828
"The results below show that world readable permissions have been removed:"
7829
msgstr ""
7830
7831
#: serverguide/C/security.xml:188(computeroutput)
7832
#, no-wrap
7833
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7834
msgstr ""
7835
7836
#: serverguide/C/security.xml:195(title)
7837
msgid "Password Policy"
7838
msgstr ""
7839
7840
#: serverguide/C/security.xml:196(para)
7841
msgid ""
7842
"A strong password policy is one of the most important aspects of your "
7843
"security posture. Many successful security breaches involve simple brute "
7844
"force and dictionary attacks against weak passwords. If you intend to offer "
7845
"any form of remote access involving your local password system, make sure "
7846
"you adequately address minimum password complexity requirements, maximum "
7847
"password lifetimes, and frequent audits of your authentication systems."
7848
msgstr ""
7849
7850
#: serverguide/C/security.xml:200(title)
7851
msgid "Minimum Password Length"
7852
msgstr ""
7853
7854
#: serverguide/C/security.xml:201(para)
7855
msgid ""
7856
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7857
"well as some basic entropy checks. These values are controlled in the file "
7858
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7859
msgstr ""
7860
7861
#: serverguide/C/security.xml:204(programlisting)
7862
#, no-wrap
7863
msgid ""
7864
"\n"
7865
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7866
msgstr ""
7867
7868
#: serverguide/C/security.xml:207(para)
7869
msgid ""
7870
"If you would like to adjust the minimum length to 8 characters, change the "
7871
"appropriate variable to min=8. The modification is outlined below."
7872
msgstr ""
7873
7874
#: serverguide/C/security.xml:210(programlisting)
7875
#, no-wrap
7876
msgid ""
7877
"\n"
7878
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7879
"min=8\n"
7880
msgstr ""
7881
7882
#: serverguide/C/security.xml:215(title)
7883
msgid "Password Expiration"
7884
msgstr ""
7885
7886
#: serverguide/C/security.xml:216(para)
7887
msgid ""
7888
"When creating user accounts, you should make it a policy to have a minimum "
7889
"and maximum password age forcing users to change their passwords when they "
7890
"expire."
7891
msgstr ""
7892
7893
#: serverguide/C/security.xml:221(para)
7894
msgid ""
7895
"To easily view the current status of a user account, use the following "
7896
"syntax:"
7897
msgstr ""
7898
7899
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7900
msgid "sudo chage -l username"
7901
msgstr "sudo chage -l nomusuari"
7902
7903
#: serverguide/C/security.xml:227(para)
7904
msgid ""
7905
"The output below shows interesting facts about the user account, namely that "
7906
"there are no policies applied:"
7907
msgstr ""
7908
7909
#: serverguide/C/security.xml:230(computeroutput)
7910
#, no-wrap
7911
msgid ""
7912
"Last password change : Jan 20, 2008\n"
7913
"Password expires : never\n"
7914
"Password inactive : never\n"
7915
"Account expires : never\n"
7916
"Minimum number of days between password change : 0\n"
7917
"Maximum number of days between password change : 99999\n"
7918
"Number of days of warning before password expires : 7"
7919
msgstr ""
7920
7921
#: serverguide/C/security.xml:240(para)
7922
msgid ""
7923
"To set any of these values, simply use the following syntax, and follow the "
7924
"interactive prompts:"
7925
msgstr ""
7926
7927
#: serverguide/C/security.xml:244(command)
7928
msgid "sudo chage username"
7929
msgstr "sudo chage nomusuari"
7930
7931
#: serverguide/C/security.xml:246(para)
7932
msgid ""
7933
"The following is also an example of how you can manually change the explicit "
7934
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7935
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7936
"password expiration, and a warning time period (-W) of 14 days before "
7937
"password expiration."
7938
msgstr ""
7939
7940
#: serverguide/C/security.xml:250(command)
7941
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7942
msgstr ""
7943
7944
#: serverguide/C/security.xml:254(para)
7945
msgid "To verify changes, use the same syntax as mentioned previously:"
7946
msgstr ""
7947
7948
#: serverguide/C/security.xml:260(para)
7949
msgid ""
7950
"The output below shows the new policies that have been established for the "
7951
"account:"
7952
msgstr ""
7953
7954
#: serverguide/C/security.xml:263(computeroutput)
7955
#, no-wrap
7956
msgid ""
7957
"Last password change : Jan 20, 2008\n"
7958
"Password expires : Apr 19, 2008\n"
7959
"Password inactive : May 19, 2008\n"
7960
"Account expires : Jan 31, 2008\n"
7961
"Minimum number of days between password change : 5\n"
7962
"Maximum number of days between password change : 90\n"
7963
"Number of days of warning before password expires : 14"
7964
msgstr ""
7965
7966
#: serverguide/C/security.xml:279(title)
7967
msgid "Other Security Considerations"
7968
msgstr "Altres consideracions de seguretat"
7969
7970
#: serverguide/C/security.xml:280(para)
7971
msgid ""
7972
"Many applications use alternate authentication mechanisms that can be easily "
7973
"overlooked by even experienced system administrators. Therefore, it is "
7974
"important to understand and control how users authenticate and gain access "
7975
"to services and applications on your server."
7976
msgstr ""
7977
7978
#: serverguide/C/security.xml:285(title)
7979
msgid "SSH Access by Disabled Users"
7980
msgstr ""
7981
7982
#: serverguide/C/security.xml:286(para)
7983
msgid ""
7984
"Simply disabling/locking a user account will not prevent a user from logging "
7985
"into your server remotely if they have previously set up RSA public key "
7986
"authentication. They will still be able to gain shell access to the server, "
7987
"without the need for any password. Remember to check the users home "
7988
"directory for files that will allow for this type of authenticated SSH "
7989
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7990
msgstr ""
7991
7992
#: serverguide/C/security.xml:289(para)
7993
msgid ""
7994
"Remove or rename the directory <filename "
7995
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7996
"further SSH authentication capabilities."
7997
msgstr ""
7998
7999
#: serverguide/C/security.xml:292(para)
8000
msgid ""
8001
"Be sure to check for any established SSH connections by the disabled user, "
8002
"as it is possible they may have existing inbound or outbound connections. "
8003
"Kill any that are found."
8004
msgstr ""
8005
8006
#: serverguide/C/security.xml:295(para)
8007
msgid ""
8008
"Restrict SSH access to only user accounts that should have it. For example, "
8009
"you may create a group called \"sshlogin\" and add the group name as the "
8010
"value associated with the <varname>AllowGroups</varname> variable located in "
8011
"the file <filename>/etc/ssh/sshd_config</filename>."
8012
msgstr ""
8013
8014
#: serverguide/C/security.xml:298(programlisting)
8015
#, no-wrap
8016
msgid ""
8017
"\n"
8018
"AllowGroups sshlogin\n"
8019
msgstr ""
8020
8021
#: serverguide/C/security.xml:301(para)
8022
msgid ""
8023
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8024
"SSH service."
8025
msgstr ""
8026
8027
#: serverguide/C/security.xml:305(command)
8028
msgid "sudo adduser username sshlogin"
8029
msgstr "sudo adduser nomusuari sshlogin"
8030
8031
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
8032
msgid "sudo /etc/init.d/ssh restart"
8033
msgstr "sudo /etc/init.d/ssh restart"
8034
8035
#: serverguide/C/security.xml:310(title)
8036
msgid "External User Database Authentication"
8037
msgstr ""
8038
8039
#: serverguide/C/security.xml:311(para)
8040
msgid ""
8041
"Most enterprise networks require centralized authentication and access "
8042
"controls for all system resources. If you have configured your server to "
8043
"authenticate users against external databases, be sure to disable the user "
8044
"accounts both externally and locally, this way you ensure that local "
8045
"fallback authentication is not possible."
8046
msgstr ""
8047
8048
#: serverguide/C/security.xml:320(title)
8049
msgid "Console Security"
8050
msgstr "Seguretat de l'intèrpret d'ordres"
8051
8052
#: serverguide/C/security.xml:321(para)
8053
msgid ""
8054
"As with any other security barrier you put in place to protect your server, "
8055
"it is pretty tough to defend against untold damage caused by someone with "
8056
"physical access to your environment, for example, theft of hard drives, "
8057
"power or service disruption and so on. Therefore, console security should be "
8058
"addressed merely as one component of your overall physical security "
8059
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8060
"very least slow down a determined one, so it is still advisable to perform "
8061
"basic precautions with regard to console security."
8062
msgstr ""
8063
8064
#: serverguide/C/security.xml:324(para)
8065
msgid ""
8066
"The following instructions will help defend your server against issues that "
8067
"could otherwise yield very serious consequences."
8068
msgstr ""
8069
8070
#: serverguide/C/security.xml:329(title)
8071
msgid "Disable Ctrl+Alt+Delete"
8072
msgstr ""
8073
8074
#: serverguide/C/security.xml:330(para)
8075
msgid ""
8076
"First and foremost, anyone that has physical access to the keyboard can "
8077
"simply use the "
8078
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8079
"eycombo> key combination to reboot the server without having to log on. "
8080
"Sure, someone could simply unplug the power source, but you should still "
8081
"prevent the use of this key combination on a production server. This forces "
8082
"an attacker to take more drastic measures to reboot the server, and will "
8083
"prevent accidental reboots at the same time."
8084
msgstr ""
8085
8086
#: serverguide/C/security.xml:335(para)
8087
msgid ""
8088
"To disable the reboot action taken by pressing the "
8089
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8090
"eycombo> key combination, comment out the following line in the file "
8091
"<filename>/etc/init/control-alt-delete.conf</filename>."
8092
msgstr ""
8093
8094
#: serverguide/C/security.xml:338(programlisting)
8095
#, no-wrap
8096
msgid ""
8097
"\n"
8098
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8099
msgstr ""
8100
8101
#: serverguide/C/security.xml:347(title)
8102
msgid "Firewall"
8103
msgstr ""
8104
8105
#: serverguide/C/security.xml:350(para)
8106
msgid ""
8107
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8108
"which is used to manipulate or decide the fate of network traffic headed "
8109
"into or through your server. All modern Linux firewall solutions use this "
8110
"system for packet filtering."
8111
msgstr ""
8112
8113
#: serverguide/C/security.xml:355(para)
8114
msgid ""
8115
"The kernel's packet filtering system would be of little use to "
8116
"administrators without a userspace interface to manage it. This is the "
8117
"purpose of iptables. When a packet reaches your server, it will be handed "
8118
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8119
"based on the rules supplied to it from userspace via iptables. Thus, "
8120
"iptables is all you need to manage your firewall if you're familiar with it, "
8121
"but many frontends are available to simplify the task."
8122
msgstr ""
8123
8124
#: serverguide/C/security.xml:365(title)
8125
msgid "ufw - Uncomplicated Firewall"
8126
msgstr ""
8127
8128
#: serverguide/C/security.xml:366(para)
8129
msgid ""
8130
"The default firewall configuration tool for Ubuntu is "
8131
"<application>ufw</application>. Developed to ease iptables firewall "
8132
"configuration, <application>ufw</application> provides a user friendly way "
8133
"to create an IPv4 or IPv6 host-based firewall."
8134
msgstr ""
8135
8136
#: serverguide/C/security.xml:370(para)
8137
msgid ""
8138
"<application>ufw</application> by default is initially disabled. From the "
8139
"<application>ufw</application> man page:"
8140
msgstr ""
8141
8142
#: serverguide/C/security.xml:374(quote)
8143
msgid ""
8144
"ufw is not intended to provide complete firewall functionality via its "
8145
"command interface, but instead provides an easy way to add or remove simple "
8146
"rules. It is currently mainly used for host-based firewalls."
8147
msgstr ""
8148
8149
#: serverguide/C/security.xml:378(para)
8150
msgid ""
8151
"The following are some examples of how to use <application>ufw</application>:"
8152
msgstr ""
8153
8154
#: serverguide/C/security.xml:383(para)
8155
msgid ""
8156
"First, <application>ufw</application> needs to be enabled. From a terminal "
8157
"prompt enter:"
8158
msgstr ""
8159
8160
#: serverguide/C/security.xml:387(command)
8161
msgid "sudo ufw enable"
8162
msgstr "sudo ufw enable"
8163
8164
#: serverguide/C/security.xml:391(para)
8165
msgid "To open a port (ssh in this example):"
8166
msgstr ""
8167
8168
#: serverguide/C/security.xml:395(command)
8169
msgid "sudo ufw allow 22"
8170
msgstr "sudo ufw allow 22"
8171
8172
#: serverguide/C/security.xml:399(para)
8173
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8174
msgstr ""
8175
8176
#: serverguide/C/security.xml:403(command)
8177
msgid "sudo ufw insert 1 allow 80"
8178
msgstr "sudo ufw insert 1 allow 80"
8179
8180
#: serverguide/C/security.xml:407(para)
8181
msgid "Similarly, to close an opened port:"
8182
msgstr ""
8183
8184
#: serverguide/C/security.xml:411(command)
8185
msgid "sudo ufw deny 22"
8186
msgstr "sudo ufw deny 22"
8187
8188
#: serverguide/C/security.xml:415(para)
8189
msgid "To remove a rule, use delete followed by the rule:"
8190
msgstr ""
8191
8192
#: serverguide/C/security.xml:419(command)
8193
msgid "sudo ufw delete deny 22"
8194
msgstr "sudo ufw delete deny 22"
8195
8196
#: serverguide/C/security.xml:423(para)
8197
msgid ""
8198
"It is also possible to allow access from specific hosts or networks to a "
8199
"port. The following example allows ssh access from host 192.168.0.2 to any "
8200
"ip address on this host:"
8201
msgstr ""
8202
8203
#: serverguide/C/security.xml:428(command)
8204
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8205
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8206
8207
#: serverguide/C/security.xml:430(para)
8208
msgid ""
8209
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8210
"subnet."
8211
msgstr ""
8212
8213
#: serverguide/C/security.xml:436(para)
8214
msgid ""
8215
"Adding the <emphasis>--dry-run</emphasis> option to a "
8216
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8217
"apply them. For example, the following is what would be applied if opening "
8218
"the HTTP port:"
8219
msgstr ""
8220
8221
#: serverguide/C/security.xml:442(command)
8222
msgid "sudo ufw --dry-run allow http"
8223
msgstr "sudo ufw --dry-run allow http"
8224
8225
#: serverguide/C/security.xml:446(computeroutput)
8226
#, no-wrap
8227
msgid ""
8228
"*filter\n"
8229
":ufw-user-input - [0:0]\n"
8230
":ufw-user-output - [0:0]\n"
8231
":ufw-user-forward - [0:0]\n"
8232
":ufw-user-limit - [0:0]\n"
8233
":ufw-user-limit-accept - [0:0]\n"
8234
"### RULES ###\n"
8235
"\n"
8236
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8237
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
8238
"\n"
8239
"### END RULES ###\n"
8240
"-A ufw-user-input -j RETURN\n"
8241
"-A ufw-user-output -j RETURN\n"
8242
"-A ufw-user-forward -j RETURN\n"
8243
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
8244
"LIMIT]: \"\n"
8245
"-A ufw-user-limit -j REJECT\n"
8246
"-A ufw-user-limit-accept -j ACCEPT\n"
8247
"COMMIT\n"
8248
"Rules updated"
8249
msgstr ""
8250
8251
#: serverguide/C/security.xml:470(para)
8252
msgid "<application>ufw</application> can be disabled by:"
8253
msgstr ""
8254
8255
#: serverguide/C/security.xml:474(command)
8256
msgid "sudo ufw disable"
8257
msgstr "sudo ufw disable"
8258
8259
#: serverguide/C/security.xml:478(para)
8260
msgid "To see the firewall status, enter:"
8261
msgstr ""
8262
8263
#: serverguide/C/security.xml:482(command)
8264
msgid "sudo ufw status"
8265
msgstr "sudo ufw status"
8266
8267
#: serverguide/C/security.xml:486(para)
8268
msgid "And for more verbose status information use:"
8269
msgstr ""
8270
8271
#: serverguide/C/security.xml:490(command)
8272
msgid "sudo ufw status verbose"
8273
msgstr "sudo ufw status verbose"
8274
8275
#: serverguide/C/security.xml:494(para)
8276
msgid "To view the <emphasis>numbered</emphasis> format:"
8277
msgstr ""
8278
8279
#: serverguide/C/security.xml:498(command)
8280
msgid "sudo ufw status numbered"
8281
msgstr "sudo ufw status numbered"
8282
8283
#: serverguide/C/security.xml:503(para)
8284
msgid ""
8285
"If the port you want to open or close is defined in "
8286
"<filename>/etc/services</filename>, you can use the port name instead of the "
8287
"number. In the above examples, replace <emphasis>22</emphasis> with "
8288
"<emphasis>ssh</emphasis>."
8289
msgstr ""
8290
8291
#: serverguide/C/security.xml:509(para)
8292
msgid ""
8293
"This is a quick introduction to using <application>ufw</application>. Please "
8294
"refer to the <application>ufw</application> man page for more information."
8295
msgstr ""
8296
8297
#: serverguide/C/security.xml:515(title)
8298
msgid "ufw Application Integration"
8299
msgstr ""
8300
8301
#: serverguide/C/security.xml:517(para)
8302
msgid ""
8303
"Applications that open ports can include an <application>ufw</application> "
8304
"profile, which details the ports needed for the application to function "
8305
"properly. The profiles are kept in <filename "
8306
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8307
"the default ports have been changed."
8308
msgstr ""
8309
8310
#: serverguide/C/security.xml:526(para)
8311
msgid ""
8312
"To view which applications have installed a profile, enter the following in "
8313
"a terminal:"
8314
msgstr ""
8315
8316
#: serverguide/C/security.xml:531(command)
8317
msgid "sudo ufw app list"
8318
msgstr "sudo ufw app list"
8319
8320
#: serverguide/C/security.xml:537(para)
8321
msgid ""
8322
"Similar to allowing traffic to a port, using an application profile is "
8323
"accomplished by entering:"
8324
msgstr ""
8325
8326
#: serverguide/C/security.xml:542(command)
8327
msgid "sudo ufw allow Samba"
8328
msgstr "sudo ufw allow Samba"
8329
8330
#: serverguide/C/security.xml:548(para)
8331
msgid "An extended syntax is available as well:"
8332
msgstr ""
8333
8334
#: serverguide/C/security.xml:553(command)
8335
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8336
msgstr ""
8337
8338
#: serverguide/C/security.xml:556(para)
8339
msgid ""
8340
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8341
"with the application profile you are using and the IP range for your network."
8342
msgstr ""
8343
8344
#: serverguide/C/security.xml:562(para)
8345
msgid ""
8346
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8347
"application, because that information is detailed in the profile. Also, note "
8348
"that the <emphasis>app</emphasis> name replaces the "
8349
"<emphasis>port</emphasis> number."
8350
msgstr ""
8351
8352
#: serverguide/C/security.xml:571(para)
8353
msgid ""
8354
"To view details about which ports, protocols, etc are defined for an "
8355
"application, enter:"
8356
msgstr ""
8357
8358
#: serverguide/C/security.xml:576(command)
8359
msgid "sudo ufw app info Samba"
8360
msgstr "sudo ufw app info Samba"
8361
8362
#: serverguide/C/security.xml:582(para)
8363
msgid ""
8364
"Not all applications that require opening a network port come with "
8365
"<application>ufw</application> profiles, but if you have profiled an "
8366
"application and want the file to be included with the package, please file a "
8367
"bug against the package in <ulink "
8368
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8369
msgstr ""
8370
8371
#: serverguide/C/security.xml:591(title)
8372
msgid "IP Masquerading"
8373
msgstr ""
8374
8375
#: serverguide/C/security.xml:592(para)
8376
msgid ""
8377
"The purpose of IP Masquerading is to allow machines with private, non-"
8378
"routable IP addresses on your network to access the Internet through the "
8379
"machine doing the masquerading. Traffic from your private network destined "
8380
"for the Internet must be manipulated for replies to be routable back to the "
8381
"machine that made the request. To do this, the kernel must modify the "
8382
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8383
"be routed back to it, rather than to the private IP address that made the "
8384
"request, which is impossible over the Internet. Linux uses "
8385
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8386
"connections belong to which machines and reroute each return packet "
8387
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8388
"having originated from your Ubuntu gateway machine. This process is referred "
8389
"to in Microsoft documentation as Internet Connection Sharing."
8390
msgstr ""
8391
8392
#: serverguide/C/security.xml:608(title)
8393
msgid "ufw Masquerading"
8394
msgstr ""
8395
8396
#: serverguide/C/security.xml:609(para)
8397
msgid ""
8398
"IP Masquerading can be achieved using custom <application>ufw</application> "
8399
"rules. This is possible because the current back-end for "
8400
"<application>ufw</application> is <application>iptables-"
8401
"restore</application> with the rules files located in "
8402
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8403
"legacy iptables rules used without <application>ufw</application>, and rules "
8404
"that are more network gateway or bridge related."
8405
msgstr ""
8406
8407
#: serverguide/C/security.xml:615(para)
8408
msgid ""
8409
"The rules are split into two different files, rules that should be executed "
8410
"before <application>ufw</application> command line rules, and rules that are "
8411
"executed after <application>ufw</application> command line rules."
8412
msgstr ""
8413
8414
#: serverguide/C/security.xml:621(para)
8415
msgid ""
8416
"First, packet forwarding needs to be enabled in "
8417
"<application>ufw</application>. Two configuration files will need to be "
8418
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8419
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8420
msgstr ""
8421
8422
#: serverguide/C/security.xml:625(programlisting)
8423
#, no-wrap
8424
msgid ""
8425
"\n"
8426
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8427
msgstr ""
8428
8429
#: serverguide/C/security.xml:628(para)
8430
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8431
msgstr ""
8432
8433
#: serverguide/C/security.xml:631(programlisting)
8434
#, no-wrap
8435
msgid ""
8436
"\n"
8437
"net/ipv4/ip_forward=1\n"
8438
msgstr ""
8439
8440
#: serverguide/C/security.xml:634(para)
8441
msgid "Similarly, for IPv6 forwarding uncomment:"
8442
msgstr ""
8443
8444
#: serverguide/C/security.xml:637(programlisting)
8445
#, no-wrap
8446
msgid ""
8447
"\n"
8448
"net/ipv6/conf/default/forwarding=1\n"
8449
msgstr ""
8450
8451
#: serverguide/C/security.xml:642(para)
8452
msgid ""
8453
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8454
"file. The default rules only configure the <emphasis>filter</emphasis> "
8455
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8456
"need to be configured. Add the following to the top of the file just after "
8457
"the header comments:"
8458
msgstr ""
8459
8460
#: serverguide/C/security.xml:647(programlisting)
8461
#, no-wrap
8462
msgid ""
8463
"\n"
8464
"# nat Table rules\n"
8465
"*nat\n"
8466
":POSTROUTING ACCEPT [0:0]\n"
8467
"\n"
8468
"# Forward traffic from eth1 through eth0.\n"
8469
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8470
"\n"
8471
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8472
"processed\n"
8473
"COMMIT\n"
8474
msgstr ""
8475
8476
#: serverguide/C/security.xml:658(para)
8477
msgid ""
8478
"The comments are not strictly necessary, but it is considered good practice "
8479
"to document your configuration. Also, when modifying any of the "
8480
"<emphasis>rules</emphasis> files in <filename "
8481
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8482
"line for each table modified:"
8483
msgstr ""
8484
8485
#: serverguide/C/security.xml:664(programlisting)
8486
#, no-wrap
8487
msgid ""
8488
"\n"
8489
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8490
"COMMIT\n"
8491
msgstr ""
8492
8493
#: serverguide/C/security.xml:669(para)
8494
msgid ""
8495
"For each <emphasis>Table</emphasis> a corresponding "
8496
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8497
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8498
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8499
"<emphasis>mangle</emphasis> tables."
8500
msgstr ""
8501
8502
#: serverguide/C/security.xml:676(para)
8503
msgid ""
8504
"In the above example replace <emphasis>eth0</emphasis>, "
8505
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8506
"appropriate interfaces and IP range for your network."
8507
msgstr ""
8508
8509
#: serverguide/C/security.xml:684(para)
8510
msgid ""
8511
"Finally, disable and re-enable <application>ufw</application> to apply the "
8512
"changes:"
8513
msgstr ""
8514
8515
#: serverguide/C/security.xml:688(command)
8516
msgid "sudo ufw disable && sudo ufw enable"
8517
msgstr "sudo ufw disable && sudo ufw enable"
8518
8519
#: serverguide/C/security.xml:692(para)
8520
msgid ""
8521
"IP Masquerading should now be enabled. You can also add any additional "
8522
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8523
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8524
"forward</emphasis> chain."
8525
msgstr ""
8526
8527
#: serverguide/C/security.xml:699(title)
8528
msgid "iptables Masquerading"
8529
msgstr ""
8530
8531
#: serverguide/C/security.xml:700(para)
8532
msgid ""
8533
"<application>iptables</application> can also be used to enable masquerading."
8534
msgstr ""
8535
8536
#: serverguide/C/security.xml:705(para)
8537
msgid ""
8538
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8539
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8540
"uncomment the following line"
8541
msgstr ""
8542
8543
#: serverguide/C/security.xml:709(programlisting)
8544
#, no-wrap
8545
msgid ""
8546
"\n"
8547
"net.ipv4.ip_forward=1\n"
8548
msgstr ""
8549
8550
#: serverguide/C/security.xml:712(para)
8551
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8552
msgstr ""
8553
8554
#: serverguide/C/security.xml:715(programlisting)
8555
#, no-wrap
8556
msgid ""
8557
"\n"
8558
"net.ipv6.conf.default.forwarding=1\n"
8559
msgstr ""
8560
8561
#: serverguide/C/security.xml:720(para)
8562
msgid ""
8563
"Next, execute the <application>sysctl</application> command to enable the "
8564
"new settings in the configuration file:"
8565
msgstr ""
8566
8567
#: serverguide/C/security.xml:724(command)
8568
msgid "sudo sysctl -p"
8569
msgstr "sudo sysctl -p"
8570
8571
#: serverguide/C/security.xml:728(para)
8572
msgid ""
8573
"IP Masquerading can now be accomplished with a single iptables rule, which "
8574
"may differ slightly based on your network configuration:"
8575
msgstr ""
8576
8577
#: serverguide/C/security.xml:731(screen)
8578
#, no-wrap
8579
msgid ""
8580
"\n"
8581
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8582
msgstr ""
8583
8584
#: serverguide/C/security.xml:734(para)
8585
msgid ""
8586
"The above command assumes that your private address space is 192.168.0.0/16 "
8587
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8588
"follows:"
8589
msgstr ""
8590
8591
#: serverguide/C/security.xml:739(para)
8592
msgid "-t nat -- the rule is to go into the nat table"
8593
msgstr ""
8594
8595
#: serverguide/C/security.xml:740(para)
8596
msgid ""
8597
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:741(para)
8601
msgid ""
8602
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8603
"specified address space"
8604
msgstr ""
8605
8606
#: serverguide/C/security.xml:742(para)
8607
msgid ""
8608
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8609
"specified network device"
8610
msgstr ""
8611
8612
#: serverguide/C/security.xml:744(para)
8613
msgid ""
8614
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8615
"MASQUERADE target to be manipulated as described above"
8616
msgstr ""
8617
8618
#: serverguide/C/security.xml:752(para)
8619
msgid ""
8620
"Also, each chain in the filter table (the default table, and where most or "
8621
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8622
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8623
"you may have set the policies to DROP or REJECT, in which case your "
8624
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8625
"above rule to work:"
8626
msgstr ""
8627
8628
#: serverguide/C/security.xml:759(screen)
8629
#, no-wrap
8630
msgid ""
8631
"\n"
8632
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8633
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8634
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8635
msgstr ""
8636
8637
#: serverguide/C/security.xml:763(para)
8638
msgid ""
8639
"The above commands will allow all connections from your local network to the "
8640
"Internet and all traffic related to those connections to return to the "
8641
"machine that initiated them."
8642
msgstr ""
8643
8644
#: serverguide/C/security.xml:770(para)
8645
msgid ""
8646
"If you want masquerading to be enabled on reboot, which you probably do, "
8647
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8648
"example add the first command with no filtering:"
8649
msgstr ""
8650
8651
#: serverguide/C/security.xml:774(screen)
8652
#, no-wrap
8653
msgid ""
8654
"\n"
8655
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8656
msgstr ""
8657
8658
#: serverguide/C/security.xml:782(title)
8659
msgid "Logs"
8660
msgstr ""
8661
8662
#: serverguide/C/security.xml:783(para)
8663
msgid ""
8664
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8665
"firewall rules, and noticing unusual activity on your network. You must "
8666
"include logging rules in your firewall for them to be generated, though, and "
8667
"logging rules must come before any applicable terminating rule (a rule with "
8668
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8669
"REJECT)."
8670
msgstr ""
8671
8672
#: serverguide/C/security.xml:790(para)
8673
msgid ""
8674
"If you are using <application>ufw</application>, you can turn on logging by "
8675
"entering the following in a terminal:"
8676
msgstr ""
8677
8678
#: serverguide/C/security.xml:794(command)
8679
msgid "sudo ufw logging on"
8680
msgstr "sudo ufw logging on"
8681
8682
#: serverguide/C/security.xml:796(para)
8683
msgid ""
8684
"To turn logging off in <application>ufw</application>, simply replace "
8685
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8686
"role=\"italic\">off</emphasis> in the above command."
8687
msgstr ""
8688
8689
#: serverguide/C/security.xml:799(para)
8690
msgid ""
8691
"If using <application>iptables</application> instead of "
8692
"<application>ufw</application>, enter:"
8693
msgstr ""
8694
8695
#: serverguide/C/security.xml:802(screen)
8696
#, no-wrap
8697
msgid ""
8698
"\n"
8699
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8700
"prefix \"NEW_HTTP_CONN: \"\n"
8701
msgstr ""
8702
8703
#: serverguide/C/security.xml:805(para)
8704
msgid ""
8705
"A request on port 80 from the local machine, then, would generate a log in "
8706
"dmesg that looks like this:"
8707
msgstr ""
8708
8709
#: serverguide/C/security.xml:810(programlisting)
8710
#, no-wrap
8711
msgid ""
8712
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8713
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8714
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8715
"WINDOW=32767 RES=0x00 SYN URGP=0"
8716
msgstr ""
8717
8718
#: serverguide/C/security.xml:812(para)
8719
msgid ""
8720
"The above log will also appear in <filename>/var/log/messages</filename>, "
8721
"<filename>/var/log/syslog</filename>, and "
8722
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8723
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8724
"and configuring <application>ulogd</application> and using the ULOG target "
8725
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8726
"server that listens for logging instructions from the kernel specifically "
8727
"for firewalls, and can log to any file you like, or even to a "
8728
"<application>PostgreSQL</application> or <application>MySQL</application> "
8729
"database. Making sense of your firewall logs can be simplified by using a "
8730
"log analyzing tool such as <application>fwanalog</application>, "
8731
"<application> fwlogwatch</application>, or <application>lire</application>."
8732
msgstr ""
8733
8734
#: serverguide/C/security.xml:827(title)
8735
msgid "Other Tools"
8736
msgstr ""
8737
8738
#: serverguide/C/security.xml:828(para)
8739
msgid ""
8740
"There are many tools available to help you construct a complete firewall "
8741
"without intimate knowledge of iptables. For the GUI-inclined:"
8742
msgstr ""
8743
8744
#: serverguide/C/security.xml:834(para)
8745
msgid ""
8746
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8747
"popular and easy to use."
8748
msgstr ""
8749
"El <ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> és força "
8750
"popular i fàcil d'utilitzar."
8751
8752
#: serverguide/C/security.xml:839(para)
8753
msgid ""
8754
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8755
"and will look familiar to an administrator who has used a commercial "
8756
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8757
msgstr ""
8758
8759
#: serverguide/C/security.xml:845(para)
8760
msgid ""
8761
"If you prefer a command-line tool with plain-text configuration files:"
8762
msgstr ""
8763
8764
#: serverguide/C/security.xml:850(para)
8765
msgid ""
8766
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8767
"powerful solution to help you configure an advanced firewall for any network."
8768
msgstr ""
8769
8770
#: serverguide/C/security.xml:856(para)
8771
msgid ""
8772
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8773
"a working firewall \"out of the box\" with zero configuration, and will "
8774
"allow you to easily set up a more advanced firewall by editing simple, well-"
8775
"documented configuration files."
8776
msgstr ""
8777
8778
#: serverguide/C/security.xml:863(para)
8779
msgid ""
8780
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8781
"designed to be a desktop firewall application. It is made up of a server "
8782
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8783
"like many popular interactive firewall applications for Windows."
8784
msgstr ""
8785
8786
#: serverguide/C/security.xml:875(para)
8787
msgid ""
8788
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8789
"Firewall</ulink> wiki page contains information on the development of "
8790
"<application>ufw</application>."
8791
msgstr ""
8792
8793
#: serverguide/C/security.xml:881(para)
8794
msgid ""
8795
"Also, the <application>ufw</application> manual page contains some very "
8796
"useful information: <command>man ufw</command>."
8797
msgstr ""
8798
8799
#: serverguide/C/security.xml:886(para)
8800
msgid ""
8801
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8802
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8803
"on using <application>iptables</application>."
8804
msgstr ""
8805
8806
#: serverguide/C/security.xml:892(para)
8807
msgid ""
8808
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8809
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8810
msgstr ""
8811
8812
#: serverguide/C/security.xml:898(para)
8813
msgid ""
8814
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8815
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8816
msgstr ""
8817
8818
#: serverguide/C/security.xml:906(title)
8819
msgid "AppArmor"
8820
msgstr ""
8821
8822
#: serverguide/C/security.xml:907(para)
8823
msgid ""
8824
"<application>AppArmor</application> is a Linux Security Module "
8825
"implementation of name-based mandatory access controls. AppArmor confines "
8826
"individual programs to a set of listed files and posix 1003.1e draft "
8827
"capabilities."
8828
msgstr ""
8829
8830
#: serverguide/C/security.xml:911(para)
8831
msgid ""
8832
"<application>AppArmor</application> is installed and loaded by default. It "
8833
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8834
"and permissions the application requires. Some packages will install their "
8835
"own profiles, and additional profiles can be found in the "
8836
"<application>apparmor-profiles</application> package."
8837
msgstr ""
8838
8839
#: serverguide/C/security.xml:916(para)
8840
msgid ""
8841
"To install the <application>apparmor-profiles</application> package from a "
8842
"terminal prompt:"
8843
msgstr ""
8844
8845
#: serverguide/C/security.xml:922(para)
8846
msgid "AppArmor profiles have two modes of execution:"
8847
msgstr ""
8848
8849
#: serverguide/C/security.xml:927(para)
8850
msgid ""
8851
"Complaining/Learning: profile violations are permitted and logged. Useful "
8852
"for testing and developing new profiles."
8853
msgstr ""
8854
8855
#: serverguide/C/security.xml:932(para)
8856
msgid ""
8857
"Enforced/Confined: enforces profile policy as well as logging the violation."
8858
msgstr ""
8859
8860
#: serverguide/C/security.xml:938(title)
8861
msgid "Using AppArmor"
8862
msgstr ""
8863
8864
#: serverguide/C/security.xml:939(para)
8865
msgid ""
8866
"The <application>apparmor-utils</application> package contains command line "
8867
"utilities that you can use to change the <application>AppArmor</application> "
8868
"execution mode, find the status of a profile, create new profiles, etc."
8869
msgstr ""
8870
8871
#: serverguide/C/security.xml:945(para)
8872
msgid ""
8873
"<application>apparmor_status</application> is used to view the current "
8874
"status of AppArmor profiles."
8875
msgstr ""
8876
8877
#: serverguide/C/security.xml:949(command)
8878
msgid "sudo apparmor_status"
8879
msgstr "sudo apparmor_status"
8880
8881
#: serverguide/C/security.xml:953(para)
8882
msgid ""
8883
"<application>aa-complain</application> places a profile into "
8884
"<emphasis>complain</emphasis> mode."
8885
msgstr ""
8886
8887
#: serverguide/C/security.xml:957(command)
8888
msgid "sudo aa-complain /path/to/bin"
8889
msgstr "sudo aa-complain /camí/al/binary"
8890
8891
#: serverguide/C/security.xml:961(para)
8892
msgid ""
8893
"<application>aa-enforce</application> places a profile into "
8894
"<emphasis>enforce</emphasis> mode."
8895
msgstr ""
8896
8897
#: serverguide/C/security.xml:965(command)
8898
msgid "sudo aa-enforce /path/to/bin"
8899
msgstr "sudo aa-enforce /camí/al/binary"
8900
8901
#: serverguide/C/security.xml:969(para)
8902
msgid ""
8903
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8904
"profiles are located. It can be used to manipulate the "
8905
"<emphasis>mode</emphasis> of all profiles."
8906
msgstr ""
8907
8908
#: serverguide/C/security.xml:973(para)
8909
msgid "Enter the following to place all profiles into complain mode:"
8910
msgstr ""
8911
8912
#: serverguide/C/security.xml:977(command)
8913
msgid "sudo aa-complain /etc/apparmor.d/*"
8914
msgstr "sudo aa-complain /etc/apparmor.d/*"
8915
8916
#: serverguide/C/security.xml:979(para)
8917
msgid "To place all profiles in enforce mode:"
8918
msgstr ""
8919
8920
#: serverguide/C/security.xml:983(command)
8921
msgid "sudo aa-enforce /etc/apparmor.d/*"
8922
msgstr "sudo aa-enforce /etc/apparmor.d/*"
8923
8924
#: serverguide/C/security.xml:987(para)
8925
msgid ""
8926
"<application>apparmor_parser</application> is used to load a profile into "
8927
"the kernel. It can also be used to reload a currently loaded profile using "
8928
"the <emphasis>-r</emphasis> option. To load a profile:"
8929
msgstr ""
8930
8931
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8932
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8933
msgstr ""
8934
8935
#: serverguide/C/security.xml:994(para)
8936
msgid "To reload a profile:"
8937
msgstr ""
8938
8939
#: serverguide/C/security.xml:998(command)
8940
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8941
msgstr ""
8942
8943
#: serverguide/C/security.xml:1002(para)
8944
msgid ""
8945
"<filename>/etc/init.d/apparmor</filename> can be used to "
8946
"<emphasis>reload</emphasis> all profiles:"
8947
msgstr ""
8948
8949
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8950
msgid "sudo /etc/init.d/apparmor reload"
8951
msgstr "sudo /etc/init.d/apparmor reload"
8952
8953
#: serverguide/C/security.xml:1010(para)
8954
msgid ""
8955
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8956
"with the <application>apparmor_parser -R</application> option to "
8957
"<emphasis>disable</emphasis> a profile."
8958
msgstr ""
8959
8960
#: serverguide/C/security.xml:1015(command)
8961
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8962
msgstr ""
8963
8964
#: serverguide/C/security.xml:1016(command)
8965
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8966
msgstr ""
8967
8968
#: serverguide/C/security.xml:1018(para)
8969
msgid ""
8970
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8971
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8972
"load the profile using the <emphasis>-a</emphasis> option."
8973
msgstr ""
8974
8975
#: serverguide/C/security.xml:1023(command)
8976
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8977
msgstr ""
8978
8979
#: serverguide/C/security.xml:1028(para)
8980
msgid ""
8981
"<application>AppArmor</application> can be disabled, and the kernel module "
8982
"unloaded by entering the following:"
8983
msgstr ""
8984
8985
#: serverguide/C/security.xml:1032(command)
8986
msgid "sudo /etc/init.d/apparmor stop"
8987
msgstr "sudo /etc/init.d/apparmor stop"
8988
8989
#: serverguide/C/security.xml:1033(command)
8990
msgid "sudo update-rc.d -f apparmor remove"
8991
msgstr "sudo update-rc.d -f apparmor remove"
8992
8993
#: serverguide/C/security.xml:1037(para)
8994
msgid "To re-enable <application>AppArmor</application> enter:"
8995
msgstr ""
8996
8997
#: serverguide/C/security.xml:1041(command)
8998
msgid "sudo /etc/init.d/apparmor start"
8999
msgstr "sudo /etc/init.d/apparmor start"
9000
9001
#: serverguide/C/security.xml:1042(command)
9002
msgid "sudo update-rc.d apparmor defaults"
9003
msgstr "sudo update-rc.d apparmor defaults"
9004
9005
#: serverguide/C/security.xml:1047(para)
9006
msgid ""
9007
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9008
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9009
"the actual executable file path. For example for the "
9010
"<application>ping</application> command use <filename>/bin/ping</filename>"
9011
msgstr ""
9012
9013
#: serverguide/C/security.xml:1055(title)
9014
msgid "Profiles"
9015
msgstr ""
9016
9017
#: serverguide/C/security.xml:1056(para)
9018
msgid ""
9019
"<application>AppArmor</application> profiles are simple text files located "
9020
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9021
"path to the executable they profile replacing the \"/\" with \".\". For "
9022
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9023
"profile for the <filename>/bin/ping</filename> command."
9024
msgstr ""
9025
9026
#: serverguide/C/security.xml:1062(para)
9027
msgid "There are two main type of rules used in profiles:"
9028
msgstr ""
9029
9030
#: serverguide/C/security.xml:1067(para)
9031
msgid ""
9032
"<emphasis>Path entries:</emphasis> which detail which files an application "
9033
"can access in the file system."
9034
msgstr ""
9035
9036
#: serverguide/C/security.xml:1072(para)
9037
msgid ""
9038
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9039
"confined process is allowed to use."
9040
msgstr ""
9041
9042
#: serverguide/C/security.xml:1077(para)
9043
msgid ""
9044
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9045
msgstr ""
9046
9047
#: serverguide/C/security.xml:1080(programlisting)
9048
#, no-wrap
9049
msgid ""
9050
"\n"
9051
"#include <tunables/global>\n"
9052
"/bin/ping flags=(complain) {\n"
9053
" #include <abstractions/base>\n"
9054
" #include <abstractions/consoles>\n"
9055
" #include <abstractions/nameservice>\n"
9056
"\n"
9057
" capability net_raw,\n"
9058
" capability setuid,\n"
9059
" network inet raw,\n"
9060
" \n"
9061
" /bin/ping mixr,\n"
9062
" /etc/modules.conf r,\n"
9063
"}\n"
9064
msgstr ""
9065
9066
#: serverguide/C/security.xml:1097(para)
9067
msgid ""
9068
"<emphasis>#include <tunables/global>:</emphasis> include statements "
9069
"from other files. This allows statements pertaining to multiple applications "
9070
"to be placed in a common file."
9071
msgstr ""
9072
9073
#: serverguide/C/security.xml:1103(para)
9074
msgid ""
9075
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
9076
"program, also setting the mode to <emphasis>complain</emphasis>."
9077
msgstr ""
9078
9079
#: serverguide/C/security.xml:1109(para)
9080
msgid ""
9081
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
9082
"the CAP_NET_RAW Posix.1e capability."
9083
msgstr ""
9084
9085
#: serverguide/C/security.xml:1114(para)
9086
msgid ""
9087
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
9088
"execute access to the file."
9089
msgstr ""
9090
9091
#: serverguide/C/security.xml:1120(para)
9092
msgid ""
9093
"After editing a profile file the profile must be reloaded. See <xref "
9094
"linkend=\"apparmor-usage\"/> for details."
9095
msgstr ""
9096
9097
#: serverguide/C/security.xml:1125(title)
9098
msgid "Creating a Profile"
9099
msgstr ""
9100
9101
#: serverguide/C/security.xml:1128(para)
9102
msgid ""
9103
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
9104
"application should be exercised. The test plan should be divided into small "
9105
"test cases. Each test case should have a small description and list the "
9106
"steps to follow."
9107
msgstr ""
9108
9109
#: serverguide/C/security.xml:1132(para)
9110
msgid "Some standard test cases are:"
9111
msgstr ""
9112
9113
#: serverguide/C/security.xml:1137(para)
9114
msgid "Starting the program."
9115
msgstr ""
9116
9117
#: serverguide/C/security.xml:1142(para)
9118
msgid "Stopping the program."
9119
msgstr ""
9120
9121
#: serverguide/C/security.xml:1147(para)
9122
msgid "Reloading the program."
9123
msgstr ""
9124
9125
#: serverguide/C/security.xml:1152(para)
9126
msgid "Testing all the commands supported by the init script."
9127
msgstr ""
9128
9129
#: serverguide/C/security.xml:1159(para)
9130
msgid ""
9131
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
9132
"genprof</application> to generate a new profile. From a terminal:"
9133
msgstr ""
9134
9135
#: serverguide/C/security.xml:1164(command)
9136
msgid "sudo aa-genprof executable"
9137
msgstr "sudo aa-genprof executable"
9138
9139
#: serverguide/C/security.xml:1166(para)
9140
msgid "For example:"
9141
msgstr ""
9142
9143
#: serverguide/C/security.xml:1170(command)
9144
msgid "sudo aa-genprof slapd"
9145
msgstr "sudo aa-genprof slapd"
9146
9147
#: serverguide/C/security.xml:1174(para)
9148
msgid ""
9149
"To get your new profile included in the <application>apparmor-"
9150
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
9151
"against the <ulink "
9152
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
9153
"/ulink> package:"
9154
msgstr ""
9155
9156
#: serverguide/C/security.xml:1181(para)
9157
msgid "Include your test plan and test cases."
9158
msgstr ""
9159
9160
#: serverguide/C/security.xml:1186(para)
9161
msgid "Attach your new profile to the bug."
9162
msgstr ""
9163
9164
#: serverguide/C/security.xml:1195(title)
9165
msgid "Updating Profiles"
9166
msgstr ""
9167
9168
#: serverguide/C/security.xml:1196(para)
9169
msgid ""
9170
"When the program is misbehaving, audit messages are sent to the log files. "
9171
"The program <application>aa-logprof</application> can be used to scan log "
9172
"files for <application>AppArmor</application> audit messages, review them "
9173
"and update the profiles. From a terminal:"
9174
msgstr ""
9175
9176
#: serverguide/C/security.xml:1201(command)
9177
msgid "sudo aa-logprof"
9178
msgstr "sudo aa-logprof"
9179
9180
#: serverguide/C/security.xml:1209(para)
9181
msgid ""
9182
"See the <ulink "
9183
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9184
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
9185
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
9186
"configuration options."
9187
msgstr ""
9188
9189
#: serverguide/C/security.xml:1216(para)
9190
msgid ""
9191
"For details using AppArmor with other Ubuntu releases see the <ulink "
9192
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9193
"Wiki</ulink> page."
9194
msgstr ""
9195
9196
#: serverguide/C/security.xml:1224(para)
9197
msgid ""
9198
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
9199
"page is another introduction to AppArmor."
9200
msgstr ""
9201
9202
#: serverguide/C/security.xml:1231(para)
9203
msgid ""
9204
"A great place to ask for <application>AppArmor</application> assistance, and "
9205
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9206
"server</emphasis> IRC channel on <ulink "
9207
"url=\"http://freenode.net\">freenode</ulink>."
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:1241(title)
9211
msgid "Certificates"
9212
msgstr ""
9213
9214
#: serverguide/C/security.xml:1242(para)
9215
msgid ""
9216
"One of the most common forms of cryptography today is <emphasis>public-"
9217
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9218
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
9219
"system works by <emphasis>encrypting</emphasis> information using the public "
9220
"key. The information can then only be <emphasis>decrypted</emphasis> using "
9221
"the private key."
9222
msgstr ""
9223
9224
#: serverguide/C/security.xml:1248(para)
9225
msgid ""
9226
"A common use for public-key cryptography is encrypting application traffic "
9227
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9228
"connection. For example, configuring Apache to provide "
9229
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
9230
"encrypt traffic using a protocol that does not itself provide encryption."
9231
msgstr ""
9232
9233
#: serverguide/C/security.xml:1253(para)
9234
msgid ""
9235
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9236
"<emphasis>public key</emphasis> and other information about a server and the "
9237
"organization who is responsible for it. Certificates can be digitally signed "
9238
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
9239
"third party that has confirmed that the information contained in the "
9240
"certificate is accurate."
9241
msgstr ""
9242
9243
#: serverguide/C/security.xml:1260(title)
9244
msgid "Types of Certificates"
9245
msgstr ""
9246
9247
#: serverguide/C/security.xml:1261(para)
9248
msgid ""
9249
"To set up a secure server using public-key cryptography, in most cases, you "
9250
"send your certificate request (including your public key), proof of your "
9251
"company's identity, and payment to a CA. The CA verifies the certificate "
9252
"request and your identity, and then sends back a certificate for your secure "
9253
"server. Alternatively, you can create your own <emphasis>self-"
9254
"signed</emphasis> certificate."
9255
msgstr ""
9256
9257
#: serverguide/C/security.xml:1271(para)
9258
msgid ""
9259
"Note, that self-signed certificates should not be used in most production "
9260
"environments."
9261
msgstr ""
9262
9263
#: serverguide/C/security.xml:1275(para)
9264
msgid ""
9265
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9266
"capabilities that a self-signed certificate does not:"
9267
msgstr ""
9268
9269
#: serverguide/C/security.xml:1282(para)
9270
msgid ""
9271
"Browsers (usually) automatically recognize the certificate and allow a "
9272
"secure connection to be made without prompting the user."
9273
msgstr ""
9274
9275
#: serverguide/C/security.xml:1289(para)
9276
msgid ""
9277
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9278
"the organization that is providing the web pages to the browser."
9279
msgstr ""
9280
9281
#: serverguide/C/security.xml:1297(para)
9282
msgid ""
9283
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9284
"certificates they automatically accept. If a browser encounters a "
9285
"certificate whose authorizing CA is not in the list, the browser asks the "
9286
"user to either accept or decline the connection. Also, other applications "
9287
"may generate an error message when using a self-singed certificate."
9288
msgstr ""
9289
9290
#: serverguide/C/security.xml:1305(para)
9291
msgid ""
9292
"The process of getting a certificate from a CA is fairly easy. A quick "
9293
"overview is as follows:"
9294
msgstr ""
9295
9296
#: serverguide/C/security.xml:1312(para)
9297
msgid "Create a private and public encryption key pair."
9298
msgstr ""
9299
9300
#: serverguide/C/security.xml:1315(para)
9301
msgid ""
9302
"Create a certificate request based on the public key. The certificate "
9303
"request contains information about your server and the company hosting it."
9304
msgstr ""
9305
9306
#: serverguide/C/security.xml:1320(para)
9307
msgid ""
9308
"Send the certificate request, along with documents proving your identity, to "
9309
"a CA. We cannot tell you which certificate authority to choose. Your "
9310
"decision may be based on your past experiences, or on the experiences of "
9311
"your friends or colleagues, or purely on monetary factors."
9312
msgstr ""
9313
9314
#: serverguide/C/security.xml:1326(para)
9315
msgid ""
9316
"Once you have decided upon a CA, you need to follow the instructions they "
9317
"provide on how to obtain a certificate from them."
9318
msgstr ""
9319
9320
#: serverguide/C/security.xml:1331(para)
9321
msgid ""
9322
"When the CA is satisfied that you are indeed who you claim to be, they send "
9323
"you a digital certificate."
9324
msgstr ""
9325
9326
#: serverguide/C/security.xml:1335(para)
9327
msgid ""
9328
"Install this certificate on your secure server, and configure the "
9329
"appropriate applications to use the certificate."
9330
msgstr ""
9331
9332
#: serverguide/C/security.xml:1344(title)
9333
msgid "Generating a Certificate Signing Request (CSR)"
9334
msgstr ""
9335
9336
#: serverguide/C/security.xml:1346(para)
9337
msgid ""
9338
"Whether you are getting a certificate from a CA or generating your own self-"
9339
"signed certificate, the first step is to generate a key."
9340
msgstr ""
9341
9342
#: serverguide/C/security.xml:1351(para)
9343
msgid ""
9344
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9345
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9346
"passphrase allows the services to start without manual intervention, usually "
9347
"the preferred way to start a daemon."
9348
msgstr ""
9349
9350
#: serverguide/C/security.xml:1357(para)
9351
msgid ""
9352
"This section will cover generating a key with a passphrase, and one without. "
9353
"The non-passphrase key will then be used to generate a certificate that can "
9354
"be used with various service daemons."
9355
msgstr ""
9356
9357
#: serverguide/C/security.xml:1363(para)
9358
msgid ""
9359
"Running your secure service without a passphrase is convenient because you "
9360
"will not need to enter the passphrase every time you start your secure "
9361
"service. But it is insecure and a compromise of the key means a compromise "
9362
"of the server as well."
9363
msgstr ""
9364
9365
#: serverguide/C/security.xml:1370(para)
9366
msgid ""
9367
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9368
"Request (CSR) run the following command from a terminal prompt:"
9369
msgstr ""
9370
9371
#: serverguide/C/security.xml:1376(command)
9372
msgid "openssl genrsa -des3 -out server.key 1024"
9373
msgstr ""
9374
9375
#: serverguide/C/security.xml:1379(programlisting)
9376
#, no-wrap
9377
msgid ""
9378
"\n"
9379
"Generating RSA private key, 1024 bit long modulus\n"
9380
".....................++++++\n"
9381
".................++++++\n"
9382
"unable to write 'random state'\n"
9383
"e is 65537 (0x10001)\n"
9384
"Enter pass phrase for server.key:\n"
9385
msgstr ""
9386
9387
#: serverguide/C/security.xml:1388(para)
9388
msgid ""
9389
"You can now enter your passphrase. For best security, it should at least "
9390
"contain eight characters. The minimum length when specifying -des3 is four "
9391
"characters. It should include numbers and/or punctuation and not be a word "
9392
"in a dictionary. Also remember that your passphrase is case-sensitive."
9393
msgstr ""
9394
9395
#: serverguide/C/security.xml:1396(para)
9396
msgid ""
9397
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9398
"server key is generated and stored in the <filename>server.key</filename> "
9399
"file."
9400
msgstr ""
9401
9402
#: serverguide/C/security.xml:1402(para)
9403
msgid ""
9404
"Now create the insecure key, the one without a passphrase, and shuffle the "
9405
"key names:"
9406
msgstr ""
9407
9408
#: serverguide/C/security.xml:1408(command)
9409
msgid "openssl rsa -in server.key -out server.key.insecure"
9410
msgstr ""
9411
9412
#: serverguide/C/security.xml:1409(command)
9413
msgid "mv server.key server.key.secure"
9414
msgstr ""
9415
9416
#: serverguide/C/security.xml:1410(command)
9417
msgid "mv server.key.insecure server.key"
9418
msgstr ""
9419
9420
#: serverguide/C/security.xml:1413(para)
9421
msgid ""
9422
"The insecure key is now named <filename>server.key</filename>, and you can "
9423
"use this file to generate the CSR without passphrase."
9424
msgstr ""
9425
9426
#: serverguide/C/security.xml:1418(para)
9427
msgid "To create the CSR, run the following command at a terminal prompt:"
9428
msgstr ""
9429
9430
#: serverguide/C/security.xml:1423(command)
9431
msgid "openssl req -new -key server.key -out server.csr"
9432
msgstr ""
9433
9434
#: serverguide/C/security.xml:1426(para)
9435
msgid ""
9436
"It will prompt you enter the passphrase. If you enter the correct "
9437
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9438
"etc. Once you enter all these details, your CSR will be created and it will "
9439
"be stored in the <filename>server.csr</filename> file."
9440
msgstr ""
9441
9442
#: serverguide/C/security.xml:1434(para)
9443
msgid ""
9444
"You can now submit this CSR file to a CA for processing. The CA will use "
9445
"this CSR file and issue the certificate. On the other hand, you can create "
9446
"self-signed certificate using this CSR."
9447
msgstr ""
9448
9449
#: serverguide/C/security.xml:1442(title)
9450
msgid "Creating a Self-Signed Certificate"
9451
msgstr ""
9452
9453
#: serverguide/C/security.xml:1443(para)
9454
msgid ""
9455
"To create the self-signed certificate, run the following command at a "
9456
"terminal prompt:"
9457
msgstr ""
9458
9459
#: serverguide/C/security.xml:1448(command)
9460
msgid ""
9461
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9462
"server.crt"
9463
msgstr ""
9464
9465
#: serverguide/C/security.xml:1451(para)
9466
msgid ""
9467
"The above command will prompt you to enter the passphrase. Once you enter "
9468
"the correct passphrase, your certificate will be created and it will be "
9469
"stored in the <filename>server.crt</filename> file."
9470
msgstr ""
9471
9472
#: serverguide/C/security.xml:1456(para)
9473
msgid ""
9474
"If your secure server is to be used in a production environment, you "
9475
"probably need a CA-signed certificate. It is not recommended to use self-"
9476
"signed certificate."
9477
msgstr ""
9478
9479
#: serverguide/C/security.xml:1464(title)
9480
msgid "Installing the Certificate"
9481
msgstr ""
9482
9483
#: serverguide/C/security.xml:1466(para)
9484
msgid ""
9485
"You can install the key file <filename>server.key</filename> and certificate "
9486
"file <filename>server.crt</filename>, or the certificate file issued by your "
9487
"CA, by running following commands at a terminal prompt:"
9488
msgstr ""
9489
9490
#: serverguide/C/security.xml:1472(command)
9491
msgid "sudo cp server.crt /etc/ssl/certs"
9492
msgstr "sudo cp server.crt /etc/ssl/certs"
9493
9494
#: serverguide/C/security.xml:1473(command)
9495
msgid "sudo cp server.key /etc/ssl/private"
9496
msgstr "sudo cp server.key /etc/ssl/private"
9497
9498
#: serverguide/C/security.xml:1475(para)
9499
msgid ""
9500
"Now simply configure any applications, with the ability to use public-key "
9501
"cryptography, to use the <emphasis>certificate</emphasis> and "
9502
"<emphasis>key</emphasis> files. For example, "
9503
"<application>Apache</application> can provide HTTPS, "
9504
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9505
msgstr ""
9506
9507
#: serverguide/C/security.xml:1482(title)
9508
msgid "Certification Authority"
9509
msgstr ""
9510
9511
#: serverguide/C/security.xml:1484(para)
9512
msgid ""
9513
"If the services on your network require more than a few self-signed "
9514
"certificates it may be worth the additional effort to setup your own "
9515
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9516
"certificates signed by your own CA, allows the various services using the "
9517
"certificates to easily trust other services using certificates issued from "
9518
"the same CA."
9519
msgstr ""
9520
9521
#: serverguide/C/security.xml:1494(para)
9522
msgid ""
9523
"First, create the directories to hold the CA certificate and related files:"
9524
msgstr ""
9525
9526
#: serverguide/C/security.xml:1499(command)
9527
msgid "sudo mkdir /etc/ssl/CA"
9528
msgstr "sudo mkdir /etc/ssl/CA"
9529
9530
#: serverguide/C/security.xml:1500(command)
9531
msgid "sudo mkdir /etc/ssl/newcerts"
9532
msgstr "sudo mkdir /etc/ssl/newcerts"
9533
9534
#: serverguide/C/security.xml:1506(para)
9535
msgid ""
9536
"The CA needs a few additional files to operate, one to keep track of the "
9537
"last serial number used by the CA, each certificate must have a unique "
9538
"serial number, and another file to record which certificates have been "
9539
"issued:"
9540
msgstr ""
9541
9542
#: serverguide/C/security.xml:1513(command)
9543
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9544
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9545
9546
#: serverguide/C/security.xml:1514(command)
9547
msgid "sudo touch /etc/ssl/CA/index.txt"
9548
msgstr "sudo touch /etc/ssl/CA/index.txt"
9549
9550
#: serverguide/C/security.xml:1520(para)
9551
msgid ""
9552
"The third file is a CA configuration file. Though not strictly necessary, it "
9553
"is very convenient when issuing multiple certificates. Edit "
9554
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9555
"]</emphasis> change:"
9556
msgstr ""
9557
9558
#: serverguide/C/security.xml:1526(programlisting)
9559
#, no-wrap
9560
msgid ""
9561
"\n"
9562
"dir = /etc/ssl/ # Where everything is kept\n"
9563
"database = $dir/CA/index.txt # database index file.\n"
9564
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9565
"serial = $dir/CA/serial # The current serial number\n"
9566
"private_key = $dir/private/cakey.pem# The private key\n"
9567
msgstr ""
9568
9569
#: serverguide/C/security.xml:1537(para)
9570
msgid "Next, create the self-singed root certificate:"
9571
msgstr ""
9572
9573
#: serverguide/C/security.xml:1542(command)
9574
msgid ""
9575
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9576
"days 3650"
9577
msgstr ""
9578
9579
#: serverguide/C/security.xml:1545(para)
9580
msgid "You will then be asked to enter the details about the certificate."
9581
msgstr ""
9582
9583
#: serverguide/C/security.xml:1552(para)
9584
msgid "Now install the root certificate and key:"
9585
msgstr ""
9586
9587
#: serverguide/C/security.xml:1557(command)
9588
msgid "sudo mv cakey.pem /etc/ssl/private/"
9589
msgstr ""
9590
9591
#: serverguide/C/security.xml:1558(command)
9592
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9593
msgstr ""
9594
9595
#: serverguide/C/security.xml:1564(para)
9596
msgid ""
9597
"You are now ready to start signing certificates. The first item needed is a "
9598
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9599
"for details. Once you have a CSR, enter the following to generate a "
9600
"certificate signed by the CA:"
9601
msgstr ""
9602
9603
#: serverguide/C/security.xml:1571(command)
9604
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9605
msgstr ""
9606
9607
#: serverguide/C/security.xml:1574(para)
9608
msgid ""
9609
"After entering the password for the CA key, you will be prompted to sign the "
9610
"certificate, and again to commit the new certificate. You should then see a "
9611
"somewhat large amount of output related to the certificate creation."
9612
msgstr ""
9613
9614
#: serverguide/C/security.xml:1583(para)
9615
msgid ""
9616
"There should now be a new file, "
9617
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9618
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9619
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9620
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9621
"the server where the certificate will be installed. For example "
9622
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9623
msgstr ""
9624
9625
#: serverguide/C/security.xml:1591(para)
9626
msgid ""
9627
"Subsequent certificates will be named <filename>02.pem</filename>, "
9628
"<filename>03.pem</filename>, etc."
9629
msgstr ""
9630
9631
#: serverguide/C/security.xml:1596(para)
9632
msgid ""
9633
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9634
"name."
9635
msgstr ""
9636
9637
#: serverguide/C/security.xml:1604(para)
9638
msgid ""
9639
"Finally, copy the new certificate to the host that needs it, and configure "
9640
"the appropriate applications to use it. The default location to install "
9641
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9642
"enables multiple services to use the same certificate without overly "
9643
"complicated file permissions."
9644
msgstr ""
9645
9646
#: serverguide/C/security.xml:1610(para)
9647
msgid ""
9648
"For applications that can be configured to use a CA certificate, you should "
9649
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9650
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9651
"server."
9652
msgstr ""
9653
9654
#: serverguide/C/security.xml:1624(para)
9655
msgid ""
9656
"For more detailed instructions on using cryptography see the <ulink "
9657
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9658
"Certificates HOWTO</ulink> by tlpd.org"
9659
msgstr ""
9660
9661
#: serverguide/C/security.xml:1630(para)
9662
msgid ""
9663
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9664
"of Certificate Authorities."
9665
msgstr ""
9666
9667
#: serverguide/C/security.xml:1635(para)
9668
msgid ""
9669
"The Wikipedia <ulink "
9670
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9671
"information regarding HTTPS."
9672
msgstr ""
9673
9674
#: serverguide/C/security.xml:1640(para)
9675
msgid ""
9676
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9677
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9678
msgstr ""
9679
9680
#: serverguide/C/security.xml:1645(para)
9681
msgid ""
9682
"Also, O'Reilly's <ulink "
9683
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9684
"OpenSSL</ulink> is a good in depth reference."
9685
msgstr ""
9686
9687
#: serverguide/C/security.xml:1654(title)
9688
msgid "eCryptfs"
9689
msgstr ""
9690
9691
#: serverguide/C/security.xml:1656(para)
9692
msgid ""
9693
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9694
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9695
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9696
"filesystem, partition type, etc."
9697
msgstr ""
9698
9699
#: serverguide/C/security.xml:1662(para)
9700
msgid ""
9701
"During installation there is an option to encrypt the <filename "
9702
"role=\"directory\">/home</filename> partition. This will automatically "
9703
"configure everything needed to encrypt and mount the partition."
9704
msgstr ""
9705
9706
#: serverguide/C/security.xml:1667(para)
9707
msgid ""
9708
"As an example, this section will cover configuring <filename "
9709
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9710
msgstr ""
9711
9712
#: serverguide/C/security.xml:1672(title)
9713
msgid "Using eCryptfs"
9714
msgstr ""
9715
9716
#: serverguide/C/security.xml:1674(para)
9717
msgid "First, install the necessary packages. From a terminal prompt enter:"
9718
msgstr ""
9719
9720
#: serverguide/C/security.xml:1679(command)
9721
msgid "sudo apt-get install ecryptfs-utils"
9722
msgstr "sudo apt-get install ecryptfs-utils"
9723
9724
#: serverguide/C/security.xml:1682(para)
9725
msgid "Now mount the partition to be encrypted:"
9726
msgstr ""
9727
9728
#: serverguide/C/security.xml:1687(command)
9729
msgid "sudo mount -t ecryptfs /srv /srv"
9730
msgstr "sudo mount -t ecryptfs /srv /srv"
9731
9732
#: serverguide/C/security.xml:1690(para)
9733
msgid ""
9734
"You will then be prompted for some details on how "
9735
"<application>ecryptfs</application> should encrypt the data."
9736
msgstr ""
9737
9738
#: serverguide/C/security.xml:1694(para)
9739
msgid ""
9740
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9741
"copy the <filename>/etc/default</filename> folder to "
9742
"<filename>/srv</filename>:"
9743
msgstr ""
9744
9745
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9746
msgid "sudo cp -r /etc/default /srv"
9747
msgstr "sudo cp -r /etc/default /srv"
9748
9749
#: serverguide/C/security.xml:1703(para)
9750
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9751
msgstr ""
9752
9753
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9754
msgid "sudo umount /srv"
9755
msgstr "sudo umount /srv"
9756
9757
#: serverguide/C/security.xml:1709(command)
9758
msgid "cat /srv/default/cron"
9759
msgstr ""
9760
9761
#: serverguide/C/security.xml:1712(para)
9762
msgid ""
9763
"Remounting <filename>/srv</filename> using "
9764
"<application>ecryptfs</application> will make the data viewable once again."
9765
msgstr ""
9766
9767
#: serverguide/C/security.xml:1718(title)
9768
msgid "Automatically Mounting Encrypted Partitions"
9769
msgstr ""
9770
9771
#: serverguide/C/security.xml:1720(para)
9772
msgid ""
9773
"There are a couple of ways to automatically mount an "
9774
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9775
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9776
"mount options, along with a passphrase file residing on a USB key."
9777
msgstr ""
9778
9779
#: serverguide/C/security.xml:1726(para)
9780
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9781
msgstr ""
9782
9783
#: serverguide/C/security.xml:1730(programlisting)
9784
#, no-wrap
9785
msgid ""
9786
"\n"
9787
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9788
"ecryptfs_sig=5826dd62cf81c615\n"
9789
"ecryptfs_cipher=aes\n"
9790
"ecryptfs_key_bytes=16\n"
9791
"ecryptfs_passthrough=n\n"
9792
"ecryptfs_enable_filename_crypto=n\n"
9793
msgstr ""
9794
9795
#: serverguide/C/security.xml:1740(para)
9796
msgid ""
9797
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9798
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9799
msgstr ""
9800
9801
#: serverguide/C/security.xml:1745(para)
9802
msgid ""
9803
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9804
"file:"
9805
msgstr ""
9806
9807
#: serverguide/C/security.xml:1749(programlisting)
9808
#, no-wrap
9809
msgid ""
9810
"\n"
9811
"passphrase_passwd=[secrets]\n"
9812
msgstr ""
9813
9814
#: serverguide/C/security.xml:1753(para)
9815
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9816
msgstr ""
9817
9818
#: serverguide/C/security.xml:1757(programlisting)
9819
#, no-wrap
9820
msgid ""
9821
"\n"
9822
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9823
"/srv /srv ecryptfs defaults 0 0\n"
9824
msgstr ""
9825
9826
#: serverguide/C/security.xml:1762(para)
9827
msgid "Make sure the USB drive is mounted before the encrypted partition."
9828
msgstr ""
9829
9830
#: serverguide/C/security.xml:1766(para)
9831
msgid ""
9832
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9833
"ecryptfs."
9834
msgstr ""
9835
9836
#: serverguide/C/security.xml:1774(para)
9837
msgid ""
9838
"The <application>ecryptfs-utils</application> package includes several other "
9839
"useful utilities:"
9840
msgstr ""
9841
9842
#: serverguide/C/security.xml:1780(para)
9843
msgid ""
9844
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9845
"<filename>~/Private</filename> directory to contain encrypted information. "
9846
"This utility can be run by unprivileged users to keep data private from "
9847
"other users on the system."
9848
msgstr ""
9849
9850
#: serverguide/C/security.xml:1787(para)
9851
msgid ""
9852
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9853
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9854
"directory."
9855
msgstr ""
9856
9857
#: serverguide/C/security.xml:1793(para)
9858
msgid ""
9859
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9860
"kernel keyring."
9861
msgstr ""
9862
9863
#: serverguide/C/security.xml:1798(para)
9864
msgid ""
9865
"<emphasis>ecryptfs-manager:</emphasis> manages "
9866
"<application>eCryptfs</application> objects such as keys."
9867
msgstr ""
9868
9869
#: serverguide/C/security.xml:1803(para)
9870
msgid ""
9871
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9872
"<application>ecryptfs</application> meta information for a file."
9873
msgstr ""
9874
9875
#: serverguide/C/security.xml:1816(para)
9876
msgid ""
9877
"For more information on eCryptfs see the <ulink "
9878
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9879
msgstr ""
9880
9881
#: serverguide/C/security.xml:1821(para)
9882
msgid ""
9883
"There is also a <ulink "
9884
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9885
"article covering eCryptfs."
9886
msgstr ""
9887
9888
#: serverguide/C/security.xml:1826(para)
9889
msgid ""
9890
"Also, for more <application>ecryptfs</application> options see the <ulink "
9891
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9892
"ecryptfs man page</ulink>."
9893
msgstr ""
9894
9895
#: serverguide/C/security.xml:1832(para)
9896
msgid ""
9897
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9898
"Ubuntu Wiki</ulink> page also has more details."
9899
msgstr ""
9900
9901
#: serverguide/C/reporting-bugs.xml:13(title)
9902
msgid "Appendix"
9903
msgstr ""
9904
9905
#: serverguide/C/reporting-bugs.xml:16(title)
9906
msgid "Reporting Bugs in Ubuntu Server Edition"
9907
msgstr ""
9908
9909
#: serverguide/C/reporting-bugs.xml:18(para)
9910
msgid ""
9911
"While the Ubuntu Project attempts to release software with as few bugs as "
9912
"possible, they do occur. You can help fix these bugs by reporting ones that "
9913
"you find to the project. The Ubuntu Project uses <ulink "
9914
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9915
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9916
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9917
"account</ulink>."
9918
msgstr ""
9919
9920
#: serverguide/C/reporting-bugs.xml:30(title)
9921
msgid "Reporting Bugs With ubuntu-bug"
9922
msgstr ""
9923
9924
#: serverguide/C/reporting-bugs.xml:32(para)
9925
msgid ""
9926
"The preferred way to report a bug is with the <application>ubuntu-"
9927
"bug</application> command. The ubuntu-bug tool gathers information about the "
9928
"system useful to developers in diagnosing the reported problem that will "
9929
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9930
"need to be filed against a specific software package, thus the name of the "
9931
"package that the bug occurs in needs to be given to ubuntu-bug:"
9932
msgstr ""
9933
9934
#: serverguide/C/reporting-bugs.xml:43(command)
9935
msgid "ubuntu-bug PACKAGENAME"
9936
msgstr ""
9937
9938
#: serverguide/C/reporting-bugs.xml:46(para)
9939
msgid ""
9940
"For example, to file a bug against the openssh-server package, you would do:"
9941
msgstr ""
9942
9943
#: serverguide/C/reporting-bugs.xml:51(command)
9944
msgid "ubuntu-bug openssh-server"
9945
msgstr ""
9946
9947
#: serverguide/C/reporting-bugs.xml:54(para)
9948
msgid ""
9949
"You can specify either a binary package or the source package for ubuntu-"
9950
"bug. Again using openssh-server as an example, you could also generate the "
9951
"report against the source package for openssh-server, openssh:"
9952
msgstr ""
9953
9954
#: serverguide/C/reporting-bugs.xml:62(command)
9955
msgid "ubuntu-bug openssh"
9956
msgstr ""
9957
9958
#: serverguide/C/reporting-bugs.xml:66(para)
9959
msgid ""
9960
"See <xref linkend=\"package-management\"/> for more information about "
9961
"packages in Ubuntu."
9962
msgstr ""
9963
9964
#: serverguide/C/reporting-bugs.xml:72(para)
9965
msgid ""
9966
"The ubuntu-bug command will gather information about the system in question, "
9967
"possibly including information specific to the specified package, and then "
9968
"ask you what you would like to do with collected information:"
9969
msgstr ""
9970
9971
#: serverguide/C/reporting-bugs.xml:80(command)
9972
msgid "ubuntu-bug postgresql"
9973
msgstr ""
9974
9975
#: serverguide/C/reporting-bugs.xml:79(screen)
9976
#, no-wrap
9977
msgid ""
9978
"\n"
9979
"<placeholder-1/>\n"
9980
"\n"
9981
"*** Collecting problem information\n"
9982
"\n"
9983
"The collected information can be sent to the developers to improve the\n"
9984
"application. This might take a few minutes.\n"
9985
"..........\n"
9986
"\n"
9987
"*** Send problem report to the developers?\n"
9988
"\n"
9989
"After the problem report has been sent, please fill out the form in the\n"
9990
"automatically opened web browser.\n"
9991
"\n"
9992
"What would you like to do? Your options are:\n"
9993
" S: Send report (1.7 KiB)\n"
9994
" V: View report\n"
9995
" K: Keep report file for sending later or copying to somewhere else\n"
9996
" C: Cancel\n"
9997
"Please choose (S/V/K/C):\n"
9998
msgstr ""
9999
10000
#: serverguide/C/reporting-bugs.xml:101(para)
10001
msgid "The options available are:"
10002
msgstr ""
10003
10004
#: serverguide/C/reporting-bugs.xml:108(para)
10005
msgid ""
10006
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
10007
"the collected information to Launchpad as part of the the process of filing "
10008
"a bug report. You will be given the opportunity to describe the situation "
10009
"that led up to the occurrence of the bug."
10010
msgstr ""
10011
10012
#: serverguide/C/reporting-bugs.xml:115(screen)
10013
#, no-wrap
10014
msgid ""
10015
"\n"
10016
"*** Uploading problem information\n"
10017
"\n"
10018
"The collected information is being sent to the bug tracking system.\n"
10019
"This might take a few minutes.\n"
10020
"91%\n"
10021
"\n"
10022
"*** To continue, you must visit the following URL:\n"
10023
"\n"
10024
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
10025
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
10026
"\n"
10027
"You can launch a browser now, or copy this URL into a browser on another\n"
10028
"computer.\n"
10029
"\n"
10030
"Choices:\n"
10031
" 1: Launch a browser now\n"
10032
" C: Cancel\n"
10033
"Please choose (1/C):\n"
10034
msgstr ""
10035
10036
#: serverguide/C/reporting-bugs.xml:135(para)
10037
msgid ""
10038
"If you choose to start a browser, by default the text based web browser "
10039
"<application>w3m</application> will be used to finish filing the bug report. "
10040
"Alternately, you can copy the given URL to a currently running web browser."
10041
msgstr ""
10042
10043
#: serverguide/C/reporting-bugs.xml:144(para)
10044
msgid ""
10045
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
10046
"the collected information to be displayed to the terminal for review."
10047
msgstr ""
10048
10049
#: serverguide/C/reporting-bugs.xml:150(screen)
10050
#, no-wrap
10051
msgid ""
10052
"\n"
10053
"Package: postgresql 8.4.2-2\n"
10054
"PackageArchitecture: all\n"
10055
"Tags: lucid\n"
10056
"ProblemType: Bug\n"
10057
"ProcEnviron:\n"
10058
" LANG=en_US.UTF-8\n"
10059
" SHELL=/bin/bash\n"
10060
"Uname: Linux 2.6.32-16-server x86_64\n"
10061
"Dependencies:\n"
10062
" adduser 3.112ubuntu1\n"
10063
" base-files 5.0.0ubuntu10\n"
10064
" base-passwd 3.5.22\n"
10065
" coreutils 7.4-2ubuntu2\n"
10066
"...\n"
10067
msgstr ""
10068
10069
#: serverguide/C/reporting-bugs.xml:167(para)
10070
msgid ""
10071
"After viewing the report, you will be brought back to the same menu asking "
10072
"what you would like to do with the report."
10073
msgstr ""
10074
10075
#: serverguide/C/reporting-bugs.xml:174(para)
10076
msgid ""
10077
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
10078
"File causes the gathered information to be written to a file. This file can "
10079
"then be used to later file a bug report or transferred to a different Ubuntu "
10080
"system for reporting. To submit the report file, simply give it as an "
10081
"argument to the ubuntu-bug command:"
10082
msgstr ""
10083
10084
#: serverguide/C/reporting-bugs.xml:189(userinput)
10085
#, no-wrap
10086
msgid "k"
10087
msgstr ""
10088
10089
#: serverguide/C/reporting-bugs.xml:192(command)
10090
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
10091
msgstr ""
10092
10093
#: serverguide/C/reporting-bugs.xml:183(screen)
10094
#, no-wrap
10095
msgid ""
10096
"\n"
10097
"What would you like to do? Your options are:\n"
10098
" S: Send report (1.7 KiB)\n"
10099
" V: View report\n"
10100
" K: Keep report file for sending later or copying to somewhere else\n"
10101
" C: Cancel\n"
10102
"Please choose (S/V/K/C): <placeholder-1/>\n"
10103
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
10104
"\n"
10105
"<placeholder-2/>\n"
10106
"\n"
10107
"*** Send problem report to the developers?\n"
10108
"...\n"
10109
msgstr ""
10110
10111
#: serverguide/C/reporting-bugs.xml:200(para)
10112
msgid ""
10113
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
10114
"collected information to be discarded."
10115
msgstr ""
10116
10117
#: serverguide/C/reporting-bugs.xml:210(title)
10118
msgid "Reporting Application Crashes"
10119
msgstr ""
10120
10121
#: serverguide/C/reporting-bugs.xml:212(para)
10122
msgid ""
10123
"The software package that provides the ubuntu-bug utility, "
10124
"<application>apport</application>, can be configured to trigger when "
10125
"applications crash. This is disabled by default, as capturing a crash can be "
10126
"resource intensive depending on how much memory the application that crashed "
10127
"was using as apport captures and processes the core dump."
10128
msgstr ""
10129
10130
#: serverguide/C/reporting-bugs.xml:221(para)
10131
msgid ""
10132
"Configuring apport to capture information about crashing applications "
10133
"requires a couple of steps. First, <application>gdb</application> needs to "
10134
"be installed; it is not installed by default in Ubuntu Server Edition."
10135
msgstr ""
10136
10137
#: serverguide/C/reporting-bugs.xml:229(command)
10138
msgid "sudo apt-get install gdb"
10139
msgstr ""
10140
10141
#: serverguide/C/reporting-bugs.xml:232(para)
10142
msgid ""
10143
"See <xref linkend=\"package-management\"/> for more information about "
10144
"managing packages in Ubuntu."
10145
msgstr ""
10146
10147
#: serverguide/C/reporting-bugs.xml:237(para)
10148
msgid ""
10149
"Once you have ensured that gdb is installed, open the file "
10150
"<filename>/etc/default/apport</filename> in your text editor, and change the "
10151
"<emphasis>enabled</emphasis> setting to be <emphasis "
10152
"role=\"bold\">1</emphasis> like so:"
10153
msgstr ""
10154
10155
#: serverguide/C/reporting-bugs.xml:244(programlisting)
10156
#, no-wrap
10157
msgid ""
10158
"\n"
10159
"# set this to 0 to disable apport, or to 1 to enable it\n"
10160
"# you can temporarily override this with\n"
10161
"# sudo service apport start force_start=1\n"
10162
"enabled=<userinput>1</userinput>\n"
10163
"\n"
10164
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
10165
"maxsize=209715200\n"
10166
msgstr ""
10167
10168
#: serverguide/C/reporting-bugs.xml:254(para)
10169
msgid ""
10170
"Once you have completed editing <filename>/etc/default/apport</filename>, "
10171
"start the apport service:"
10172
msgstr ""
10173
10174
#: serverguide/C/reporting-bugs.xml:261(command)
10175
msgid "sudo start apport"
10176
msgstr ""
10177
10178
#: serverguide/C/reporting-bugs.xml:264(para)
10179
msgid ""
10180
"After an application crashes, use the <application>apport-cli</application> "
10181
"command to search for the existing saved crash report information:"
10182
msgstr ""
10183
10184
#: serverguide/C/reporting-bugs.xml:271(command)
10185
msgid "apport-cli"
10186
msgstr ""
10187
10188
#: serverguide/C/reporting-bugs.xml:270(screen)
10189
#, no-wrap
10190
msgid ""
10191
"\n"
10192
"<placeholder-1/>\n"
10193
"\n"
10194
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
10195
"\n"
10196
"If you were not doing anything confidential (entering passwords or other\n"
10197
"private information), you can help to improve the application by\n"
10198
"reporting\n"
10199
"the problem.\n"
10200
"\n"
10201
"What would you like to do? Your options are:\n"
10202
" R: Report Problem...\n"
10203
" I: Cancel and ignore future crashes of this program version\n"
10204
" C: Cancel\n"
10205
"Please choose (R/I/C):\n"
10206
msgstr ""
10207
10208
#: serverguide/C/reporting-bugs.xml:287(para)
10209
msgid ""
10210
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
10211
"steps as when using ubuntu-bug. One important difference is that a crash "
10212
"report will be marked as private when filed on Launchpad, meaning that it "
10213
"will be visible to only a limited set of bug triagers. These triagers will "
10214
"review the gathered data for private information before making the bug "
10215
"report publicly visible."
10216
msgstr ""
10217
10218
#: serverguide/C/reporting-bugs.xml:307(para)
10219
msgid ""
10220
"See the <ulink "
10221
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
10222
"Bugs</ulink> Ubuntu wiki page."
10223
msgstr ""
10224
10225
#: serverguide/C/reporting-bugs.xml:313(para)
10226
msgid ""
10227
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
10228
"has some useful information. Though some of it pertains to using a GUI."
10229
msgstr ""
10230
10231
#: serverguide/C/remote-administration.xml:13(title)
10232
msgid "Remote Administration"
10233
msgstr "Administració remota"
10234
10235
#: serverguide/C/remote-administration.xml:14(para)
10236
msgid ""
10237
"There are many ways to remotely administer a Linux server. This chapter will "
10238
"cover one of the most popular <application>OpenSSH</application>."
10239
msgstr ""
10240
10241
#: serverguide/C/remote-administration.xml:22(para)
10242
msgid ""
10243
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10244
"tools for the remote control of networked computers and transfer of data "
10245
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10246
"also learn about some of the configuration settings possible with the "
10247
"OpenSSH server application and how to change them on your Ubuntu system."
10248
msgstr ""
10249
10250
#: serverguide/C/remote-administration.xml:29(para)
10251
msgid ""
10252
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10253
"family of tools for remotely controlling a computer or transferring files "
10254
"between computers. Traditional tools used to accomplish these functions, "
10255
"such as <application>telnet</application> or <application>rcp</application>, "
10256
"are insecure and transmit the user's password in cleartext when used. "
10257
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10258
"encrypted remote control and file transfer operations, effectively replacing "
10259
"the legacy tools."
10260
msgstr ""
10261
10262
#: serverguide/C/remote-administration.xml:38(para)
10263
msgid ""
10264
"The OpenSSH server component, <application>sshd</application>, listens "
10265
"continuously for client connections from any of the client tools. When a "
10266
"connection request occurs, <application>sshd</application> sets up the "
10267
"correct connection depending on the type of client tool connecting. For "
10268
"example, if the remote computer is connecting with the "
10269
"<application>ssh</application> client application, the OpenSSH server sets "
10270
"up a remote control session after authentication. If a remote user connects "
10271
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
10272
"daemon initiates a secure copy of files between the server and client after "
10273
"authentication. OpenSSH can use many authentication methods, including plain "
10274
"password, public key, and <application>Kerberos</application> tickets."
10275
msgstr ""
10276
10277
#: serverguide/C/remote-administration.xml:52(para)
10278
msgid ""
10279
"Installation of the OpenSSH client and server applications is simple. To "
10280
"install the OpenSSH client applications on your Ubuntu system, use this "
10281
"command at a terminal prompt:"
10282
msgstr ""
10283
10284
#: serverguide/C/remote-administration.xml:58(command)
10285
msgid "sudo apt-get install openssh-client"
10286
msgstr "sudo apt-get install openssh-client"
10287
10288
#: serverguide/C/remote-administration.xml:60(para)
10289
msgid ""
10290
"To install the OpenSSH server application, and related support files, use "
10291
"this command at a terminal prompt:"
10292
msgstr ""
10293
10294
#: serverguide/C/remote-administration.xml:65(command)
10295
msgid "sudo apt-get install openssh-server"
10296
msgstr "sudo apt-get install openssh-server"
10297
10298
#: serverguide/C/remote-administration.xml:67(para)
10299
msgid ""
10300
"The <application>openssh-server</application> package can also be selected "
10301
"to install during the Server Edition installation process."
10302
msgstr ""
10303
10304
#: serverguide/C/remote-administration.xml:74(para)
10305
msgid ""
10306
"You may configure the default behavior of the OpenSSH server application, "
10307
"<application>sshd</application>, by editing the file "
10308
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10309
"configuration directives used in this file, you may view the appropriate "
10310
"manual page with the following command, issued at a terminal prompt:"
10311
msgstr ""
10312
10313
#: serverguide/C/remote-administration.xml:82(command)
10314
msgid "man sshd_config"
10315
msgstr ""
10316
10317
#: serverguide/C/remote-administration.xml:84(para)
10318
msgid ""
10319
"There are many directives in the <application>sshd</application> "
10320
"configuration file controlling such things as communication settings and "
10321
"authentication modes. The following are examples of configuration directives "
10322
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10323
"file."
10324
msgstr ""
10325
10326
#: serverguide/C/remote-administration.xml:91(para)
10327
msgid ""
10328
"Prior to editing the configuration file, you should make a copy of the "
10329
"original file and protect it from writing so you will have the original "
10330
"settings as a reference and to reuse as necessary."
10331
msgstr ""
10332
10333
#: serverguide/C/remote-administration.xml:95(para)
10334
msgid ""
10335
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10336
"writing with the following commands, issued at a terminal prompt:"
10337
msgstr ""
10338
10339
#: serverguide/C/remote-administration.xml:100(command)
10340
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10341
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10342
10343
#: serverguide/C/remote-administration.xml:101(command)
10344
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10345
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
10346
10347
#: serverguide/C/remote-administration.xml:103(para)
10348
msgid ""
10349
"The following are examples of configuration directives you may change:"
10350
msgstr ""
10351
10352
#: serverguide/C/remote-administration.xml:108(para)
10353
msgid ""
10354
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10355
"port 22, change the Port directive as such:"
10356
msgstr ""
10357
10358
#: serverguide/C/remote-administration.xml:112(para)
10359
msgid "Port 2222"
10360
msgstr ""
10361
10362
#: serverguide/C/remote-administration.xml:117(para)
10363
msgid ""
10364
"To have <application>sshd</application> allow public key-based login "
10365
"credentials, simply add or modify the line:"
10366
msgstr ""
10367
10368
#: serverguide/C/remote-administration.xml:121(para)
10369
msgid "PubkeyAuthentication yes"
10370
msgstr ""
10371
10372
#: serverguide/C/remote-administration.xml:124(para)
10373
msgid ""
10374
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10375
"present, ensure the line is not commented out."
10376
msgstr ""
10377
10378
#: serverguide/C/remote-administration.xml:130(para)
10379
msgid ""
10380
"To make your OpenSSH server display the contents of the "
10381
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10382
"or modify the line:"
10383
msgstr ""
10384
10385
#: serverguide/C/remote-administration.xml:135(para)
10386
msgid "Banner /etc/issue.net"
10387
msgstr ""
10388
10389
#: serverguide/C/remote-administration.xml:138(para)
10390
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10391
msgstr ""
10392
10393
#: serverguide/C/remote-administration.xml:143(para)
10394
msgid ""
10395
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10396
"save the file, and restart the <application>sshd</application> server "
10397
"application to effect the changes using the following command at a terminal "
10398
"prompt:"
10399
msgstr ""
10400
10401
#: serverguide/C/remote-administration.xml:152(para)
10402
msgid ""
10403
"Many other configuration directives for <application>sshd</application> are "
10404
"available for changing the server application's behavior to fit your needs. "
10405
"Be advised, however, if your only method of access to a server is "
10406
"<application>ssh</application>, and you make a mistake in configuring "
10407
"<application>sshd</application> via the "
10408
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10409
"out of the server upon restarting it, or that the "
10410
"<application>sshd</application> server refuses to start due to an incorrect "
10411
"configuration directive, so be extra careful when editing this file on a "
10412
"remote server."
10413
msgstr ""
10414
10415
#: serverguide/C/remote-administration.xml:167(title)
10416
msgid "SSH Keys"
10417
msgstr ""
10418
10419
#: serverguide/C/remote-administration.xml:168(para)
10420
msgid ""
10421
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10422
"the need of a password. SSH key authentication uses two keys a "
10423
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10424
msgstr ""
10425
10426
#: serverguide/C/remote-administration.xml:172(para)
10427
msgid "To generate the keys, from a terminal prompt enter:"
10428
msgstr ""
10429
10430
#: serverguide/C/remote-administration.xml:176(command)
10431
msgid "ssh-keygen -t dsa"
10432
msgstr ""
10433
10434
#: serverguide/C/remote-administration.xml:178(para)
10435
msgid ""
10436
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10437
"identity of the user. During the process you will be prompted for a "
10438
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10439
"key."
10440
msgstr ""
10441
10442
#: serverguide/C/remote-administration.xml:182(para)
10443
msgid ""
10444
"By default the <emphasis>public</emphasis> key is saved in the file "
10445
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10446
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10447
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10448
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10449
msgstr ""
10450
10451
#: serverguide/C/remote-administration.xml:188(command)
10452
msgid "ssh-copy-id username@remotehost"
10453
msgstr ""
10454
10455
#: serverguide/C/remote-administration.xml:190(para)
10456
msgid ""
10457
"Finally, double check the permissions on the "
10458
"<filename>authorized_keys</filename> file, only the authenticated user "
10459
"should have read and write permissions. If the permissions are not correct "
10460
"change them by:"
10461
msgstr ""
10462
10463
#: serverguide/C/remote-administration.xml:195(command)
10464
msgid "chmod 600 .ssh/authorized_keys"
10465
msgstr ""
10466
10467
#: serverguide/C/remote-administration.xml:197(para)
10468
msgid ""
10469
"You should now be able to SSH to the host without being prompted for a "
10470
"password."
10471
msgstr ""
10472
10473
#: serverguide/C/remote-administration.xml:206(para)
10474
msgid ""
10475
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10476
"page."
10477
msgstr ""
10478
10479
#: serverguide/C/remote-administration.xml:212(ulink)
10480
msgid "OpenSSH Website"
10481
msgstr ""
10482
10483
#: serverguide/C/remote-administration.xml:217(ulink)
10484
msgid "Advanced OpenSSH Wiki Page"
10485
msgstr ""
10486
10487
#: serverguide/C/package-management.xml:13(title)
10488
msgid "Package Management"
10489
msgstr "Gestió de paquets"
10490
10491
#: serverguide/C/package-management.xml:14(para)
10492
msgid ""
10493
"Ubuntu features a comprehensive package management system for the "
10494
"installation, upgrade, configuration, and removal of software. In addition "
10495
"to providing access to an organized base of over 24,000 software packages "
10496
"for your Ubuntu computer, the package management facilities also feature "
10497
"dependency resolution capabilities and software update checking."
10498
msgstr ""
10499
10500
#: serverguide/C/package-management.xml:16(para)
10501
msgid ""
10502
"Several tools are available for interacting with Ubuntu's package management "
10503
"system, from simple command-line utilities which may be easily automated by "
10504
"system administrators, to a simple graphical interface which is easy to use "
10505
"by those new to Ubuntu."
10506
msgstr ""
10507
10508
#: serverguide/C/package-management.xml:21(para)
10509
msgid ""
10510
"Ubuntu's package management system is derived from the same system used by "
10511
"the Debian GNU/Linux distribution. The package files contain all of the "
10512
"necessary files, meta-data, and instructions to implement a particular "
10513
"functionality or software application on your Ubuntu computer."
10514
msgstr ""
10515
10516
#: serverguide/C/package-management.xml:24(para)
10517
msgid ""
10518
"Debian package files typically have the extension '.deb', and typically "
10519
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10520
"collections of packages found on various media, such as CD-ROM discs, or "
10521
"online. Packages are normally of the pre-compiled binary format; thus "
10522
"installation is quick and requires no compiling of software."
10523
msgstr ""
10524
10525
#: serverguide/C/package-management.xml:27(para)
10526
msgid ""
10527
"Many complex packages use the concept of <emphasis "
10528
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10529
"packages required by the principal package in order to function properly. "
10530
"For example, the speech synthesis package "
10531
"<application>Festival</application> depends upon the package "
10532
"<application>libasound2</application>, which is a package supplying the "
10533
"<application>ALSA</application> sound library needed for audio playback. In "
10534
"order for <application>Festival</application> to function, it and all of its "
10535
"dependencies must be installed. The software management tools in Ubuntu will "
10536
"do this automatically."
10537
msgstr ""
10538
10539
#: serverguide/C/package-management.xml:32(title)
10540
msgid "dpkg"
10541
msgstr "dpkg"
10542
10543
#: serverguide/C/package-management.xml:34(para)
10544
msgid ""
10545
"<application>dpkg</application> is a package manager for "
10546
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10547
"packages, but unlike other package management system's it can not "
10548
"automatically download and install packages and their dependencies. This "
10549
"section covers using <application>dpkg</application> to manage locally "
10550
"installed packages:"
10551
msgstr ""
10552
10553
#: serverguide/C/package-management.xml:43(para)
10554
msgid ""
10555
"To list all packages installed on the system, from a terminal prompt enter:"
10556
msgstr ""
10557
10558
#: serverguide/C/package-management.xml:48(command)
10559
msgid "dpkg -l"
10560
msgstr "dpkg -l"
10561
10562
#: serverguide/C/package-management.xml:54(para)
10563
msgid ""
10564
"Depending on the amount of packages on your system, this can generate a "
10565
"large amount of output. Pipe the output through "
10566
"<application>grep</application> to see if a specific package is installed:"
10567
msgstr ""
10568
10569
#: serverguide/C/package-management.xml:60(command)
10570
msgid "dpkg -l | grep apache2"
10571
msgstr "dpkg -l | grep apache2"
10572
10573
#: serverguide/C/package-management.xml:63(para)
10574
msgid ""
10575
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10576
"package name, or other regular expression."
10577
msgstr ""
10578
10579
#: serverguide/C/package-management.xml:70(para)
10580
msgid ""
10581
"To list the files installed by a package, in this case the "
10582
"<application>ufw</application> package, enter:"
10583
msgstr ""
10584
10585
#: serverguide/C/package-management.xml:75(command)
10586
msgid "dpkg -L ufw"
10587
msgstr "dpkg -L ufw"
10588
10589
#: serverguide/C/package-management.xml:81(para)
10590
msgid ""
10591
"If you are not sure which package installed a file, <application>dpkg -"
10592
"S</application> may be able to tell you. For example:"
10593
msgstr ""
10594
10595
#: serverguide/C/package-management.xml:87(command)
10596
msgid "dpkg -S /etc/host.conf"
10597
msgstr "dpkg -S /etc/host.conf"
10598
10599
#: serverguide/C/package-management.xml:88(computeroutput)
10600
#, no-wrap
10601
msgid "base-files: /etc/host.conf"
10602
msgstr ""
10603
10604
#: serverguide/C/package-management.xml:91(para)
10605
msgid ""
10606
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10607
"<application>base-files</application> package."
10608
msgstr ""
10609
10610
#: serverguide/C/package-management.xml:96(para)
10611
msgid ""
10612
"Many files are automatically generated during the package install process, "
10613
"and even though they are on the filesystem <command>dpkg -S</command> may "
10614
"not know which package they belong to."
10615
msgstr ""
10616
10617
#: serverguide/C/package-management.xml:105(para)
10618
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10619
msgstr ""
10620
10621
#: serverguide/C/package-management.xml:110(command)
10622
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10623
msgstr "sudo dpkg -i zip_2.32-1_i386.deb"
10624
10625
#: serverguide/C/package-management.xml:113(para)
10626
msgid ""
10627
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10628
"the local .deb file."
10629
msgstr ""
10630
10631
#: serverguide/C/package-management.xml:120(para)
10632
msgid "Uninstalling a package can be accomplished by:"
10633
msgstr ""
10634
10635
#: serverguide/C/package-management.xml:125(command)
10636
msgid "sudo dpkg -r zip"
10637
msgstr "sudo dpkg -r zip"
10638
10639
#: serverguide/C/package-management.xml:129(para)
10640
msgid ""
10641
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10642
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10643
"manager that handles dependencies, to ensure that the system is in a "
10644
"consistent state. For example using <command>dpkg -r</command> you can "
10645
"remove the <application>zip</application> package, but any packages that "
10646
"depend on it will still be installed and may no longer function correctly."
10647
msgstr ""
10648
10649
#: serverguide/C/package-management.xml:140(para)
10650
msgid ""
10651
"For more <application>dpkg</application> options see the man page: "
10652
"<command>man dpkg</command>."
10653
msgstr ""
10654
10655
#: serverguide/C/package-management.xml:146(title)
10656
msgid "Apt-Get"
10657
msgstr "Apt-Get"
10658
10659
#: serverguide/C/package-management.xml:147(para)
10660
msgid ""
10661
"The <application>apt-get</application> command is a powerful command-line "
10662
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10663
"(APT) performing such functions as installation of new software packages, "
10664
"upgrade of existing software packages, updating of the package list index, "
10665
"and even upgrading the entire Ubuntu system."
10666
msgstr ""
10667
10668
#: serverguide/C/package-management.xml:150(para)
10669
msgid ""
10670
"Being a simple command-line tool, <application>apt-get</application> has "
10671
"numerous advantages over other package management tools available in Ubuntu "
10672
"for server administrators. Some of these advantages include ease of use over "
10673
"simple terminal connections (SSH) and the ability to be used in system "
10674
"administration scripts, which can in turn be automated by the "
10675
"<application>cron</application> scheduling utility."
10676
msgstr ""
10677
10678
#: serverguide/C/package-management.xml:157(para)
10679
msgid ""
10680
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10681
"packages using the <application>apt-get</application> tool is quite simple. "
10682
"For example, to install the network scanner <emphasis "
10683
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10684
"<command>sudo apt-get install nmap</command>\n"
10685
"</screen>"
10686
msgstr ""
10687
10688
#: serverguide/C/package-management.xml:165(para)
10689
msgid ""
10690
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10691
"packages is also a straightforward and simple process. To remove the nmap "
10692
"package installed in the previous example, type the following: <screen>\n"
10693
"<command>sudo apt-get remove nmap</command>\n"
10694
"</screen>"
10695
msgstr ""
10696
10697
#: serverguide/C/package-management.xml:172(para)
10698
msgid ""
10699
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10700
"multiple packages to be installed or removed, separated by spaces."
10701
msgstr ""
10702
10703
#: serverguide/C/package-management.xml:175(para)
10704
msgid ""
10705
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10706
"remove</command> will remove the package configuration files as well. This "
10707
"may or may not be the desired effect so use with caution."
10708
msgstr ""
10709
10710
#: serverguide/C/package-management.xml:181(para)
10711
msgid ""
10712
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10713
"index is essentially a database of available packages from the repositories "
10714
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10715
"the local package index with the latest changes made in repositories, type "
10716
"the following: <screen>\n"
10717
"<command>sudo apt-get update</command>\n"
10718
"</screen>"
10719
msgstr ""
10720
10721
#: serverguide/C/package-management.xml:189(para)
10722
msgid ""
10723
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10724
"versions of packages currently installed on your computer may become "
10725
"available from the package repositories (for example security updates). To "
10726
"upgrade your system, first update your package index as outlined above, and "
10727
"then type: <screen>\n"
10728
"<command>sudo apt-get upgrade</command>\n"
10729
"</screen>"
10730
msgstr ""
10731
10732
#: serverguide/C/package-management.xml:195(para)
10733
msgid ""
10734
"For information on upgrading to a new Ubuntu release see <xref "
10735
"linkend=\"installing-upgrading\"/>."
10736
msgstr ""
10737
10738
#: serverguide/C/package-management.xml:153(para)
10739
msgid ""
10740
"Some examples of popular uses for the <application>apt-get</application> "
10741
"utility: <placeholder-1/>"
10742
msgstr ""
10743
"Alguns exemples de maneres habituals d'utilitzar l'eina <application>apt-"
10744
"get</application>: <placeholder-1/>"
10745
10746
#: serverguide/C/package-management.xml:201(para)
10747
msgid ""
10748
"Actions of the <application>apt-get</application> command, such as "
10749
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10750
"log file."
10751
msgstr ""
10752
10753
#: serverguide/C/package-management.xml:204(para)
10754
msgid ""
10755
"For further information about the use of <application>APT</application>, "
10756
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10757
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10758
"help</screen>"
10759
msgstr ""
10760
10761
#: serverguide/C/package-management.xml:208(title)
10762
msgid "Aptitude"
10763
msgstr "Aptitude"
10764
10765
#: serverguide/C/package-management.xml:209(para)
10766
msgid ""
10767
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10768
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10769
"the common package management functions, such as installation, removal, and "
10770
"upgrade, are performed in <application>Aptitude</application> with single-"
10771
"key commands, which are typically lowercase letters."
10772
msgstr ""
10773
10774
#: serverguide/C/package-management.xml:212(para)
10775
msgid ""
10776
"<application>Aptitude</application> is best suited for use in a non-"
10777
"graphical terminal environment to ensure proper functioning of the command "
10778
"keys. You may start <application>Aptitude</application> as a normal user "
10779
"with the following command at a terminal prompt: <screen>\n"
10780
"<command>sudo aptitude</command>\n"
10781
"</screen>"
10782
msgstr ""
10783
10784
#: serverguide/C/package-management.xml:219(para)
10785
msgid ""
10786
"When <application>Aptitude</application> starts, you will see a menu bar at "
10787
"the top of the screen and two panes below the menu bar. The top pane "
10788
"contains package categories, such as <emphasis role=\"italics\">New "
10789
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10790
"Packages</emphasis>. The bottom pane contains information related to the "
10791
"packages and package categories."
10792
msgstr ""
10793
10794
#: serverguide/C/package-management.xml:222(para)
10795
msgid ""
10796
"Using <application>Aptitude</application> for package management is "
10797
"relatively straightforward, and the user interface makes common tasks simple "
10798
"to perform. The following are examples of common package management "
10799
"functions as performed in <application>Aptitude</application>:"
10800
msgstr ""
10801
10802
#: serverguide/C/package-management.xml:226(para)
10803
msgid ""
10804
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10805
"locate the package via the Not Installed Packages package category, for "
10806
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10807
"key, and highlight the package you wish to install. After highlighting the "
10808
"package you wish to install, press the <keycap>+</keycap> key, and the "
10809
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10810
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10811
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10812
"again, and you will be prompted to become root to complete the installation. "
10813
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10814
"your user password to become root. Finally, press <keycap>g</keycap> once "
10815
"more and you'll be prompted to download the package. Press "
10816
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10817
"prompt, and downloading and installation of the package will commence."
10818
msgstr ""
10819
10820
#: serverguide/C/package-management.xml:230(para)
10821
msgid ""
10822
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10823
"locate the package via the Installed Packages package category, for example, "
10824
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10825
"highlight the package you wish to remove. After highlighting the package you "
10826
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10827
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10828
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10829
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10830
"prompted to become root to complete the installation. Press "
10831
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10832
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10833
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10834
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10835
"the package will commence."
10836
msgstr ""
10837
10838
#: serverguide/C/package-management.xml:234(para)
10839
msgid ""
10840
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10841
"package index, simply press the <keycap>u</keycap> key and you will be "
10842
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10843
"which will result in a Password: prompt. Enter your user password to become "
10844
"root. Updating of the package index will commence. Press "
10845
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10846
"presented to complete the process."
10847
msgstr ""
10848
10849
#: serverguide/C/package-management.xml:238(para)
10850
msgid ""
10851
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10852
"perform the update of the package index as detailed above, and then press "
10853
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10854
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10855
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10856
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10857
"result in a Password: prompt. Enter your user password to become root. "
10858
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10859
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10860
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10861
"will commence."
10862
msgstr ""
10863
10864
#: serverguide/C/package-management.xml:245(para)
10865
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10866
msgstr ""
10867
10868
#: serverguide/C/package-management.xml:250(para)
10869
msgid ""
10870
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10871
"configuration remains on system"
10872
msgstr ""
10873
10874
#: serverguide/C/package-management.xml:254(para)
10875
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10876
msgstr ""
10877
10878
#: serverguide/C/package-management.xml:258(para)
10879
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10880
msgstr ""
10881
10882
#: serverguide/C/package-management.xml:262(para)
10883
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10884
msgstr ""
10885
10886
#: serverguide/C/package-management.xml:266(para)
10887
msgid ""
10888
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10889
"configured"
10890
msgstr ""
10891
10892
#: serverguide/C/package-management.xml:270(para)
10893
msgid ""
10894
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10895
"and requires fix"
10896
msgstr ""
10897
10898
#: serverguide/C/package-management.xml:274(para)
10899
msgid ""
10900
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10901
"requires fix"
10902
msgstr ""
10903
10904
#: serverguide/C/package-management.xml:242(para)
10905
msgid ""
10906
"The first column of information displayed in the package list in the top "
10907
"pane, when actually viewing packages lists the current state of the package, "
10908
"and uses the following key to describe the state of the package: "
10909
"<placeholder-1/>"
10910
msgstr ""
10911
10912
#: serverguide/C/package-management.xml:280(para)
10913
msgid ""
10914
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10915
"wish to exit. Many other functions are available from the Aptitude menu by "
10916
"pressing the <keycap>F10</keycap> key."
10917
msgstr ""
10918
10919
#: serverguide/C/package-management.xml:285(title)
10920
msgid "Automatic Updates"
10921
msgstr "Actualitzacions automàtiques"
10922
10923
#: serverguide/C/package-management.xml:287(para)
10924
msgid ""
10925
"The <application>unattended-upgrades</application> package can be used to "
10926
"automatically install updated packages, and can be configured to update all "
10927
"packages or just install security updates. First, install the package by "
10928
"entering the following in a terminal:"
10929
msgstr ""
10930
10931
#: serverguide/C/package-management.xml:293(command)
10932
msgid "sudo apt-get install unattended-upgrades"
10933
msgstr "sudo apt-get install unattended-upgrades"
10934
10935
#: serverguide/C/package-management.xml:296(para)
10936
msgid ""
10937
"To configure <application>unattended-upgrades</application>, edit "
10938
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10939
"the following to fit your needs:"
10940
msgstr ""
10941
10942
#: serverguide/C/package-management.xml:301(programlisting)
10943
#, no-wrap
10944
msgid ""
10945
"\n"
10946
"Unattended-Upgrade::Allowed-Origins {\n"
10947
" \"Ubuntu maverick-security\";\n"
10948
"// \"Ubuntu maverick-updates\";\n"
10949
"};\n"
10950
msgstr ""
10951
10952
#: serverguide/C/package-management.xml:308(para)
10953
msgid ""
10954
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10955
"will not be automatically updated. To blacklist a package, add it to the "
10956
"list:"
10957
msgstr ""
10958
10959
#: serverguide/C/package-management.xml:313(programlisting)
10960
#, no-wrap
10961
msgid ""
10962
"\n"
10963
"Unattended-Upgrade::Package-Blacklist {\n"
10964
"// \"vim\";\n"
10965
"// \"libc6\";\n"
10966
"// \"libc6-dev\";\n"
10967
"// \"libc6-i686\";\n"
10968
"};\n"
10969
msgstr ""
10970
10971
#: serverguide/C/package-management.xml:323(para)
10972
msgid ""
10973
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10974
"whatever follows \"//\" will not be evaluated."
10975
msgstr ""
10976
10977
#: serverguide/C/package-management.xml:328(para)
10978
msgid ""
10979
"To enable automatic updates, edit "
10980
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10981
"<application>apt</application> configuration options:"
10982
msgstr ""
10983
10984
#: serverguide/C/package-management.xml:332(programlisting)
10985
#, no-wrap
10986
msgid ""
10987
"\n"
10988
"APT::Periodic::Update-Package-Lists \"1\";\n"
10989
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10990
"APT::Periodic::AutocleanInterval \"7\";\n"
10991
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10992
msgstr ""
10993
10994
#: serverguide/C/package-management.xml:339(para)
10995
msgid ""
10996
"The above configuration updates the package list, downloads, and installs "
10997
"available upgrades every day. The local download archive is cleaned every "
10998
"week."
10999
msgstr ""
11000
11001
#: serverguide/C/package-management.xml:345(para)
11002
msgid ""
11003
"You can read more about <application>apt</application> Periodic "
11004
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11005
"header."
11006
msgstr ""
11007
11008
#: serverguide/C/package-management.xml:350(para)
11009
msgid ""
11010
"The results of <application>unattended-upgrades</application> will be logged "
11011
"to <filename>/var/log/unattended-upgrades</filename>."
11012
msgstr ""
11013
11014
#: serverguide/C/package-management.xml:355(title)
11015
msgid "Notifications"
11016
msgstr ""
11017
11018
#: serverguide/C/package-management.xml:357(para)
11019
msgid ""
11020
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11021
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11022
"<application>unattended-upgrades</application> to email an administrator "
11023
"detailing any packages that need upgrading or have problems."
11024
msgstr ""
11025
11026
#: serverguide/C/package-management.xml:362(para)
11027
msgid ""
11028
"Another useful package is <application>apticron</application>. "
11029
"<application>apticron</application> will configure a "
11030
"<application>cron</application> job to email an administrator information "
11031
"about any packages on the system that have updates available, as well as a "
11032
"summary of changes in each package."
11033
msgstr ""
11034
11035
#: serverguide/C/package-management.xml:368(para)
11036
msgid ""
11037
"To install the <application>apticron</application> package, in a terminal "
11038
"enter:"
11039
msgstr ""
11040
11041
#: serverguide/C/package-management.xml:373(command)
11042
msgid "sudo apt-get install apticron"
11043
msgstr "sudo apt-get install apticron"
11044
11045
#: serverguide/C/package-management.xml:376(para)
11046
msgid ""
11047
"Once the package is installed edit "
11048
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11049
"and other options:"
11050
msgstr ""
11051
11052
#: serverguide/C/package-management.xml:380(programlisting)
11053
#, no-wrap
11054
msgid ""
11055
"\n"
11056
"EMAIL=\"root@example.com\"\n"
11057
msgstr ""
11058
11059
#: serverguide/C/package-management.xml:389(para)
11060
msgid ""
11061
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11062
"system repositories is stored in the /etc/apt/sources.list configuration "
11063
"file. An example of this file is referenced here, along with information on "
11064
"adding or removing repository references from the file."
11065
msgstr ""
11066
11067
#: serverguide/C/package-management.xml:395(para)
11068
msgid ""
11069
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11070
"typical <filename>/etc/apt/sources.list</filename> file."
11071
msgstr ""
11072
11073
#: serverguide/C/package-management.xml:399(para)
11074
msgid ""
11075
"You may edit the file to enable repositories or disable them. For example, "
11076
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11077
"operations occur, simply comment out the appropriate line for the CD-ROM, "
11078
"which appears at the top of the file:"
11079
msgstr ""
11080
11081
#: serverguide/C/package-management.xml:404(screen)
11082
#, no-wrap
11083
msgid ""
11084
"\n"
11085
"# no more prompting for CD-ROM please\n"
11086
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
11087
"main restricted\n"
11088
msgstr ""
11089
11090
#: serverguide/C/package-management.xml:410(title)
11091
msgid "Extra Repositories"
11092
msgstr "Dipòsits addicionals"
11093
11094
#: serverguide/C/package-management.xml:411(para)
11095
msgid ""
11096
"In addition to the officially supported package repositories available for "
11097
"Ubuntu, there exist additional community-maintained repositories which add "
11098
"thousands more potential packages for installation. Two of the most popular "
11099
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11100
"repositories. These repositories are not officially supported by Ubuntu, but "
11101
"because they are maintained by the community they generally provide packages "
11102
"which are safe for use with your Ubuntu computer."
11103
msgstr ""
11104
11105
#: serverguide/C/package-management.xml:414(para)
11106
msgid ""
11107
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11108
"licensing issues that prevent them from being distributed with a free "
11109
"operating system, and they may be illegal in your locality."
11110
msgstr ""
11111
11112
#: serverguide/C/package-management.xml:416(para)
11113
msgid ""
11114
"Be advised that neither the <emphasis>Universe</emphasis> or "
11115
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11116
"packages. In particular, there may not be security updates for these "
11117
"packages."
11118
msgstr ""
11119
11120
#: serverguide/C/package-management.xml:420(para)
11121
msgid ""
11122
"Many other package sources are available, sometimes even offering only one "
11123
"package, as in the case of package sources provided by the developer of a "
11124
"single application. You should always be very careful and cautious when "
11125
"using non-standard package sources, however. Research the source and "
11126
"packages carefully before performing any installation, as some package "
11127
"sources and their packages could render your system unstable or non-"
11128
"functional in some respects."
11129
msgstr ""
11130
11131
#: serverguide/C/package-management.xml:423(para)
11132
msgid ""
11133
"By default, the <emphasis>Universe</emphasis> and "
11134
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11135
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
11136
"comment the following lines:"
11137
msgstr ""
11138
11139
#: serverguide/C/package-management.xml:430(programlisting)
11140
#, no-wrap
11141
msgid ""
11142
"\n"
11143
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11144
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11145
"\n"
11146
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11147
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11148
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11149
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11150
"\n"
11151
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11152
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11153
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11154
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11155
"\n"
11156
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
11157
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
11158
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11159
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11160
msgstr ""
11161
11162
#: serverguide/C/package-management.xml:456(para)
11163
msgid ""
11164
"Most of the material covered in this chapter is available in "
11165
"<application>man</application> pages, many of which are available online."
11166
msgstr ""
11167
11168
#: serverguide/C/package-management.xml:463(para)
11169
msgid ""
11170
"The <ulink "
11171
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11172
"re</ulink> Ubuntu wiki page has more information."
11173
msgstr ""
11174
11175
#: serverguide/C/package-management.xml:468(para)
11176
msgid ""
11177
"For more <application>dpkg</application> details see the <ulink "
11178
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
11179
" man page</ulink>."
11180
msgstr ""
11181
11182
#: serverguide/C/package-management.xml:474(para)
11183
msgid ""
11184
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11185
"HOWTO</ulink> and <ulink "
11186
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
11187
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
11188
"<application>apt-get</application> usage."
11189
msgstr ""
11190
11191
#: serverguide/C/package-management.xml:481(para)
11192
msgid ""
11193
"See the <ulink "
11194
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
11195
"itude man page</ulink> for more <application>aptitude</application> options."
11196
msgstr ""
11197
11198
#: serverguide/C/package-management.xml:487(para)
11199
msgid ""
11200
"The <ulink "
11201
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11202
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11203
"adding repositories."
11204
msgstr ""
11205
11206
#: serverguide/C/other-apps.xml:13(title)
11207
msgid "Other Useful Applications"
11208
msgstr "Altres aplicacions útils"
11209
11210
#: serverguide/C/other-apps.xml:15(para)
11211
msgid ""
11212
"There are many very useful applications developed by the Ubuntu Server Team, "
11213
"and others that are well integrated with Ubuntu Server Edition, that might "
11214
"not be well known. This chapter will showcase some useful applications that "
11215
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11216
"easier."
11217
msgstr ""
11218
11219
#: serverguide/C/other-apps.xml:23(title)
11220
msgid "pam_motd"
11221
msgstr ""
11222
11223
#: serverguide/C/other-apps.xml:25(para)
11224
msgid ""
11225
"When logging into an Ubuntu server you may have noticed the informative "
11226
"Message Of The Day (MOTD). This information is obtained and displayed using "
11227
"a couple of packages:"
11228
msgstr ""
11229
11230
#: serverguide/C/other-apps.xml:32(para)
11231
msgid ""
11232
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11233
"<application>landscape-client</application>, which can be used to manage "
11234
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11235
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
11236
"utility which is used to gather the information displayed in the MOTD."
11237
msgstr ""
11238
11239
#: serverguide/C/other-apps.xml:40(para)
11240
msgid ""
11241
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11242
"the MOTD via <application>pam_motd</application> module."
11243
msgstr ""
11244
11245
#: serverguide/C/other-apps.xml:46(para)
11246
msgid ""
11247
"<application>pam_motd</application> executes the scripts in "
11248
"<filename>/etc/update-motd.d</filename> in order based on the number "
11249
"prepended to the script. The output of the scripts is written to "
11250
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11251
"concatenated with <filename>/etc/motd.tail</filename>."
11252
msgstr ""
11253
11254
#: serverguide/C/other-apps.xml:52(para)
11255
msgid ""
11256
"You can add your own dynamic information to the MOTD. For example, to add "
11257
"local weather information:"
11258
msgstr ""
11259
11260
#: serverguide/C/other-apps.xml:58(para)
11261
msgid "First, install the <application>weather-util</application> package:"
11262
msgstr ""
11263
11264
#: serverguide/C/other-apps.xml:63(command)
11265
msgid "sudo apt-get install weather-util"
11266
msgstr "sudo apt-get install weather-util"
11267
11268
#: serverguide/C/other-apps.xml:68(para)
11269
msgid ""
11270
"The <application>weather</application> utility uses METAR data from the "
11271
"National Oceanic and Atmospheric Administration and forecasts from the "
11272
"National Weather Service. In order to find local information you will need "
11273
"the 4-character ICAO location indicator. This can be determined by browsing "
11274
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11275
"Weather Service</ulink> site."
11276
msgstr ""
11277
11278
#: serverguide/C/other-apps.xml:75(para)
11279
msgid ""
11280
"Although the National Weather Service is a United States government agency "
11281
"there are weather stations available world wide. However, local weather "
11282
"information for all locations outside the U.S. may not be available."
11283
msgstr ""
11284
11285
#: serverguide/C/other-apps.xml:81(para)
11286
msgid ""
11287
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11288
"script to use <application>weather</application> with your local ICAO "
11289
"indicator:"
11290
msgstr ""
11291
11292
#: serverguide/C/other-apps.xml:86(programlisting)
11293
#, no-wrap
11294
msgid ""
11295
"\n"
11296
"#!/bin/sh\n"
11297
"#\n"
11298
"#\n"
11299
"# Prints the local weather information for the MOTD.\n"
11300
"#\n"
11301
"#\n"
11302
"\n"
11303
"# Replace KINT with your local weather station.\n"
11304
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11305
"\n"
11306
"echo\n"
11307
"weather -i KINT\n"
11308
"echo\n"
11309
"\n"
11310
msgstr ""
11311
11312
#: serverguide/C/other-apps.xml:104(para)
11313
msgid "Make the script executable:"
11314
msgstr ""
11315
11316
#: serverguide/C/other-apps.xml:109(command)
11317
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11318
msgstr "sudo chmod 755 /usr/local/bin/local-weather"
11319
11320
#: serverguide/C/other-apps.xml:113(para)
11321
msgid ""
11322
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11323
"weather</filename>:"
11324
msgstr ""
11325
11326
#: serverguide/C/other-apps.xml:118(command)
11327
msgid ""
11328
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11329
msgstr ""
11330
11331
#: serverguide/C/other-apps.xml:122(para)
11332
msgid "Finally, exit the server and re-login to view the new MOTD."
11333
msgstr ""
11334
11335
#: serverguide/C/other-apps.xml:128(para)
11336
msgid ""
11337
"You should now be greeted with some useful information, and some information "
11338
"about the local weather that may not be quite so useful. Hopefully the "
11339
"<application>local-weather</application> example demonstrates the "
11340
"flexibility of <application>pam_motd</application>."
11341
msgstr ""
11342
11343
#: serverguide/C/other-apps.xml:136(title)
11344
msgid "etckeeper"
11345
msgstr "etckeeper"
11346
11347
#: serverguide/C/other-apps.xml:138(para)
11348
msgid ""
11349
"<application>etckeeper</application> allows the contents of <filename "
11350
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11351
"System (VCS) repository. It hooks into <application>apt</application> to "
11352
"automatically commit changes to <filename>/etc</filename> when packages are "
11353
"installed or upgraded. Placing <filename>/etc</filename> under version "
11354
"control is considered an industry best practice, and the goal of "
11355
"<application>etckeeper</application> is to make this process as painless as "
11356
"possible."
11357
msgstr ""
11358
11359
#: serverguide/C/other-apps.xml:146(para)
11360
msgid ""
11361
"Install <application>etckeeper</application> by entering the following in a "
11362
"terminal:"
11363
msgstr ""
11364
"Instal·leu l'<application>etckeeper</application> introduint el següent en "
11365
"un terminal:"
11366
11367
#: serverguide/C/other-apps.xml:151(command)
11368
msgid "sudo apt-get install etckeeper"
11369
msgstr "sudo apt-get install etckeeper"
11370
11371
#: serverguide/C/other-apps.xml:154(para)
11372
msgid ""
11373
"The main configuration file, "
11374
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11375
"main option is which VCS to use. By default "
11376
"<application>etckeeper</application> is configured to use "
11377
"<application>bzr</application> for version control. The repository is "
11378
"automatically initialized (and committed for the first time) during package "
11379
"installation. It is possible to undo this by entering the following command:"
11380
msgstr ""
11381
11382
#: serverguide/C/other-apps.xml:164(command)
11383
msgid "sudo etckeeper uninit"
11384
msgstr "sudo etckeeper uninit"
11385
11386
#: serverguide/C/other-apps.xml:167(para)
11387
msgid ""
11388
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11389
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11390
"It will also automatically commit changes before and after package "
11391
"installation. For a more precise tracking of changes, it is recommended to "
11392
"commit your changes manually, together with a commit message, using:"
11393
msgstr ""
11394
11395
#: serverguide/C/other-apps.xml:176(command)
11396
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11397
msgstr "sudo etckeeper commit \"..Motiu per al canvi de la configuració..\""
11398
11399
#: serverguide/C/other-apps.xml:179(para)
11400
msgid ""
11401
"Using the VCS commands you can view log information about files in "
11402
"<filename>/etc</filename>:"
11403
msgstr ""
11404
11405
#: serverguide/C/other-apps.xml:184(command)
11406
msgid "sudo bzr log /etc/passwd"
11407
msgstr "sudo bzr log /etc/passwd"
11408
11409
#: serverguide/C/other-apps.xml:187(para)
11410
msgid ""
11411
"To demonstrate the integration with the package management system, install "
11412
"<application>postfix</application>:"
11413
msgstr ""
11414
"Per a demostrar la integració amb el sistema de gestió de paquets, "
11415
"instal·leu el <application>postfix</application>:"
11416
11417
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11418
msgid "sudo apt-get install postfix"
11419
msgstr "sudo apt-get install postfix"
11420
11421
#: serverguide/C/other-apps.xml:195(para)
11422
msgid ""
11423
"When the installation is finished, all the "
11424
"<application>postfix</application> configuration files should be committed "
11425
"to the repository:"
11426
msgstr ""
11427
11428
#: serverguide/C/other-apps.xml:201(computeroutput)
11429
#, no-wrap
11430
msgid ""
11431
"Committing to: /etc/\n"
11432
"added aliases.db\n"
11433
"modified group\n"
11434
"modified group-\n"
11435
"modified gshadow\n"
11436
"modified gshadow-\n"
11437
"modified passwd\n"
11438
"modified passwd-\n"
11439
"added postfix\n"
11440
"added resolvconf\n"
11441
"added rsyslog.d\n"
11442
"modified shadow\n"
11443
"modified shadow-\n"
11444
"added init.d/postfix\n"
11445
"added network/if-down.d/postfix\n"
11446
"added network/if-up.d/postfix\n"
11447
"added postfix/dynamicmaps.cf\n"
11448
"added postfix/main.cf\n"
11449
"added postfix/master.cf\n"
11450
"added postfix/post-install\n"
11451
"added postfix/postfix-files\n"
11452
"added postfix/postfix-script\n"
11453
"added postfix/sasl\n"
11454
"added ppp/ip-down.d\n"
11455
"added ppp/ip-down.d/postfix\n"
11456
"added ppp/ip-up.d/postfix\n"
11457
"added rc0.d/K20postfix\n"
11458
"added rc1.d/K20postfix\n"
11459
"added rc2.d/S20postfix\n"
11460
"added rc3.d/S20postfix\n"
11461
"added rc4.d/S20postfix\n"
11462
"added rc5.d/S20postfix\n"
11463
"added rc6.d/K20postfix\n"
11464
"added resolvconf/update-libc.d\n"
11465
"added resolvconf/update-libc.d/postfix\n"
11466
"added rsyslog.d/postfix.conf\n"
11467
"added ufw/applications.d/postfix\n"
11468
"Committed revision 2."
11469
msgstr ""
11470
11471
#: serverguide/C/other-apps.xml:241(para)
11472
msgid ""
11473
"For an example of how <application>etckeeper</application> tracks manual "
11474
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11475
"<application>bzr</application> you can see which files have been modified:"
11476
msgstr ""
11477
11478
#: serverguide/C/other-apps.xml:247(command)
11479
msgid "sudo bzr status /etc/"
11480
msgstr "sudo bzr status /etc/"
11481
11482
#: serverguide/C/other-apps.xml:248(computeroutput)
11483
#, no-wrap
11484
msgid ""
11485
"modified:\n"
11486
" hosts"
11487
msgstr ""
11488
11489
#: serverguide/C/other-apps.xml:252(para)
11490
msgid "Now commit the changes:"
11491
msgstr ""
11492
11493
#: serverguide/C/other-apps.xml:257(command)
11494
msgid "sudo etckeeper commit \"new host\""
11495
msgstr ""
11496
11497
#: serverguide/C/other-apps.xml:260(para)
11498
msgid ""
11499
"For more information on <application>bzr</application> see <xref "
11500
"linkend=\"bazaar\"/>."
11501
msgstr ""
11502
11503
#: serverguide/C/other-apps.xml:266(title)
11504
msgid "Byobu"
11505
msgstr ""
11506
11507
#: serverguide/C/other-apps.xml:268(para)
11508
msgid ""
11509
"One of the most useful applications for any system administrator is "
11510
"<application>screen</application>. It allows the execution of multiple "
11511
"shells in one terminal. To make some of the advanced "
11512
"<application>screen</application> features more user friendly, and provide "
11513
"some useful information about the system, the "
11514
"<application>byobu</application> package was created."
11515
msgstr ""
11516
11517
#: serverguide/C/other-apps.xml:275(para)
11518
msgid ""
11519
"When executing <application>byobu</application> pressing the "
11520
"<emphasis>F9</emphasis> key will bring up the "
11521
"<application>Configuration</application> menu. This menu will allow you to:"
11522
msgstr ""
11523
11524
#: serverguide/C/other-apps.xml:281(para)
11525
msgid "View the Help menu"
11526
msgstr ""
11527
11528
#: serverguide/C/other-apps.xml:282(para)
11529
msgid "Change Byobu's background color"
11530
msgstr ""
11531
11532
#: serverguide/C/other-apps.xml:283(para)
11533
msgid "Change Byobu's foreground color"
11534
msgstr ""
11535
11536
#: serverguide/C/other-apps.xml:284(para)
11537
msgid "Toggle status notifications"
11538
msgstr ""
11539
11540
#: serverguide/C/other-apps.xml:285(para)
11541
msgid "Change the key binding set"
11542
msgstr ""
11543
11544
#: serverguide/C/other-apps.xml:286(para)
11545
msgid "Change the escape sequence"
11546
msgstr ""
11547
11548
#: serverguide/C/other-apps.xml:287(para)
11549
msgid "Create new windows"
11550
msgstr ""
11551
11552
#: serverguide/C/other-apps.xml:288(para)
11553
msgid "Manage the default windows"
11554
msgstr ""
11555
11556
#: serverguide/C/other-apps.xml:289(para)
11557
msgid "Byobu currently does not launch at login (toggle on)"
11558
msgstr ""
11559
11560
#: serverguide/C/other-apps.xml:292(para)
11561
msgid ""
11562
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11563
"sequence, new window, change window, etc. There are two key binding sets to "
11564
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11565
"keys</emphasis>. If you wish to use the original key bindings choose the "
11566
"<emphasis>none</emphasis> set."
11567
msgstr ""
11568
11569
#: serverguide/C/other-apps.xml:298(para)
11570
msgid ""
11571
"<application>byobu</application> provides a menu which displays the Ubuntu "
11572
"release, processor information, memory information, and the time and date. "
11573
"The effect is similar to a desktop menu."
11574
msgstr ""
11575
11576
#: serverguide/C/other-apps.xml:303(para)
11577
msgid ""
11578
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11579
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11580
"executed any time a terminal is opened. Changes made to "
11581
"<application>byobu</application> are on a per user basis, and will not "
11582
"affect other users on the system."
11583
msgstr ""
11584
11585
#: serverguide/C/other-apps.xml:309(para)
11586
msgid ""
11587
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11588
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11589
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11590
"commands. Here is a quick list of movement commands:"
11591
msgstr ""
11592
11593
#: serverguide/C/other-apps.xml:316(para)
11594
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11595
msgstr ""
11596
11597
#: serverguide/C/other-apps.xml:317(para)
11598
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11599
msgstr ""
11600
11601
#: serverguide/C/other-apps.xml:318(para)
11602
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11603
msgstr ""
11604
11605
#: serverguide/C/other-apps.xml:319(para)
11606
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11607
msgstr ""
11608
11609
#: serverguide/C/other-apps.xml:320(para)
11610
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11611
msgstr ""
11612
11613
#: serverguide/C/other-apps.xml:321(para)
11614
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11615
msgstr ""
11616
11617
#: serverguide/C/other-apps.xml:322(para)
11618
msgid ""
11619
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11620
"the buffer)"
11621
msgstr ""
11622
11623
#: serverguide/C/other-apps.xml:323(para)
11624
msgid "<emphasis>/</emphasis> - Search forward"
11625
msgstr ""
11626
11627
#: serverguide/C/other-apps.xml:324(para)
11628
msgid "<emphasis>?</emphasis> - Search backward"
11629
msgstr ""
11630
11631
#: serverguide/C/other-apps.xml:325(para)
11632
msgid ""
11633
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11634
msgstr ""
11635
11636
#: serverguide/C/other-apps.xml:334(para)
11637
msgid ""
11638
"See the <ulink "
11639
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11640
"motd.1.html\">update-motd man page</ulink> for more options available to "
11641
"<application>update-motd</application>."
11642
msgstr ""
11643
11644
#: serverguide/C/other-apps.xml:340(para)
11645
msgid ""
11646
"The Debian Package of the Day <ulink "
11647
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11648
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11649
"details about using the <application>weather</application>utility."
11650
msgstr ""
11651
11652
#: serverguide/C/other-apps.xml:347(para)
11653
msgid ""
11654
"See the <ulink "
11655
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11656
"more details on using <application>etckeeper</application>."
11657
msgstr ""
11658
11659
#: serverguide/C/other-apps.xml:353(para)
11660
msgid ""
11661
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11662
"Ubuntu Wiki</ulink> page."
11663
msgstr ""
11664
11665
#: serverguide/C/other-apps.xml:358(para)
11666
msgid ""
11667
"For the latest news and information about <application>bzr</application> see "
11668
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11669
msgstr ""
11670
11671
#: serverguide/C/other-apps.xml:363(para)
11672
msgid ""
11673
"For more information on <application>screen</application> see the <ulink "
11674
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11675
msgstr ""
11676
11677
#: serverguide/C/other-apps.xml:368(para)
11678
msgid ""
11679
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11680
"screen</ulink> page."
11681
msgstr ""
11682
11683
#: serverguide/C/other-apps.xml:373(para)
11684
msgid ""
11685
"Also, see the <application>byobu</application><ulink "
11686
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11687
"information."
11688
msgstr ""
11689
11690
#: serverguide/C/network-config.xml:14(para)
11691
msgid ""
11692
"Networks consist of two or more devices, such as computer systems, printers, "
11693
"and related equipment which are connected by either physical cabling or "
11694
"wireless links for the purpose of sharing and distributing information among "
11695
"the connected devices."
11696
msgstr ""
11697
11698
#: serverguide/C/network-config.xml:20(para)
11699
msgid ""
11700
"This section provides general and specific information pertaining to "
11701
"networking, including an overview of network concepts and detailed "
11702
"discussion of popular network protocols."
11703
msgstr ""
11704
"Aquesta secció proporciona informació general i específica referent a les "
11705
"xarxes. Inclou un resum dels conceptes relacionats amb les xarxes i una "
11706
"descripció detallada dels protocols de xarxa més populars."
11707
11708
#: serverguide/C/network-config.xml:27(title)
11709
msgid "Network Configuration"
11710
msgstr "Configuració de la xarxa"
11711
11712
#: serverguide/C/network-config.xml:28(para)
11713
msgid ""
11714
"Ubuntu ships with a number of graphical utilities to configure your network "
11715
"devices. This document is geared toward server administrators and will focus "
11716
"on managing your network on the command line."
11717
msgstr ""
11718
11719
#: serverguide/C/network-config.xml:35(title)
11720
msgid "Ethernet Interfaces"
11721
msgstr ""
11722
11723
#: serverguide/C/network-config.xml:36(para)
11724
msgid ""
11725
"Ethernet interfaces are identified by the system using the naming convention "
11726
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11727
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11728
"interface is typically identified as <emphasis "
11729
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11730
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11731
"order."
11732
msgstr ""
11733
11734
#: serverguide/C/network-config.xml:46(title)
11735
msgid "Identify Ethernet Interfaces"
11736
msgstr ""
11737
11738
#: serverguide/C/network-config.xml:47(para)
11739
msgid ""
11740
"To quickly identify all available Ethernet interfaces, you can use the "
11741
"<application>ifconfig</application> command as shown below."
11742
msgstr ""
11743
11744
#: serverguide/C/network-config.xml:52(userinput)
11745
#, no-wrap
11746
msgid "ifconfig -a | grep eth"
11747
msgstr ""
11748
11749
#: serverguide/C/network-config.xml:51(screen)
11750
#, no-wrap
11751
msgid ""
11752
"\n"
11753
"<placeholder-1/>\n"
11754
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11755
msgstr ""
11756
11757
#: serverguide/C/network-config.xml:55(para)
11758
msgid ""
11759
"Another application that can help identify all network interfaces available "
11760
"to your system is the <application>lshw</application> command. In the "
11761
"example below, <application>lshw</application> shows a single Ethernet "
11762
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11763
"along with bus information, driver details and all supported capabilities."
11764
msgstr ""
11765
11766
#: serverguide/C/network-config.xml:62(userinput)
11767
#, no-wrap
11768
msgid "sudo lshw -class network"
11769
msgstr ""
11770
11771
#: serverguide/C/network-config.xml:61(screen)
11772
#, no-wrap
11773
msgid ""
11774
"\n"
11775
"<placeholder-1/>\n"
11776
" *-network\n"
11777
" description: Ethernet interface\n"
11778
" product: BCM4401-B0 100Base-TX\n"
11779
" vendor: Broadcom Corporation\n"
11780
" physical id: 0\n"
11781
" bus info: pci@0000:03:00.0\n"
11782
" logical name: eth0\n"
11783
" version: 02\n"
11784
" serial: 00:15:c5:4a:16:5a\n"
11785
" size: 10MB/s\n"
11786
" capacity: 100MB/s\n"
11787
" width: 32 bits\n"
11788
" clock: 33MHz\n"
11789
" capabilities: (snipped for brevity)\n"
11790
" configuration: (snipped for brevity)\n"
11791
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11792
msgstr ""
11793
11794
#: serverguide/C/network-config.xml:83(title)
11795
msgid "Ethernet Interface Logical Names"
11796
msgstr ""
11797
11798
#: serverguide/C/network-config.xml:84(para)
11799
msgid ""
11800
"Interface logical names are configured in the file "
11801
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11802
"like control which interface receives a particular logical name, find the "
11803
"line matching the interfaces physical MAC address and modify the value of "
11804
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11805
"Reboot the system to commit your changes."
11806
msgstr ""
11807
11808
#: serverguide/C/network-config.xml:92(programlisting)
11809
#, no-wrap
11810
msgid ""
11811
"\n"
11812
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11813
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11814
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11815
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11816
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11817
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11818
msgstr ""
11819
11820
#: serverguide/C/network-config.xml:99(title)
11821
msgid "Ethernet Interface Settings"
11822
msgstr ""
11823
11824
#: serverguide/C/network-config.xml:100(para)
11825
msgid ""
11826
"<application>ethtool</application> is a program that displays and changes "
11827
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11828
"and Wake-on-LAN. It is not installed by default, but is available for "
11829
"installation in the repositories."
11830
msgstr ""
11831
11832
#: serverguide/C/network-config.xml:106(userinput)
11833
#, no-wrap
11834
msgid "sudo apt-get install ethtool"
11835
msgstr ""
11836
11837
#: serverguide/C/network-config.xml:108(para)
11838
msgid ""
11839
"The following is an example of how to view supported features and configured "
11840
"settings of an Ethernet interface."
11841
msgstr ""
11842
11843
#: serverguide/C/network-config.xml:113(userinput)
11844
#, no-wrap
11845
msgid "sudo ethtool eth0"
11846
msgstr ""
11847
11848
#: serverguide/C/network-config.xml:112(screen)
11849
#, no-wrap
11850
msgid ""
11851
"\n"
11852
"<placeholder-1/>\n"
11853
"Settings for eth0:\n"
11854
" Supported ports: [ TP ]\n"
11855
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11856
" 100baseT/Half 100baseT/Full \n"
11857
" 1000baseT/Half 1000baseT/Full \n"
11858
" Supports auto-negotiation: Yes\n"
11859
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11860
" 100baseT/Half 100baseT/Full \n"
11861
" 1000baseT/Half 1000baseT/Full \n"
11862
" Advertised auto-negotiation: Yes\n"
11863
" Speed: 1000Mb/s\n"
11864
" Duplex: Full\n"
11865
" Port: Twisted Pair\n"
11866
" PHYAD: 1\n"
11867
" Transceiver: internal\n"
11868
" Auto-negotiation: on\n"
11869
" Supports Wake-on: g\n"
11870
" Wake-on: d\n"
11871
" Current message level: 0x000000ff (255)\n"
11872
" Link detected: yes\n"
11873
msgstr ""
11874
11875
#: serverguide/C/network-config.xml:135(para)
11876
msgid ""
11877
"Changes made with the <application>ethtool</application> command are "
11878
"temporary and will be lost after a reboot. If you would like to retain "
11879
"settings, simply add the desired <application>ethtool</application> command "
11880
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11881
"configuration file <filename>/etc/network/interfaces</filename>."
11882
msgstr ""
11883
11884
#: serverguide/C/network-config.xml:141(para)
11885
msgid ""
11886
"The following is an example of how the interface identified as <emphasis "
11887
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11888
"speed of 1000Mb/s running in full duplex mode."
11889
msgstr ""
11890
11891
#: serverguide/C/network-config.xml:145(programlisting)
11892
#, no-wrap
11893
msgid ""
11894
"\n"
11895
"auto eth0\n"
11896
"iface eth0 inet static\n"
11897
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11898
msgstr ""
11899
11900
#: serverguide/C/network-config.xml:151(para)
11901
msgid ""
11902
"Although the example above shows the interface configured to use the "
11903
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11904
"other methods as well, such as DHCP. The example is meant to demonstrate "
11905
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11906
"statement in relation to the rest of the interface configuration."
11907
msgstr ""
11908
11909
#: serverguide/C/network-config.xml:163(title)
11910
msgid "IP Addressing"
11911
msgstr ""
11912
11913
#: serverguide/C/network-config.xml:164(para)
11914
msgid ""
11915
"The following section describes the process of configuring your systems IP "
11916
"address and default gateway needed for communicating on a local area network "
11917
"and the Internet."
11918
msgstr ""
11919
11920
#: serverguide/C/network-config.xml:171(title)
11921
msgid "Temporary IP Address Assignment"
11922
msgstr ""
11923
11924
#: serverguide/C/network-config.xml:172(para)
11925
msgid ""
11926
"For temporary network configurations, you can use standard commands such as "
11927
"<application>ip</application>, <application>ifconfig</application> and "
11928
"<application>route</application>, which are also found on most other "
11929
"GNU/Linux operating systems. These commands allow you to configure settings "
11930
"which take effect immediately, however they are not persistent and will be "
11931
"lost after a reboot."
11932
msgstr ""
11933
11934
#: serverguide/C/network-config.xml:180(para)
11935
msgid ""
11936
"To temporarily configure an IP address, you can use the "
11937
"<application>ifconfig</application> command in the following manner. Just "
11938
"modify the IP address and subnet mask to match your network requirements."
11939
msgstr ""
11940
11941
#: serverguide/C/network-config.xml:186(userinput)
11942
#, no-wrap
11943
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11944
msgstr ""
11945
11946
#: serverguide/C/network-config.xml:188(para)
11947
msgid ""
11948
"To verify the IP address configuration of <application>eth0</application>, "
11949
"you can use the <application>ifconfig</application> command in the following "
11950
"manner."
11951
msgstr ""
11952
11953
#: serverguide/C/network-config.xml:193(userinput)
11954
#, no-wrap
11955
msgid "ifconfig eth0"
11956
msgstr ""
11957
11958
#: serverguide/C/network-config.xml:192(screen)
11959
#, no-wrap
11960
msgid ""
11961
"\n"
11962
"<placeholder-1/>\n"
11963
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11964
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11965
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11966
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11967
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11968
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11969
" collisions:0 txqueuelen:1000 \n"
11970
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11971
" Interrupt:16 \n"
11972
msgstr ""
11973
11974
#: serverguide/C/network-config.xml:204(para)
11975
msgid ""
11976
"To configure a default gateway, you can use the "
11977
"<application>route</application> command in the following manner. Modify the "
11978
"default gateway address to match your network requirements."
11979
msgstr ""
11980
11981
#: serverguide/C/network-config.xml:210(userinput)
11982
#, no-wrap
11983
msgid "sudo route add default gw 10.0.0.1 eth0"
11984
msgstr ""
11985
11986
#: serverguide/C/network-config.xml:212(para)
11987
msgid ""
11988
"To verify your default gateway configuration, you can use the "
11989
"<application>route</application> command in the following manner."
11990
msgstr ""
11991
11992
#: serverguide/C/network-config.xml:217(userinput)
11993
#, no-wrap
11994
msgid "route -n"
11995
msgstr ""
11996
11997
#: serverguide/C/network-config.xml:216(screen)
11998
#, no-wrap
11999
msgid ""
12000
"\n"
12001
"<placeholder-1/>\n"
12002
"Kernel IP routing table\n"
12003
"Destination Gateway Genmask Flags Metric Ref Use "
12004
"Iface\n"
12005
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
12006
"eth0\n"
12007
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
12008
"eth0\n"
12009
msgstr ""
12010
12011
#: serverguide/C/network-config.xml:223(para)
12012
msgid ""
12013
"If you require DNS for your temporary network configuration, you can add DNS "
12014
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
12015
"example below shows how to enter two DNS servers to "
12016
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
12017
"appropriate for your network. A more lengthy description of DNS client "
12018
"configuration is in a following section."
12019
msgstr ""
12020
12021
#: serverguide/C/network-config.xml:230(programlisting)
12022
#, no-wrap
12023
msgid ""
12024
"\n"
12025
"nameserver 8.8.8.8\n"
12026
"nameserver 8.8.4.4\n"
12027
msgstr ""
12028
12029
#: serverguide/C/network-config.xml:234(para)
12030
msgid ""
12031
"If you no longer need this configuration and wish to purge all IP "
12032
"configuration from an interface, you can use the "
12033
"<application>ip</application> command with the flush option as shown below."
12034
msgstr ""
12035
12036
#: serverguide/C/network-config.xml:240(userinput)
12037
#, no-wrap
12038
msgid "ip addr flush eth0"
12039
msgstr ""
12040
12041
#: serverguide/C/network-config.xml:243(para)
12042
msgid ""
12043
"Flushing the IP configuration using the <application>ip</application> "
12044
"command does not clear the contents of "
12045
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
12046
"entries manually."
12047
msgstr ""
12048
12049
#: serverguide/C/network-config.xml:251(title)
12050
msgid "Dynamic IP Address Assignment (DHCP Client)"
12051
msgstr ""
12052
12053
#: serverguide/C/network-config.xml:252(para)
12054
msgid ""
12055
"To configure your server to use DHCP for dynamic address assignment, add the "
12056
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12057
"statement for the appropriate interface in the file "
12058
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12059
"are configuring your first Ethernet interface identified as <emphasis "
12060
"role=\"italic\">eth0</emphasis>."
12061
msgstr ""
12062
12063
#: serverguide/C/network-config.xml:259(programlisting)
12064
#, no-wrap
12065
msgid ""
12066
"\n"
12067
"auto eth0\n"
12068
"iface eth0 inet dhcp\n"
12069
msgstr ""
12070
12071
#: serverguide/C/network-config.xml:263(para)
12072
msgid ""
12073
"By adding an interface configuration as shown above, you can manually enable "
12074
"the interface through the <application>ifup</application> command which "
12075
"initiates the DHCP process via <application>dhclient</application>."
12076
msgstr ""
12077
12078
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12079
#, no-wrap
12080
msgid "sudo ifup eth0"
12081
msgstr ""
12082
12083
#: serverguide/C/network-config.xml:271(para)
12084
msgid ""
12085
"To manually disable the interface, you can use the "
12086
"<application>ifdown</application> command, which in turn will initiate the "
12087
"DHCP release process and shut down the interface."
12088
msgstr ""
12089
12090
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12091
#, no-wrap
12092
msgid "sudo ifdown eth0"
12093
msgstr ""
12094
12095
#: serverguide/C/network-config.xml:282(title)
12096
msgid "Static IP Address Assignment"
12097
msgstr ""
12098
12099
#: serverguide/C/network-config.xml:283(para)
12100
msgid ""
12101
"To configure your system to use a static IP address assignment, add the "
12102
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12103
"family statement for the appropriate interface in the file "
12104
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12105
"are configuring your first Ethernet interface identified as <emphasis "
12106
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12107
"role=\"italic\">address</emphasis>, <emphasis "
12108
"role=\"italic\">netmask</emphasis>, and <emphasis "
12109
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12110
"network."
12111
msgstr ""
12112
12113
#: serverguide/C/network-config.xml:292(programlisting)
12114
#, no-wrap
12115
msgid ""
12116
"\n"
12117
"auto eth0\n"
12118
"iface eth0 inet static\n"
12119
"address 10.0.0.100\n"
12120
"netmask 255.255.255.0\n"
12121
"gateway 10.0.0.1\n"
12122
msgstr ""
12123
12124
#: serverguide/C/network-config.xml:299(para)
12125
msgid ""
12126
"By adding an interface configuration as shown above, you can manually enable "
12127
"the interface through the <application>ifup</application> command."
12128
msgstr ""
12129
12130
#: serverguide/C/network-config.xml:306(para)
12131
msgid ""
12132
"To manually disable the interface, you can use the "
12133
"<application>ifdown</application> command."
12134
msgstr ""
12135
12136
#: serverguide/C/network-config.xml:316(title)
12137
msgid "Loopback Interface"
12138
msgstr ""
12139
12140
#: serverguide/C/network-config.xml:317(para)
12141
msgid ""
12142
"The loopback interface is identified by the system as <emphasis "
12143
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12144
"can be viewed using the ifconfig command."
12145
msgstr ""
12146
12147
#: serverguide/C/network-config.xml:322(userinput)
12148
#, no-wrap
12149
msgid "ifconfig lo"
12150
msgstr ""
12151
12152
#: serverguide/C/network-config.xml:321(screen)
12153
#, no-wrap
12154
msgid ""
12155
"\n"
12156
"<placeholder-1/>\n"
12157
"lo Link encap:Local Loopback \n"
12158
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12159
" inet6 addr: ::1/128 Scope:Host\n"
12160
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12161
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12162
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12163
" collisions:0 txqueuelen:0 \n"
12164
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12165
msgstr ""
12166
12167
#: serverguide/C/network-config.xml:332(para)
12168
msgid ""
12169
"By default, there should be two lines in "
12170
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12171
"configuring your loopback interface. It is recommended that you keep the "
12172
"default settings unless you have a specific purpose for changing them. An "
12173
"example of the two default lines are shown below."
12174
msgstr ""
12175
12176
#: serverguide/C/network-config.xml:338(programlisting)
12177
#, no-wrap
12178
msgid ""
12179
"\n"
12180
"auto lo\n"
12181
"iface lo inet loopback\n"
12182
msgstr ""
12183
12184
#: serverguide/C/network-config.xml:347(title)
12185
msgid "Name Resolution"
12186
msgstr ""
12187
12188
#: serverguide/C/network-config.xml:348(para)
12189
msgid ""
12190
"Name resolution as it relates to IP networking is the process of mapping IP "
12191
"addresses to hostnames, making it easier to identify resources on a network. "
12192
"The following section will explain how to properly configure your system for "
12193
"name resolution using DNS and static hostname records."
12194
msgstr ""
12195
12196
#: serverguide/C/network-config.xml:356(title)
12197
msgid "DNS Client Configuration"
12198
msgstr ""
12199
12200
#: serverguide/C/network-config.xml:357(para)
12201
msgid ""
12202
"To configure your system to use DNS for name resolution, add the IP "
12203
"addresses of the DNS servers that are appropriate for your network in the "
12204
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12205
"suffix search-lists to match your network domain names."
12206
msgstr ""
12207
12208
#: serverguide/C/network-config.xml:362(para)
12209
msgid ""
12210
"Below is an example of a typical configuration of "
12211
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12212
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12213
msgstr ""
12214
12215
#: serverguide/C/network-config.xml:367(programlisting)
12216
#, no-wrap
12217
msgid ""
12218
"\n"
12219
"search example.com\n"
12220
"nameserver 8.8.8.8\n"
12221
"nameserver 8.8.4.4\n"
12222
msgstr ""
12223
12224
#: serverguide/C/network-config.xml:372(para)
12225
msgid ""
12226
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12227
"multiple domain names so that DNS queries will be appended in the order in "
12228
"which they are entered. For example, your network may have multiple sub-"
12229
"domains to search; a parent domain of <emphasis "
12230
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12231
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12232
"role=\"italic\">dev.example.com</emphasis>."
12233
msgstr ""
12234
12235
#: serverguide/C/network-config.xml:380(para)
12236
msgid ""
12237
"If you have multiple domains you wish to search, your configuration might "
12238
"look like the following."
12239
msgstr ""
12240
12241
#: serverguide/C/network-config.xml:383(programlisting)
12242
#, no-wrap
12243
msgid ""
12244
"\n"
12245
"search example.com sales.example.com dev.example.com\n"
12246
"nameserver 8.8.8.8\n"
12247
"nameserver 8.8.4.4\n"
12248
msgstr ""
12249
12250
#: serverguide/C/network-config.xml:388(para)
12251
msgid ""
12252
"If you try to ping a host with the name of <emphasis "
12253
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12254
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12255
msgstr ""
12256
12257
#: serverguide/C/network-config.xml:394(para)
12258
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12259
msgstr ""
12260
12261
#: serverguide/C/network-config.xml:399(para)
12262
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12263
msgstr ""
12264
12265
#: serverguide/C/network-config.xml:404(para)
12266
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12267
msgstr ""
12268
12269
#: serverguide/C/network-config.xml:409(para)
12270
msgid ""
12271
"If no matches are found, the DNS server will provide a result of <emphasis "
12272
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12273
msgstr ""
12274
12275
#: serverguide/C/network-config.xml:416(title)
12276
msgid "Static Hostnames"
12277
msgstr ""
12278
12279
#: serverguide/C/network-config.xml:417(para)
12280
msgid ""
12281
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12282
"file <filename>/etc/hosts</filename>. Entries in the "
12283
"<filename>hosts</filename> file will have precedence over DNS by default. "
12284
"This means that if your system tries to resolve a hostname and it matches an "
12285
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12286
"some configurations, especially when Internet access is not required, "
12287
"servers that communicate with a limited number of resources can be "
12288
"conveniently set to use static hostnames instead of DNS."
12289
msgstr ""
12290
12291
#: serverguide/C/network-config.xml:424(para)
12292
msgid ""
12293
"The following is an example of a <filename>hosts</filename> file where a "
12294
"number of local servers have been identified by simple hostnames, aliases "
12295
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12296
msgstr ""
12297
12298
#: serverguide/C/network-config.xml:428(programlisting)
12299
#, no-wrap
12300
msgid ""
12301
"\n"
12302
"127.0.0.1\tlocalhost\n"
12303
"127.0.1.1\tubuntu-server\n"
12304
"10.0.0.11\tserver1 vpn server1.example.com\n"
12305
"10.0.0.12\tserver2 mail server2.example.com\n"
12306
"10.0.0.13\tserver3 www server3.example.com\n"
12307
"10.0.0.14\tserver4 file server4.example.com\n"
12308
msgstr ""
12309
12310
#: serverguide/C/network-config.xml:437(para)
12311
msgid ""
12312
"In the above example, notice that each of the servers have been given "
12313
"aliases in addition to their proper names and FQDN's. <emphasis "
12314
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12315
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12316
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12317
"role=\"italic\">server3</emphasis> as <emphasis "
12318
"role=\"italic\">www</emphasis>, and <emphasis "
12319
"role=\"italic\">server4</emphasis> as <emphasis "
12320
"role=\"italic\">file</emphasis>."
12321
msgstr ""
12322
12323
#: serverguide/C/network-config.xml:449(title)
12324
msgid "Name Service Switch Configuration"
12325
msgstr ""
12326
12327
#: serverguide/C/network-config.xml:450(para)
12328
msgid ""
12329
"The order in which your system selects a method of resolving hostnames to IP "
12330
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12331
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12332
"section, typically static hostnames defined in the systems "
12333
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12334
"from DNS. The following is an example of the line responsible for this order "
12335
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12336
msgstr ""
12337
12338
#: serverguide/C/network-config.xml:458(programlisting)
12339
#, no-wrap
12340
msgid ""
12341
"\n"
12342
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12343
msgstr ""
12344
12345
#: serverguide/C/network-config.xml:464(para)
12346
msgid ""
12347
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12348
"hostnames located in <filename>/etc/hosts</filename>."
12349
msgstr ""
12350
12351
#: serverguide/C/network-config.xml:470(para)
12352
msgid ""
12353
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12354
"name using Multicast DNS."
12355
msgstr ""
12356
12357
#: serverguide/C/network-config.xml:475(para)
12358
msgid ""
12359
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12360
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12361
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12362
"authoritative and that the system should not try to continue hunting for an "
12363
"answer."
12364
msgstr ""
12365
12366
#: serverguide/C/network-config.xml:483(para)
12367
msgid ""
12368
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12369
msgstr ""
12370
12371
#: serverguide/C/network-config.xml:488(para)
12372
msgid ""
12373
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12374
msgstr ""
12375
12376
#: serverguide/C/network-config.xml:494(para)
12377
msgid ""
12378
"To modify the order of the above mentioned name resolution methods, you can "
12379
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12380
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12381
"versus Multicast DNS, you can change the string in "
12382
"<filename>/etc/nsswitch.conf</filename> as shown below."
12383
msgstr ""
12384
12385
#: serverguide/C/network-config.xml:501(programlisting)
12386
#, no-wrap
12387
msgid ""
12388
"\n"
12389
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12390
msgstr ""
12391
12392
#: serverguide/C/network-config.xml:508(title)
12393
msgid "Bridging"
12394
msgstr ""
12395
12396
#: serverguide/C/network-config.xml:510(para)
12397
msgid ""
12398
"Bridging multiple interfaces is a more advanced configuration, but is very "
12399
"useful in multiple scenarios. One scenario is setting up a bridge with "
12400
"multiple network interfaces, then using a firewall to filter traffic between "
12401
"two network segments. Another scenario is using bridge on a system with one "
12402
"interface to allow virtual machines direct access to the outside network. "
12403
"The following example covers the latter scenario."
12404
msgstr ""
12405
12406
#: serverguide/C/network-config.xml:517(para)
12407
msgid ""
12408
"Before configuring a bridge you will need to install the <application>bridge-"
12409
"utils</application> package. To install the package, in a terminal enter:"
12410
msgstr ""
12411
12412
#: serverguide/C/network-config.xml:523(command)
12413
msgid "sudo apt-get install bridge-utils"
12414
msgstr "sudo apt-get install bridge-utils"
12415
12416
#: serverguide/C/network-config.xml:526(para)
12417
msgid ""
12418
"Next, configure the bridge by editing "
12419
"<filename>/etc/network/interfaces</filename>:"
12420
msgstr ""
12421
12422
#: serverguide/C/network-config.xml:530(programlisting)
12423
#, no-wrap
12424
msgid ""
12425
"\n"
12426
"auto lo\n"
12427
"iface lo inet loopback\n"
12428
"\n"
12429
"auto br0\n"
12430
"iface br0 inet static\n"
12431
" address 192.168.0.10\n"
12432
" network 192.168.0.0\n"
12433
" netmask 255.255.255.0\n"
12434
" broadcast 192.168.0.255\n"
12435
" gateway 192.168.0.1\n"
12436
" bridge_ports eth0\n"
12437
" bridge_fd 9\n"
12438
" bridge_hello 2\n"
12439
" bridge_maxage 12\n"
12440
" bridge_stp off\n"
12441
msgstr ""
12442
12443
#: serverguide/C/network-config.xml:549(para)
12444
msgid "Enter the appropriate values for your physical interface and network."
12445
msgstr ""
12446
12447
#: serverguide/C/network-config.xml:554(para)
12448
msgid "Now restart networking to enable the bridge interface:"
12449
msgstr "Ara reinicieu la xarxa per a habilitar la interfície de pont:"
12450
12451
#: serverguide/C/network-config.xml:561(para)
12452
msgid ""
12453
"The new bridge interface should now be up and running. The "
12454
"<application>brctl</application> provides useful information about the state "
12455
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12456
"<command>man brctl</command> for more information."
12457
msgstr ""
12458
12459
#: serverguide/C/network-config.xml:577(para)
12460
msgid ""
12461
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12462
"Network page</ulink> has links to articles covering more advanced network "
12463
"configuration."
12464
msgstr ""
12465
12466
#: serverguide/C/network-config.xml:583(para)
12467
msgid ""
12468
"The <ulink "
12469
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12470
"\">interfaces man page</ulink> has details on more options for "
12471
"<filename>/etc/network/interfaces</filename>."
12472
msgstr ""
12473
12474
#: serverguide/C/network-config.xml:589(para)
12475
msgid ""
12476
"The <ulink "
12477
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12478
"dhclient man page</ulink> has details on more options for configuring DHCP "
12479
"client settings."
12480
msgstr ""
12481
12482
#: serverguide/C/network-config.xml:595(para)
12483
msgid ""
12484
"For more information on DNS client configuration see the <ulink "
12485
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12486
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12487
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12488
"Administrator's Guide</ulink> is a good source of resolver and name service "
12489
"configuration information."
12490
msgstr ""
12491
12492
#: serverguide/C/network-config.xml:603(para)
12493
msgid ""
12494
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12495
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12496
"tl man page</ulink> and the Linux Foundation's <ulink "
12497
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12498
msgstr ""
12499
12500
#: serverguide/C/network-config.xml:614(title)
12501
msgid "TCP/IP"
12502
msgstr ""
12503
12504
#: serverguide/C/network-config.xml:615(para)
12505
msgid ""
12506
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12507
"standard set of protocols developed in the late 1970s by the Defense "
12508
"Advanced Research Projects Agency (DARPA) as a means of communication "
12509
"between different types of computers and computer networks. TCP/IP is the "
12510
"driving force of the Internet, and thus it is the most popular set of "
12511
"network protocols on Earth."
12512
msgstr ""
12513
12514
#: serverguide/C/network-config.xml:623(title)
12515
msgid "TCP/IP Introduction"
12516
msgstr ""
12517
12518
#: serverguide/C/network-config.xml:624(para)
12519
msgid ""
12520
"The two protocol components of TCP/IP deal with different aspects of "
12521
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12522
"TCP/IP is a connectionless protocol which deals only with network packet "
12523
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12524
"basic unit of networking information. The IP Datagram consists of a header "
12525
"followed by a message. The <emphasis> Transmission Control "
12526
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12527
"establish connections which may be used to exchange data streams. TCP also "
12528
"guarantees that the data between connections is delivered and that it "
12529
"arrives at one network host in the same order as sent from another network "
12530
"host."
12531
msgstr ""
12532
12533
#: serverguide/C/network-config.xml:637(title)
12534
msgid "TCP/IP Configuration"
12535
msgstr ""
12536
12537
#: serverguide/C/network-config.xml:638(para)
12538
msgid ""
12539
"The TCP/IP protocol configuration consists of several elements which must be "
12540
"set by editing the appropriate configuration files, or deploying solutions "
12541
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12542
"can be configured to provide the proper TCP/IP configuration settings to "
12543
"network clients automatically. These configuration values must be set "
12544
"correctly in order to facilitate the proper network operation of your Ubuntu "
12545
"system."
12546
msgstr ""
12547
12548
#: serverguide/C/network-config.xml:650(para)
12549
msgid ""
12550
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12551
"identifying string expressed as four decimal numbers ranging from zero (0) "
12552
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12553
"four numbers representing eight (8) bits of the address for a total length "
12554
"of thirty-two (32) bits for the whole address. This format is called "
12555
"<emphasis>dotted quad notation</emphasis>."
12556
msgstr ""
12557
12558
#: serverguide/C/network-config.xml:660(para)
12559
msgid ""
12560
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12561
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12562
"separate the portions of an IP address significant to the network from the "
12563
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12564
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12565
"three bytes of the IP address and allows the last byte of the IP address to "
12566
"remain available for specifying hosts on the subnetwork."
12567
msgstr ""
12568
12569
#: serverguide/C/network-config.xml:671(para)
12570
msgid ""
12571
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12572
"represents the bytes comprising the network portion of an IP address. For "
12573
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12574
"network address, where twelve (12) represents the first byte of the IP "
12575
"address, (the network part) and zeroes (0) in all of the remaining three "
12576
"bytes to represent the potential host values. A network host using the "
12577
"private IP address 192.168.1.100 would in turn use a Network Address of "
12578
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12579
"network and a zero (0) for all the possible hosts on the network."
12580
msgstr ""
12581
12582
#: serverguide/C/network-config.xml:684(para)
12583
msgid ""
12584
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12585
"is an IP address which allows network data to be sent simultaneously to all "
12586
"hosts on a given subnetwork rather than specifying a particular host. The "
12587
"standard general broadcast address for IP networks is 255.255.255.255, but "
12588
"this broadcast address cannot be used to send a broadcast message to every "
12589
"host on the Internet because routers block it. A more appropriate broadcast "
12590
"address is set to match a specific subnetwork. For example, on the private "
12591
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12592
"Broadcast messages are typically produced by network protocols such as the "
12593
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12594
msgstr ""
12595
12596
#: serverguide/C/network-config.xml:697(para)
12597
msgid ""
12598
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12599
"IP address through which a particular network, or host on a network, may be "
12600
"reached. If one network host wishes to communicate with another network "
12601
"host, and that host is not located on the same network, then a "
12602
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12603
"Address will be that of a router on the same network, which will in turn "
12604
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12605
"value of the Gateway Address setting must be correct, or your system will "
12606
"not be able to reach any hosts beyond those on the same network."
12607
msgstr ""
12608
12609
#: serverguide/C/network-config.xml:708(para)
12610
msgid ""
12611
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12612
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12613
"resolve network hostnames into IP addresses. There are three levels of "
12614
"Nameserver Addresses, which may be specified in order of precedence: The "
12615
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12616
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12617
"your system to be able to resolve network hostnames into their corresponding "
12618
"IP addresses, you must specify valid Nameserver Addresses which you are "
12619
"authorized to use in your system's TCP/IP configuration. In many cases these "
12620
"addresses can and will be provided by your network service provider, but "
12621
"many free and publicly accessible nameservers are available for use, such as "
12622
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12623
msgstr ""
12624
12625
#: serverguide/C/network-config.xml:722(para)
12626
msgid ""
12627
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12628
"Address are typically specified via the appropriate directives in the file "
12629
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12630
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12631
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12632
"system manual page for <filename>interfaces</filename> or "
12633
"<filename>resolv.conf</filename> respectively, with the following commands "
12634
"typed at a terminal prompt:"
12635
msgstr ""
12636
12637
#: serverguide/C/network-config.xml:729(para)
12638
msgid ""
12639
"Access the system manual page for <filename>interfaces</filename> with the "
12640
"following command:"
12641
msgstr ""
12642
12643
#: serverguide/C/network-config.xml:734(command)
12644
msgid "man interfaces"
12645
msgstr ""
12646
12647
#: serverguide/C/network-config.xml:737(para)
12648
msgid ""
12649
"Access the system manual page for <filename>resolv.conf</filename> with the "
12650
"following command:"
12651
msgstr ""
12652
12653
#: serverguide/C/network-config.xml:741(command)
12654
msgid "man resolv.conf"
12655
msgstr ""
12656
12657
#: serverguide/C/network-config.xml:646(para)
12658
msgid ""
12659
"The common configuration elements of TCP/IP and their purposes are as "
12660
"follows: <placeholder-1/>"
12661
msgstr ""
12662
12663
#: serverguide/C/network-config.xml:748(title)
12664
msgid "IP Routing"
12665
msgstr ""
12666
12667
#: serverguide/C/network-config.xml:749(para)
12668
msgid ""
12669
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12670
"network along which network data may be sent. Routing uses a set of "
12671
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12672
"packets from their source to the destination, often via many intermediary "
12673
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12674
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12675
"<emphasis>Dynamic Routing.</emphasis>"
12676
msgstr ""
12677
12678
#: serverguide/C/network-config.xml:758(para)
12679
msgid ""
12680
"Static routing involves manually adding IP routes to the system's routing "
12681
"table, and this is usually done by manipulating the routing table with the "
12682
"<application>route</application> command. Static routing enjoys many "
12683
"advantages over dynamic routing, such as simplicity of implementation on "
12684
"smaller networks, predictability (the routing table is always computed in "
12685
"advance, and thus the route is precisely the same each time it is used), and "
12686
"low overhead on other routers and network links due to the lack of a dynamic "
12687
"routing protocol. However, static routing does present some disadvantages as "
12688
"well. For example, static routing is limited to small networks and does not "
12689
"scale well. Static routing also fails completely to adapt to network outages "
12690
"and failures along the route due to the fixed nature of the route."
12691
msgstr ""
12692
12693
#: serverguide/C/network-config.xml:768(para)
12694
msgid ""
12695
"Dynamic routing depends on large networks with multiple possible IP routes "
12696
"from a source to a destination and makes use of special routing protocols, "
12697
"such as the Router Information Protocol (RIP), which handle the automatic "
12698
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12699
"routing has several advantages over static routing, such as superior "
12700
"scalability and the ability to adapt to failures and outages along network "
12701
"routes. Additionally, there is less manual configuration of the routing "
12702
"tables, since routers learn from one another about their existence and "
12703
"available routes. This trait also eliminates the possibility of introducing "
12704
"mistakes in the routing tables via human error. Dynamic routing is not "
12705
"perfect, however, and presents disadvantages such as heightened complexity "
12706
"and additional network overhead from router communications, which does not "
12707
"immediately benefit the end users, but still consumes network bandwidth."
12708
msgstr ""
12709
12710
#: serverguide/C/network-config.xml:782(title)
12711
msgid "TCP and UDP"
12712
msgstr ""
12713
12714
#: serverguide/C/network-config.xml:783(para)
12715
msgid ""
12716
"TCP is a connection-based protocol, offering error correction and guaranteed "
12717
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12718
"Flow control determines when the flow of a data stream needs to be stopped, "
12719
"and previously sent data packets should to be re-sent due to problems such "
12720
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12721
"accurate delivery of the data. TCP is typically used in the exchange of "
12722
"important information such as database transactions."
12723
msgstr ""
12724
12725
#: serverguide/C/network-config.xml:791(para)
12726
msgid ""
12727
"The User Datagram Protocol (UDP), on the other hand, is a "
12728
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12729
"transmission of important data because it lacks flow control or any other "
12730
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12731
"applications as audio and video streaming, where it is considerably faster "
12732
"than TCP due to the lack of error correction and flow control, and where the "
12733
"loss of a few packets is not generally catastrophic."
12734
msgstr ""
12735
12736
#: serverguide/C/network-config.xml:801(title)
12737
msgid "ICMP"
12738
msgstr ""
12739
12740
#: serverguide/C/network-config.xml:802(para)
12741
msgid ""
12742
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12743
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12744
"supports network packets containing control, error, and informational "
12745
"messages. ICMP is used by such network applications as the "
12746
"<application>ping</application> utility, which can determine the "
12747
"availability of a network host or device. Examples of some error messages "
12748
"returned by ICMP which are useful to both network hosts and devices such as "
12749
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12750
"<emphasis>Time Exceeded</emphasis>."
12751
msgstr ""
12752
12753
#: serverguide/C/network-config.xml:812(title)
12754
msgid "Daemons"
12755
msgstr ""
12756
12757
#: serverguide/C/network-config.xml:813(para)
12758
msgid ""
12759
"Daemons are special system applications which typically execute continuously "
12760
"in the background and await requests for the functions they provide from "
12761
"other applications. Many daemons are network-centric; that is, a large "
12762
"number of daemons executing in the background on an Ubuntu system may "
12763
"provide network-related functionality. Some examples of such network daemons "
12764
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12765
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12766
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12767
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12768
"Daemon</emphasis> (imapd), which provides E-Mail services."
12769
msgstr ""
12770
12771
#: serverguide/C/network-config.xml:828(para)
12772
msgid ""
12773
"There are man pages for <ulink "
12774
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12775
"ulink> and <ulink "
12776
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12777
"> that contain more useful information."
12778
msgstr ""
12779
12780
#: serverguide/C/network-config.xml:834(para)
12781
msgid ""
12782
"Also, see the <ulink "
12783
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12784
"and Technical Overview</ulink> IBM Redbook."
12785
msgstr ""
12786
12787
#: serverguide/C/network-config.xml:840(para)
12788
msgid ""
12789
"Another resource is O'Reilly's <ulink "
12790
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12791
"Administration</ulink>."
12792
msgstr ""
12793
12794
#: serverguide/C/network-config.xml:849(title)
12795
msgid "Dynamic Host Configuration Protocol (DHCP)"
12796
msgstr ""
12797
12798
#: serverguide/C/network-config.xml:850(para)
12799
msgid ""
12800
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12801
"enables host computers to be automatically assigned settings from a server "
12802
"as opposed to manually configuring each network host. Computers configured "
12803
"to be DHCP clients have no control over the settings they receive from the "
12804
"DHCP server, and the configuration is transparent to the computer's user."
12805
msgstr ""
12806
12807
#: serverguide/C/network-config.xml:857(para)
12808
msgid ""
12809
"The most common settings provided by a DHCP server to DHCP clients include:"
12810
msgstr ""
12811
12812
#: serverguide/C/network-config.xml:862(para)
12813
msgid "IP-Address and Netmask"
12814
msgstr ""
12815
12816
#: serverguide/C/network-config.xml:865(para)
12817
msgid "DNS"
12818
msgstr ""
12819
12820
#: serverguide/C/network-config.xml:868(para)
12821
msgid "WINS"
12822
msgstr ""
12823
12824
#: serverguide/C/network-config.xml:871(para)
12825
msgid ""
12826
"However, a DHCP server can also supply configuration properties such as:"
12827
msgstr ""
12828
12829
#: serverguide/C/network-config.xml:876(para)
12830
msgid "Host Name"
12831
msgstr ""
12832
12833
#: serverguide/C/network-config.xml:879(para)
12834
msgid "Domain Name"
12835
msgstr ""
12836
12837
#: serverguide/C/network-config.xml:882(para)
12838
msgid "Default Gateway"
12839
msgstr ""
12840
12841
#: serverguide/C/network-config.xml:885(para)
12842
msgid "Time Server"
12843
msgstr ""
12844
12845
#: serverguide/C/network-config.xml:888(para)
12846
msgid "Print Server"
12847
msgstr ""
12848
12849
#: serverguide/C/network-config.xml:891(para)
12850
msgid ""
12851
"The advantage of using DHCP is that changes to the network, for example a "
12852
"change in the address of the DNS server, need only be changed at the DHCP "
12853
"server, and all network hosts will be reconfigured the next time their DHCP "
12854
"clients poll the DHCP server. As an added advantage, it is also easier to "
12855
"integrate new computers into the network, as there is no need to check for "
12856
"the availability of an IP address. Conflicts in IP address allocation are "
12857
"also reduced."
12858
msgstr ""
12859
12860
#: serverguide/C/network-config.xml:899(para)
12861
msgid "A DHCP server can provide configuration settings using two methods:"
12862
msgstr ""
12863
12864
#: serverguide/C/network-config.xml:904(term)
12865
msgid "MAC Address"
12866
msgstr ""
12867
12868
#: serverguide/C/network-config.xml:906(para)
12869
msgid ""
12870
"This method entails using DHCP to identify the unique hardware address of "
12871
"each network card connected to the network and then continually supplying a "
12872
"constant configuration each time the DHCP client makes a request to the DHCP "
12873
"server using that network device."
12874
msgstr ""
12875
12876
#: serverguide/C/network-config.xml:915(term)
12877
msgid "Address Pool"
12878
msgstr ""
12879
12880
#: serverguide/C/network-config.xml:917(para)
12881
msgid ""
12882
"This method entails defining a pool (sometimes also called a range or scope) "
12883
"of IP addresses from which DHCP clients are supplied their configuration "
12884
"properties dynamically and on a \"first come, first served\" basis. When a "
12885
"DHCP client is no longer on the network for a specified period, the "
12886
"configuration is expired and released back to the address pool for use by "
12887
"other DHCP Clients."
12888
msgstr ""
12889
12890
#: serverguide/C/network-config.xml:928(para)
12891
msgid ""
12892
"Ubuntu is shipped with both DHCP server and client. The server is "
12893
"<application>dhcpd</application> (dynamic host configuration protocol "
12894
"daemon). The client provided with Ubuntu is "
12895
"<application>dhclient</application> and should be installed on all computers "
12896
"required to be automatically configured. Both programs are easy to install "
12897
"and configure and will be automatically started at system boot."
12898
msgstr ""
12899
12900
#: serverguide/C/network-config.xml:938(para)
12901
msgid ""
12902
"At a terminal prompt, enter the following command to install "
12903
"<application>dhcpd</application>:"
12904
msgstr ""
12905
12906
#: serverguide/C/network-config.xml:943(command)
12907
msgid "sudo apt-get install dhcp3-server"
12908
msgstr "sudo apt-get install dhcp3-server"
12909
12910
#: serverguide/C/network-config.xml:945(para)
12911
msgid ""
12912
"You will probably need to change the default configuration by editing "
12913
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12914
msgstr ""
12915
12916
#: serverguide/C/network-config.xml:949(para)
12917
msgid ""
12918
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12919
"dhcpd should listen to. By default it listens to eth0."
12920
msgstr ""
12921
12922
#: serverguide/C/network-config.xml:953(para)
12923
msgid ""
12924
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12925
"messages."
12926
msgstr ""
12927
12928
#: serverguide/C/network-config.xml:960(para)
12929
msgid ""
12930
"The error message the installation ends with might be a little confusing, "
12931
"but the following steps will help you configure the service:"
12932
msgstr ""
12933
12934
#: serverguide/C/network-config.xml:964(para)
12935
msgid ""
12936
"Most commonly, what you want to do is assign an IP address randomly. This "
12937
"can be done with settings as follows:"
12938
msgstr ""
12939
12940
#: serverguide/C/network-config.xml:968(programlisting)
12941
#, no-wrap
12942
msgid ""
12943
"\n"
12944
"# Sample /etc/dhcpd.conf\n"
12945
"# (add your comments here) \n"
12946
"default-lease-time 600;\n"
12947
"max-lease-time 7200;\n"
12948
"option subnet-mask 255.255.255.0;\n"
12949
"option broadcast-address 192.168.1.255;\n"
12950
"option routers 192.168.1.254;\n"
12951
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12952
"option domain-name \"mydomain.example\";\n"
12953
"\n"
12954
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12955
"range 192.168.1.10 192.168.1.100;\n"
12956
"range 192.168.1.150 192.168.1.200;\n"
12957
"} \n"
12958
msgstr ""
12959
12960
#: serverguide/C/network-config.xml:984(para)
12961
msgid ""
12962
"This will result in the DHCP server giving a client an IP address from the "
12963
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12964
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12965
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12966
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12967
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12968
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12969
msgstr ""
12970
12971
#: serverguide/C/network-config.xml:993(para)
12972
msgid ""
12973
"If you need to specify a WINS server for your Windows clients, you will need "
12974
"to include the netbios-name-servers option, e.g."
12975
msgstr ""
12976
12977
#: serverguide/C/network-config.xml:997(programlisting)
12978
#, no-wrap
12979
msgid ""
12980
"\n"
12981
"option netbios-name-servers 192.168.1.1; \n"
12982
msgstr ""
12983
12984
#: serverguide/C/network-config.xml:1000(para)
12985
msgid ""
12986
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12987
"be found <ulink "
12988
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12989
msgstr ""
12990
12991
#: serverguide/C/network-config.xml:1010(para)
12992
msgid ""
12993
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12994
"server Ubuntu Wiki</ulink> page has more information."
12995
msgstr ""
12996
12997
#: serverguide/C/network-config.xml:1015(para)
12998
msgid ""
12999
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
13000
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
13001
"\">dhcpd.conf man page</ulink>."
13002
msgstr ""
13003
13004
#: serverguide/C/network-config.xml:1021(para)
13005
msgid ""
13006
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
13007
"FAQ</ulink>"
13008
msgstr ""
13009
13010
#: serverguide/C/network-config.xml:1031(title)
13011
msgid "Time Synchronisation with NTP"
13012
msgstr ""
13013
13014
#: serverguide/C/network-config.xml:1032(para)
13015
msgid ""
13016
"This page describes methods for keeping your computer's time accurate. This "
13017
"is useful for servers, but is not necessary (or desirable) for desktop "
13018
"machines."
13019
msgstr ""
13020
13021
#: serverguide/C/network-config.xml:1035(para)
13022
msgid ""
13023
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13024
"client requests the current time from a server, and uses it to set its own "
13025
"clock."
13026
msgstr ""
13027
13028
#: serverguide/C/network-config.xml:1038(para)
13029
msgid ""
13030
"Behind this simple description, there is a lot of complexity - there are "
13031
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13032
"clocks (often via GPS), and tier two and three servers spreading the load of "
13033
"actually handling requests across the Internet. Also the client software is "
13034
"a lot more complex than you might think - it has to factor out communication "
13035
"delays, and adjust the time in a way that does not upset all the other "
13036
"processes that run on the server. But luckily all that complexity is hidden "
13037
"from you!"
13038
msgstr ""
13039
13040
#: serverguide/C/network-config.xml:1041(para)
13041
msgid ""
13042
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
13043
msgstr ""
13044
13045
#: serverguide/C/network-config.xml:1046(title)
13046
msgid "ntpdate"
13047
msgstr ""
13048
13049
#: serverguide/C/network-config.xml:1047(para)
13050
msgid ""
13051
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13052
"set up your time according to Ubuntu's NTP server. However, a server's clock "
13053
"is likely to drift considerably between reboots, so it makes sense to "
13054
"correct the time occasionally. The easiest way to do this is to get cron to "
13055
"run ntpdate every day. With your favorite editor, as root, create a file "
13056
"<code>/etc/cron.daily/ntpdate</code> containing:"
13057
msgstr ""
13058
13059
#: serverguide/C/network-config.xml:1052(screen)
13060
#, no-wrap
13061
msgid "ntpdate ntp.ubuntu.com\n"
13062
msgstr ""
13063
13064
#: serverguide/C/network-config.xml:1054(para)
13065
msgid ""
13066
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
13067
msgstr ""
13068
13069
#: serverguide/C/network-config.xml:1057(screen)
13070
#, no-wrap
13071
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13072
msgstr "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13073
13074
#: serverguide/C/network-config.xml:1061(title)
13075
msgid "ntpd"
13076
msgstr ""
13077
13078
#: serverguide/C/network-config.xml:1062(para)
13079
msgid ""
13080
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13081
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13082
"calculates the drift of your system clock and continuously adjusts it, so "
13083
"there are no large corrections that could lead to inconsistent logs for "
13084
"instance. The cost is a little processing power and memory, but for a modern "
13085
"server this is negligible."
13086
msgstr ""
13087
13088
#: serverguide/C/network-config.xml:1065(para)
13089
msgid "To set up ntpd:"
13090
msgstr ""
13091
13092
#: serverguide/C/network-config.xml:1066(screen)
13093
#, no-wrap
13094
msgid "sudo apt-get install ntp\n"
13095
msgstr "sudo apt-get install ntp\n"
13096
13097
#: serverguide/C/network-config.xml:1071(title)
13098
msgid "Changing Time Servers"
13099
msgstr ""
13100
13101
#: serverguide/C/network-config.xml:1072(para)
13102
msgid ""
13103
"In both cases above, your system will use Ubuntu's NTP server at "
13104
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13105
"use several servers to increase accuracy and resilience, and you may want to "
13106
"use time servers that are geographically closer to you. to do this for "
13107
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13108
msgstr ""
13109
13110
#: serverguide/C/network-config.xml:1079(screen)
13111
#, no-wrap
13112
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13113
msgstr ""
13114
13115
#: serverguide/C/network-config.xml:1081(para)
13116
msgid ""
13117
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13118
"lines:"
13119
msgstr ""
13120
13121
#: serverguide/C/network-config.xml:1086(screen)
13122
#, no-wrap
13123
msgid ""
13124
"server ntp.ubuntu.com\n"
13125
"server pool.ntp.org\n"
13126
msgstr ""
13127
13128
#: serverguide/C/network-config.xml:1089(para)
13129
msgid ""
13130
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13131
"really good idea which uses round-robin DNS to return an NTP server from a "
13132
"pool, spreading the load between several different servers. Even better, "
13133
"they have pools for different regions - for instance, if you are in New "
13134
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13135
"<code>pool.ntp.org</code> . Look at <ulink "
13136
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13137
"details."
13138
msgstr ""
13139
13140
#: serverguide/C/network-config.xml:1100(para)
13141
msgid ""
13142
"You can also Google for NTP servers in your region, and add these to your "
13143
"configuration. To test that a server works, just type <code>sudo ntpdate "
13144
"ntp.server.name</code> and see what happens."
13145
msgstr ""
13146
13147
#: serverguide/C/network-config.xml:1111(para)
13148
msgid ""
13149
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13150
"Time</ulink> wiki page for more information."
13151
msgstr ""
13152
13153
#: serverguide/C/network-config.xml:1117(ulink)
13154
msgid "NTP Support"
13155
msgstr ""
13156
13157
#: serverguide/C/network-config.xml:1122(ulink)
13158
msgid "The NTP FAQ and HOWTO"
13159
msgstr ""
13160
13161
#: serverguide/C/network-auth.xml:13(title)
13162
msgid "Network Authentication"
13163
msgstr "Autenticació de xarxa"
13164
13165
#: serverguide/C/network-auth.xml:15(para)
13166
msgid "This section explains various Network Authentication protocols."
13167
msgstr "Aquesta secció descriu diversos protocols d'autenticació de xarxa."
13168
13169
#: serverguide/C/network-auth.xml:19(title)
13170
msgid "OpenLDAP Server"
13171
msgstr "Servidor OpenLDAP"
13172
13173
#: serverguide/C/network-auth.xml:20(para)
13174
msgid ""
13175
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13176
"simplified version of the X.500 protocol. The directory setup in this "
13177
"section will be used for authentication. Nevertheless, LDAP can be used in "
13178
"numerous ways: authentication, shared directory (for mail clients), address "
13179
"book, etc."
13180
msgstr ""
13181
13182
#: serverguide/C/network-auth.xml:28(para)
13183
msgid ""
13184
"To describe LDAP quickly, all information is stored in a tree structure. "
13185
"With <application>OpenLDAP</application> you have freedom to determine the "
13186
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13187
"We will begin with a basic tree containing two nodes below the root:"
13188
msgstr ""
13189
13190
#: serverguide/C/network-auth.xml:37(para)
13191
msgid "\"People\" node where your users will be stored"
13192
msgstr ""
13193
13194
#: serverguide/C/network-auth.xml:40(para)
13195
msgid "\"Groups\" node where your groups will be stored"
13196
msgstr ""
13197
13198
#: serverguide/C/network-auth.xml:44(para)
13199
msgid ""
13200
"Before beginning, you should determine what the root of your LDAP directory "
13201
"will be. By default, your tree will be determined by your Fully Qualified "
13202
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13203
"example), your root node will be dc=example,dc=com."
13204
msgstr ""
13205
13206
#: serverguide/C/network-auth.xml:54(para)
13207
msgid ""
13208
"First, install the <application>OpenLDAP</application> server daemon "
13209
"<application>slapd</application> and <application>ldap-utils</application>, "
13210
"a package containing LDAP management utilities:"
13211
msgstr ""
13212
13213
#: serverguide/C/network-auth.xml:60(command)
13214
msgid "sudo apt-get install slapd ldap-utils"
13215
msgstr "sudo apt-get install slapd ldap-utils"
13216
13217
#: serverguide/C/network-auth.xml:63(para)
13218
msgid ""
13219
"By default <application>slapd</application> is configured with minimal "
13220
"options needed to run the <application>slapd</application> daemon."
13221
msgstr ""
13222
13223
#: serverguide/C/network-auth.xml:68(para)
13224
msgid ""
13225
"The configuration example in the following sections will match the domain "
13226
"name of the server. For example, if the machine's Fully Qualified Domain "
13227
"Name (FQDN) is ldap.example.com, the default suffix will be "
13228
"<emphasis>dc=example,dc=com</emphasis>."
13229
msgstr ""
13230
13231
#: serverguide/C/network-auth.xml:76(title)
13232
msgid "Populating LDAP"
13233
msgstr ""
13234
13235
#: serverguide/C/network-auth.xml:78(para)
13236
msgid ""
13237
"<application>OpenLDAP</application> uses a separate directory which contains "
13238
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13239
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13240
"<application>slapd</application> daemon, allowing the modification of schema "
13241
"definitions, indexes, ACLs, etc without stopping the service."
13242
msgstr ""
13243
13244
#: serverguide/C/network-auth.xml:86(para)
13245
msgid ""
13246
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13247
"configuration and will need additional configuration options in order to "
13248
"populate the frontend directory. The frontend will be populated with a "
13249
"\"classical\" scheme that will be compatible with address book applications "
13250
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13251
"various applications, such as web applications, email Mail Transfer Agent "
13252
"(MTA) applications, etc."
13253
msgstr ""
13254
13255
#: serverguide/C/network-auth.xml:95(para)
13256
msgid ""
13257
"For external applications to authenticate using LDAP they will each need to "
13258
"be specifically configured to do so. Refer to the individual application "
13259
"documentation for details."
13260
msgstr ""
13261
13262
#: serverguide/C/network-auth.xml:103(para)
13263
msgid ""
13264
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13265
"examples to match your LDAP configuration."
13266
msgstr ""
13267
13268
#: serverguide/C/network-auth.xml:108(para)
13269
msgid ""
13270
"First, some additional schema files need to be loaded. In a terminal enter:"
13271
msgstr ""
13272
13273
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13274
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13275
msgstr ""
13276
13277
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13278
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13279
msgstr ""
13280
13281
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13282
msgid ""
13283
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13284
msgstr ""
13285
13286
#: serverguide/C/network-auth.xml:118(para)
13287
msgid ""
13288
"Next, copy the following example LDIF file, naming it "
13289
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13290
msgstr ""
13291
13292
#: serverguide/C/network-auth.xml:123(programlisting)
13293
#, no-wrap
13294
msgid ""
13295
"\n"
13296
"# Load dynamic backend modules\n"
13297
"dn: cn=module,cn=config\n"
13298
"objectClass: olcModuleList\n"
13299
"cn: module\n"
13300
"olcModulepath: /usr/lib/ldap\n"
13301
"olcModuleload: back_hdb\n"
13302
"\n"
13303
"# Database settings\n"
13304
"dn: olcDatabase=hdb,cn=config\n"
13305
"objectClass: olcDatabaseConfig\n"
13306
"objectClass: olcHdbConfig\n"
13307
"olcDatabase: {1}hdb\n"
13308
"olcSuffix: dc=example,dc=com\n"
13309
"olcDbDirectory: /var/lib/ldap\n"
13310
"olcRootDN: cn=admin,dc=example,dc=com\n"
13311
"olcRootPW: secret\n"
13312
"olcDbConfig: set_cachesize 0 2097152 0\n"
13313
"olcDbConfig: set_lk_max_objects 1500\n"
13314
"olcDbConfig: set_lk_max_locks 1500\n"
13315
"olcDbConfig: set_lk_max_lockers 1500\n"
13316
"olcDbIndex: objectClass eq\n"
13317
"olcLastMod: TRUE\n"
13318
"olcDbCheckpoint: 512 30\n"
13319
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13320
"by anonymous auth by self write by * none\n"
13321
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13322
"olcAccess: to dn.base=\"\" by * read\n"
13323
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13324
"\n"
13325
msgstr ""
13326
13327
#: serverguide/C/network-auth.xml:155(para)
13328
msgid ""
13329
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13330
msgstr ""
13331
13332
#: serverguide/C/network-auth.xml:160(para)
13333
msgid "Now add the LDIF to the directory:"
13334
msgstr ""
13335
13336
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13337
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13338
msgstr ""
13339
13340
#: serverguide/C/network-auth.xml:168(para)
13341
msgid ""
13342
"The frontend directory is now ready to be populated. Create a "
13343
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13344
msgstr ""
13345
13346
#: serverguide/C/network-auth.xml:173(programlisting)
13347
#, no-wrap
13348
msgid ""
13349
"\n"
13350
"# Create top-level object in domain\n"
13351
"dn: dc=example,dc=com\n"
13352
"objectClass: top\n"
13353
"objectClass: dcObject\n"
13354
"objectclass: organization\n"
13355
"o: Example Organization\n"
13356
"dc: Example\n"
13357
"description: LDAP Example \n"
13358
"\n"
13359
"# Admin user.\n"
13360
"dn: cn=admin,dc=example,dc=com\n"
13361
"objectClass: simpleSecurityObject\n"
13362
"objectClass: organizationalRole\n"
13363
"cn: admin\n"
13364
"description: LDAP administrator\n"
13365
"userPassword: secret\n"
13366
"\n"
13367
"dn: ou=people,dc=example,dc=com\n"
13368
"objectClass: organizationalUnit\n"
13369
"ou: people\n"
13370
"\n"
13371
"dn: ou=groups,dc=example,dc=com\n"
13372
"objectClass: organizationalUnit\n"
13373
"ou: groups\n"
13374
"\n"
13375
"dn: uid=john,ou=people,dc=example,dc=com\n"
13376
"objectClass: inetOrgPerson\n"
13377
"objectClass: posixAccount\n"
13378
"objectClass: shadowAccount\n"
13379
"uid: john\n"
13380
"sn: Doe\n"
13381
"givenName: John\n"
13382
"cn: John Doe\n"
13383
"displayName: John Doe\n"
13384
"uidNumber: 1000\n"
13385
"gidNumber: 10000\n"
13386
"userPassword: password\n"
13387
"gecos: John Doe\n"
13388
"loginShell: /bin/bash\n"
13389
"homeDirectory: /home/john\n"
13390
"shadowExpire: -1\n"
13391
"shadowFlag: 0\n"
13392
"shadowWarning: 7\n"
13393
"shadowMin: 8\n"
13394
"shadowMax: 999999\n"
13395
"shadowLastChange: 10877\n"
13396
"mail: john.doe@example.com\n"
13397
"postalCode: 31000\n"
13398
"l: Toulouse\n"
13399
"o: Example\n"
13400
"mobile: +33 (0)6 xx xx xx xx\n"
13401
"homePhone: +33 (0)5 xx xx xx xx\n"
13402
"title: System Administrator\n"
13403
"postalAddress: \n"
13404
"initials: JD\n"
13405
"\n"
13406
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13407
"objectClass: posixGroup\n"
13408
"cn: example\n"
13409
"gidNumber: 10000\n"
13410
msgstr ""
13411
13412
#: serverguide/C/network-auth.xml:236(para)
13413
msgid ""
13414
"In this example the directory structure, a user, and a group have been "
13415
"setup. In other examples you might see the <emphasis>objectClass: "
13416
"top</emphasis> added in every entry, but that is the default behaviour so "
13417
"you do not have to add it explicitly."
13418
msgstr ""
13419
13420
#: serverguide/C/network-auth.xml:243(para)
13421
msgid "Add the entries to the LDAP directory:"
13422
msgstr ""
13423
13424
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13425
msgid ""
13426
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13427
msgstr ""
13428
13429
#: serverguide/C/network-auth.xml:252(para)
13430
msgid ""
13431
"We can check that the content has been correctly added with the "
13432
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13433
"directory:"
13434
msgstr ""
13435
13436
#: serverguide/C/network-auth.xml:258(command)
13437
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13438
msgstr ""
13439
13440
#: serverguide/C/network-auth.xml:259(computeroutput)
13441
#, no-wrap
13442
msgid ""
13443
"\n"
13444
"dn: uid=john,ou=people,dc=example,dc=com\n"
13445
"cn: John Doe\n"
13446
"sn: Doe\n"
13447
"givenName: John\n"
13448
msgstr ""
13449
13450
#: serverguide/C/network-auth.xml:267(para)
13451
msgid "Just a quick explanation:"
13452
msgstr ""
13453
13454
#: serverguide/C/network-auth.xml:273(para)
13455
msgid ""
13456
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13457
"the default."
13458
msgstr ""
13459
13460
#: serverguide/C/network-auth.xml:279(para)
13461
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13462
msgstr ""
13463
13464
#: serverguide/C/network-auth.xml:287(title)
13465
msgid "Further Configuration"
13466
msgstr ""
13467
13468
#: serverguide/C/network-auth.xml:290(para)
13469
msgid ""
13470
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13471
"utilities in the <application>ldap-utils</application> package. For example:"
13472
msgstr ""
13473
13474
#: serverguide/C/network-auth.xml:298(para)
13475
msgid ""
13476
"Use <application>ldapsearch</application> to view the tree, entering the "
13477
"admin password set during installation or reconfiguration:"
13478
msgstr ""
13479
13480
#: serverguide/C/network-auth.xml:304(command)
13481
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13482
msgstr ""
13483
13484
#: serverguide/C/network-auth.xml:308(computeroutput)
13485
#, no-wrap
13486
msgid ""
13487
"\n"
13488
"SASL/EXTERNAL authentication started\n"
13489
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13490
"SASL SSF: 0\n"
13491
"dn: cn=config\n"
13492
"\n"
13493
"dn: cn=module{0},cn=config\n"
13494
"\n"
13495
"dn: cn=schema,cn=config\n"
13496
"\n"
13497
"dn: cn={0}core,cn=schema,cn=config\n"
13498
"\n"
13499
"dn: cn={1}cosine,cn=schema,cn=config\n"
13500
"\n"
13501
"dn: cn={2}nis,cn=schema,cn=config\n"
13502
"\n"
13503
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13504
"\n"
13505
"dn: olcDatabase={-1}frontend,cn=config\n"
13506
"\n"
13507
"dn: olcDatabase={0}config,cn=config\n"
13508
"\n"
13509
"dn: olcDatabase={1}hdb,cn=config\n"
13510
msgstr ""
13511
13512
#: serverguide/C/network-auth.xml:334(para)
13513
msgid ""
13514
"The output above is the current configuration options for the "
13515
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13516
msgstr ""
13517
13518
#: serverguide/C/network-auth.xml:342(para)
13519
msgid ""
13520
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13521
"another attribute to the index list using "
13522
"<application>ldapmodify</application>:"
13523
msgstr ""
13524
13525
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13526
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13527
msgstr ""
13528
13529
#: serverguide/C/network-auth.xml:356(userinput)
13530
#, no-wrap
13531
msgid ""
13532
"dn: olcDatabase={1}hdb,cn=config\n"
13533
"add: olcDbIndex\n"
13534
"olcDbIndex: uidNumber eq"
13535
msgstr ""
13536
13537
#: serverguide/C/network-auth.xml:352(computeroutput)
13538
#, no-wrap
13539
msgid ""
13540
"\n"
13541
"SASL/EXTERNAL authentication started\n"
13542
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13543
"SASL SSF: 0\n"
13544
"<placeholder-1/>\n"
13545
"\n"
13546
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13547
msgstr ""
13548
13549
#: serverguide/C/network-auth.xml:364(para)
13550
msgid ""
13551
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13552
"exit the utility."
13553
msgstr ""
13554
13555
#: serverguide/C/network-auth.xml:371(para)
13556
msgid ""
13557
"<application>ldapmodify</application> can also read the changes from a file. "
13558
"Copy and paste the following into a file named "
13559
"<filename>uid_index.ldif</filename>:"
13560
msgstr ""
13561
13562
#: serverguide/C/network-auth.xml:376(programlisting)
13563
#, no-wrap
13564
msgid ""
13565
"\n"
13566
"dn: olcDatabase={1}hdb,cn=config\n"
13567
"add: olcDbIndex\n"
13568
"olcDbIndex: uid eq,pres,sub\n"
13569
msgstr ""
13570
13571
#: serverguide/C/network-auth.xml:382(para)
13572
msgid "Then execute <application>ldapmodify</application>:"
13573
msgstr ""
13574
13575
#: serverguide/C/network-auth.xml:387(command)
13576
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13577
msgstr ""
13578
13579
#: serverguide/C/network-auth.xml:391(computeroutput)
13580
#, no-wrap
13581
msgid ""
13582
"\n"
13583
"SASL/EXTERNAL authentication started\n"
13584
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13585
"SASL SSF: 0\n"
13586
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13587
msgstr ""
13588
13589
#: serverguide/C/network-auth.xml:399(para)
13590
msgid "The file method is very useful for large changes."
13591
msgstr ""
13592
13593
#: serverguide/C/network-auth.xml:406(para)
13594
msgid ""
13595
"Adding additional <emphasis>schemas</emphasis> to "
13596
"<application>slapd</application> requires the schema to be converted to LDIF "
13597
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13598
"directory contains some schema files already converted to LDIF format as "
13599
"demonstrated in the previous section. Fortunately, the "
13600
"<application>slapd</application> program can be used to automate the "
13601
"conversion. The following example will add the "
13602
"<emphasis>dyngroup.schema</emphasis>:"
13603
msgstr ""
13604
13605
#: serverguide/C/network-auth.xml:416(para)
13606
msgid ""
13607
"First, create a conversion <filename>schema_convert.conf</filename> file "
13608
"containing the following lines:"
13609
msgstr ""
13610
13611
#: serverguide/C/network-auth.xml:421(programlisting)
13612
#, no-wrap
13613
msgid ""
13614
"\n"
13615
"include /etc/ldap/schema/core.schema\n"
13616
"include /etc/ldap/schema/collective.schema\n"
13617
"include /etc/ldap/schema/corba.schema\n"
13618
"include /etc/ldap/schema/cosine.schema\n"
13619
"include /etc/ldap/schema/duaconf.schema\n"
13620
"include /etc/ldap/schema/dyngroup.schema\n"
13621
"include /etc/ldap/schema/inetorgperson.schema\n"
13622
"include /etc/ldap/schema/java.schema\n"
13623
"include /etc/ldap/schema/misc.schema\n"
13624
"include /etc/ldap/schema/nis.schema\n"
13625
"include /etc/ldap/schema/openldap.schema\n"
13626
"include /etc/ldap/schema/ppolicy.schema\n"
13627
msgstr ""
13628
13629
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13630
msgid "Next, create a temporary directory to hold the output:"
13631
msgstr ""
13632
13633
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13634
msgid "mkdir /tmp/ldif_output"
13635
msgstr ""
13636
13637
#: serverguide/C/network-auth.xml:450(para)
13638
msgid ""
13639
"Now using <application>slapcat</application> convert the schema files to "
13640
"LDIF:"
13641
msgstr ""
13642
13643
#: serverguide/C/network-auth.xml:455(command)
13644
msgid ""
13645
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13646
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13647
msgstr ""
13648
13649
#: serverguide/C/network-auth.xml:458(para)
13650
msgid ""
13651
"Adjust the configuration file name and temporary directory names if yours "
13652
"are different. Also, it may be worthwhile to keep the "
13653
"<filename>ldif_output</filename> directory around in case you want to add "
13654
"additional schemas in the future."
13655
msgstr ""
13656
13657
#: serverguide/C/network-auth.xml:467(para)
13658
msgid ""
13659
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13660
"following attributes:"
13661
msgstr ""
13662
13663
#: serverguide/C/network-auth.xml:471(programlisting)
13664
#, no-wrap
13665
msgid ""
13666
"\n"
13667
"dn: cn=dyngroup,cn=schema,cn=config\n"
13668
"...\n"
13669
"cn: dyngroup\n"
13670
msgstr ""
13671
13672
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13673
msgid "And remove the following lines from the bottom of the file:"
13674
msgstr ""
13675
13676
#: serverguide/C/network-auth.xml:481(programlisting)
13677
#, no-wrap
13678
msgid ""
13679
"\n"
13680
"structuralObjectClass: olcSchemaConfig\n"
13681
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13682
"creatorsName: cn=config\n"
13683
"createTimestamp: 20080826021140Z\n"
13684
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13685
"modifiersName: cn=config\n"
13686
"modifyTimestamp: 20080826021140Z\n"
13687
msgstr ""
13688
13689
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13690
msgid ""
13691
"The attribute values will vary, just be sure the attributes are removed."
13692
msgstr ""
13693
13694
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13695
msgid ""
13696
"Finally, using the <application>ldapadd</application> utility, add the new "
13697
"schema to the directory:"
13698
msgstr ""
13699
13700
#: serverguide/C/network-auth.xml:506(command)
13701
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13702
msgstr ""
13703
13704
#: serverguide/C/network-auth.xml:512(para)
13705
msgid ""
13706
"There should now be a <emphasis>dn: "
13707
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13708
msgstr ""
13709
13710
#: serverguide/C/network-auth.xml:522(title)
13711
msgid "LDAP Replication"
13712
msgstr ""
13713
13714
#: serverguide/C/network-auth.xml:524(para)
13715
msgid ""
13716
"LDAP often quickly becomes a highly critical service to the network. "
13717
"Multiple systems will come to depend on LDAP for authentication, "
13718
"authorization, configuration, etc. It is a good idea to setup a redundant "
13719
"system through replication."
13720
msgstr ""
13721
13722
#: serverguide/C/network-auth.xml:530(para)
13723
msgid ""
13724
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13725
"Syncrepl allows the changes to be synced using a "
13726
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13727
"provider sends directory changes to consumers."
13728
msgstr ""
13729
13730
#: serverguide/C/network-auth.xml:537(title)
13731
msgid "Provider Configuration"
13732
msgstr ""
13733
13734
#: serverguide/C/network-auth.xml:539(para)
13735
msgid ""
13736
"The following is an example of a <emphasis>Single-Master</emphasis> "
13737
"configuration. In this configuration one OpenLDAP server is configured as a "
13738
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13739
msgstr ""
13740
13741
#: serverguide/C/network-auth.xml:547(para)
13742
msgid ""
13743
"First, configure the provider server. Copy the following to a file named "
13744
"<filename>provider_sync.ldif</filename>:"
13745
msgstr ""
13746
13747
#: serverguide/C/network-auth.xml:552(programlisting)
13748
#, no-wrap
13749
msgid ""
13750
"\n"
13751
"# Add indexes to the frontend db.\n"
13752
"dn: olcDatabase={1}hdb,cn=config\n"
13753
"changetype: modify\n"
13754
"add: olcDbIndex\n"
13755
"olcDbIndex: entryCSN eq\n"
13756
"-\n"
13757
"add: olcDbIndex\n"
13758
"olcDbIndex: entryUUID eq\n"
13759
"\n"
13760
"#Load the syncprov and accesslog modules.\n"
13761
"dn: cn=module{0},cn=config\n"
13762
"changetype: modify\n"
13763
"add: olcModuleLoad\n"
13764
"olcModuleLoad: syncprov\n"
13765
"-\n"
13766
"add: olcModuleLoad\n"
13767
"olcModuleLoad: accesslog\n"
13768
"\n"
13769
"# Accesslog database definitions\n"
13770
"dn: olcDatabase={2}hdb,cn=config\n"
13771
"objectClass: olcDatabaseConfig\n"
13772
"objectClass: olcHdbConfig\n"
13773
"olcDatabase: {2}hdb\n"
13774
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13775
"olcSuffix: cn=accesslog\n"
13776
"olcRootDN: cn=admin,dc=example,dc=com\n"
13777
"olcDbIndex: default eq\n"
13778
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13779
"\n"
13780
"# Accesslog db syncprov.\n"
13781
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13782
"changetype: add\n"
13783
"objectClass: olcOverlayConfig\n"
13784
"objectClass: olcSyncProvConfig\n"
13785
"olcOverlay: syncprov\n"
13786
"olcSpNoPresent: TRUE\n"
13787
"olcSpReloadHint: TRUE\n"
13788
"\n"
13789
"# syncrepl Provider for primary db\n"
13790
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13791
"changetype: add\n"
13792
"objectClass: olcOverlayConfig\n"
13793
"objectClass: olcSyncProvConfig\n"
13794
"olcOverlay: syncprov\n"
13795
"olcSpNoPresent: TRUE\n"
13796
"\n"
13797
"# accesslog overlay definitions for primary db\n"
13798
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13799
"objectClass: olcOverlayConfig\n"
13800
"objectClass: olcAccessLogConfig\n"
13801
"olcOverlay: accesslog\n"
13802
"olcAccessLogDB: cn=accesslog\n"
13803
"olcAccessLogOps: writes\n"
13804
"olcAccessLogSuccess: TRUE\n"
13805
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13806
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:614(para)
13810
msgid ""
13811
"The <application>AppArmor</application> profile for "
13812
"<application>slapd</application> will need to be adjusted for the accesslog "
13813
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13814
"adding:"
13815
msgstr ""
13816
13817
#: serverguide/C/network-auth.xml:619(programlisting)
13818
#, no-wrap
13819
msgid ""
13820
"\n"
13821
" /var/lib/ldap/accesslog/ r,\n"
13822
" /var/lib/ldap/accesslog/** rwk,\n"
13823
msgstr ""
13824
13825
#: serverguide/C/network-auth.xml:624(para)
13826
msgid ""
13827
"Then create the directory, reload the <application>apparmor</application> "
13828
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13829
msgstr ""
13830
13831
#: serverguide/C/network-auth.xml:630(command)
13832
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13833
msgstr ""
13834
13835
#: serverguide/C/network-auth.xml:631(command)
13836
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13837
msgstr ""
13838
13839
#: serverguide/C/network-auth.xml:636(para)
13840
msgid ""
13841
"Using the <emphasis>-u openldap</emphasis> option with the "
13842
"<application>sudo</application> commands above removes the need to adjust "
13843
"permissions for the new directory later."
13844
msgstr ""
13845
13846
#: serverguide/C/network-auth.xml:645(para)
13847
msgid ""
13848
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13849
"directory:"
13850
msgstr ""
13851
13852
#: serverguide/C/network-auth.xml:649(programlisting)
13853
#, no-wrap
13854
msgid ""
13855
"\n"
13856
"olcRootDN: cn=admin,dc=example,dc=com\n"
13857
msgstr ""
13858
13859
#: serverguide/C/network-auth.xml:657(para)
13860
msgid ""
13861
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13862
msgstr ""
13863
13864
#: serverguide/C/network-auth.xml:662(command)
13865
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13866
msgstr ""
13867
13868
#: serverguide/C/network-auth.xml:669(para)
13869
msgid "Restart <application>slapd</application>:"
13870
msgstr ""
13871
13872
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13873
msgid "sudo /etc/init.d/slapd restart"
13874
msgstr "sudo /etc/init.d/slapd restart"
13875
13876
#: serverguide/C/network-auth.xml:680(para)
13877
msgid ""
13878
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13879
"to configure a <emphasis>Consumer</emphasis> server."
13880
msgstr ""
13881
13882
#: serverguide/C/network-auth.xml:687(title)
13883
msgid "Consumer Configuration"
13884
msgstr ""
13885
13886
#: serverguide/C/network-auth.xml:692(para)
13887
msgid ""
13888
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13889
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13890
"configuration steps."
13891
msgstr ""
13892
13893
#: serverguide/C/network-auth.xml:697(para)
13894
msgid "Add the additional schema files:"
13895
msgstr ""
13896
13897
#: serverguide/C/network-auth.xml:707(para)
13898
msgid ""
13899
"Also, create, or copy from the provider server, the "
13900
"<filename>backend.example.com.ldif</filename>"
13901
msgstr ""
13902
13903
#: serverguide/C/network-auth.xml:711(programlisting)
13904
#, no-wrap
13905
msgid ""
13906
"\n"
13907
"# Load dynamic backend modules\n"
13908
"dn: cn=module,cn=config\n"
13909
"objectClass: olcModuleList\n"
13910
"cn: module\n"
13911
"olcModulepath: /usr/lib/ldap\n"
13912
"olcModuleload: back_hdb\n"
13913
"\n"
13914
"# Database settings\n"
13915
"dn: olcDatabase=hdb,cn=config\n"
13916
"objectClass: olcDatabaseConfig\n"
13917
"objectClass: olcHdbConfig\n"
13918
"olcDatabase: {1}hdb\n"
13919
"olcSuffix: dc=example,dc=com\n"
13920
"olcDbDirectory: /var/lib/ldap\n"
13921
"olcRootDN: cn=admin,dc=example,dc=com\n"
13922
"olcRootPW: secret\n"
13923
"olcDbConfig: set_cachesize 0 2097152 0\n"
13924
"olcDbConfig: set_lk_max_objects 1500\n"
13925
"olcDbConfig: set_lk_max_locks 1500\n"
13926
"olcDbConfig: set_lk_max_lockers 1500\n"
13927
"olcDbIndex: objectClass eq\n"
13928
"olcLastMod: TRUE\n"
13929
"olcDbCheckpoint: 512 30\n"
13930
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13931
"by anonymous auth by self write by * none\n"
13932
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13933
"olcAccess: to dn.base=\"\" by * read\n"
13934
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13935
msgstr ""
13936
13937
#: serverguide/C/network-auth.xml:741(para)
13938
msgid "And add the LDIF by entering:"
13939
msgstr ""
13940
13941
#: serverguide/C/network-auth.xml:752(para)
13942
msgid ""
13943
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13944
"listed above, and add it:"
13945
msgstr ""
13946
13947
#: serverguide/C/network-auth.xml:760(para)
13948
msgid ""
13949
"The two severs should now have the same configuration except for the "
13950
"<emphasis>Syncrepl</emphasis> options."
13951
msgstr ""
13952
13953
#: serverguide/C/network-auth.xml:768(para)
13954
msgid ""
13955
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13956
msgstr ""
13957
13958
#: serverguide/C/network-auth.xml:772(programlisting)
13959
#, no-wrap
13960
msgid ""
13961
"\n"
13962
"#Load the syncprov module.\n"
13963
"dn: cn=module{0},cn=config\n"
13964
"changetype: modify\n"
13965
"add: olcModuleLoad\n"
13966
"olcModuleLoad: syncprov\n"
13967
"\n"
13968
"# syncrepl specific indices\n"
13969
"dn: olcDatabase={1}hdb,cn=config\n"
13970
"changetype: modify\n"
13971
"add: olcDbIndex\n"
13972
"olcDbIndex: entryUUID eq\n"
13973
"-\n"
13974
"add: olcSyncRepl\n"
13975
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13976
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13977
" credentials=secret searchbase=\"dc=example,dc=com\" "
13978
"logbase=\"cn=accesslog\" \n"
13979
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13980
"schemachecking=on \n"
13981
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13982
"-\n"
13983
"add: olcUpdateRef\n"
13984
"olcUpdateRef: ldap://ldap01.example.com\n"
13985
msgstr ""
13986
13987
#: serverguide/C/network-auth.xml:795(para)
13988
msgid "You will probably want to change the following attributes:"
13989
msgstr ""
13990
13991
#: serverguide/C/network-auth.xml:800(para)
13992
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13993
msgstr ""
13994
13995
#: serverguide/C/network-auth.xml:801(emphasis)
13996
msgid "binddn"
13997
msgstr ""
13998
13999
#: serverguide/C/network-auth.xml:802(emphasis)
14000
msgid "credentials"
14001
msgstr ""
14002
14003
#: serverguide/C/network-auth.xml:803(emphasis)
14004
msgid "searchbase"
14005
msgstr ""
14006
14007
#: serverguide/C/network-auth.xml:804(emphasis)
14008
msgid "olcUpdateRef:"
14009
msgstr ""
14010
14011
#: serverguide/C/network-auth.xml:810(para)
14012
msgid "Add the LDIF file to the configuration tree:"
14013
msgstr ""
14014
14015
#: serverguide/C/network-auth.xml:815(command)
14016
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14017
msgstr ""
14018
14019
#: serverguide/C/network-auth.xml:821(para)
14020
msgid ""
14021
"The frontend database should now sync between servers. You can add "
14022
"additional servers using the steps above as the need arises."
14023
msgstr ""
14024
14025
#: serverguide/C/network-auth.xml:831(programlisting)
14026
#, no-wrap
14027
msgid "127.0.0.1\tldap01.example.com ldap01"
14028
msgstr ""
14029
14030
#: serverguide/C/network-auth.xml:827(para)
14031
msgid ""
14032
"The <application>slapd</application> daemon will send log information to "
14033
"<filename>/var/log/syslog</filename> by default. So if all does "
14034
"<emphasis>not</emphasis> go well check there for errors and other "
14035
"troubleshooting information. Also, be sure that each server knows it's Fully "
14036
"Qualified Domain Name (FQDN). This is configured in "
14037
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
14038
msgstr ""
14039
14040
#: serverguide/C/network-auth.xml:839(title)
14041
msgid "Setting up ACL"
14042
msgstr ""
14043
14044
#: serverguide/C/network-auth.xml:841(para)
14045
msgid ""
14046
"Authentication requires access to the password field, that should be not "
14047
"accessible by default. Also, in order for users to change their own "
14048
"password, using <command>passwd</command> or other utilities, "
14049
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
14050
"authenticated."
14051
msgstr ""
14052
14053
#: serverguide/C/network-auth.xml:848(para)
14054
msgid ""
14055
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
14056
"tree, use the <application>ldapsearch</application> utility:"
14057
msgstr ""
14058
14059
#: serverguide/C/network-auth.xml:854(command)
14060
msgid ""
14061
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14062
"olcDatabase=config olcAccess"
14063
msgstr ""
14064
14065
#: serverguide/C/network-auth.xml:858(computeroutput)
14066
#, no-wrap
14067
msgid ""
14068
"SASL/EXTERNAL authentication started\n"
14069
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14070
"SASL SSF: 0\n"
14071
"dn: olcDatabase={0}config,cn=config\n"
14072
"olcAccess: {0}to * by "
14073
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
14074
" ,cn=auth manage by * break\n"
14075
msgstr ""
14076
14077
#: serverguide/C/network-auth.xml:867(para)
14078
msgid "To see the ACL for the frontend tree enter:"
14079
msgstr ""
14080
14081
#: serverguide/C/network-auth.xml:872(command)
14082
msgid ""
14083
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14084
"olcDatabase={1}hdb olcAccess"
14085
msgstr ""
14086
14087
#: serverguide/C/network-auth.xml:878(title)
14088
msgid "TLS and SSL"
14089
msgstr ""
14090
14091
#: serverguide/C/network-auth.xml:880(para)
14092
msgid ""
14093
"When authenticating to an OpenLDAP server it is best to do so using an "
14094
"encrypted session. This can be accomplished using Transport Layer Security "
14095
"(TLS) and/or Secure Sockets Layer (SSL)."
14096
msgstr ""
14097
14098
#: serverguide/C/network-auth.xml:885(para)
14099
msgid ""
14100
"The first step in the process is to obtain or create a "
14101
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14102
"is compiled using the <application>gnutls</application> library, the "
14103
"<application>certtool</application> utility will be used to create "
14104
"certificates."
14105
msgstr ""
14106
14107
#: serverguide/C/network-auth.xml:894(para)
14108
msgid ""
14109
"First, install <application>gnutls-bin</application> by entering the "
14110
"following in a terminal:"
14111
msgstr ""
14112
14113
#: serverguide/C/network-auth.xml:899(command)
14114
msgid "sudo apt-get install gnutls-bin"
14115
msgstr ""
14116
14117
#: serverguide/C/network-auth.xml:905(para)
14118
msgid ""
14119
"Next, create a private key for the <emphasis>Certificate "
14120
"Authority</emphasis> (CA):"
14121
msgstr ""
14122
14123
#: serverguide/C/network-auth.xml:910(command)
14124
msgid ""
14125
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14126
msgstr ""
14127
14128
#: serverguide/C/network-auth.xml:916(para)
14129
msgid ""
14130
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14131
"CA certificate containing:"
14132
msgstr ""
14133
14134
#: serverguide/C/network-auth.xml:920(programlisting)
14135
#, no-wrap
14136
msgid ""
14137
"\n"
14138
"cn = Example Company\n"
14139
"ca\n"
14140
"cert_signing_key\n"
14141
msgstr ""
14142
14143
#: serverguide/C/network-auth.xml:929(para)
14144
msgid "Now create the self-signed CA certificate:"
14145
msgstr ""
14146
14147
#: serverguide/C/network-auth.xml:934(command)
14148
msgid ""
14149
"sudo certtool --generate-self-signed --load-privkey "
14150
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
14151
"/etc/ssl/certs/cacert.pem"
14152
msgstr ""
14153
14154
#: serverguide/C/network-auth.xml:941(para)
14155
msgid "Make a private key for the server:"
14156
msgstr ""
14157
14158
#: serverguide/C/network-auth.xml:946(command)
14159
msgid ""
14160
"sudo sh -c \"certtool --generate-privkey > "
14161
"/etc/ssl/private/ldap01_slapd_key.pem\""
14162
msgstr ""
14163
14164
#: serverguide/C/network-auth.xml:950(para)
14165
msgid ""
14166
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14167
"hostname. Naming the certificate and key for the host and service that will "
14168
"be using them will help keep filenames and paths straight."
14169
msgstr ""
14170
14171
#: serverguide/C/network-auth.xml:959(para)
14172
msgid ""
14173
"To sign the server's certificate with the CA, create the "
14174
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14175
msgstr ""
14176
14177
#: serverguide/C/network-auth.xml:963(programlisting)
14178
#, no-wrap
14179
msgid ""
14180
"\n"
14181
"organization = Example Company\n"
14182
"cn = ldap01.example.com\n"
14183
"tls_www_server\n"
14184
"encryption_key\n"
14185
"signing_key\n"
14186
msgstr ""
14187
14188
#: serverguide/C/network-auth.xml:974(para)
14189
msgid "Create the server's certificate:"
14190
msgstr ""
14191
14192
#: serverguide/C/network-auth.xml:979(command)
14193
msgid ""
14194
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14195
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14196
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14197
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14198
msgstr ""
14199
14200
#: serverguide/C/network-auth.xml:987(para)
14201
msgid ""
14202
"Once you have a certificate, key, and CA cert installed, use "
14203
"<application>ldapmodify</application> to add the new configuration options:"
14204
msgstr ""
14205
14206
#: serverguide/C/network-auth.xml:998(userinput)
14207
#, no-wrap
14208
msgid ""
14209
"dn: cn=config\n"
14210
"add: olcTLSCACertificateFile\n"
14211
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14212
"-\n"
14213
"add: olcTLSCertificateFile\n"
14214
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14215
"-\n"
14216
"add: olcTLSCertificateKeyFile\n"
14217
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14218
msgstr ""
14219
14220
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
14221
#, no-wrap
14222
msgid ""
14223
"Enter LDAP Password:\n"
14224
"<placeholder-1/>\n"
14225
"\n"
14226
"modifying entry \"cn=config\"\n"
14227
msgstr ""
14228
14229
#: serverguide/C/network-auth.xml:1013(para)
14230
msgid ""
14231
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14232
"<filename>ldap01_slapd_key.pem</filename>, and "
14233
"<filename>cacert.pem</filename> names if yours are different."
14234
msgstr ""
14235
14236
#: serverguide/C/network-auth.xml:1019(para)
14237
msgid ""
14238
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14239
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14240
msgstr ""
14241
14242
#: serverguide/C/network-auth.xml:1023(programlisting)
14243
#, no-wrap
14244
msgid ""
14245
"\n"
14246
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14247
msgstr ""
14248
14249
#: serverguide/C/network-auth.xml:1027(para)
14250
msgid ""
14251
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14252
msgstr ""
14253
14254
#: serverguide/C/network-auth.xml:1032(command)
14255
msgid "sudo adduser openldap ssl-cert"
14256
msgstr "sudo adduser openldap ssl-cert"
14257
14258
#: serverguide/C/network-auth.xml:1033(command)
14259
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14260
msgstr ""
14261
14262
#: serverguide/C/network-auth.xml:1034(command)
14263
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14264
msgstr ""
14265
14266
#: serverguide/C/network-auth.xml:1038(para)
14267
msgid ""
14268
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14269
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14270
"adjust the commands appropriately."
14271
msgstr ""
14272
14273
#: serverguide/C/network-auth.xml:1044(para)
14274
msgid "Finally, restart <application>slapd</application>:"
14275
msgstr ""
14276
14277
#: serverguide/C/network-auth.xml:1052(para)
14278
msgid ""
14279
"The <application>slapd</application> daemon should now be listening for "
14280
"LDAPS connections and be able to use STARTTLS during authentication."
14281
msgstr ""
14282
14283
#: serverguide/C/network-auth.xml:1058(para)
14284
msgid ""
14285
"If you run into troubles with the server not starting, check the "
14286
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14287
"it is likely there is a configuration problem. Check that the certificate is "
14288
"signed by the authority from in the files configured, and that the ssl-cert "
14289
"group has read permissions on the private key."
14290
msgstr ""
14291
14292
#: serverguide/C/network-auth.xml:1070(title)
14293
msgid "TLS Replication"
14294
msgstr ""
14295
14296
#: serverguide/C/network-auth.xml:1072(para)
14297
msgid ""
14298
"If you have setup <application>Syncrepl</application> between servers, it is "
14299
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14300
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14301
"linkend=\"openldap-server-replication\"/>."
14302
msgstr ""
14303
14304
#: serverguide/C/network-auth.xml:1078(para)
14305
msgid ""
14306
"Assuming you have followed the above instructions and created a CA "
14307
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14308
"server. Follow the following instructions to create a certificate and key "
14309
"for the <emphasis>Consumer</emphasis> server."
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:1087(para)
14313
msgid "Create a new key for the Consumer server:"
14314
msgstr ""
14315
14316
#: serverguide/C/network-auth.xml:1092(command)
14317
msgid "mkdir ldap02-ssl"
14318
msgstr ""
14319
14320
#: serverguide/C/network-auth.xml:1093(command)
14321
msgid "cd ldap02-ssl"
14322
msgstr ""
14323
14324
#: serverguide/C/network-auth.xml:1094(command)
14325
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:1098(para)
14329
msgid ""
14330
"Creating a new directory is not strictly necessary, but it will help keep "
14331
"things organized and make it easier to copy the files to the Consumer server."
14332
msgstr ""
14333
14334
#: serverguide/C/network-auth.xml:1107(para)
14335
msgid ""
14336
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14337
"server, changing the attributes to match your locality and server:"
14338
msgstr ""
14339
14340
#: serverguide/C/network-auth.xml:1112(programlisting)
14341
#, no-wrap
14342
msgid ""
14343
"\n"
14344
"country = US\n"
14345
"state = North Carolina\n"
14346
"locality = Winston-Salem\n"
14347
"organization = Example Company\n"
14348
"cn = ldap02.salem.edu\n"
14349
"tls_www_client\n"
14350
"encryption_key\n"
14351
"signing_key\n"
14352
msgstr ""
14353
14354
#: serverguide/C/network-auth.xml:1126(para)
14355
msgid "Create the certificate:"
14356
msgstr ""
14357
14358
#: serverguide/C/network-auth.xml:1131(command)
14359
msgid ""
14360
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14361
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14362
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14363
"ldap02_slapd_cert.pem"
14364
msgstr ""
14365
14366
#: serverguide/C/network-auth.xml:1139(para)
14367
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14368
msgstr ""
14369
14370
#: serverguide/C/network-auth.xml:1144(command)
14371
msgid "cp /etc/ssl/certs/cacert.pem ."
14372
msgstr ""
14373
14374
#: serverguide/C/network-auth.xml:1150(para)
14375
msgid ""
14376
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14377
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14378
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14379
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14380
"<filename>/etc/ssl/private</filename>."
14381
msgstr ""
14382
14383
#: serverguide/C/network-auth.xml:1159(para)
14384
msgid ""
14385
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14386
"by entering:"
14387
msgstr ""
14388
14389
#: serverguide/C/network-auth.xml:1169(userinput)
14390
#, no-wrap
14391
msgid ""
14392
"dn: cn=config\n"
14393
"add: olcTLSCACertificateFile\n"
14394
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14395
"-\n"
14396
"add: olcTLSCertificateFile\n"
14397
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14398
"-\n"
14399
"add: olcTLSCertificateKeyFile\n"
14400
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14401
msgstr ""
14402
14403
#: serverguide/C/network-auth.xml:1186(para)
14404
msgid ""
14405
"As with the Provider you can now edit "
14406
"<filename>/etc/default/slapd</filename> and add the "
14407
"<emphasis>ldaps:///</emphasis> parameter to the "
14408
"<emphasis>SLAPD_SERVICES</emphasis> option."
14409
msgstr ""
14410
14411
#: serverguide/C/network-auth.xml:1194(para)
14412
msgid ""
14413
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14414
"modify the <emphasis>Consumer</emphasis> server's "
14415
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14416
msgstr ""
14417
14418
#: serverguide/C/network-auth.xml:1207(userinput)
14419
#, no-wrap
14420
msgid ""
14421
"\n"
14422
"dn: olcDatabase={1}hdb,cn=config\n"
14423
"replace: olcSyncrepl\n"
14424
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14425
"binddn=\"cn=ad\n"
14426
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14427
"logbas\n"
14428
" e=\"cn=accesslog\" "
14429
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14430
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14431
"starttls=yes"
14432
msgstr ""
14433
14434
#: serverguide/C/network-auth.xml:1204(computeroutput)
14435
#, no-wrap
14436
msgid ""
14437
"SASL/EXTERNAL authentication started\n"
14438
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14439
"SASL SSF: 0\n"
14440
"<placeholder-1/>\n"
14441
"\n"
14442
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14443
msgstr ""
14444
14445
#: serverguide/C/network-auth.xml:1219(para)
14446
msgid ""
14447
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14448
"(FQDN) in the certificate, you may have to edit "
14449
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14450
msgstr ""
14451
14452
#: serverguide/C/network-auth.xml:1224(programlisting)
14453
#, no-wrap
14454
msgid ""
14455
"\n"
14456
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14457
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14458
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:1231(para)
14462
msgid ""
14463
"Finally, restart <application>slapd</application> on each of the servers:"
14464
msgstr ""
14465
14466
#: serverguide/C/network-auth.xml:1244(title)
14467
msgid "LDAP Authentication"
14468
msgstr ""
14469
14470
#: serverguide/C/network-auth.xml:1246(para)
14471
msgid ""
14472
"Once you have a working LDAP server, the <application>auth-client-"
14473
"config</application> and <application>libnss-ldap</application> packages "
14474
"take the pain out of configuring an Ubuntu client to authenticate using "
14475
"LDAP. To install the packages from, a terminal prompt enter:"
14476
msgstr ""
14477
14478
#: serverguide/C/network-auth.xml:1253(command)
14479
msgid "sudo apt-get install libnss-ldap"
14480
msgstr "sudo apt-get install libnss-ldap"
14481
14482
#: serverguide/C/network-auth.xml:1256(para)
14483
msgid ""
14484
"During the install a menu dialog will ask you connection details about your "
14485
"LDAP server."
14486
msgstr ""
14487
14488
#: serverguide/C/network-auth.xml:1260(para)
14489
msgid ""
14490
"If you make a mistake when entering your information you can execute the "
14491
"dialog again using:"
14492
msgstr ""
14493
14494
#: serverguide/C/network-auth.xml:1265(command)
14495
msgid "sudo dpkg-reconfigure ldap-auth-config"
14496
msgstr "sudo dpkg-reconfigure ldap-auth-config"
14497
14498
#: serverguide/C/network-auth.xml:1268(para)
14499
msgid ""
14500
"The results of the dialog can be seen in "
14501
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14502
"covered in the menu edit this file accordingly."
14503
msgstr ""
14504
14505
#: serverguide/C/network-auth.xml:1273(para)
14506
msgid ""
14507
"Now that <application>libnss-ldap</application> is configured enable the "
14508
"<application>auth-client-config</application> LDAP profile by entering:"
14509
msgstr ""
14510
14511
#: serverguide/C/network-auth.xml:1279(command)
14512
msgid "sudo auth-client-config -t nss -p lac_ldap"
14513
msgstr "sudo auth-client-config -t nss -p lac_ldap"
14514
14515
#: serverguide/C/network-auth.xml:1284(para)
14516
msgid ""
14517
"<emphasis>-t:</emphasis> only modifies "
14518
"<filename>/etc/nsswitch.conf</filename>."
14519
msgstr ""
14520
14521
#: serverguide/C/network-auth.xml:1289(para)
14522
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14523
msgstr ""
14524
14525
#: serverguide/C/network-auth.xml:1294(para)
14526
msgid ""
14527
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14528
"config</application> profile that is part of the <application>ldap-auth-"
14529
"config</application> package."
14530
msgstr ""
14531
14532
#: serverguide/C/network-auth.xml:1301(para)
14533
msgid ""
14534
"Using the <application>pam-auth-update</application> utility, configure the "
14535
"system to use LDAP for authentication:"
14536
msgstr ""
14537
14538
#: serverguide/C/network-auth.xml:1306(command)
14539
msgid "sudo pam-auth-update"
14540
msgstr "sudo pam-auth-update"
14541
14542
#: serverguide/C/network-auth.xml:1309(para)
14543
msgid ""
14544
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14545
"any other authentication mechanisms you need."
14546
msgstr ""
14547
14548
#: serverguide/C/network-auth.xml:1313(para)
14549
msgid ""
14550
"You should now be able to login using user credentials stored in the LDAP "
14551
"directory."
14552
msgstr ""
14553
14554
#: serverguide/C/network-auth.xml:1318(para)
14555
msgid ""
14556
"If you are going to use LDAP to store Samba users you will need to configure "
14557
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14558
"for details."
14559
msgstr ""
14560
14561
#: serverguide/C/network-auth.xml:1326(title)
14562
msgid "User and Group Management"
14563
msgstr ""
14564
14565
#: serverguide/C/network-auth.xml:1328(para)
14566
msgid ""
14567
"The <application>ldap-utils</application> package comes with multiple "
14568
"utilities to manage the directory, but the long string of options needed, "
14569
"can make them a burden to use. The <application>ldapscripts</application> "
14570
"package contains configurable scripts to easily manage LDAP users and groups."
14571
msgstr ""
14572
14573
#: serverguide/C/network-auth.xml:1334(para)
14574
msgid "To install the package, from a terminal enter:"
14575
msgstr ""
14576
14577
#: serverguide/C/network-auth.xml:1339(command)
14578
msgid "sudo apt-get install ldapscripts"
14579
msgstr "sudo apt-get install ldapscripts"
14580
14581
#: serverguide/C/network-auth.xml:1342(para)
14582
msgid ""
14583
"Next, edit the config file "
14584
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14585
"changing the following to match your environment:"
14586
msgstr ""
14587
14588
#: serverguide/C/network-auth.xml:1347(programlisting)
14589
#, no-wrap
14590
msgid ""
14591
"\n"
14592
"SERVER=localhost\n"
14593
"BINDDN='cn=admin,dc=example,dc=com'\n"
14594
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14595
"SUFFIX='dc=example,dc=com'\n"
14596
"GSUFFIX='ou=Groups'\n"
14597
"USUFFIX='ou=People'\n"
14598
"MSUFFIX='ou=Computers'\n"
14599
"GIDSTART=10000\n"
14600
"UIDSTART=10000\n"
14601
"MIDSTART=10000\n"
14602
msgstr ""
14603
14604
#: serverguide/C/network-auth.xml:1360(para)
14605
msgid ""
14606
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14607
"authenticated access to the directory:"
14608
msgstr ""
14609
14610
#: serverguide/C/network-auth.xml:1365(command)
14611
msgid ""
14612
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14613
msgstr ""
14614
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14615
14616
#: serverguide/C/network-auth.xml:1366(command)
14617
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14618
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14619
14620
#: serverguide/C/network-auth.xml:1370(para)
14621
msgid ""
14622
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14623
"user."
14624
msgstr ""
14625
14626
#: serverguide/C/network-auth.xml:1375(para)
14627
msgid ""
14628
"The <application>ldapscripts</application> are now ready to help manage your "
14629
"directory. The following are some examples of how to use the scripts:"
14630
msgstr ""
14631
14632
#: serverguide/C/network-auth.xml:1382(para)
14633
msgid "Create a new user:"
14634
msgstr ""
14635
14636
#: serverguide/C/network-auth.xml:1386(command)
14637
msgid "sudo ldapadduser george example"
14638
msgstr "sudo ldapadduser jordi exemple"
14639
14640
#: serverguide/C/network-auth.xml:1388(para)
14641
msgid ""
14642
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14643
"and set the user's primary group (gid) to <emphasis "
14644
"role=\"italic\">example</emphasis>"
14645
msgstr ""
14646
14647
#: serverguide/C/network-auth.xml:1394(para)
14648
msgid "Change a user's password:"
14649
msgstr ""
14650
14651
#: serverguide/C/network-auth.xml:1398(command)
14652
msgid "sudo ldapsetpasswd george"
14653
msgstr "sudo ldapsetpasswd jordi"
14654
14655
#: serverguide/C/network-auth.xml:1399(computeroutput)
14656
#, no-wrap
14657
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14658
msgstr ""
14659
14660
#: serverguide/C/network-auth.xml:1400(userinput)
14661
#, no-wrap
14662
msgid "New Password: "
14663
msgstr ""
14664
14665
#: serverguide/C/network-auth.xml:1401(userinput)
14666
#, no-wrap
14667
msgid "New Password (verify): "
14668
msgstr ""
14669
14670
#: serverguide/C/network-auth.xml:1405(para)
14671
msgid "Delete a user:"
14672
msgstr ""
14673
14674
#: serverguide/C/network-auth.xml:1409(command)
14675
msgid "sudo ldapdeleteuser george"
14676
msgstr "sudo ldapdeleteuser jordi"
14677
14678
#: serverguide/C/network-auth.xml:1414(para)
14679
msgid "Add a group:"
14680
msgstr ""
14681
14682
#: serverguide/C/network-auth.xml:1418(command)
14683
msgid "sudo ldapaddgroup qa"
14684
msgstr "sudo ldapaddgroup cq"
14685
14686
#: serverguide/C/network-auth.xml:1422(para)
14687
msgid "Delete a group:"
14688
msgstr ""
14689
14690
#: serverguide/C/network-auth.xml:1426(command)
14691
msgid "sudo ldapdeletegroup qa"
14692
msgstr "sudo ldapdeletegroup cq"
14693
14694
#: serverguide/C/network-auth.xml:1430(para)
14695
msgid "Add a user to a group:"
14696
msgstr ""
14697
14698
#: serverguide/C/network-auth.xml:1434(command)
14699
msgid "sudo ldapaddusertogroup george qa"
14700
msgstr "sudo ldapaddusertogroup jordi cq"
14701
14702
#: serverguide/C/network-auth.xml:1436(para)
14703
msgid ""
14704
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14705
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14706
"role=\"italic\">george</emphasis>."
14707
msgstr ""
14708
14709
#: serverguide/C/network-auth.xml:1442(para)
14710
msgid "Remove a user from a group:"
14711
msgstr ""
14712
14713
#: serverguide/C/network-auth.xml:1446(command)
14714
msgid "sudo ldapdeleteuserfromgroup george qa"
14715
msgstr "sudo ldapdeleteuserfromgroup jordi cq"
14716
14717
#: serverguide/C/network-auth.xml:1448(para)
14718
msgid ""
14719
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14720
"<emphasis role=\"italic\">qa</emphasis> group."
14721
msgstr ""
14722
14723
#: serverguide/C/network-auth.xml:1454(para)
14724
msgid ""
14725
"The <application>ldapmodifyuser</application> script allows you to add, "
14726
"remove, or replace a user's attributes. The script uses the same syntax as "
14727
"the <application>ldapmodify</application> utility. For example:"
14728
msgstr ""
14729
14730
#: serverguide/C/network-auth.xml:1459(command)
14731
msgid "sudo ldapmodifyuser george"
14732
msgstr "sudo ldapmodifyuser jordi"
14733
14734
#: serverguide/C/network-auth.xml:1460(computeroutput)
14735
#, no-wrap
14736
msgid ""
14737
"# About to modify the following entry :\n"
14738
"dn: uid=george,ou=People,dc=example,dc=com\n"
14739
"objectClass: account\n"
14740
"objectClass: posixAccount\n"
14741
"cn: george\n"
14742
"uid: george\n"
14743
"uidNumber: 1001\n"
14744
"gidNumber: 1001\n"
14745
"homeDirectory: /home/george\n"
14746
"loginShell: /bin/bash\n"
14747
"gecos: george\n"
14748
"description: User account\n"
14749
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14750
"\n"
14751
"# Enter your modifications here, end with CTRL-D.\n"
14752
"dn: uid=george,ou=People,dc=example,dc=com"
14753
msgstr ""
14754
14755
#: serverguide/C/network-auth.xml:1476(userinput)
14756
#, no-wrap
14757
msgid ""
14758
"replace: gecos\n"
14759
"gecos: George Carlin"
14760
msgstr ""
14761
14762
#: serverguide/C/network-auth.xml:1479(para)
14763
msgid ""
14764
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14765
"Carlin</quote>."
14766
msgstr ""
14767
14768
#: serverguide/C/network-auth.xml:1484(para)
14769
msgid ""
14770
"Another great feature of <application>ldapscripts</application>, is the "
14771
"template system. Templates allow you to customize the attributes of user, "
14772
"group, and machine objectes. For example, to enable the "
14773
"<emphasis>user</emphasis> template edit "
14774
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14775
msgstr ""
14776
14777
#: serverguide/C/network-auth.xml:1491(programlisting)
14778
#, no-wrap
14779
msgid ""
14780
"\n"
14781
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14782
msgstr ""
14783
14784
#: serverguide/C/network-auth.xml:1495(para)
14785
msgid ""
14786
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14787
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14788
"<filename>ldapadduser.template.sample</filename> file to "
14789
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14790
msgstr ""
14791
14792
#: serverguide/C/network-auth.xml:1502(command)
14793
msgid ""
14794
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14795
"/etc/ldapscripts/ldapadduser.template"
14796
msgstr ""
14797
14798
#: serverguide/C/network-auth.xml:1505(para)
14799
msgid ""
14800
"Edit the new template to add the desired attributes. The following will "
14801
"create new user's as with an <emphasis>objectClass</emphasis> of "
14802
"<emphasis>inetOrgPerson</emphasis>:"
14803
msgstr ""
14804
14805
#: serverguide/C/network-auth.xml:1510(programlisting)
14806
#, no-wrap
14807
msgid ""
14808
"\n"
14809
"dn: uid=<user>,<usuffix>,<suffix>\n"
14810
"objectClass: inetOrgPerson\n"
14811
"objectClass: posixAccount\n"
14812
"cn: <user>\n"
14813
"sn: <ask>\n"
14814
"uid: <user>\n"
14815
"uidNumber: <uid>\n"
14816
"gidNumber: <gid>\n"
14817
"homeDirectory: <home>\n"
14818
"loginShell: <shell>\n"
14819
"gecos: <user>\n"
14820
"description: User account\n"
14821
"title: Employee\n"
14822
msgstr ""
14823
14824
#: serverguide/C/network-auth.xml:1526(para)
14825
msgid ""
14826
"Notice the <emphasis><ask></emphasis> option used for the "
14827
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14828
"<application>ldapadduser</application> to prompt you for the attribute value "
14829
"during user creation."
14830
msgstr ""
14831
14832
#: serverguide/C/network-auth.xml:1534(para)
14833
msgid ""
14834
"There are more useful scripts in the package, to see a full list enter: "
14835
"<command>dpkg -L ldapscripts | grep bin</command>"
14836
msgstr ""
14837
14838
#: serverguide/C/network-auth.xml:1543(para)
14839
msgid ""
14840
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14841
"Ubuntu Wiki</ulink> page has more details."
14842
msgstr ""
14843
14844
#: serverguide/C/network-auth.xml:1548(para)
14845
msgid ""
14846
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14847
"Home Page</ulink>"
14848
msgstr ""
14849
14850
#: serverguide/C/network-auth.xml:1553(para)
14851
msgid ""
14852
"Though starting to show it's age, a great source for in depth LDAP "
14853
"information is O'Reilly's <ulink "
14854
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14855
"Administration</ulink>"
14856
msgstr ""
14857
14858
#: serverguide/C/network-auth.xml:1559(para)
14859
msgid ""
14860
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14861
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14862
"newer versions of OpenLDAP."
14863
msgstr ""
14864
14865
#: serverguide/C/network-auth.xml:1565(para)
14866
msgid ""
14867
"For more information on <application>auth-client-config</application> see "
14868
"the man page: <command>man auth-client-config</command>."
14869
msgstr ""
14870
14871
#: serverguide/C/network-auth.xml:1570(para)
14872
msgid ""
14873
"For more details regarding the <application>ldapscripts</application> "
14874
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14875
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14876
msgstr ""
14877
14878
#: serverguide/C/network-auth.xml:1580(title)
14879
msgid "Samba and LDAP"
14880
msgstr ""
14881
14882
#: serverguide/C/network-auth.xml:1582(para)
14883
msgid ""
14884
"This section covers configuring Samba to use LDAP for user, group, and "
14885
"machine account information and authentication. The assumption is, you "
14886
"already have a working OpenLDAP directory installed and the server is "
14887
"configured to use it for authentication. See <xref linkend=\"openldap-"
14888
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14889
"setting up OpenLDAP. For more information on installing and configuring "
14890
"Samba see <xref linkend=\"windows-networking\"/>."
14891
msgstr ""
14892
14893
#: serverguide/C/network-auth.xml:1592(para)
14894
msgid ""
14895
"There are three packages needed when integrating Samba with LDAP. "
14896
"<application>samba</application>, <application>samba-doc</application>, and "
14897
"<application>smbldap-tools</application> packages . To install the packages, "
14898
"from a terminal enter:"
14899
msgstr ""
14900
14901
#: serverguide/C/network-auth.xml:1598(command)
14902
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14903
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
14904
14905
#: serverguide/C/network-auth.xml:1601(para)
14906
msgid ""
14907
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14908
"needed, but unless you have another package or custom scripts, a method of "
14909
"managing users, groups, and computer accounts is needed."
14910
msgstr ""
14911
14912
#: serverguide/C/network-auth.xml:1608(title)
14913
msgid "OpenLDAP Configuration"
14914
msgstr ""
14915
14916
#: serverguide/C/network-auth.xml:1610(para)
14917
msgid ""
14918
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14919
"the user objects in the directory will need additional attributes. This "
14920
"section assumes you want Samba to be configured as a Windows NT domain "
14921
"controller, and will add the necessary LDAP objects and attributes."
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:1618(para)
14925
msgid ""
14926
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14927
"file which is part of the <application>samba-doc</application> package. The "
14928
"schema file needs to be unzipped and copied to "
14929
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14930
msgstr ""
14931
14932
#: serverguide/C/network-auth.xml:1625(command)
14933
msgid ""
14934
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14935
"/etc/ldap/schema/"
14936
msgstr ""
14937
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14938
"/etc/ldap/schema/"
14939
14940
#: serverguide/C/network-auth.xml:1626(command)
14941
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14942
msgstr "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14943
14944
#: serverguide/C/network-auth.xml:1632(para)
14945
msgid ""
14946
"The <emphasis>samba</emphasis> schema needs to be added to the "
14947
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14948
"<application>slapd</application> is also detailed in <xref "
14949
"linkend=\"openldap-configuration\"/>."
14950
msgstr ""
14951
14952
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14953
msgid ""
14954
"First, create a configuration file named "
14955
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14956
"containing the following lines:"
14957
msgstr ""
14958
14959
#: serverguide/C/network-auth.xml:1645(programlisting)
14960
#, no-wrap
14961
msgid ""
14962
"\n"
14963
"include /etc/ldap/schema/core.schema\n"
14964
"include /etc/ldap/schema/collective.schema\n"
14965
"include /etc/ldap/schema/corba.schema\n"
14966
"include /etc/ldap/schema/cosine.schema\n"
14967
"include /etc/ldap/schema/duaconf.schema\n"
14968
"include /etc/ldap/schema/dyngroup.schema\n"
14969
"include /etc/ldap/schema/inetorgperson.schema\n"
14970
"include /etc/ldap/schema/java.schema\n"
14971
"include /etc/ldap/schema/misc.schema\n"
14972
"include /etc/ldap/schema/nis.schema\n"
14973
"include /etc/ldap/schema/openldap.schema\n"
14974
"include /etc/ldap/schema/ppolicy.schema\n"
14975
"include /etc/ldap/schema/samba.schema\n"
14976
msgstr ""
14977
14978
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14979
msgid ""
14980
"Now use <application>slapcat</application> to convert the schema files:"
14981
msgstr ""
14982
14983
#: serverguide/C/network-auth.xml:1680(command)
14984
msgid ""
14985
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14986
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14987
msgstr ""
14988
14989
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14990
msgid ""
14991
"Change the above file and path names to match your own if they are different."
14992
msgstr ""
14993
14994
#: serverguide/C/network-auth.xml:1690(para)
14995
msgid ""
14996
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14997
"the following attributes:"
14998
msgstr ""
14999
15000
#: serverguide/C/network-auth.xml:1694(programlisting)
15001
#, no-wrap
15002
msgid ""
15003
"\n"
15004
"dn: cn=samba,cn=schema,cn=config\n"
15005
"...\n"
15006
"cn: samba\n"
15007
msgstr ""
15008
15009
#: serverguide/C/network-auth.xml:1704(programlisting)
15010
#, no-wrap
15011
msgid ""
15012
"\n"
15013
"structuralObjectClass: olcSchemaConfig\n"
15014
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
15015
"creatorsName: cn=config\n"
15016
"createTimestamp: 20080827045234Z\n"
15017
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
15018
"modifiersName: cn=config\n"
15019
"modifyTimestamp: 20080827045234Z\n"
15020
msgstr ""
15021
15022
#: serverguide/C/network-auth.xml:1729(command)
15023
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
15024
msgstr ""
15025
15026
#: serverguide/C/network-auth.xml:1735(para)
15027
msgid ""
15028
"There should now be a <emphasis>dn: "
15029
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
15030
"sequential schema, entry in the cn=config tree."
15031
msgstr ""
15032
15033
#: serverguide/C/network-auth.xml:1743(para)
15034
msgid ""
15035
"Copy and paste the following into a file named "
15036
"<filename>samba_indexes.ldif</filename>:"
15037
msgstr ""
15038
15039
#: serverguide/C/network-auth.xml:1747(programlisting)
15040
#, no-wrap
15041
msgid ""
15042
"\n"
15043
"dn: olcDatabase={1}hdb,cn=config\n"
15044
"changetype: modify\n"
15045
"add: olcDbIndex\n"
15046
"olcDbIndex: uidNumber eq\n"
15047
"olcDbIndex: gidNumber eq\n"
15048
"olcDbIndex: loginShell eq\n"
15049
"olcDbIndex: uid eq,pres,sub\n"
15050
"olcDbIndex: memberUid eq,pres,sub\n"
15051
"olcDbIndex: uniqueMember eq,pres\n"
15052
"olcDbIndex: sambaSID eq\n"
15053
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15054
"olcDbIndex: sambaGroupType eq\n"
15055
"olcDbIndex: sambaSIDList eq\n"
15056
"olcDbIndex: sambaDomainName eq\n"
15057
"olcDbIndex: default sub\n"
15058
msgstr ""
15059
15060
#: serverguide/C/network-auth.xml:1765(para)
15061
msgid ""
15062
"Using the <application>ldapmodify</application> utility load the new indexes:"
15063
msgstr ""
15064
15065
#: serverguide/C/network-auth.xml:1770(command)
15066
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15067
msgstr ""
15068
15069
#: serverguide/C/network-auth.xml:1772(para)
15070
msgid ""
15071
"If all went well you should see the new indexes using "
15072
"<application>ldapsearch</application>:"
15073
msgstr ""
15074
15075
#: serverguide/C/network-auth.xml:1777(command)
15076
msgid ""
15077
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15078
msgstr ""
15079
15080
#: serverguide/C/network-auth.xml:1783(para)
15081
msgid ""
15082
"Next, configure the <application>smbldap-tools</application> package to "
15083
"match your environment. The package comes with a configuration script that "
15084
"will ask questions about the needed options. To run the script enter:"
15085
msgstr ""
15086
15087
#: serverguide/C/network-auth.xml:1789(command)
15088
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15089
msgstr "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15090
15091
#: serverguide/C/network-auth.xml:1790(command)
15092
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15093
msgstr "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15094
15095
#: serverguide/C/network-auth.xml:1793(para)
15096
msgid ""
15097
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
15098
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15099
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15100
"configure script, so if you made any mistakes while executing the script it "
15101
"may be simpler to edit the file appropriately."
15102
msgstr ""
15103
15104
#: serverguide/C/network-auth.xml:1803(para)
15105
msgid ""
15106
"The <application>smbldap-populate</application> script will add the "
15107
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15108
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15109
"<application>slapcat</application> before executing the command:"
15110
msgstr ""
15111
15112
#: serverguide/C/network-auth.xml:1810(command)
15113
msgid "sudo slapcat -l backup.ldif"
15114
msgstr "sudo slapcat -l backup.ldif"
15115
15116
#: serverguide/C/network-auth.xml:1816(para)
15117
msgid ""
15118
"Once you have a current backup execute <application>smbldap-"
15119
"populate</application> by entering:"
15120
msgstr ""
15121
15122
#: serverguide/C/network-auth.xml:1821(command)
15123
msgid "sudo smbldap-populate"
15124
msgstr "sudo smbldap-populate"
15125
15126
#: serverguide/C/network-auth.xml:1825(para)
15127
msgid ""
15128
"You can create an LDIF file containing the new Samba objects by executing "
15129
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15130
"look over the changes making sure everything is correct."
15131
msgstr ""
15132
15133
#: serverguide/C/network-auth.xml:1833(para)
15134
msgid ""
15135
"Your LDAP directory now has the necessary domain information to authenticate "
15136
"Samba users."
15137
msgstr ""
15138
15139
#: serverguide/C/network-auth.xml:1839(title)
15140
msgid "Samba Configuration"
15141
msgstr ""
15142
15143
#: serverguide/C/network-auth.xml:1841(para)
15144
msgid ""
15145
"There a multiple ways to configure Samba for details on some common "
15146
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15147
"Samba to use LDAP, edit the main Samba configuration file "
15148
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15149
"backend</emphasis> option and adding the following:"
15150
msgstr ""
15151
15152
#: serverguide/C/network-auth.xml:1847(programlisting)
15153
#, no-wrap
15154
msgid ""
15155
"\n"
15156
"# passdb backend = tdbsam\n"
15157
"\n"
15158
"# LDAP Settings\n"
15159
" passdb backend = ldapsam:ldap://hostname\n"
15160
" ldap suffix = dc=example,dc=com\n"
15161
" ldap user suffix = ou=People\n"
15162
" ldap group suffix = ou=Groups\n"
15163
" ldap machine suffix = ou=Computers\n"
15164
" ldap idmap suffix = ou=Idmap\n"
15165
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15166
" ldap ssl = start tls\n"
15167
" ldap passwd sync = yes\n"
15168
"...\n"
15169
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15170
msgstr ""
15171
15172
#: serverguide/C/network-auth.xml:1864(para)
15173
msgid "Restart <application>samba</application> to enable the new settings:"
15174
msgstr ""
15175
15176
#: serverguide/C/network-auth.xml:1873(para)
15177
msgid ""
15178
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15179
"enter:"
15180
msgstr ""
15181
15182
#: serverguide/C/network-auth.xml:1878(command)
15183
msgid "sudo smbpasswd -w secret"
15184
msgstr "sudo smbpasswd -w secret"
15185
15186
#: serverguide/C/network-auth.xml:1882(para)
15187
msgid ""
15188
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15189
"password."
15190
msgstr ""
15191
15192
#: serverguide/C/network-auth.xml:1887(para)
15193
msgid ""
15194
"If you currently have users in LDAP, and you want them to authenticate using "
15195
"Samba, they will need some Samba attributes defined in the "
15196
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15197
"users using the <application>smbpasswd</application> utility, replacing "
15198
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15199
msgstr ""
15200
15201
#: serverguide/C/network-auth.xml:1895(command)
15202
msgid "sudo smbpasswd -a username"
15203
msgstr "sudo smbpasswd -a nomusuari"
15204
15205
#: serverguide/C/network-auth.xml:1898(para)
15206
msgid "You will then be asked to enter the user's password."
15207
msgstr ""
15208
15209
#: serverguide/C/network-auth.xml:1902(para)
15210
msgid ""
15211
"To add new user, group, and machine accounts use the utilities from the "
15212
"<application>smbldap-tools</application> package. Here are some examples:"
15213
msgstr ""
15214
15215
#: serverguide/C/network-auth.xml:1909(para)
15216
msgid ""
15217
"To add a new user to LDAP with Samba attributes enter the following, "
15218
"replacing username with an actual username:"
15219
msgstr ""
15220
15221
#: serverguide/C/network-auth.xml:1913(command)
15222
msgid "sudo smbldap-useradd -a -P username"
15223
msgstr "sudo smbldap-useradd -a -P nomusuari"
15224
15225
#: serverguide/C/network-auth.xml:1915(para)
15226
msgid ""
15227
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15228
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15229
"passwd</application> utility after the user is created allowing you to enter "
15230
"a password for the user."
15231
msgstr ""
15232
15233
#: serverguide/C/network-auth.xml:1921(para)
15234
msgid "To remove a user from the directory enter:"
15235
msgstr ""
15236
15237
#: serverguide/C/network-auth.xml:1925(command)
15238
msgid "sudo smbldap-userdel username"
15239
msgstr "sudo smbldap-userdel nomusuari"
15240
15241
#: serverguide/C/network-auth.xml:1927(para)
15242
msgid ""
15243
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15244
"r</emphasis> option to remove the user's home directory."
15245
msgstr ""
15246
15247
#: serverguide/C/network-auth.xml:1932(para)
15248
msgid ""
15249
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15250
"groupname with an appropriate group:"
15251
msgstr ""
15252
15253
#: serverguide/C/network-auth.xml:1936(command)
15254
msgid "sudo smbldap-groupadd -a groupname"
15255
msgstr "sudo smbldap-groupadd -a nomgrup"
15256
15257
#: serverguide/C/network-auth.xml:1938(para)
15258
msgid ""
15259
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
15260
"a</emphasis> adds the Samba attributes."
15261
msgstr ""
15262
15263
#: serverguide/C/network-auth.xml:1943(para)
15264
msgid ""
15265
"To add a user to a group use <application>smbldap-groupmod</application>:"
15266
msgstr ""
15267
15268
#: serverguide/C/network-auth.xml:1947(command)
15269
msgid "sudo smbldap-groupmod -m username groupname"
15270
msgstr "sudo smbldap-groupmod -m nomusuari nomgrup"
15271
15272
#: serverguide/C/network-auth.xml:1949(para)
15273
msgid ""
15274
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15275
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15276
"listing them in <emphasis>comma separated</emphasis> format."
15277
msgstr ""
15278
15279
#: serverguide/C/network-auth.xml:1955(para)
15280
msgid ""
15281
"<application>smbldap-groupmod</application> can also be used to remove a "
15282
"user from a group:"
15283
msgstr ""
15284
15285
#: serverguide/C/network-auth.xml:1959(command)
15286
msgid "sudo smbldap-groupmod -x username groupname"
15287
msgstr "sudo smbldap-groupmod -x nomusuari nomgrup"
15288
15289
#: serverguide/C/network-auth.xml:1963(para)
15290
msgid ""
15291
"Additionally, the <application>smbldap-useradd</application> utility can add "
15292
"Samba machine accounts:"
15293
msgstr ""
15294
15295
#: serverguide/C/network-auth.xml:1967(command)
15296
msgid "sudo smbldap-useradd -t 0 -w username"
15297
msgstr "sudo smbldap-useradd -t 0 -w nomusuari"
15298
15299
#: serverguide/C/network-auth.xml:1969(para)
15300
msgid ""
15301
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15302
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15303
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15304
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15305
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15306
"<application>smbldap-useradd</application>."
15307
msgstr ""
15308
15309
#: serverguide/C/network-auth.xml:1978(para)
15310
msgid ""
15311
"There are more useful utilities and options in the <application>smbldap-"
15312
"tools</application> package. The man page for each utility provides more "
15313
"details."
15314
msgstr ""
15315
15316
#: serverguide/C/network-auth.xml:1989(para)
15317
msgid ""
15318
"There are multiple places where LDAP and Samba is documented in the <ulink "
15319
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15320
"Collection</ulink>."
15321
msgstr ""
15322
15323
#: serverguide/C/network-auth.xml:1995(para)
15324
msgid ""
15325
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15326
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15327
msgstr ""
15328
15329
#: serverguide/C/network-auth.xml:2001(para)
15330
msgid ""
15331
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15332
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15333
msgstr ""
15334
15335
#: serverguide/C/network-auth.xml:2007(para)
15336
msgid ""
15337
"Again, for more information on <application>smbldap-tools</application> see "
15338
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15339
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15340
msgstr ""
15341
15342
#: serverguide/C/network-auth.xml:2014(para)
15343
msgid ""
15344
"Also, there is a list of <ulink "
15345
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15346
"wiki</ulink> articles with more information."
15347
msgstr ""
15348
15349
#: serverguide/C/network-auth.xml:2023(title)
15350
msgid "Kerberos"
15351
msgstr "Kerberos"
15352
15353
#: serverguide/C/network-auth.xml:2025(para)
15354
msgid ""
15355
"<application>Kerberos</application> is a network authentication system based "
15356
"on the principal of a trusted third party. The other two parties being the "
15357
"user and the service the user wishes to authenticate to. Not all services "
15358
"and applications can use Kerberos, but for those that can, it brings the "
15359
"network environment one step closer to being Single Sign On (SSO)."
15360
msgstr ""
15361
15362
#: serverguide/C/network-auth.xml:2031(para)
15363
msgid ""
15364
"This section covers installation and configuration of a Kerberos server, and "
15365
"some example client configurations."
15366
msgstr ""
15367
15368
#: serverguide/C/network-auth.xml:2038(para)
15369
msgid ""
15370
"If you are new to Kerberos there are a few terms that are good to understand "
15371
"before setting up a Kerberos server. Most of the terms will relate to things "
15372
"you may be familiar with in other environments:"
15373
msgstr ""
15374
15375
#: serverguide/C/network-auth.xml:2045(para)
15376
msgid ""
15377
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15378
"by servers need to be defined as Kerberos Principals."
15379
msgstr ""
15380
15381
#: serverguide/C/network-auth.xml:2050(para)
15382
msgid ""
15383
"<emphasis>Instances:</emphasis> are used for service principals and special "
15384
"administrative principals."
15385
msgstr ""
15386
15387
#: serverguide/C/network-auth.xml:2055(para)
15388
msgid ""
15389
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15390
"Kerberos installation. Usually the DNS domain converted to uppercase "
15391
"(EXAMPLE.COM)."
15392
msgstr ""
15393
15394
#: serverguide/C/network-auth.xml:2061(para)
15395
msgid ""
15396
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15397
"a database of all principals, the authentication server, and the ticket "
15398
"granting server. For each realm there must be at least one KDC."
15399
msgstr ""
15400
15401
#: serverguide/C/network-auth.xml:2067(para)
15402
msgid ""
15403
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15404
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15405
"password which is known only to the user and the KDC."
15406
msgstr ""
15407
15408
#: serverguide/C/network-auth.xml:2073(para)
15409
msgid ""
15410
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15411
"clients upon request."
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:2078(para)
15415
msgid ""
15416
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15417
"One principal being a user and the other a service requested by the user. "
15418
"Tickets establish an encryption key used for secure communication during the "
15419
"authenticated session."
15420
msgstr ""
15421
15422
#: serverguide/C/network-auth.xml:2084(para)
15423
msgid ""
15424
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15425
"principal database and contain the encryption key for a service or host."
15426
msgstr ""
15427
15428
#: serverguide/C/network-auth.xml:2091(para)
15429
msgid ""
15430
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15431
"redundancy, which contains a database of Principals. When a user principal "
15432
"logs into a workstation, configured for Kerberos authentication, the KDC "
15433
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15434
"match, the user is authenticated and can then request tickets for Kerberized "
15435
"services from the Ticket Granting Server (TGS). The service tickets allow "
15436
"the user to authenticate to the service without entering another username "
15437
"and password."
15438
msgstr ""
15439
15440
#: serverguide/C/network-auth.xml:2100(title)
15441
msgid "Kerberos Server"
15442
msgstr ""
15443
15444
#: serverguide/C/network-auth.xml:2104(para)
15445
msgid ""
15446
"Before installing the Kerberos server a properly configured DNS server is "
15447
"needed for your domain. Since the Kerberos Realm by convention matches the "
15448
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15449
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15450
msgstr ""
15451
15452
#: serverguide/C/network-auth.xml:2110(para)
15453
msgid ""
15454
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15455
"between a client machine and the server differs by more than five minutes "
15456
"(by default), the workstation will not be able to authenticate. To correct "
15457
"the problem all hosts should have their time synchronized using the "
15458
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15459
"NTP see <xref linkend=\"NTP\"/>."
15460
msgstr ""
15461
15462
#: serverguide/C/network-auth.xml:2117(para)
15463
msgid ""
15464
"The first step in installing a Kerberos Realm is to install the "
15465
"<application>krb5-kdc</application> and <application>krb5-admin-"
15466
"server</application> packages. From a terminal enter:"
15467
msgstr ""
15468
15469
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15470
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15471
msgstr "sudo apt-get install krb5-kdc krb5-admin-server"
15472
15473
#: serverguide/C/network-auth.xml:2126(para)
15474
msgid ""
15475
"You will be asked at the end of the install to supply a name for the "
15476
"Kerberos and Admin servers, which may or may not be the same server, for the "
15477
"realm."
15478
msgstr ""
15479
15480
#: serverguide/C/network-auth.xml:2131(para)
15481
msgid ""
15482
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15483
"utility:"
15484
msgstr ""
15485
15486
#: serverguide/C/network-auth.xml:2136(command)
15487
msgid "sudo krb5_newrealm"
15488
msgstr "sudo krb5_newrealm"
15489
15490
#: serverguide/C/network-auth.xml:2143(para)
15491
msgid ""
15492
"The questions asked during installation are used to configure the "
15493
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15494
"Distribution Center (KDC) settings simply edit the file and restart the "
15495
"<application>krb5-kdc</application> daemon."
15496
msgstr ""
15497
15498
#: serverguide/C/network-auth.xml:2151(para)
15499
msgid ""
15500
"Now that the KDC running an admin user is needed. It is recommended to use a "
15501
"different username from your everyday username. Using the "
15502
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15503
msgstr ""
15504
15505
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15506
msgid "sudo kadmin.local"
15507
msgstr "sudo kadmin.local"
15508
15509
#: serverguide/C/network-auth.xml:2158(computeroutput)
15510
#, no-wrap
15511
msgid ""
15512
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15513
"kadmin.local:"
15514
msgstr ""
15515
15516
#: serverguide/C/network-auth.xml:2159(userinput)
15517
#, no-wrap
15518
msgid " addprinc steve/admin"
15519
msgstr ""
15520
15521
#: serverguide/C/network-auth.xml:2160(computeroutput)
15522
#, no-wrap
15523
msgid ""
15524
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15525
"policy\n"
15526
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15527
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15528
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15529
"kadmin.local:"
15530
msgstr ""
15531
15532
#: serverguide/C/network-auth.xml:2164(userinput)
15533
#, no-wrap
15534
msgid " quit"
15535
msgstr ""
15536
15537
#: serverguide/C/network-auth.xml:2167(para)
15538
msgid ""
15539
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15540
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15541
"is an <emphasis>Instance</emphasis>, and <emphasis "
15542
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15543
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15544
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15545
"rights."
15546
msgstr ""
15547
15548
#: serverguide/C/network-auth.xml:2175(para)
15549
msgid ""
15550
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15551
"your Realm and admin username."
15552
msgstr ""
15553
15554
#: serverguide/C/network-auth.xml:2183(para)
15555
msgid ""
15556
"Next, the new admin user needs to have the appropriate Access Control List "
15557
"(ACL) permissions. The permissions are configured in the "
15558
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15559
msgstr ""
15560
15561
#: serverguide/C/network-auth.xml:2188(programlisting)
15562
#, no-wrap
15563
msgid ""
15564
"\n"
15565
"steve/admin@EXAMPLE.COM *\n"
15566
msgstr ""
15567
15568
#: serverguide/C/network-auth.xml:2192(para)
15569
msgid ""
15570
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15571
"any operation on all principals in the realm."
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:2199(para)
15575
msgid ""
15576
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15577
"to take affect:"
15578
msgstr ""
15579
15580
#: serverguide/C/network-auth.xml:2204(command)
15581
msgid "sudo /etc/init.d/krb5-admin-server restart"
15582
msgstr "sudo /etc/init.d/krb5-admin-server restart"
15583
15584
#: serverguide/C/network-auth.xml:2210(para)
15585
msgid ""
15586
"The new user principal can be tested using the <application>kinit "
15587
"utility</application>:"
15588
msgstr ""
15589
15590
#: serverguide/C/network-auth.xml:2215(command)
15591
msgid "kinit steve/admin"
15592
msgstr ""
15593
15594
#: serverguide/C/network-auth.xml:2216(computeroutput)
15595
#, no-wrap
15596
msgid "steve/admin@EXAMPLE.COM's Password:"
15597
msgstr ""
15598
15599
#: serverguide/C/network-auth.xml:2219(para)
15600
msgid ""
15601
"After entering the password, use the <application>klist</application> "
15602
"utility to view information about the Ticket Granting Ticket (TGT):"
15603
msgstr ""
15604
15605
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15606
msgid "klist"
15607
msgstr ""
15608
15609
#: serverguide/C/network-auth.xml:2226(computeroutput)
15610
#, no-wrap
15611
msgid ""
15612
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15613
" Principal: steve/admin@EXAMPLE.COM\n"
15614
"\n"
15615
" Issued Expires Principal\n"
15616
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15617
msgstr ""
15618
15619
#: serverguide/C/network-auth.xml:2233(para)
15620
msgid ""
15621
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15622
"the KDC. For example:"
15623
msgstr ""
15624
15625
#: serverguide/C/network-auth.xml:2237(programlisting)
15626
#, no-wrap
15627
msgid ""
15628
"\n"
15629
"192.168.0.1 kdc01.example.com kdc01\n"
15630
msgstr ""
15631
15632
#: serverguide/C/network-auth.xml:2241(para)
15633
msgid ""
15634
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15635
msgstr ""
15636
15637
#: serverguide/C/network-auth.xml:2248(para)
15638
msgid ""
15639
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15640
"are needed. Add the following to "
15641
"<filename>/etc/named/db.example.com</filename>:"
15642
msgstr ""
15643
15644
#: serverguide/C/network-auth.xml:2253(programlisting)
15645
#, no-wrap
15646
msgid ""
15647
"\n"
15648
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15649
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15650
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15651
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15652
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15653
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15654
msgstr ""
15655
15656
#: serverguide/C/network-auth.xml:2263(para)
15657
msgid ""
15658
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15659
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15660
"KDC."
15661
msgstr ""
15662
15663
#: serverguide/C/network-auth.xml:2269(para)
15664
msgid ""
15665
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15666
msgstr ""
15667
15668
#: serverguide/C/network-auth.xml:2276(para)
15669
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15670
msgstr ""
15671
15672
#: serverguide/C/network-auth.xml:2283(title)
15673
msgid "Secondary KDC"
15674
msgstr ""
15675
15676
#: serverguide/C/network-auth.xml:2285(para)
15677
msgid ""
15678
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15679
"practice to have a Secondary KDC in case the primary becomes unavailable."
15680
msgstr ""
15681
15682
#: serverguide/C/network-auth.xml:2293(para)
15683
msgid ""
15684
"First, install the packages, and when asked for the Kerberos and Admin "
15685
"server names enter the name of the Primary KDC:"
15686
msgstr ""
15687
15688
#: serverguide/C/network-auth.xml:2304(para)
15689
msgid ""
15690
"Once you have the packages installed, create the Secondary KDC's host "
15691
"principal. From a terminal prompt, enter:"
15692
msgstr ""
15693
15694
#: serverguide/C/network-auth.xml:2309(command)
15695
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15696
msgstr ""
15697
15698
#: serverguide/C/network-auth.xml:2313(para)
15699
msgid ""
15700
"After, issuing any <application>kadmin</application> commands you will be "
15701
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15702
"password."
15703
msgstr ""
15704
15705
#: serverguide/C/network-auth.xml:2322(para)
15706
msgid "Extract the <emphasis>keytab</emphasis> file:"
15707
msgstr ""
15708
15709
#: serverguide/C/network-auth.xml:2327(command)
15710
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15711
msgstr ""
15712
15713
#: serverguide/C/network-auth.xml:2333(para)
15714
msgid ""
15715
"There should now be a <filename>keytab.kdc02</filename> in the current "
15716
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15717
msgstr ""
15718
15719
#: serverguide/C/network-auth.xml:2339(command)
15720
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15721
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
15722
15723
#: serverguide/C/network-auth.xml:2343(para)
15724
msgid ""
15725
"If the path to the <filename>keytab.kdc02</filename> file is different "
15726
"adjust accordingly."
15727
msgstr ""
15728
15729
#: serverguide/C/network-auth.xml:2348(para)
15730
msgid ""
15731
"Also, you can list the principals in a Keytab file, which can be useful when "
15732
"troubleshooting, using the <application>klist</application> utility:"
15733
msgstr ""
15734
15735
#: serverguide/C/network-auth.xml:2354(command)
15736
msgid "sudo klist -k /etc/krb5.keytab"
15737
msgstr "sudo klist -k /etc/krb5.keytab"
15738
15739
#: serverguide/C/network-auth.xml:2360(para)
15740
msgid ""
15741
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15742
"that lists all KDCs for the Realm. For example, on both primary and "
15743
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15744
msgstr ""
15745
15746
#: serverguide/C/network-auth.xml:2365(programlisting)
15747
#, no-wrap
15748
msgid ""
15749
"\n"
15750
"host/kdc01.example.com@EXAMPLE.COM\n"
15751
"host/kdc02.example.com@EXAMPLE.COM\n"
15752
msgstr ""
15753
15754
#: serverguide/C/network-auth.xml:2373(para)
15755
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15756
msgstr ""
15757
15758
#: serverguide/C/network-auth.xml:2378(command)
15759
msgid "sudo kdb5_util -s create"
15760
msgstr "sudo kdb5_util -s create"
15761
15762
#: serverguide/C/network-auth.xml:2384(para)
15763
msgid ""
15764
"Now start the <application>kpropd</application> daemon, which listens for "
15765
"connections from the <application>kprop</application> utility. "
15766
"<application>kprop</application> is used to transfer dump files:"
15767
msgstr ""
15768
15769
#: serverguide/C/network-auth.xml:2391(command)
15770
msgid "sudo kpropd -S"
15771
msgstr "sudo kpropd -S"
15772
15773
#: serverguide/C/network-auth.xml:2397(para)
15774
msgid ""
15775
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15776
"of the principal database:"
15777
msgstr ""
15778
15779
#: serverguide/C/network-auth.xml:2402(command)
15780
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15781
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15782
15783
#: serverguide/C/network-auth.xml:2408(para)
15784
msgid ""
15785
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15786
"<filename>/etc/krb5.keytab</filename>:"
15787
msgstr ""
15788
15789
#: serverguide/C/network-auth.xml:2413(command)
15790
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15791
msgstr ""
15792
15793
#: serverguide/C/network-auth.xml:2414(command)
15794
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15795
msgstr ""
15796
15797
#: serverguide/C/network-auth.xml:2418(para)
15798
msgid ""
15799
"Make sure there is a <emphasis>host</emphasis> for "
15800
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15801
msgstr ""
15802
15803
#: serverguide/C/network-auth.xml:2426(para)
15804
msgid ""
15805
"Using the <application>kprop</application> utility push the database to the "
15806
"Secondary KDC:"
15807
msgstr ""
15808
15809
#: serverguide/C/network-auth.xml:2431(command)
15810
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15811
msgstr "sudo kprop -r EXEMPLE.CAT -f /var/lib/krb5kdc/dump kdc02.exemple.cat"
15812
15813
#: serverguide/C/network-auth.xml:2435(para)
15814
msgid ""
15815
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15816
"worked. If there is an error message check "
15817
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15818
"information."
15819
msgstr ""
15820
15821
#: serverguide/C/network-auth.xml:2441(para)
15822
msgid ""
15823
"You may also want to create a <application>cron</application> job to "
15824
"periodically update the database on the Secondary KDC. For example, the "
15825
"following will push the database every hour:"
15826
msgstr ""
15827
15828
#: serverguide/C/network-auth.xml:2446(programlisting)
15829
#, no-wrap
15830
msgid ""
15831
"\n"
15832
"# m h dom mon dow command\n"
15833
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15834
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15835
msgstr ""
15836
15837
#: serverguide/C/network-auth.xml:2454(para)
15838
msgid ""
15839
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15840
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15841
msgstr ""
15842
15843
#: serverguide/C/network-auth.xml:2460(command)
15844
msgid "sudo kdb5_util stash"
15845
msgstr "sudo kdb5_util stash"
15846
15847
#: serverguide/C/network-auth.xml:2466(para)
15848
msgid ""
15849
"Finally, start the <application>krb5-kdc</application> daemon on the "
15850
"Secondary KDC:"
15851
msgstr ""
15852
15853
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15854
msgid "sudo /etc/init.d/krb5-kdc start"
15855
msgstr "sudo /etc/init.d/krb5-kdc start"
15856
15857
#: serverguide/C/network-auth.xml:2477(para)
15858
msgid ""
15859
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15860
"for the Realm. You can test this by stopping the <application>krb5-"
15861
"kdc</application> daemon on the Primary KDC, then use "
15862
"<application>kinit</application> to request a ticket. If all goes well you "
15863
"should receive a ticket from the Secondary KDC."
15864
msgstr ""
15865
15866
#: serverguide/C/network-auth.xml:2485(title)
15867
msgid "Kerberos Linux Client"
15868
msgstr ""
15869
15870
#: serverguide/C/network-auth.xml:2487(para)
15871
msgid ""
15872
"This section covers configuring a Linux system as a "
15873
"<application>Kerberos</application> client. This will allow access to any "
15874
"kerberized services once a user has successfully logged into the system."
15875
msgstr ""
15876
15877
#: serverguide/C/network-auth.xml:2495(para)
15878
msgid ""
15879
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15880
"user</application> and <application>libpam-krb5</application> packages are "
15881
"needed, along with a few others that are not strictly necessary but make "
15882
"life easier. To install the packages enter the following in a terminal "
15883
"prompt:"
15884
msgstr ""
15885
15886
#: serverguide/C/network-auth.xml:2502(command)
15887
msgid ""
15888
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15889
msgstr ""
15890
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15891
15892
#: serverguide/C/network-auth.xml:2505(para)
15893
msgid ""
15894
"The <application>auth-client-config</application> package allows simple "
15895
"configuration of PAM for authentication from multiple sources, and the "
15896
"<application>libpam-ccreds</application> will cache authentication "
15897
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15898
"is unavailable. This package is also useful for laptops that may "
15899
"authenticate using Kerberos while on the corporate network, but will need to "
15900
"be accessed off the network as well."
15901
msgstr ""
15902
15903
#: serverguide/C/network-auth.xml:2516(para)
15904
msgid "To configure the client in a terminal enter:"
15905
msgstr ""
15906
15907
#: serverguide/C/network-auth.xml:2521(command)
15908
msgid "sudo dpkg-reconfigure krb5-config"
15909
msgstr "sudo dpkg-reconfigure krb5-config"
15910
15911
#: serverguide/C/network-auth.xml:2524(para)
15912
msgid ""
15913
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15914
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15915
"records, the menu will prompt you for the hostname of the Key Distribution "
15916
"Center (KDC) and Realm Administration server."
15917
msgstr ""
15918
15919
#: serverguide/C/network-auth.xml:2530(para)
15920
msgid ""
15921
"The <application>dpkg-reconfigure</application> adds entries to the "
15922
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15923
"entries similar to the following:"
15924
msgstr ""
15925
15926
#: serverguide/C/network-auth.xml:2535(programlisting)
15927
#, no-wrap
15928
msgid ""
15929
"\n"
15930
"[libdefaults]\n"
15931
" default_realm = EXAMPLE.COM\n"
15932
"...\n"
15933
"[realms]\n"
15934
" EXAMPLE.COM = } \n"
15935
" kdc = 192.168.0.1 \n"
15936
" admin_server = 192.168.0.1\n"
15937
" }\n"
15938
msgstr ""
15939
15940
#: serverguide/C/network-auth.xml:2546(para)
15941
msgid ""
15942
"You can test the configuration by requesting a ticket using the "
15943
"<application>kinit</application> utility. For example:"
15944
msgstr ""
15945
15946
#: serverguide/C/network-auth.xml:2551(command)
15947
msgid "kinit steve@EXAMPLE.COM"
15948
msgstr ""
15949
15950
#: serverguide/C/network-auth.xml:2552(computeroutput)
15951
#, no-wrap
15952
msgid "Password for steve@EXAMPLE.COM:"
15953
msgstr ""
15954
15955
#: serverguide/C/network-auth.xml:2555(para)
15956
msgid ""
15957
"When a ticket has been granted, the details can be viewed using "
15958
"<application>klist</application>:"
15959
msgstr ""
15960
15961
#: serverguide/C/network-auth.xml:2561(computeroutput)
15962
#, no-wrap
15963
msgid ""
15964
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15965
"Default principal: steve@EXAMPLE.COM\n"
15966
"\n"
15967
"Valid starting Expires Service principal\n"
15968
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15969
" renew until 07/25/08 05:18:57\n"
15970
"\n"
15971
"\n"
15972
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15973
"klist: You have no tickets cached"
15974
msgstr ""
15975
15976
#: serverguide/C/network-auth.xml:2573(para)
15977
msgid ""
15978
"Next, use the <application>auth-client-config</application> to configure the "
15979
"<application>libpam-krb5</application> module to request a ticket during "
15980
"login:"
15981
msgstr ""
15982
15983
#: serverguide/C/network-auth.xml:2579(command)
15984
msgid "sudo auth-client-config -a -p kerberos_example"
15985
msgstr "sudo auth-client-config -a -p exemple_kerberos"
15986
15987
#: serverguide/C/network-auth.xml:2582(para)
15988
msgid ""
15989
"You will should now receive a ticket upon successful login authentication."
15990
msgstr ""
15991
15992
#: serverguide/C/network-auth.xml:2593(para)
15993
msgid ""
15994
"For more information on Kerberos see the <ulink "
15995
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15996
msgstr ""
15997
15998
#: serverguide/C/network-auth.xml:2598(para)
15999
msgid ""
16000
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
16001
"Kerberos</ulink> page has more details."
16002
msgstr ""
16003
16004
#: serverguide/C/network-auth.xml:2603(para)
16005
msgid ""
16006
"O'Reilly's <ulink "
16007
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
16008
"Guide</ulink> is a great reference when setting up Kerberos."
16009
msgstr ""
16010
16011
#: serverguide/C/network-auth.xml:2609(para)
16012
msgid ""
16013
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
16014
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
16015
"Kerberos questions."
16016
msgstr ""
16017
16018
#: serverguide/C/network-auth.xml:2619(title)
16019
msgid "Kerberos and LDAP"
16020
msgstr ""
16021
16022
#: serverguide/C/network-auth.xml:2621(para)
16023
msgid ""
16024
"Replicating a Kerberos principal database between two servers can be "
16025
"complicated, and adds an additional user database to your network. "
16026
"Fortunately, MIT Kerberos can be configured to use an "
16027
"<application>LDAP</application> directory as a principal database. This "
16028
"section covers configuring a primary and secondary kerberos server to use "
16029
"<application>OpenLDAP</application> for the principal database."
16030
msgstr ""
16031
16032
#: serverguide/C/network-auth.xml:2629(title)
16033
msgid "Configuring OpenLDAP"
16034
msgstr ""
16035
16036
#: serverguide/C/network-auth.xml:2631(para)
16037
msgid ""
16038
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
16039
"<application>OpenLDAP</application> server that has network connectivity to "
16040
"the Primary and Secondary KDCs. The rest of this section assumes that you "
16041
"also have LDAP replication configured between at least two servers. For "
16042
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
16043
msgstr ""
16044
16045
#: serverguide/C/network-auth.xml:2638(para)
16046
msgid ""
16047
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
16048
"that traffic between the KDC and LDAP server is encrypted. See <xref "
16049
"linkend=\"openldap-tls\"/> for details."
16050
msgstr ""
16051
16052
#: serverguide/C/network-auth.xml:2645(para)
16053
msgid ""
16054
"To load the schema into LDAP, on the LDAP server install the "
16055
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
16056
msgstr ""
16057
16058
#: serverguide/C/network-auth.xml:2651(command)
16059
msgid "sudo apt-get install krb5-kdc-ldap"
16060
msgstr "sudo apt-get install krb5-kdc-ldap"
16061
16062
#: serverguide/C/network-auth.xml:2656(para)
16063
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
16064
msgstr ""
16065
16066
#: serverguide/C/network-auth.xml:2661(command)
16067
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16068
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16069
16070
#: serverguide/C/network-auth.xml:2662(command)
16071
msgid ""
16072
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16073
msgstr ""
16074
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16075
16076
#: serverguide/C/network-auth.xml:2668(para)
16077
msgid ""
16078
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16079
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16080
"<application>slapd</application> is also detailed in <xref "
16081
"linkend=\"openldap-configuration\"/>."
16082
msgstr ""
16083
16084
#: serverguide/C/network-auth.xml:2681(programlisting)
16085
#, no-wrap
16086
msgid ""
16087
"\n"
16088
"include /etc/ldap/schema/core.schema\n"
16089
"include /etc/ldap/schema/collective.schema\n"
16090
"include /etc/ldap/schema/corba.schema\n"
16091
"include /etc/ldap/schema/cosine.schema\n"
16092
"include /etc/ldap/schema/duaconf.schema\n"
16093
"include /etc/ldap/schema/dyngroup.schema\n"
16094
"include /etc/ldap/schema/inetorgperson.schema\n"
16095
"include /etc/ldap/schema/java.schema\n"
16096
"include /etc/ldap/schema/misc.schema\n"
16097
"include /etc/ldap/schema/nis.schema\n"
16098
"include /etc/ldap/schema/openldap.schema\n"
16099
"include /etc/ldap/schema/ppolicy.schema\n"
16100
"include /etc/ldap/schema/kerberos.schema\n"
16101
msgstr ""
16102
16103
#: serverguide/C/network-auth.xml:2701(para)
16104
msgid "Create a temporary directory to hold the LDIF files:"
16105
msgstr ""
16106
16107
#: serverguide/C/network-auth.xml:2716(command)
16108
msgid ""
16109
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16110
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16111
msgstr ""
16112
16113
#: serverguide/C/network-auth.xml:2726(para)
16114
msgid ""
16115
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16116
"changing the following attributes:"
16117
msgstr ""
16118
16119
#: serverguide/C/network-auth.xml:2730(programlisting)
16120
#, no-wrap
16121
msgid ""
16122
"\n"
16123
"dn: cn=kerberos,cn=schema,cn=config\n"
16124
"...\n"
16125
"cn: kerberos\n"
16126
msgstr ""
16127
16128
#: serverguide/C/network-auth.xml:2736(para)
16129
msgid "And remove the following lines from the end of the file:"
16130
msgstr ""
16131
16132
#: serverguide/C/network-auth.xml:2740(programlisting)
16133
#, no-wrap
16134
msgid ""
16135
"\n"
16136
"structuralObjectClass: olcSchemaConfig\n"
16137
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16138
"creatorsName: cn=config\n"
16139
"createTimestamp: 20090111203515Z\n"
16140
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16141
"modifiersName: cn=config\n"
16142
"modifyTimestamp: 20090111203515Z\n"
16143
msgstr ""
16144
16145
#: serverguide/C/network-auth.xml:2759(para)
16146
msgid "Load the new schema with <application>ldapadd</application>:"
16147
msgstr ""
16148
16149
#: serverguide/C/network-auth.xml:2764(command)
16150
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16151
msgstr ""
16152
16153
#: serverguide/C/network-auth.xml:2770(para)
16154
msgid ""
16155
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16156
msgstr ""
16157
16158
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
16159
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16160
msgstr ""
16161
16162
#: serverguide/C/network-auth.xml:2777(userinput)
16163
#, no-wrap
16164
msgid ""
16165
"dn: olcDatabase={1}hdb,cn=config\n"
16166
"add: olcDbIndex\n"
16167
"olcDbIndex: krbPrincipalName eq,pres,sub"
16168
msgstr ""
16169
16170
#: serverguide/C/network-auth.xml:2776(computeroutput)
16171
#, no-wrap
16172
msgid ""
16173
"Enter LDAP Password:\n"
16174
"<placeholder-1/>\n"
16175
"\n"
16176
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16177
msgstr ""
16178
16179
#: serverguide/C/network-auth.xml:2787(para)
16180
msgid "Finally, update the Access Control Lists (ACL):"
16181
msgstr ""
16182
16183
#: serverguide/C/network-auth.xml:2794(userinput)
16184
#, no-wrap
16185
msgid ""
16186
"dn: olcDatabase={1}hdb,cn=config\n"
16187
"replace: olcAccess\n"
16188
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16189
"dn=\"cn=admin,dc=exampl\n"
16190
" e,dc=com\" write by anonymous auth by self write by * none\n"
16191
"-\n"
16192
"add: olcAccess\n"
16193
"olcAccess: to dn.base=\"\" by * read\n"
16194
"-\n"
16195
"add: olcAccess\n"
16196
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16197
msgstr ""
16198
16199
#: serverguide/C/network-auth.xml:2793(computeroutput)
16200
#, no-wrap
16201
msgid ""
16202
"Enter LDAP Password: \n"
16203
"<placeholder-1/>\n"
16204
"\n"
16205
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16206
msgstr ""
16207
16208
#: serverguide/C/network-auth.xml:2814(para)
16209
msgid ""
16210
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16211
"database."
16212
msgstr ""
16213
16214
#: serverguide/C/network-auth.xml:2820(title)
16215
msgid "Primary KDC Configuration"
16216
msgstr ""
16217
16218
#: serverguide/C/network-auth.xml:2822(para)
16219
msgid ""
16220
"With <application>OpenLDAP</application> configured it is time to configure "
16221
"the KDC."
16222
msgstr ""
16223
16224
#: serverguide/C/network-auth.xml:2828(para)
16225
msgid "First, install the necessary packages, from a terminal enter:"
16226
msgstr ""
16227
16228
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
16229
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16230
msgstr "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16231
16232
#: serverguide/C/network-auth.xml:2839(para)
16233
msgid ""
16234
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16235
"under the appropriate sections:"
16236
msgstr ""
16237
16238
#: serverguide/C/network-auth.xml:2843(programlisting)
16239
#, no-wrap
16240
msgid ""
16241
"\n"
16242
"[libdefaults]\n"
16243
" default_realm = EXAMPLE.COM\n"
16244
"\n"
16245
"...\n"
16246
"\n"
16247
"[realms]\n"
16248
" EXAMPLE.COM = {\n"
16249
" kdc = kdc01.example.com\n"
16250
" kdc = kdc02.example.com\n"
16251
" admin_server = kdc01.example.com\n"
16252
" admin_server = kdc02.example.com\n"
16253
" default_domain = example.com\n"
16254
" database_module = openldap_ldapconf\n"
16255
" }\n"
16256
"\n"
16257
"...\n"
16258
"\n"
16259
"[domain_realm]\n"
16260
" .example.com = EXAMPLE.COM\n"
16261
"\n"
16262
"\n"
16263
"...\n"
16264
"\n"
16265
"[dbdefaults]\n"
16266
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16267
"\n"
16268
"[dbmodules]\n"
16269
" openldap_ldapconf = {\n"
16270
" db_library = kldap\n"
16271
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16272
"\n"
16273
" # this object needs to have read rights on\n"
16274
" # the realm container, principal container and realm sub-"
16275
"trees\n"
16276
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16277
"\n"
16278
" # this object needs to have read and write rights on\n"
16279
" # the realm container, principal container and realm sub-"
16280
"trees\n"
16281
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16282
" ldap_servers = ldaps://ldap01.example.com "
16283
"ldaps://ldap02.example.com\n"
16284
" ldap_conns_per_server = 5\n"
16285
" }\n"
16286
msgstr ""
16287
16288
#: serverguide/C/network-auth.xml:2888(para)
16289
msgid ""
16290
"Change <emphasis>example.com</emphasis>, "
16291
"<emphasis>dc=example,dc=com</emphasis>, "
16292
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16293
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16294
"object, and LDAP server for your network."
16295
msgstr ""
16296
16297
#: serverguide/C/network-auth.xml:2897(para)
16298
msgid ""
16299
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16300
"the realm:"
16301
msgstr ""
16302
16303
#: serverguide/C/network-auth.xml:2902(command)
16304
msgid ""
16305
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16306
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16307
msgstr ""
16308
16309
#: serverguide/C/network-auth.xml:2908(para)
16310
msgid ""
16311
"Create a stash of the password used to bind to the LDAP server. This "
16312
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16313
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16314
"<filename>/etc/krb5.conf</filename>:"
16315
msgstr ""
16316
16317
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
16318
msgid ""
16319
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16320
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16321
msgstr ""
16322
16323
#: serverguide/C/network-auth.xml:2920(para)
16324
msgid "Copy the CA certificate from the LDAP server:"
16325
msgstr ""
16326
16327
#: serverguide/C/network-auth.xml:2925(command)
16328
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16329
msgstr ""
16330
16331
#: serverguide/C/network-auth.xml:2926(command)
16332
msgid "sudo cp cacert.pem /etc/ssl/certs"
16333
msgstr "sudo cp cacert.pem /etc/ssl/certs"
16334
16335
#: serverguide/C/network-auth.xml:2929(para)
16336
msgid ""
16337
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16338
msgstr ""
16339
16340
#: serverguide/C/network-auth.xml:2933(programlisting)
16341
#, no-wrap
16342
msgid ""
16343
"\n"
16344
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16345
msgstr ""
16346
16347
#: serverguide/C/network-auth.xml:2938(para)
16348
msgid ""
16349
"The certificate will also need to be copied to the Secondary KDC, to allow "
16350
"the connection to the LDAP servers using LDAPS."
16351
msgstr ""
16352
16353
#: serverguide/C/network-auth.xml:2947(para)
16354
msgid ""
16355
"You can now add Kerberos principals to the LDAP database, and they will be "
16356
"copied to any other LDAP servers configured for replication. To add a "
16357
"principal using the <application>kadmin.local</application> utility enter:"
16358
msgstr ""
16359
16360
#: serverguide/C/network-auth.xml:2955(userinput)
16361
#, no-wrap
16362
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16363
msgstr ""
16364
16365
#: serverguide/C/network-auth.xml:2954(computeroutput)
16366
#, no-wrap
16367
msgid ""
16368
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16369
"kadmin.local: <placeholder-1/>\n"
16370
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16371
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16372
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16373
"Principal \"steve@EXAMPLE.COM\" created."
16374
msgstr ""
16375
16376
#: serverguide/C/network-auth.xml:2962(para)
16377
msgid ""
16378
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16379
"krbExtraData attributes added to the "
16380
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16381
"the <application>kinit</application> and <application>klist</application> "
16382
"utilities to test that the user is indeed issued a ticket."
16383
msgstr ""
16384
16385
#: serverguide/C/network-auth.xml:2969(para)
16386
msgid ""
16387
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16388
"option is needed to add the Kerberos attributes. Otherwise a new "
16389
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16390
msgstr ""
16391
16392
#: serverguide/C/network-auth.xml:2977(title)
16393
msgid "Secondary KDC Configuration"
16394
msgstr ""
16395
16396
#: serverguide/C/network-auth.xml:2979(para)
16397
msgid ""
16398
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16399
"one using the normal Kerberos database."
16400
msgstr ""
16401
16402
#: serverguide/C/network-auth.xml:2985(para)
16403
msgid "First, install the necessary packages. In a terminal enter:"
16404
msgstr ""
16405
16406
#: serverguide/C/network-auth.xml:2996(para)
16407
msgid ""
16408
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16409
msgstr ""
16410
16411
#: serverguide/C/network-auth.xml:3000(programlisting)
16412
#, no-wrap
16413
msgid ""
16414
"\n"
16415
"[libdefaults]\n"
16416
" default_realm = EXAMPLE.COM\n"
16417
"\n"
16418
"...\n"
16419
"\n"
16420
"[realms]\n"
16421
" EXAMPLE.COM = {\n"
16422
" kdc = kdc01.example.com\n"
16423
" kdc = kdc02.example.com\n"
16424
" admin_server = kdc01.example.com\n"
16425
" admin_server = kdc02.example.com\n"
16426
" default_domain = example.com\n"
16427
" database_module = openldap_ldapconf\n"
16428
" }\n"
16429
"\n"
16430
"...\n"
16431
"\n"
16432
"[domain_realm]\n"
16433
" .example.com = EXAMPLE.COM\n"
16434
"\n"
16435
"...\n"
16436
"\n"
16437
"[dbdefaults]\n"
16438
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16439
"\n"
16440
"[dbmodules]\n"
16441
" openldap_ldapconf = {\n"
16442
" db_library = kldap\n"
16443
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16444
"\n"
16445
" # this object needs to have read rights on\n"
16446
" # the realm container, principal container and realm sub-"
16447
"trees\n"
16448
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16449
"\n"
16450
" # this object needs to have read and write rights on\n"
16451
" # the realm container, principal container and realm sub-"
16452
"trees\n"
16453
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16454
" ldap_servers = ldaps://ldap01.example.com "
16455
"ldaps://ldap02.example.com\n"
16456
" ldap_conns_per_server = 5\n"
16457
" }\n"
16458
msgstr ""
16459
16460
#: serverguide/C/network-auth.xml:3047(para)
16461
msgid "Create the stash for the LDAP bind password:"
16462
msgstr ""
16463
16464
#: serverguide/C/network-auth.xml:3058(para)
16465
msgid ""
16466
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16467
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16468
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16469
"encrypted connection such as <application>scp</application>, or on physical "
16470
"media."
16471
msgstr ""
16472
16473
#: serverguide/C/network-auth.xml:3065(command)
16474
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16475
msgstr ""
16476
16477
#: serverguide/C/network-auth.xml:3066(command)
16478
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16479
msgstr "sudo mv .k5.EXEMPLE.CAT /etc/krb5kdc/"
16480
16481
#: serverguide/C/network-auth.xml:3070(para)
16482
msgid ""
16483
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16484
msgstr ""
16485
16486
#: serverguide/C/network-auth.xml:3078(para)
16487
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16488
msgstr ""
16489
16490
#: serverguide/C/network-auth.xml:3089(para)
16491
msgid ""
16492
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16493
"you should be able to continue to authenticate users if one LDAP server, one "
16494
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16495
msgstr ""
16496
16497
#: serverguide/C/network-auth.xml:3101(para)
16498
msgid ""
16499
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16500
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16501
"Guide</ulink> has some additional details."
16502
msgstr ""
16503
16504
#: serverguide/C/network-auth.xml:3107(para)
16505
msgid ""
16506
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16507
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16508
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16509
"5.6</ulink> and the <ulink "
16510
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16511
"tml\">kdb5_ldap_util man page</ulink>."
16512
msgstr ""
16513
16514
#: serverguide/C/network-auth.xml:3115(para)
16515
msgid ""
16516
"Another useful link is the <ulink "
16517
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16518
">krb5.conf man page</ulink>."
16519
msgstr ""
16520
16521
#: serverguide/C/network-auth.xml:3120(para)
16522
msgid ""
16523
"Also, see the <ulink "
16524
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16525
"and LDAP</ulink> Ubuntu wiki page."
16526
msgstr ""
16527
16528
#: serverguide/C/monitoring.xml:13(title)
16529
msgid "Monitoring"
16530
msgstr "Monitorització"
16531
16532
#: serverguide/C/monitoring.xml:17(para)
16533
msgid ""
16534
"The monitoring of essential servers and services is an important part of "
16535
"system administration. Most network services are monitored for performance, "
16536
"availability, or both. This section will cover installation and "
16537
"configuration of <application>Nagios</application> for availability "
16538
"monitoring, and <application>Munin</application> for performance monitoring."
16539
msgstr ""
16540
16541
#: serverguide/C/monitoring.xml:24(para)
16542
msgid ""
16543
"The examples in this section will use two servers with hostnames "
16544
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16545
"<emphasis>Server01</emphasis> will be configured with "
16546
"<application>Nagios</application> to monitor services on itself and "
16547
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16548
"<application>munin</application> package to gather information from the "
16549
"network. Using the <application>munin-node</application> package, "
16550
"<emphasis>server02</emphasis> will be configured to send information to "
16551
"<emphasis>server01</emphasis>."
16552
msgstr ""
16553
16554
#: serverguide/C/monitoring.xml:33(para)
16555
msgid ""
16556
"Hopefully these simple examples will allow you to monitor additional servers "
16557
"and services on your network."
16558
msgstr ""
16559
16560
#: serverguide/C/monitoring.xml:39(title)
16561
msgid "Nagios"
16562
msgstr "Nagios"
16563
16564
#: serverguide/C/monitoring.xml:44(para)
16565
msgid ""
16566
"First, on <emphasis>server01</emphasis> install the "
16567
"<application>nagios</application> package. In a terminal enter:"
16568
msgstr ""
16569
16570
#: serverguide/C/monitoring.xml:50(command)
16571
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16572
msgstr "sudo apt-get install nagios3 nagios-nrpe-plugin"
16573
16574
#: serverguide/C/monitoring.xml:53(para)
16575
msgid ""
16576
"You will be asked to enter a password for the "
16577
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16578
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16579
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16580
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16581
"of the <application>apache2-utils</application> package."
16582
msgstr ""
16583
16584
#: serverguide/C/monitoring.xml:60(para)
16585
msgid ""
16586
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16587
"user enter:"
16588
msgstr ""
16589
16590
#: serverguide/C/monitoring.xml:65(command)
16591
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16592
msgstr "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16593
16594
#: serverguide/C/monitoring.xml:68(para)
16595
msgid "To add a user:"
16596
msgstr ""
16597
16598
#: serverguide/C/monitoring.xml:73(command)
16599
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16600
msgstr "sudo htpasswd /etc/nagios3/htpasswd.users esteve"
16601
16602
#: serverguide/C/monitoring.xml:76(para)
16603
msgid ""
16604
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16605
"server</application> package. From a terminal on server02 enter:"
16606
msgstr ""
16607
16608
#: serverguide/C/monitoring.xml:82(command)
16609
msgid "sudo apt-get install nagios-nrpe-server"
16610
msgstr "sudo apt-get install nagios-nrpe-server"
16611
16612
#: serverguide/C/monitoring.xml:86(para)
16613
msgid ""
16614
"<application>NRPE</application> allows you to execute local checks on remote "
16615
"hosts. There are other ways of accomplishing this through other Nagios "
16616
"plugins as well as other checks."
16617
msgstr ""
16618
16619
#: serverguide/C/monitoring.xml:94(title)
16620
msgid "Configuration Overview"
16621
msgstr "Resum de la configuració"
16622
16623
#: serverguide/C/monitoring.xml:96(para)
16624
msgid ""
16625
"There are a couple of directories containing "
16626
"<application>Nagios</application> configuration and check files."
16627
msgstr ""
16628
16629
#: serverguide/C/monitoring.xml:102(para)
16630
msgid ""
16631
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16632
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16633
"etc."
16634
msgstr ""
16635
16636
#: serverguide/C/monitoring.xml:108(para)
16637
msgid ""
16638
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16639
"service checks."
16640
msgstr ""
16641
16642
#: serverguide/C/monitoring.xml:113(para)
16643
msgid ""
16644
"<filename>/etc/nagios</filename>: on the remote host contains the "
16645
"<application>nagios-nrpe-server</application> configuration files."
16646
msgstr ""
16647
16648
#: serverguide/C/monitoring.xml:118(para)
16649
msgid ""
16650
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16651
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16652
msgstr ""
16653
16654
#: serverguide/C/monitoring.xml:123(para)
16655
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16656
msgstr ""
16657
16658
#: serverguide/C/monitoring.xml:129(para)
16659
msgid ""
16660
"There are a plethora of checks <application>Nagios</application> can be "
16661
"configured to execute for any given host. For this example Nagios will be "
16662
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16663
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16664
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16665
msgstr ""
16666
16667
#: serverguide/C/monitoring.xml:136(para)
16668
msgid ""
16669
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16670
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16671
msgstr ""
16672
16673
#: serverguide/C/monitoring.xml:141(para)
16674
msgid ""
16675
"Additionally, there are some terms that once explained will hopefully make "
16676
"understanding Nagios configuration easier:"
16677
msgstr ""
16678
16679
#: serverguide/C/monitoring.xml:147(para)
16680
msgid ""
16681
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16682
"is being monitored."
16683
msgstr ""
16684
16685
#: serverguide/C/monitoring.xml:152(para)
16686
msgid ""
16687
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16688
"could group all web servers, file server, etc."
16689
msgstr ""
16690
16691
#: serverguide/C/monitoring.xml:157(para)
16692
msgid ""
16693
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16694
"as HTTP, DNS, NFS, etc."
16695
msgstr ""
16696
16697
#: serverguide/C/monitoring.xml:162(para)
16698
msgid ""
16699
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16700
"together. This is useful for grouping multiple HTTP for example."
16701
msgstr ""
16702
16703
#: serverguide/C/monitoring.xml:168(para)
16704
msgid ""
16705
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16706
"place. Nagios can be configured to send emails, SMS messages, etc."
16707
msgstr ""
16708
16709
#: serverguide/C/monitoring.xml:174(para)
16710
msgid ""
16711
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16712
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16713
"will also <application>ping</application> check the "
16714
"<emphasis>gateway</emphasis>."
16715
msgstr ""
16716
16717
#: serverguide/C/monitoring.xml:179(para)
16718
msgid ""
16719
"Large Nagios installations can be quite complex to configure. It is usually "
16720
"best to start small, one or two hosts, get things configured the way you "
16721
"like then expand."
16722
msgstr ""
16723
16724
#: serverguide/C/monitoring.xml:194(para)
16725
msgid ""
16726
"First, create a <emphasis>host</emphasis> configuration file for "
16727
"<emphasis>server02</emphasis>. In a terminal enter:"
16728
msgstr ""
16729
16730
#: serverguide/C/monitoring.xml:199(command)
16731
msgid ""
16732
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16733
"/etc/nagios3/conf.d/server02.cfg"
16734
msgstr ""
16735
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16736
"/etc/nagios3/conf.d/server02.cfg"
16737
16738
#: serverguide/C/monitoring.xml:203(para)
16739
msgid ""
16740
"In the above and following command examples, replace "
16741
"<emphasis>\"server01\"</emphasis>, "
16742
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16743
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16744
"your servers."
16745
msgstr ""
16746
16747
#: serverguide/C/monitoring.xml:212(para)
16748
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16749
msgstr ""
16750
16751
#: serverguide/C/monitoring.xml:216(programlisting)
16752
#, no-wrap
16753
msgid ""
16754
"\n"
16755
"define host{\n"
16756
" use generic-host ; Name of host "
16757
"template to use\n"
16758
" host_name server02\n"
16759
" alias Server 02\n"
16760
" address 172.18.100.101\n"
16761
"}\n"
16762
"\n"
16763
"# check DNS service.\n"
16764
"define service {\n"
16765
" use generic-service\n"
16766
" host_name server02\n"
16767
" service_description DNS\n"
16768
" check_command check_dns!172.18.100.101\n"
16769
"}\n"
16770
msgstr ""
16771
16772
#: serverguide/C/monitoring.xml:236(para)
16773
msgid ""
16774
"Restart the <application>nagios</application> daemon to enable the new "
16775
"configuration:"
16776
msgstr ""
16777
16778
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16779
msgid "sudo /etc/init.d/nagios3 restart"
16780
msgstr "sudo /etc/init.d/nagios3 restart"
16781
16782
#: serverguide/C/monitoring.xml:251(para)
16783
msgid ""
16784
"Now add a service definition for the MySQL check by adding the following to "
16785
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16786
msgstr ""
16787
16788
#: serverguide/C/monitoring.xml:255(programlisting)
16789
#, no-wrap
16790
msgid ""
16791
"\n"
16792
"# check MySQL servers.\n"
16793
"define service {\n"
16794
" hostgroup_name mysql-servers\n"
16795
" service_description MySQL\n"
16796
" check_command "
16797
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16798
" use generic-service\n"
16799
" notification_interval 0 ; set > 0 if you want to be "
16800
"renotified\n"
16801
"}\n"
16802
msgstr ""
16803
16804
#: serverguide/C/monitoring.xml:269(para)
16805
msgid ""
16806
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16807
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16808
msgstr ""
16809
16810
#: serverguide/C/monitoring.xml:274(programlisting)
16811
#, no-wrap
16812
msgid ""
16813
"\n"
16814
"# MySQL hostgroup.\n"
16815
"define hostgroup {\n"
16816
" hostgroup_name mysql-servers\n"
16817
" alias MySQL servers\n"
16818
" members localhost, server02\n"
16819
" }\n"
16820
msgstr ""
16821
16822
#: serverguide/C/monitoring.xml:286(para)
16823
msgid ""
16824
"The Nagios check needs to authenticate to MySQL. To add a "
16825
"<emphasis>nagios</emphasis> user to MySQL enter:"
16826
msgstr ""
16827
16828
#: serverguide/C/monitoring.xml:291(command)
16829
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16830
msgstr ""
16831
16832
#: serverguide/C/monitoring.xml:295(para)
16833
msgid ""
16834
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16835
"<emphasis>mysql-servers</emphasis> hostgroup."
16836
msgstr ""
16837
16838
#: serverguide/C/monitoring.xml:303(para)
16839
msgid ""
16840
"Restart <application>nagios</application> to start checking the MySQL "
16841
"servers."
16842
msgstr ""
16843
16844
#: serverguide/C/monitoring.xml:318(para)
16845
msgid ""
16846
"Lastly configure NRPE to check the disk space on "
16847
"<emphasis>server02</emphasis>."
16848
msgstr ""
16849
16850
#: serverguide/C/monitoring.xml:322(para)
16851
msgid ""
16852
"On <emphasis>server01</emphasis> add the service check to "
16853
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16854
msgstr ""
16855
16856
#: serverguide/C/monitoring.xml:327(programlisting)
16857
#, no-wrap
16858
msgid ""
16859
"\n"
16860
"# NRPE disk check.\n"
16861
"define service {\n"
16862
" use generic-service\n"
16863
" host_name server02\n"
16864
" service_description nrpe-disk\n"
16865
" check_command "
16866
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16867
"}\n"
16868
msgstr ""
16869
16870
#: serverguide/C/monitoring.xml:340(para)
16871
msgid ""
16872
"Now on <emphasis>server02</emphasis> edit "
16873
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16874
msgstr ""
16875
16876
#: serverguide/C/monitoring.xml:344(programlisting)
16877
#, no-wrap
16878
msgid ""
16879
"\n"
16880
"allowed_hosts=172.18.100.100\n"
16881
msgstr ""
16882
16883
#: serverguide/C/monitoring.xml:348(para)
16884
msgid "And below in the command definition area add:"
16885
msgstr ""
16886
16887
#: serverguide/C/monitoring.xml:352(programlisting)
16888
#, no-wrap
16889
msgid ""
16890
"\n"
16891
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16892
"e\n"
16893
msgstr ""
16894
16895
#: serverguide/C/monitoring.xml:359(para)
16896
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16897
msgstr ""
16898
16899
#: serverguide/C/monitoring.xml:364(command)
16900
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16901
msgstr "sudo /etc/init.d/nagios-nrpe-server restart"
16902
16903
#: serverguide/C/monitoring.xml:370(para)
16904
msgid ""
16905
"Also, on <emphasis>server01</emphasis> restart "
16906
"<application>nagios</application>:"
16907
msgstr ""
16908
16909
#: serverguide/C/monitoring.xml:383(para)
16910
msgid ""
16911
"You should now be able to see the host and service checks in the Nagios CGI "
16912
"files. To access them point a browser to http://server01/nagios3. You will "
16913
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16914
"password."
16915
msgstr ""
16916
16917
#: serverguide/C/monitoring.xml:393(para)
16918
msgid ""
16919
"This section has just scratched the surface of Nagios' features. The "
16920
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16921
"plugins</application> contain many more service checks."
16922
msgstr ""
16923
16924
#: serverguide/C/monitoring.xml:400(para)
16925
msgid ""
16926
"For more information see <ulink "
16927
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16928
msgstr ""
16929
16930
#: serverguide/C/monitoring.xml:405(para)
16931
msgid ""
16932
"Specifically the <ulink "
16933
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16934
"site."
16935
msgstr ""
16936
16937
#: serverguide/C/monitoring.xml:410(para)
16938
msgid ""
16939
"There is also a list of <ulink "
16940
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16941
"Nagios and network monitoring:"
16942
msgstr ""
16943
16944
#: serverguide/C/monitoring.xml:416(para)
16945
msgid ""
16946
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16947
"Wiki</ulink> page also has more details."
16948
msgstr ""
16949
16950
#: serverguide/C/monitoring.xml:425(title)
16951
msgid "Munin"
16952
msgstr "Munin"
16953
16954
#: serverguide/C/monitoring.xml:430(para)
16955
msgid ""
16956
"Before installing <application>Munin</application> on "
16957
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16958
"be installed. The default configuration is fine for running a "
16959
"<application>munin</application> server. For more information see <xref "
16960
"linkend=\"httpd\"/>."
16961
msgstr ""
16962
16963
#: serverguide/C/monitoring.xml:436(para)
16964
msgid ""
16965
"First, on <emphasis>server01</emphasis> install "
16966
"<application>munin</application>. In a terminal enter:"
16967
msgstr ""
16968
16969
#: serverguide/C/monitoring.xml:441(command)
16970
msgid "sudo apt-get install munin"
16971
msgstr "sudo apt-get install munin"
16972
16973
#: serverguide/C/monitoring.xml:444(para)
16974
msgid ""
16975
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16976
"node</application> package:"
16977
msgstr ""
16978
16979
#: serverguide/C/monitoring.xml:449(command)
16980
msgid "sudo apt-get install munin-node"
16981
msgstr "sudo apt-get install munin-node"
16982
16983
#: serverguide/C/monitoring.xml:456(para)
16984
msgid ""
16985
"On <emphasis>server01</emphasis> edit the "
16986
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16987
"<emphasis>server02</emphasis>:"
16988
msgstr ""
16989
16990
#: serverguide/C/monitoring.xml:461(programlisting)
16991
#, no-wrap
16992
msgid ""
16993
"\n"
16994
"## First our \"normal\" host.\n"
16995
"[server02]\n"
16996
" address 172.18.100.101\n"
16997
msgstr ""
16998
16999
#: serverguide/C/monitoring.xml:468(para)
17000
msgid ""
17001
"Replace <emphasis>server02</emphasis> and "
17002
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
17003
"for your server."
17004
msgstr ""
17005
17006
#: serverguide/C/monitoring.xml:474(para)
17007
msgid ""
17008
"Next, configure <application>munin-node</application> on "
17009
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
17010
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
17011
msgstr ""
17012
17013
#: serverguide/C/monitoring.xml:479(programlisting)
17014
#, no-wrap
17015
msgid ""
17016
"\n"
17017
"allow ^172\\.18\\.100\\.100$\n"
17018
msgstr ""
17019
17020
#: serverguide/C/monitoring.xml:484(para)
17021
msgid ""
17022
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
17023
"<application>munin</application> server."
17024
msgstr ""
17025
17026
#: serverguide/C/monitoring.xml:489(para)
17027
msgid ""
17028
"Now restart <application>munin-node</application> on "
17029
"<emphasis>server02</emphasis> for the changes to take effect:"
17030
msgstr ""
17031
17032
#: serverguide/C/monitoring.xml:494(command)
17033
msgid "sudo /etc/init.d/munin-node restart"
17034
msgstr "sudo /etc/init.d/munin-node restart"
17035
17036
#: serverguide/C/monitoring.xml:497(para)
17037
msgid ""
17038
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
17039
"you should see links to nice graphs displaying information from the standard "
17040
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
17041
msgstr ""
17042
17043
#: serverguide/C/monitoring.xml:503(para)
17044
msgid ""
17045
"Since this is a new install it may take some time for the graphs to display "
17046
"anything useful."
17047
msgstr ""
17048
17049
#: serverguide/C/monitoring.xml:510(title)
17050
msgid "Additional Plugins"
17051
msgstr ""
17052
17053
#: serverguide/C/monitoring.xml:512(para)
17054
msgid ""
17055
"The <application>munin-plugins-extra</application> package contains "
17056
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17057
"install the package, from a terminal enter:"
17058
msgstr ""
17059
17060
#: serverguide/C/monitoring.xml:518(command)
17061
msgid "sudo apt-get install munin-plugins-extra"
17062
msgstr "sudo apt-get install munin-plugins-extra"
17063
17064
#: serverguide/C/monitoring.xml:521(para)
17065
msgid "Be sure to install the package on both the server and node machines."
17066
msgstr ""
17067
17068
#: serverguide/C/monitoring.xml:531(para)
17069
msgid ""
17070
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17071
"website for more details."
17072
msgstr ""
17073
17074
#: serverguide/C/monitoring.xml:536(para)
17075
msgid ""
17076
"Specifically the <ulink "
17077
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17078
"Documentation</ulink> page includes information on additional plugins, "
17079
"writing plugins, etc."
17080
msgstr ""
17081
17082
#: serverguide/C/monitoring.xml:542(para)
17083
msgid ""
17084
"Also, there is a book in German by Open Source Press: <ulink "
17085
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17086
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17087
msgstr ""
17088
17089
#: serverguide/C/monitoring.xml:548(para)
17090
msgid ""
17091
"Another resource is the <ulink "
17092
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17093
"page."
17094
msgstr ""
17095
17096
#: serverguide/C/mail.xml:13(title)
17097
msgid "Email Services"
17098
msgstr "Serveis de correu electrònic"
17099
17100
#: serverguide/C/mail.xml:14(para)
17101
msgid ""
17102
"The process of getting an email from one person to another over a network or "
17103
"the Internet involves many systems working together. Each of these systems "
17104
"must be correctly configured for the process to work. The sender uses a "
17105
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
17106
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
17107
"the last of which will hand it off to a <emphasis>Mail Delivery "
17108
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
17109
"it will be retrieved by the recipient's email client, usually via a POP3 or "
17110
"IMAP server."
17111
msgstr ""
17112
17113
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
17114
msgid "Postfix"
17115
msgstr ""
17116
17117
#: serverguide/C/mail.xml:25(para)
17118
msgid ""
17119
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
17120
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
17121
"compatible with the MTA <application>sendmail</application>. This section "
17122
"explains how to install and configure <application>postfix</application>. It "
17123
"also explains how to set it up as an SMTP server using a secure connection "
17124
"(for sending emails securely)."
17125
msgstr ""
17126
17127
#: serverguide/C/mail.xml:34(para)
17128
msgid ""
17129
"This guide does not cover setting up Postfix <emphasis>Virtual "
17130
"Domains</emphasis>, for information on Virtual Domains and other advanced "
17131
"configurations see <xref linkend=\"postfix-references\"/>."
17132
msgstr ""
17133
17134
#: serverguide/C/mail.xml:41(para)
17135
msgid ""
17136
"To install <application>postfix</application> run the following command:"
17137
msgstr ""
17138
17139
#: serverguide/C/mail.xml:47(para)
17140
msgid ""
17141
"Simply press return when the installation process asks questions, the "
17142
"configuration will be done in greater detail in the next stage."
17143
msgstr ""
17144
17145
#: serverguide/C/mail.xml:52(title)
17146
msgid "Basic Configuration"
17147
msgstr ""
17148
17149
#: serverguide/C/mail.xml:53(para)
17150
msgid ""
17151
"To configure <application>postfix</application>, run the following command:"
17152
msgstr ""
17153
17154
#: serverguide/C/mail.xml:57(command)
17155
msgid "sudo dpkg-reconfigure postfix"
17156
msgstr "sudo dpkg-reconfigure postfix"
17157
17158
#: serverguide/C/mail.xml:63(para)
17159
msgid "Internet Site"
17160
msgstr ""
17161
17162
#: serverguide/C/mail.xml:64(para)
17163
msgid "mail.example.com"
17164
msgstr ""
17165
17166
#: serverguide/C/mail.xml:65(para)
17167
msgid "steve"
17168
msgstr ""
17169
17170
#: serverguide/C/mail.xml:66(para)
17171
msgid "mail.example.com, localhost.localdomain, localhost"
17172
msgstr ""
17173
17174
#: serverguide/C/mail.xml:67(para)
17175
msgid "No"
17176
msgstr ""
17177
17178
#: serverguide/C/mail.xml:68(para)
17179
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17180
msgstr ""
17181
17182
#: serverguide/C/mail.xml:69(para)
17183
msgid "0"
17184
msgstr ""
17185
17186
#: serverguide/C/mail.xml:70(para)
17187
msgid "+"
17188
msgstr ""
17189
17190
#: serverguide/C/mail.xml:71(para)
17191
msgid "all"
17192
msgstr ""
17193
17194
#: serverguide/C/mail.xml:59(para)
17195
msgid ""
17196
"The user interface will be displayed. On each screen, select the following "
17197
"values: <placeholder-1/>"
17198
msgstr ""
17199
17200
#: serverguide/C/mail.xml:75(para)
17201
msgid ""
17202
"Replace mail.example.com with the domain for which you'll accept email, "
17203
"192.168.0.0/24 with the actual network and class range of your mail server, "
17204
"and steve with the appropriate username."
17205
msgstr ""
17206
17207
#: serverguide/C/mail.xml:81(para)
17208
msgid ""
17209
"Now is a good time to decide which mailbox format you want to use. By "
17210
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
17211
"mailbox format. Rather than editing the configuration file directly, you can "
17212
"use the <command>postconf</command> command to configure all "
17213
"<application>postfix</application> parameters. The configuration parameters "
17214
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
17215
"you wish to re-configure a particular parameter, you can either run the "
17216
"command or change it manually in the file."
17217
msgstr ""
17218
17219
#: serverguide/C/mail.xml:92(para)
17220
msgid ""
17221
"To configure the mailbox format for <emphasis "
17222
"role=\"strong\">Maildir:</emphasis>"
17223
msgstr ""
17224
17225
#: serverguide/C/mail.xml:97(command)
17226
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17227
msgstr ""
17228
17229
#: serverguide/C/mail.xml:100(para)
17230
msgid ""
17231
"This will place new mail in /home/<emphasis "
17232
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17233
"your Mail Delivery Agent (MDA) to use the same path."
17234
msgstr ""
17235
17236
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17237
msgid "SMTP Authentication"
17238
msgstr ""
17239
17240
#: serverguide/C/mail.xml:110(para)
17241
msgid ""
17242
"SMTP-AUTH allows a client to identify itself through an authentication "
17243
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17244
"the authentication process. Once authenticated the SMTP server will allow "
17245
"the client to relay mail."
17246
msgstr ""
17247
17248
#: serverguide/C/mail.xml:117(para)
17249
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17250
msgstr ""
17251
17252
#: serverguide/C/mail.xml:120(screen)
17253
#, no-wrap
17254
msgid ""
17255
"\n"
17256
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17257
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17258
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17259
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17260
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17261
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17262
"sudo postconf -e 'smtpd_recipient_restrictions = "
17263
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17264
"sudo postconf -e 'inet_interfaces = all'\n"
17265
msgstr ""
17266
"\n"
17267
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17268
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17269
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17270
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17271
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17272
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17273
"sudo postconf -e 'smtpd_recipient_restrictions = "
17274
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17275
"sudo postconf -e 'inet_interfaces = all'\n"
17276
17277
#: serverguide/C/mail.xml:131(para)
17278
msgid ""
17279
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17280
"the Postfix queue directory."
17281
msgstr ""
17282
17283
#: serverguide/C/mail.xml:137(para)
17284
msgid ""
17285
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17286
"and-security\"/> for details. This example also uses a Certificate Authority "
17287
"(CA). For information on generating a CA certificate see <xref "
17288
"linkend=\"certificate-authority\"/>."
17289
msgstr ""
17290
17291
#: serverguide/C/mail.xml:143(para)
17292
msgid ""
17293
"You can get the digital certificate from a certificate authority. But unlike "
17294
"web clients, SMTP clients rarely complain about \"self-signed "
17295
"certificates\", so alternatively, you can create the certificate yourself. "
17296
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17297
"details."
17298
msgstr ""
17299
17300
#: serverguide/C/mail.xml:155(para)
17301
msgid ""
17302
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17303
"both incoming and outgoing mail:"
17304
msgstr ""
17305
17306
#: serverguide/C/mail.xml:158(screen)
17307
#, no-wrap
17308
msgid ""
17309
"\n"
17310
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17311
"sudo postconf -e 'smtp_use_tls = yes'\n"
17312
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17313
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17314
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17315
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17316
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17317
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17318
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17319
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17320
"sudo postconf -e 'myhostname = mail.example.com'\n"
17321
msgstr ""
17322
17323
#: serverguide/C/mail.xml:173(para)
17324
msgid ""
17325
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17326
"the certificate enter:"
17327
msgstr ""
17328
17329
#: serverguide/C/mail.xml:177(command)
17330
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17331
msgstr ""
17332
17333
#: serverguide/C/mail.xml:180(para)
17334
msgid ""
17335
"Again, for more details about certificates see <xref linkend=\"certificates-"
17336
"and-security\"/>."
17337
msgstr ""
17338
17339
#: serverguide/C/mail.xml:186(para)
17340
msgid ""
17341
"After running all the commands, <application>Postfix</application> is "
17342
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17343
"TLS encryption."
17344
msgstr ""
17345
17346
#: serverguide/C/mail.xml:191(para)
17347
msgid ""
17348
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17349
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17350
msgstr ""
17351
17352
#: serverguide/C/mail.xml:195(para)
17353
msgid ""
17354
"The postfix initial configuration is complete. Run the following command to "
17355
"restart the postfix daemon:"
17356
msgstr ""
17357
17358
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17359
msgid "sudo /etc/init.d/postfix restart"
17360
msgstr "sudo /etc/init.d/postfix restart"
17361
17362
#: serverguide/C/mail.xml:204(para)
17363
msgid ""
17364
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17365
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17366
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17367
"However it is still necessary to set up SASL authentication before you can "
17368
"use SMTP-AUTH."
17369
msgstr ""
17370
17371
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17372
msgid "Configuring SASL"
17373
msgstr ""
17374
17375
#: serverguide/C/mail.xml:215(para)
17376
msgid ""
17377
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17378
"enable Dovecot SASL the <application>dovecot-common</application> package "
17379
"will need to be installed. From a terminal prompt enter the following:"
17380
msgstr ""
17381
17382
#: serverguide/C/mail.xml:221(command)
17383
msgid "sudo apt-get install dovecot-common"
17384
msgstr "sudo apt-get install dovecot-common"
17385
17386
#: serverguide/C/mail.xml:223(para)
17387
msgid ""
17388
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17389
"In the <emphasis>auth default</emphasis> section uncomment the "
17390
"<emphasis>socket listen</emphasis> option and change the following:"
17391
msgstr ""
17392
17393
#: serverguide/C/mail.xml:227(programlisting)
17394
#, no-wrap
17395
msgid ""
17396
"\n"
17397
" socket listen {\n"
17398
" #master {\n"
17399
" # Master socket provides access to userdb information. It's typically\n"
17400
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17401
" # can find mailbox locations.\n"
17402
" #path = /var/run/dovecot/auth-master\n"
17403
" #mode = 0600\n"
17404
" # Default user/group is the one who started dovecot-auth (root)\n"
17405
" #user = \n"
17406
" #group = \n"
17407
" #}\n"
17408
" client {\n"
17409
" # The client socket is generally safe to export to everyone. Typical "
17410
"use\n"
17411
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17412
" # using it.\n"
17413
" path = /var/spool/postfix/private/auth-client\n"
17414
" mode = 0660\n"
17415
" user = postfix\n"
17416
" group = postfix\n"
17417
" }\n"
17418
" }\n"
17419
msgstr ""
17420
17421
#: serverguide/C/mail.xml:251(para)
17422
msgid ""
17423
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17424
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17425
"add <emphasis>\"login\"</emphasis>:"
17426
msgstr ""
17427
17428
#: serverguide/C/mail.xml:256(programlisting)
17429
#, no-wrap
17430
msgid ""
17431
"\n"
17432
" mechanisms = plain login\n"
17433
msgstr ""
17434
17435
#: serverguide/C/mail.xml:260(para)
17436
msgid ""
17437
"Once you have <application>Dovecot</application> configured restart it with:"
17438
msgstr ""
17439
17440
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17441
msgid "sudo /etc/init.d/dovecot restart"
17442
msgstr "sudo /etc/init.d/dovecot restart"
17443
17444
#: serverguide/C/mail.xml:269(title)
17445
msgid "Postfix-Dovecot"
17446
msgstr ""
17447
17448
#: serverguide/C/mail.xml:271(para)
17449
msgid ""
17450
"Another option for configuring <application>Postfix</application> for SMTP-"
17451
"AUTH is using the <application>dovecot-postfix</application> package. This "
17452
"package will install <application>Dovecot</application> and configure "
17453
"<application>Postfix</application> to use it for both SASL authentication "
17454
"and as a Mail Delivery Agent (MDA). The package also configures "
17455
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17456
msgstr ""
17457
17458
#: serverguide/C/mail.xml:280(para)
17459
msgid ""
17460
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17461
"server. For example, if you are configuring your server to be a mail "
17462
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17463
"the above commands to configure Postfix for SMTPAUTH."
17464
msgstr ""
17465
17466
#: serverguide/C/mail.xml:287(para)
17467
msgid "To install the package, from a terminal prompt enter:"
17468
msgstr ""
17469
17470
#: serverguide/C/mail.xml:292(command)
17471
msgid "sudo apt-get install dovecot-postfix"
17472
msgstr "sudo apt-get install dovecot-postfix"
17473
17474
#: serverguide/C/mail.xml:295(para)
17475
msgid ""
17476
"You should now have a working mail server, but there are a few options that "
17477
"you may wish to further customize. For example, the package uses the "
17478
"certificate and key from the <application>ssl-cert</application> package, "
17479
"and in a production environment you should use a certificate and key "
17480
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17481
"for more details."
17482
msgstr ""
17483
17484
#: serverguide/C/mail.xml:301(para)
17485
msgid ""
17486
"Once you have a customized certificate and key for the host, change the "
17487
"following options in <filename>/etc/postfix/main.cf</filename>:"
17488
msgstr ""
17489
17490
#: serverguide/C/mail.xml:305(programlisting)
17491
#, no-wrap
17492
msgid ""
17493
"\n"
17494
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17495
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17496
msgstr ""
17497
17498
#: serverguide/C/mail.xml:310(para)
17499
msgid "Then restart Postfix:"
17500
msgstr ""
17501
17502
#: serverguide/C/mail.xml:321(para)
17503
msgid ""
17504
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17505
msgstr ""
17506
17507
#: serverguide/C/mail.xml:324(para)
17508
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17509
msgstr ""
17510
17511
#: serverguide/C/mail.xml:329(command)
17512
msgid "telnet mail.example.com 25"
17513
msgstr ""
17514
17515
#: serverguide/C/mail.xml:331(para)
17516
msgid ""
17517
"After you have established the connection to the postfix mail server, type:"
17518
msgstr ""
17519
17520
#: serverguide/C/mail.xml:335(screen)
17521
#, no-wrap
17522
msgid ""
17523
"\n"
17524
"ehlo mail.example.com\n"
17525
msgstr ""
17526
17527
#: serverguide/C/mail.xml:338(para)
17528
msgid ""
17529
"If you see the following lines among others, then everything is working "
17530
"perfectly. Type <command>quit</command> to exit."
17531
msgstr ""
17532
17533
#: serverguide/C/mail.xml:342(programlisting)
17534
#, no-wrap
17535
msgid ""
17536
"\n"
17537
"250-STARTTLS\n"
17538
"250-AUTH LOGIN PLAIN\n"
17539
"250-AUTH=LOGIN PLAIN\n"
17540
"250 8BITMIME\n"
17541
msgstr ""
17542
17543
#: serverguide/C/mail.xml:352(para)
17544
msgid ""
17545
"This section introduces some common ways to determine the cause if problems "
17546
"arise."
17547
msgstr ""
17548
17549
#: serverguide/C/mail.xml:356(title)
17550
msgid "Escaping chroot"
17551
msgstr ""
17552
17553
#: serverguide/C/mail.xml:357(para)
17554
msgid ""
17555
"The Ubuntu <application>postfix</application> package will by default "
17556
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17557
"This can add greater complexity when troubleshooting problems."
17558
msgstr ""
17559
17560
#: serverguide/C/mail.xml:361(para)
17561
msgid ""
17562
"To turn off the chroot operation locate for the following line in the "
17563
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17564
msgstr ""
17565
17566
#: serverguide/C/mail.xml:365(screen)
17567
#, no-wrap
17568
msgid ""
17569
"\n"
17570
"smtp inet n - - - - smtpd\n"
17571
msgstr ""
17572
17573
#: serverguide/C/mail.xml:368(para)
17574
msgid "and modify it as follows:"
17575
msgstr ""
17576
17577
#: serverguide/C/mail.xml:371(screen)
17578
#, no-wrap
17579
msgid ""
17580
"\n"
17581
"smtp inet n - n - - smtpd\n"
17582
msgstr ""
17583
17584
#: serverguide/C/mail.xml:374(para)
17585
msgid ""
17586
"You will then need to restart Postfix to use the new configuration. From a "
17587
"terminal prompt enter:"
17588
msgstr ""
17589
17590
#: serverguide/C/mail.xml:382(title)
17591
msgid "Log Files"
17592
msgstr ""
17593
17594
#: serverguide/C/mail.xml:383(para)
17595
msgid ""
17596
"<application>Postfix</application> sends all log messages to "
17597
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17598
"can sometimes get lost in the normal log output so they are also logged to "
17599
"<filename>/var/log/mail.err</filename> and "
17600
"<filename>/var/log/mail.warn</filename> respectively."
17601
msgstr ""
17602
17603
#: serverguide/C/mail.xml:388(para)
17604
msgid ""
17605
"To see messages entered into the logs in real time you can use the "
17606
"<application>tail -f</application> command:"
17607
msgstr ""
17608
17609
#: serverguide/C/mail.xml:393(command)
17610
msgid "tail -f /var/log/mail.err"
17611
msgstr ""
17612
17613
#: serverguide/C/mail.xml:395(para)
17614
msgid ""
17615
"The amount of detail that is recorded in the logs can be increased. Below "
17616
"are some configuration options for increasing the log level for some of the "
17617
"areas covered above."
17618
msgstr ""
17619
17620
#: serverguide/C/mail.xml:401(para)
17621
msgid ""
17622
"To increase <emphasis>TLS</emphasis> activity logging set the "
17623
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17624
msgstr ""
17625
17626
#: serverguide/C/mail.xml:405(command)
17627
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17628
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17629
17630
#: serverguide/C/mail.xml:409(para)
17631
msgid ""
17632
"If you are having trouble sending or receiving mail from a specific domain "
17633
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17634
msgstr ""
17635
17636
#: serverguide/C/mail.xml:414(command)
17637
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17638
msgstr ""
17639
17640
#: serverguide/C/mail.xml:418(para)
17641
msgid ""
17642
"You can increase the verbosity of any <application>Postfix</application> "
17643
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17644
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17645
"<emphasis>smtp</emphasis> entry:"
17646
msgstr ""
17647
17648
#: serverguide/C/mail.xml:422(programlisting)
17649
#, no-wrap
17650
msgid ""
17651
"\n"
17652
"smtp unix - - - - - smtp -v\n"
17653
msgstr ""
17654
17655
#: serverguide/C/mail.xml:428(para)
17656
msgid ""
17657
"It is important to note that after making one of the logging changes above "
17658
"the <application>Postfix</application> process will need to be reloaded in "
17659
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17660
"reload</command>"
17661
msgstr ""
17662
17663
#: serverguide/C/mail.xml:435(para)
17664
msgid ""
17665
"To increase the amount of information logged when troubleshooting "
17666
"<emphasis>SASL</emphasis> issues you can set the following options in "
17667
"<filename>/etc/dovecot/dovecot.conf</filename>"
17668
msgstr ""
17669
17670
#: serverguide/C/mail.xml:439(programlisting)
17671
#, no-wrap
17672
msgid ""
17673
"\n"
17674
"auth_debug=yes\n"
17675
"auth_debug_passwords=yes\n"
17676
msgstr ""
17677
17678
#: serverguide/C/mail.xml:446(para)
17679
msgid ""
17680
"Just like <application>Postfix</application> if you change a "
17681
"<application>Dovecot</application> configuration the process will need to be "
17682
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17683
msgstr ""
17684
17685
#: serverguide/C/mail.xml:452(para)
17686
msgid ""
17687
"Some of the options above can drastically increase the amount of information "
17688
"sent to the log files. Remember to return the log level back to normal after "
17689
"you have corrected the problem. Then reload the appropriate daemon for the "
17690
"new configuration to take affect."
17691
msgstr ""
17692
17693
#: serverguide/C/mail.xml:460(para)
17694
msgid ""
17695
"Administering a <application>Postfix</application> server can be a very "
17696
"complicated task. At some point you may need to turn to the Ubuntu community "
17697
"for more experienced help."
17698
msgstr ""
17699
17700
#: serverguide/C/mail.xml:464(para)
17701
msgid ""
17702
"A great place to ask for <application>Postfix</application> assistance, and "
17703
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17704
"server</emphasis> IRC channel on <ulink "
17705
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17706
"one of the <ulink "
17707
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17708
msgstr ""
17709
17710
#: serverguide/C/mail.xml:469(para)
17711
msgid ""
17712
"For in depth <application>Postfix</application> information Ubuntu "
17713
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17714
"Book of Postfix</ulink>."
17715
msgstr ""
17716
17717
#: serverguide/C/mail.xml:473(para)
17718
msgid ""
17719
"Finally, the <ulink "
17720
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17721
"also has great documentation on all the different configuration options "
17722
"available."
17723
msgstr ""
17724
17725
#: serverguide/C/mail.xml:477(para)
17726
msgid ""
17727
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17728
"Wiki Postifx</ulink> page has more information."
17729
msgstr ""
17730
17731
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17732
msgid "Exim4"
17733
msgstr ""
17734
17735
#: serverguide/C/mail.xml:486(para)
17736
msgid ""
17737
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17738
"developed at the University of Cambridge for use on Unix systems connected "
17739
"to the Internet. Exim can be installed in place of "
17740
"<application>sendmail</application>, although the configuration of "
17741
"<application>exim</application> is quite different to that of "
17742
"<application>sendmail</application>."
17743
msgstr ""
17744
17745
#: serverguide/C/mail.xml:497(para)
17746
msgid ""
17747
"To install <application>exim4</application>, run the following command: "
17748
"<screen>\n"
17749
"<command>sudo apt-get install exim4</command>\n"
17750
"</screen>"
17751
msgstr ""
17752
17753
#: serverguide/C/mail.xml:506(para)
17754
msgid ""
17755
"To configure <application>Exim4</application>, run the following command:"
17756
msgstr ""
17757
17758
#: serverguide/C/mail.xml:510(command)
17759
msgid "sudo dpkg-reconfigure exim4-config"
17760
msgstr "sudo dpkg-reconfigure exim4-config"
17761
17762
#: serverguide/C/mail.xml:512(para)
17763
msgid ""
17764
"The user interface will be displayed. The user interface lets you configure "
17765
"many parameters. For example, In <application>Exim4</application> the "
17766
"configuration files are split among multiple files. If you wish to have them "
17767
"in one file you can configure accordingly in this user interface."
17768
msgstr ""
17769
17770
#: serverguide/C/mail.xml:520(para)
17771
msgid ""
17772
"All the parameters you configure in the user interface are stored in "
17773
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17774
"re-configure, either you re-run the configuration wizard or manually edit "
17775
"this file using your favorite editor. Once you configure, you can run the "
17776
"following command to generate the master configuration file:"
17777
msgstr ""
17778
17779
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17780
msgid "sudo update-exim4.conf"
17781
msgstr "sudo update-exim4.conf"
17782
17783
#: serverguide/C/mail.xml:533(para)
17784
msgid ""
17785
"The master configuration file, is generated and it is stored in "
17786
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17787
msgstr ""
17788
17789
#: serverguide/C/mail.xml:539(para)
17790
msgid ""
17791
"At any time, you should not edit the master configuration file, "
17792
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17793
"updated automatically every time you run <command>update-exim4.conf</command>"
17794
msgstr ""
17795
17796
#: serverguide/C/mail.xml:547(para)
17797
msgid ""
17798
"You can run the following command to start <application>Exim4</application> "
17799
"daemon."
17800
msgstr ""
17801
17802
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17803
msgid "sudo /etc/init.d/exim4 start"
17804
msgstr "sudo /etc/init.d/exim4 start"
17805
17806
#: serverguide/C/mail.xml:557(para)
17807
msgid ""
17808
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17809
msgstr ""
17810
17811
#: serverguide/C/mail.xml:560(para)
17812
msgid ""
17813
"The first step is to create a certificate for use with TLS. Enter the "
17814
"following into a terminal prompt:"
17815
msgstr ""
17816
17817
#: serverguide/C/mail.xml:564(command)
17818
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17819
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17820
17821
#: serverguide/C/mail.xml:566(para)
17822
msgid ""
17823
"Now Exim4 needs to be configured for TLS by editing "
17824
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17825
"the following:"
17826
msgstr ""
17827
17828
#: serverguide/C/mail.xml:570(programlisting)
17829
#, no-wrap
17830
msgid ""
17831
"\n"
17832
"MAIN_TLS_ENABLE = yes\n"
17833
msgstr ""
17834
17835
#: serverguide/C/mail.xml:573(para)
17836
msgid ""
17837
"Next you need to configure <application>Exim4</application> to use the "
17838
"<application>saslauthd</application> for authentication. Edit "
17839
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17840
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17841
"<emphasis>login_saslauthd_server</emphasis> sections:"
17842
msgstr ""
17843
17844
#: serverguide/C/mail.xml:578(programlisting)
17845
#, no-wrap
17846
msgid ""
17847
"\n"
17848
" plain_saslauthd_server:\n"
17849
" driver = plaintext\n"
17850
" public_name = PLAIN\n"
17851
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17852
" server_set_id = $auth2\n"
17853
" server_prompts = :\n"
17854
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17855
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17856
" .endif\n"
17857
"#\n"
17858
" login_saslauthd_server:\n"
17859
" driver = plaintext\n"
17860
" public_name = LOGIN\n"
17861
" server_prompts = \"Username:: : Password::\"\n"
17862
" # don't send system passwords over unencrypted connections\n"
17863
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17864
" server_set_id = $auth1\n"
17865
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17866
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17867
" .endif\n"
17868
msgstr ""
17869
17870
#: serverguide/C/mail.xml:600(para)
17871
msgid "Finally, update the Exim4 configuration and restart the service:"
17872
msgstr ""
17873
17874
#: serverguide/C/mail.xml:605(command)
17875
msgid "sudo /etc/init.d/exim4 restart"
17876
msgstr "sudo /etc/init.d/exim4 restart"
17877
17878
#: serverguide/C/mail.xml:610(para)
17879
msgid ""
17880
"This section provides details on configuring the saslauthd to provide "
17881
"authentication for <application>Exim4</application>."
17882
msgstr ""
17883
17884
#: serverguide/C/mail.xml:613(para)
17885
msgid ""
17886
"The first step is to install the sasl2-bin package. From a terminal prompt "
17887
"enter the following:"
17888
msgstr ""
17889
17890
#: serverguide/C/mail.xml:617(command)
17891
msgid "sudo apt-get install sasl2-bin"
17892
msgstr "sudo apt-get install sasl2-bin"
17893
17894
#: serverguide/C/mail.xml:619(para)
17895
msgid ""
17896
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17897
"and set START=no to:"
17898
msgstr ""
17899
17900
#: serverguide/C/mail.xml:622(programlisting)
17901
#, no-wrap
17902
msgid ""
17903
"\n"
17904
"START=yes\n"
17905
msgstr ""
17906
17907
#: serverguide/C/mail.xml:625(para)
17908
msgid ""
17909
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17910
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17911
"service:"
17912
msgstr ""
17913
17914
#: serverguide/C/mail.xml:630(command)
17915
msgid "sudo adduser Debian-exim sasl"
17916
msgstr "sudo adduser Debian-exim sasl"
17917
17918
#: serverguide/C/mail.xml:632(para)
17919
msgid "Now start the <application>saslauthd</application> service:"
17920
msgstr ""
17921
17922
#: serverguide/C/mail.xml:636(command)
17923
msgid "sudo /etc/init.d/saslauthd start"
17924
msgstr "sudo /etc/init.d/saslauthd start"
17925
17926
#: serverguide/C/mail.xml:638(para)
17927
msgid ""
17928
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17929
"and SASL authentication."
17930
msgstr ""
17931
17932
#: serverguide/C/mail.xml:647(para)
17933
msgid ""
17934
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17935
"information."
17936
msgstr ""
17937
17938
#: serverguide/C/mail.xml:652(para)
17939
msgid ""
17940
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17941
"server\">Exim4 Book</ulink> available."
17942
msgstr ""
17943
17944
#: serverguide/C/mail.xml:657(para)
17945
msgid ""
17946
"Another resource is the <ulink "
17947
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17948
"page."
17949
msgstr ""
17950
17951
#: serverguide/C/mail.xml:666(title)
17952
msgid "Dovecot Server"
17953
msgstr ""
17954
17955
#: serverguide/C/mail.xml:667(para)
17956
msgid ""
17957
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17958
"security primarily in mind. It supports the major mailbox formats: mbox or "
17959
"Maildir. This section explain how to set it up as an imap or pop3 server."
17960
msgstr ""
17961
17962
#: serverguide/C/mail.xml:675(para)
17963
msgid ""
17964
"To install <application>dovecot</application>, run the following command in "
17965
"the command prompt:"
17966
msgstr ""
17967
17968
#: serverguide/C/mail.xml:680(command)
17969
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17970
msgstr "sudo apt-get install dovecot-imapd dovecot-pop3d"
17971
17972
#: serverguide/C/mail.xml:685(para)
17973
msgid ""
17974
"To configure <application>dovecot</application>, you can edit the file "
17975
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17976
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17977
"secure). A description of these protocols is beyond the scope of this guide. "
17978
"For further information, refer to the Wikipedia articles on <ulink "
17979
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17980
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17981
"link>."
17982
msgstr ""
17983
17984
#: serverguide/C/mail.xml:695(para)
17985
msgid ""
17986
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17987
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17988
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17989
msgstr ""
17990
17991
#: serverguide/C/mail.xml:701(programlisting)
17992
#, no-wrap
17993
msgid ""
17994
"\n"
17995
"protocols = pop3 pop3s imap imaps\n"
17996
msgstr ""
17997
17998
#: serverguide/C/mail.xml:704(para)
17999
msgid ""
18000
"Next, choose the mailbox you would like to use. "
18001
"<application>Dovecot</application> supports <emphasis "
18002
"role=\"strong\">maildir</emphasis> and <emphasis "
18003
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
18004
"mailbox formats. They both have their own benefits and are discussed on "
18005
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
18006
"site</ulink>."
18007
msgstr ""
18008
18009
#: serverguide/C/mail.xml:712(para)
18010
msgid ""
18011
"Once you have chosen your mailbox type, edit the file "
18012
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18013
msgstr ""
18014
18015
#: serverguide/C/mail.xml:717(programlisting)
18016
#, no-wrap
18017
msgid ""
18018
"\n"
18019
"mail_location = maildir:~/Maildir # (for maildir)\n"
18020
"or\n"
18021
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
18022
msgstr ""
18023
18024
#: serverguide/C/mail.xml:723(para)
18025
msgid ""
18026
"You should configure your Mail Transport Agent (MTA) to transfer the "
18027
"incoming mail to this type of mailbox if it is different from the one you "
18028
"have configured."
18029
msgstr ""
18030
18031
#: serverguide/C/mail.xml:729(para)
18032
msgid ""
18033
"Once you have configured dovecot, restart the "
18034
"<application>dovecot</application> daemon in order to test your setup:"
18035
msgstr ""
18036
18037
#: serverguide/C/mail.xml:738(para)
18038
msgid ""
18039
"If you have enabled imap, or pop3, you can also try to log in with the "
18040
"commands <command>telnet localhost pop3</command> or <command>telnet "
18041
"localhost imap2</command>. If you see something like the following, the "
18042
"installation has been successful:"
18043
msgstr ""
18044
18045
#: serverguide/C/mail.xml:745(programlisting)
18046
#, no-wrap
18047
msgid ""
18048
"\n"
18049
"bhuvan@rainbow:~$ telnet localhost pop3\n"
18050
"Trying 127.0.0.1...\n"
18051
"Connected to localhost.localdomain.\n"
18052
"Escape character is '^]'.\n"
18053
"+OK Dovecot ready.\n"
18054
msgstr ""
18055
18056
#: serverguide/C/mail.xml:754(title)
18057
msgid "Dovecot SSL Configuration"
18058
msgstr ""
18059
18060
#: serverguide/C/mail.xml:755(para)
18061
msgid ""
18062
"To configure <application>dovecot</application> to use SSL, you can edit the "
18063
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18064
"lines:"
18065
msgstr ""
18066
18067
#: serverguide/C/mail.xml:760(programlisting)
18068
#, no-wrap
18069
msgid ""
18070
"\n"
18071
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18072
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
18073
"ssl_disable = no\n"
18074
"disable_plaintext_auth = no\n"
18075
msgstr ""
18076
18077
#: serverguide/C/mail.xml:766(para)
18078
msgid ""
18079
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18080
"can create self signed SSL certificate. The latter is a good option for "
18081
"email, because SMTP clients rarely complain about \"self-signed "
18082
"certificates\". Please refer to <xref linkend=\"certificates-and-"
18083
"security\"/> for details about how to create self signed SSL certificate. "
18084
"Once you create the certificate, you will have a key file and a certificate "
18085
"file. Please copy them to the location pointed in the "
18086
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18087
msgstr ""
18088
18089
#: serverguide/C/mail.xml:781(title)
18090
msgid "Firewall Configuration for an Email Server"
18091
msgstr ""
18092
18093
#: serverguide/C/mail.xml:787(para)
18094
msgid "IMAP - 143"
18095
msgstr ""
18096
18097
#: serverguide/C/mail.xml:788(para)
18098
msgid "IMAPS - 993"
18099
msgstr ""
18100
18101
#: serverguide/C/mail.xml:789(para)
18102
msgid "POP3 - 110"
18103
msgstr ""
18104
18105
#: serverguide/C/mail.xml:790(para)
18106
msgid "POP3S - 995"
18107
msgstr ""
18108
18109
#: serverguide/C/mail.xml:782(para)
18110
msgid ""
18111
"To access your mail server from another computer, you must configure your "
18112
"firewall to allow connections to the server on the necessary ports. "
18113
"<placeholder-1/>"
18114
msgstr ""
18115
18116
#: serverguide/C/mail.xml:799(para)
18117
msgid ""
18118
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18119
"more information."
18120
msgstr ""
18121
18122
#: serverguide/C/mail.xml:804(para)
18123
msgid ""
18124
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18125
"Ubuntu Wiki</ulink> page has more details."
18126
msgstr ""
18127
18128
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
18129
msgid "Mailman"
18130
msgstr ""
18131
18132
#: serverguide/C/mail.xml:814(para)
18133
msgid ""
18134
"Mailman is an open source program for managing electronic mail discussions "
18135
"and e-newsletter lists. Many open source mailing lists (including all the "
18136
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
18137
"Mailman as their mailing list software. It is powerful and easy to install "
18138
"and maintain."
18139
msgstr ""
18140
18141
#: serverguide/C/mail.xml:824(para)
18142
msgid ""
18143
"Mailman provides a web interface for the administrators and users, using an "
18144
"external mail server to send and receive emails. It works perfectly with the "
18145
"following mail servers:"
18146
msgstr ""
18147
18148
#: serverguide/C/mail.xml:835(application)
18149
msgid "Exim"
18150
msgstr ""
18151
18152
#: serverguide/C/mail.xml:838(application)
18153
msgid "Sendmail"
18154
msgstr ""
18155
18156
#: serverguide/C/mail.xml:841(application)
18157
msgid "Qmail"
18158
msgstr ""
18159
18160
#: serverguide/C/mail.xml:846(para)
18161
msgid ""
18162
"We will see how to install and configure Mailman with, the Apache web "
18163
"server, and either the Postfix or Exim mail server. If you wish to install "
18164
"Mailman with a different mail server, please refer to the references section."
18165
msgstr ""
18166
18167
#: serverguide/C/mail.xml:853(para)
18168
msgid ""
18169
"You only need to install one mail server and "
18170
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18171
msgstr ""
18172
18173
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
18174
msgid "Apache2"
18175
msgstr ""
18176
18177
#: serverguide/C/mail.xml:859(para)
18178
msgid ""
18179
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18180
"installation\">HTTPD Installation</ulink> section for details."
18181
msgstr ""
18182
18183
#: serverguide/C/mail.xml:867(para)
18184
msgid ""
18185
"For instructions on installing and configuring Postfix refer to <xref "
18186
"linkend=\"postfix\"/>"
18187
msgstr ""
18188
18189
#: serverguide/C/mail.xml:873(para)
18190
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18191
msgstr ""
18192
18193
#: serverguide/C/mail.xml:884(application)
18194
msgid "dc_use_split_config='true'"
18195
msgstr ""
18196
18197
#: serverguide/C/mail.xml:876(para)
18198
msgid ""
18199
"Once exim4 is installed, the configuration files are stored in the "
18200
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18201
"configuration files are split across different files. You can change this "
18202
"behavior by changing the following variable in the "
18203
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18204
msgstr ""
18205
18206
#: serverguide/C/mail.xml:891(para)
18207
msgid ""
18208
"To install <application>Mailman</application>, run following command at a "
18209
"terminal prompt:"
18210
msgstr ""
18211
18212
#: serverguide/C/mail.xml:895(command)
18213
msgid "sudo apt-get install mailman"
18214
msgstr "sudo apt-get install mailman"
18215
18216
#: serverguide/C/mail.xml:897(para)
18217
msgid ""
18218
"It copies the installation files in "
18219
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18220
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
18221
"creates <emphasis>list</emphasis> linux user. It creates the "
18222
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
18223
"this user."
18224
msgstr ""
18225
18226
#: serverguide/C/mail.xml:909(para)
18227
msgid ""
18228
"This section assumes you have successfully installed "
18229
"<application>mailman</application>, <application>apache2</application>, and "
18230
"<application>postfix</application> or <application>exim4</application>. Now "
18231
"you just need to configure them."
18232
msgstr ""
18233
18234
#: serverguide/C/mail.xml:918(para)
18235
msgid ""
18236
"An example Apache configuration file comes with "
18237
"<application>Mailman</application> and is placed in "
18238
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18239
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18240
"available</filename>:"
18241
msgstr ""
18242
18243
#: serverguide/C/mail.xml:924(command)
18244
msgid ""
18245
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18246
msgstr ""
18247
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18248
18249
#: serverguide/C/mail.xml:926(para)
18250
msgid ""
18251
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18252
"Mailman administration site. Now enable the new configuration and restart "
18253
"Apache:"
18254
msgstr ""
18255
18256
#: serverguide/C/mail.xml:931(command)
18257
msgid "sudo a2ensite mailman.conf"
18258
msgstr "sudo a2ensite mailman.conf"
18259
18260
#: serverguide/C/mail.xml:934(para)
18261
msgid ""
18262
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18263
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18264
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18265
"can make changes to the <filename>/etc/apache2/sites-"
18266
"available/mailman.conf</filename> file if you wish to change this behavior."
18267
msgstr ""
18268
18269
#: serverguide/C/mail.xml:945(para)
18270
msgid ""
18271
"For <application>Postfix</application> integration, we will associate the "
18272
"domain lists.example.com with the mailing lists. Please replace "
18273
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18274
msgstr ""
18275
18276
#: serverguide/C/mail.xml:949(para)
18277
msgid ""
18278
"You can use the postconf command to add the necessary configuration to "
18279
"<filename>/etc/postfix/main.cf</filename>:"
18280
msgstr ""
18281
18282
#: serverguide/C/mail.xml:953(command)
18283
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18284
msgstr ""
18285
18286
#: serverguide/C/mail.xml:954(command)
18287
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18288
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18289
18290
#: serverguide/C/mail.xml:955(command)
18291
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18292
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18293
18294
#: serverguide/C/mail.xml:957(para)
18295
msgid ""
18296
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18297
"the following transport:"
18298
msgstr ""
18299
18300
#: serverguide/C/mail.xml:960(programlisting)
18301
#, no-wrap
18302
msgid ""
18303
"\n"
18304
"mailman unix - n n - - pipe\n"
18305
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18306
" ${nexthop} ${user}\n"
18307
msgstr ""
18308
18309
#: serverguide/C/mail.xml:965(para)
18310
msgid ""
18311
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18312
"is delivered to a list."
18313
msgstr ""
18314
18315
#: serverguide/C/mail.xml:968(para)
18316
msgid ""
18317
"Associate the domain lists.example.com to the Mailman transport with the "
18318
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18319
msgstr ""
18320
18321
#: serverguide/C/mail.xml:971(programlisting)
18322
#, no-wrap
18323
msgid ""
18324
"\n"
18325
"lists.example.com mailman:\n"
18326
msgstr ""
18327
18328
#: serverguide/C/mail.xml:974(para)
18329
msgid ""
18330
"Now have <application>Postfix</application> build the transport map by "
18331
"entering the following from a terminal prompt:"
18332
msgstr ""
18333
18334
#: serverguide/C/mail.xml:978(command)
18335
msgid "sudo postmap -v /etc/postfix/transport"
18336
msgstr "sudo postmap -v /etc/postfix/transport"
18337
18338
#: serverguide/C/mail.xml:980(para)
18339
msgid "Then restart Postfix to enable the new configurations:"
18340
msgstr ""
18341
18342
#: serverguide/C/mail.xml:989(para)
18343
msgid ""
18344
"Once Exim4 is installed, you can start the Exim server using the following "
18345
"command from a terminal prompt:"
18346
msgstr ""
18347
18348
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18349
msgid "Main"
18350
msgstr ""
18351
18352
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18353
msgid "Transport"
18354
msgstr ""
18355
18356
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18357
msgid "Router"
18358
msgstr ""
18359
18360
#: serverguide/C/mail.xml:996(para)
18361
msgid ""
18362
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18363
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18364
"different types. For details, please refer to the <ulink "
18365
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18366
"add new a configuration file to the following configuration types: "
18367
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18368
"these mini configuration files. So, the order of these configuration files "
18369
"is very important."
18370
msgstr ""
18371
18372
#: serverguide/C/mail.xml:1027(programlisting)
18373
#, no-wrap
18374
msgid ""
18375
"\n"
18376
"# start\n"
18377
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18378
"# directory.\n"
18379
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18380
"# This is normally the same as ~mailman\n"
18381
"MM_HOME=/var/lib/mailman\n"
18382
"#\n"
18383
"# User and group for Mailman, should match your --with-mail-gid\n"
18384
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18385
"MM_UID=list\n"
18386
"MM_GID=list\n"
18387
"#\n"
18388
"# Domains that your lists are in - colon separated list\n"
18389
"# you may wish to add these into local_domains as well\n"
18390
"domainlist mm_domains=hostname.com\n"
18391
"#\n"
18392
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18393
"#\n"
18394
"# These values are derived from the ones above and should not need\n"
18395
"# editing unless you have munged your mailman installation\n"
18396
"#\n"
18397
"# The path of the Mailman mail wrapper script\n"
18398
"MM_WRAP=MM_HOME/mail/mailman\n"
18399
"#\n"
18400
"# The path of the list config file (used as a required file when\n"
18401
"# verifying list addresses)\n"
18402
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18403
"# end\n"
18404
msgstr ""
18405
18406
#: serverguide/C/mail.xml:1021(para)
18407
msgid ""
18408
"All the configuration files belonging to the main type are stored in the "
18409
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18410
"following content to a new file, named <filename>04_exim4-"
18411
"config_mailman</filename>: <placeholder-1/>"
18412
msgstr ""
18413
18414
#: serverguide/C/mail.xml:1067(programlisting)
18415
#, no-wrap
18416
msgid ""
18417
"\n"
18418
" mailman_transport:\n"
18419
" driver = pipe\n"
18420
" command = MM_WRAP \\\n"
18421
" '${if def:local_part_suffix \\\n"
18422
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18423
"\\\n"
18424
" {post}}' \\\n"
18425
" $local_part\n"
18426
" current_directory = MM_HOME\n"
18427
" home_directory = MM_HOME\n"
18428
" user = MM_UID\n"
18429
" group = MM_GID\n"
18430
msgstr ""
18431
18432
#: serverguide/C/mail.xml:1061(para)
18433
msgid ""
18434
"All the configuration files belonging to transport type are stored in the "
18435
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18436
"following content to a new file named <filename> 40_exim4-"
18437
"config_mailman</filename>: <placeholder-1/>"
18438
msgstr ""
18439
18440
#: serverguide/C/mail.xml:1088(programlisting)
18441
#, no-wrap
18442
msgid ""
18443
"\n"
18444
" mailman_router:\n"
18445
" driver = accept\n"
18446
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18447
" local_part_suffix_optional\n"
18448
" local_part_suffix = -bounces : -bounces+* : \\\n"
18449
" -confirm+* : -join : -leave : \\\n"
18450
" -owner : -request : -admin\n"
18451
" transport = mailman_transport\n"
18452
msgstr ""
18453
18454
#: serverguide/C/mail.xml:1084(para)
18455
msgid ""
18456
"All the configuration files belonging to router type are stored in the "
18457
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18458
"following content in to a new file named <filename>101_exim4-"
18459
"config_mailman</filename>: <placeholder-1/>"
18460
msgstr ""
18461
18462
#: serverguide/C/mail.xml:1101(para)
18463
msgid ""
18464
"The order of main and transport configuration files can be in any order. "
18465
"But, the order of router configuration files must be the same. This "
18466
"particular file must appear before the <application>200_exim4-"
18467
"config_primary</application> file. These two configuration files contain "
18468
"same type of information. The first file takes the precedence. For more "
18469
"details, please refer to the references section."
18470
msgstr ""
18471
18472
#: serverguide/C/mail.xml:1114(para)
18473
msgid ""
18474
"Once mailman is installed, you can run it using the following command:"
18475
msgstr ""
18476
18477
#: serverguide/C/mail.xml:1118(command)
18478
msgid "sudo /etc/init.d/mailman start"
18479
msgstr "sudo /etc/init.d/mailman start"
18480
18481
#: serverguide/C/mail.xml:1120(para)
18482
msgid ""
18483
"Once mailman is installed, you should create the default mailing list. Run "
18484
"the following command to create the mailing list:"
18485
msgstr ""
18486
18487
#: serverguide/C/mail.xml:1126(command)
18488
msgid "sudo /usr/sbin/newlist mailman"
18489
msgstr "sudo /usr/sbin/newlist mailman"
18490
18491
#: serverguide/C/mail.xml:1129(programlisting)
18492
#, no-wrap
18493
msgid ""
18494
"\n"
18495
" Enter the email address of the person running the list: bhuvan at "
18496
"ubuntu.com\n"
18497
" Initial mailman password:\n"
18498
" To finish creating your mailing list, you must edit your "
18499
"<filename>/etc/aliases</filename> (or\n"
18500
" equivalent) file by adding the following lines, and possibly running the\n"
18501
" `newaliases' program:\n"
18502
"\n"
18503
" ## mailman mailing list\n"
18504
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18505
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18506
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18507
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18508
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18509
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18510
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18511
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18512
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18513
"mailman\"\n"
18514
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18515
"mailman\"\n"
18516
"\n"
18517
" Hit enter to notify mailman owner...\n"
18518
"\n"
18519
" # \n"
18520
msgstr ""
18521
18522
#: serverguide/C/mail.xml:1152(para)
18523
msgid ""
18524
"We have configured either Postfix or Exim4 to recognize all emails from "
18525
"mailman. So, it is not mandatory to make any new entries in "
18526
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18527
"configuration files, please ensure that you restart those services before "
18528
"continuing to next section."
18529
msgstr ""
18530
18531
#: serverguide/C/mail.xml:1160(para)
18532
msgid ""
18533
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18534
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18535
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18536
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18537
msgstr ""
18538
18539
#: serverguide/C/mail.xml:1171(title)
18540
msgid "Administration"
18541
msgstr ""
18542
18543
#: serverguide/C/mail.xml:1172(para)
18544
msgid ""
18545
"We assume you have a default installation. The mailman cgi scripts are still "
18546
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18547
"Mailman provides a web based administration facility. To access this page, "
18548
"point your browser to the following url:"
18549
msgstr ""
18550
18551
#: serverguide/C/mail.xml:1180(para)
18552
msgid "http://hostname/cgi-bin/mailman/admin"
18553
msgstr ""
18554
18555
#: serverguide/C/mail.xml:1184(para)
18556
msgid ""
18557
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18558
"screen. If you click the mailing list name, it will ask for your "
18559
"authentication password. If you enter the correct password, you will be able "
18560
"to change administrative settings of this mailing list. You can create a new "
18561
"mailing list using the command line utility "
18562
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18563
"mailing list using the web interface."
18564
msgstr ""
18565
18566
#: serverguide/C/mail.xml:1197(title)
18567
msgid "Users"
18568
msgstr ""
18569
18570
#: serverguide/C/mail.xml:1198(para)
18571
msgid ""
18572
"Mailman provides a web based interface for users. To access this page, point "
18573
"your browser to the following url:"
18574
msgstr ""
18575
18576
#: serverguide/C/mail.xml:1203(para)
18577
msgid "http://hostname/cgi-bin/mailman/listinfo"
18578
msgstr ""
18579
18580
#: serverguide/C/mail.xml:1207(para)
18581
msgid ""
18582
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18583
"screen. If you click the mailing list name, it will display the subscription "
18584
"form. You can enter your email address, name (optional), and password to "
18585
"subscribe. An email invitation will be sent to you. You can follow the "
18586
"instructions in the email to subscribe."
18587
msgstr ""
18588
18589
#: serverguide/C/mail.xml:1219(ulink)
18590
msgid "GNU Mailman - Installation Manual"
18591
msgstr ""
18592
18593
#: serverguide/C/mail.xml:1223(ulink)
18594
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18595
msgstr ""
18596
18597
#: serverguide/C/mail.xml:1226(para)
18598
msgid ""
18599
"Also, see the <ulink "
18600
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18601
"Wiki</ulink> page."
18602
msgstr ""
18603
18604
#: serverguide/C/mail.xml:1232(title)
18605
msgid "Mail Filtering"
18606
msgstr ""
18607
18608
#: serverguide/C/mail.xml:1233(para)
18609
msgid ""
18610
"One of the largest issues with email today is the problem of Unsolicited "
18611
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18612
"and other forms of malware. According to some reports these messages make up "
18613
"the bulk of all email traffic on the Internet."
18614
msgstr ""
18615
18616
#: serverguide/C/mail.xml:1238(para)
18617
msgid ""
18618
"This section will cover integrating <application>Amavisd-new</application>, "
18619
"<application>Spamassassin</application>, and "
18620
"<application>ClamAV</application> with the "
18621
"<application>Postfix</application> Mail Transport Agent (MTA). "
18622
"<application>Postfix</application> can also check email validity by passing "
18623
"it through external content filters. These filters can sometimes determine "
18624
"if a message is spam without needing to process it with more resource "
18625
"intensive applications. Two common filters are "
18626
"<application>opendkim</application> and <application>python-policyd-"
18627
"spf</application>."
18628
msgstr ""
18629
18630
#: serverguide/C/mail.xml:1248(para)
18631
msgid ""
18632
"<application>Amavisd-new</application> is a wrapper program that can call "
18633
"any number of content filtering programs for spam detection, antivirus, etc."
18634
msgstr ""
18635
18636
#: serverguide/C/mail.xml:1254(para)
18637
msgid ""
18638
"<application>Spamassassin</application> uses a variety of mechanisms to "
18639
"filter email based on the message content."
18640
msgstr ""
18641
18642
#: serverguide/C/mail.xml:1259(para)
18643
msgid ""
18644
"<application>ClamAV</application> is an open source antivirus application."
18645
msgstr ""
18646
18647
#: serverguide/C/mail.xml:1264(para)
18648
msgid ""
18649
"<application>opendkim</application> implements a Sendmail Mail Filter "
18650
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18651
msgstr ""
18652
18653
#: serverguide/C/mail.xml:1270(para)
18654
msgid ""
18655
"<application>python-policyd-spf</application> enables Sender Policy "
18656
"Framework (SPF) checking with <application>Postfix</application>."
18657
msgstr ""
18658
18659
#: serverguide/C/mail.xml:1275(para)
18660
msgid "This is how the pieces fit together:"
18661
msgstr ""
18662
18663
#: serverguide/C/mail.xml:1280(para)
18664
msgid "An email message is accepted by <application>Postfix</application>."
18665
msgstr ""
18666
18667
#: serverguide/C/mail.xml:1285(para)
18668
msgid ""
18669
"The message is passed through any external filters "
18670
"<application>opendkim</application> and <application>python-policyd-"
18671
"spf</application> in this case."
18672
msgstr ""
18673
18674
#: serverguide/C/mail.xml:1291(para)
18675
msgid "<application>Amavisd-new</application> then processes the message."
18676
msgstr ""
18677
18678
#: serverguide/C/mail.xml:1296(para)
18679
msgid ""
18680
"<application>ClamAV</application> is used to scan the message. If the "
18681
"message contains a virus <application>Postfix</application> will reject the "
18682
"message."
18683
msgstr ""
18684
18685
#: serverguide/C/mail.xml:1302(para)
18686
msgid ""
18687
"Clean messages will then be analyzed by "
18688
"<application>Spamassassin</application> to find out if the message is spam. "
18689
"<application>Spamassassin</application> will then add X-Header lines "
18690
"allowing <application>Amavisd-new</application> to further manipulate the "
18691
"message."
18692
msgstr ""
18693
18694
#: serverguide/C/mail.xml:1309(para)
18695
msgid ""
18696
"For example, if a message has a Spam score of over fifty the message could "
18697
"be automatically dropped from the queue without the recipient ever having to "
18698
"be bothered. Another, way to handle flagged messages is to deliver them to "
18699
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18700
"see fit."
18701
msgstr ""
18702
18703
#: serverguide/C/mail.xml:1316(para)
18704
msgid ""
18705
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18706
"configuring Postfix."
18707
msgstr ""
18708
18709
#: serverguide/C/mail.xml:1319(para)
18710
msgid ""
18711
"To install the rest of the applications enter the following from a terminal "
18712
"prompt:"
18713
msgstr ""
18714
18715
#: serverguide/C/mail.xml:1323(command)
18716
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18717
msgstr "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18718
18719
#: serverguide/C/mail.xml:1324(command)
18720
msgid "sudo apt-get install opendkim python-policyd-spf"
18721
msgstr ""
18722
18723
#: serverguide/C/mail.xml:1326(para)
18724
msgid ""
18725
"There are some optional packages that integrate with "
18726
"<application>Spamassassin</application> for better spam detection:"
18727
msgstr ""
18728
18729
#: serverguide/C/mail.xml:1330(command)
18730
msgid "sudo apt-get install pyzor razor"
18731
msgstr "sudo apt-get install pyzor razor"
18732
18733
#: serverguide/C/mail.xml:1332(para)
18734
msgid ""
18735
"Along with the main filtering applications compression utilities are needed "
18736
"to process some email attachments:"
18737
msgstr ""
18738
18739
#: serverguide/C/mail.xml:1336(command)
18740
msgid ""
18741
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18742
msgstr ""
18743
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18744
18745
#: serverguide/C/mail.xml:1339(para)
18746
msgid ""
18747
"If some packages are not found, check that the "
18748
"<emphasis>multiverse</emphasis> repository is enabled in "
18749
"<filename>/etc/apt/sources.list</filename>"
18750
msgstr ""
18751
18752
#: serverguide/C/mail.xml:1340(para)
18753
msgid ""
18754
"If you make changes to the file, be sure to run <command>sudo apt-get "
18755
"update</command> before trying to install again."
18756
msgstr ""
18757
18758
#: serverguide/C/mail.xml:1345(para)
18759
msgid "Now configure everything to work together and filter email."
18760
msgstr ""
18761
18762
#: serverguide/C/mail.xml:1349(title)
18763
msgid "ClamAV"
18764
msgstr ""
18765
18766
#: serverguide/C/mail.xml:1350(para)
18767
msgid ""
18768
"The default behaviour of <application>ClamAV</application> will fit our "
18769
"needs. For more ClamAV configuration options, check the configuration files "
18770
"in <filename>/etc/clamav</filename>."
18771
msgstr ""
18772
18773
#: serverguide/C/mail.xml:1355(para)
18774
msgid ""
18775
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18776
"group in order for <application>Amavisd-new</application> to have the "
18777
"appropriate access to scan files:"
18778
msgstr ""
18779
18780
#: serverguide/C/mail.xml:1360(command)
18781
msgid "sudo adduser clamav amavis"
18782
msgstr "sudo adduser clamav amavis"
18783
18784
#: serverguide/C/mail.xml:1364(title)
18785
msgid "Spamassassin"
18786
msgstr ""
18787
18788
#: serverguide/C/mail.xml:1365(para)
18789
msgid ""
18790
"Spamassassin automatically detects optional components and will use them if "
18791
"they are present. This means that there is no need to configure "
18792
"<application>pyzor</application> and <application>razor</application>."
18793
msgstr ""
18794
18795
#: serverguide/C/mail.xml:1369(para)
18796
msgid ""
18797
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18798
"<application>Spamassassin</application> daemon. Change "
18799
"<emphasis>ENABLED=0</emphasis> to:"
18800
msgstr ""
18801
18802
#: serverguide/C/mail.xml:1373(programlisting)
18803
#, no-wrap
18804
msgid ""
18805
"\n"
18806
"ENABLED=1\n"
18807
msgstr ""
18808
18809
#: serverguide/C/mail.xml:1376(para)
18810
msgid "Now start the daemon:"
18811
msgstr ""
18812
18813
#: serverguide/C/mail.xml:1380(command)
18814
msgid "sudo /etc/init.d/spamassassin start"
18815
msgstr "sudo /etc/init.d/spamassassin start"
18816
18817
#: serverguide/C/mail.xml:1384(title)
18818
msgid "Amavisd-new"
18819
msgstr ""
18820
18821
#: serverguide/C/mail.xml:1385(para)
18822
msgid ""
18823
"First activate spam and antivirus detection in <application>Amavisd-"
18824
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18825
"content_filter_mode</filename>:"
18826
msgstr ""
18827
18828
#: serverguide/C/mail.xml:1389(programlisting)
18829
#, no-wrap
18830
msgid ""
18831
"\n"
18832
"use strict;\n"
18833
"\n"
18834
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18835
"# and to re-enable antivirus checking.\n"
18836
"\n"
18837
"#\n"
18838
"# Default antivirus checking mode\n"
18839
"# Uncomment the two lines below to enable it\n"
18840
"#\n"
18841
"\n"
18842
"@bypass_virus_checks_maps = (\n"
18843
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18844
"$bypass_virus_checks_re);\n"
18845
"\n"
18846
"\n"
18847
"#\n"
18848
"# Default SPAM checking mode\n"
18849
"# Uncomment the two lines below to enable it\n"
18850
"#\n"
18851
"\n"
18852
"@bypass_spam_checks_maps = (\n"
18853
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18854
"$bypass_spam_checks_re);\n"
18855
"\n"
18856
"1; # insure a defined return\n"
18857
msgstr ""
18858
18859
#: serverguide/C/mail.xml:1414(para)
18860
msgid ""
18861
"Bouncing spam can be a bad idea as the return address is often faked. "
18862
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18863
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18864
"D_BOUNCE, as follows:"
18865
msgstr ""
18866
18867
#: serverguide/C/mail.xml:1420(programlisting)
18868
#, no-wrap
18869
msgid ""
18870
"\n"
18871
"$final_spam_destiny = D_DISCARD;\n"
18872
msgstr ""
18873
18874
#: serverguide/C/mail.xml:1424(para)
18875
msgid ""
18876
"Additionally, you may want to adjust the following options to flag more "
18877
"messages as spam:"
18878
msgstr ""
18879
18880
#: serverguide/C/mail.xml:1428(programlisting)
18881
#, no-wrap
18882
msgid ""
18883
"\n"
18884
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18885
"level\n"
18886
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18887
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18888
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18889
msgstr ""
18890
18891
#: serverguide/C/mail.xml:1435(para)
18892
msgid ""
18893
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18894
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18895
"option. Also, if the server receives mail for multiple domains the "
18896
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18897
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18898
msgstr ""
18899
18900
#: serverguide/C/mail.xml:1442(programlisting)
18901
#, no-wrap
18902
msgid ""
18903
"\n"
18904
"$myhostname = 'mail.example.com';\n"
18905
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18906
msgstr ""
18907
18908
#: serverguide/C/mail.xml:1447(para)
18909
msgid ""
18910
"After configuration <application>Amavisd-new</application> needs to be "
18911
"restarted:"
18912
msgstr ""
18913
18914
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18915
msgid "sudo /etc/init.d/amavis restart"
18916
msgstr "sudo /etc/init.d/amavis restart"
18917
18918
#: serverguide/C/mail.xml:1454(title)
18919
msgid "DKIM Whitelist"
18920
msgstr ""
18921
18922
#: serverguide/C/mail.xml:1456(para)
18923
msgid ""
18924
"<application>Amavisd-new</application> can be configured to automatically "
18925
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18926
"Keys. There are some pre-configured domains in the "
18927
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18928
msgstr ""
18929
18930
#: serverguide/C/mail.xml:1462(para)
18931
msgid "There are multiple ways to configure the Whitelist for a domain:"
18932
msgstr ""
18933
18934
#: serverguide/C/mail.xml:1468(para)
18935
msgid ""
18936
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18937
"address from the \"example.com\" domain."
18938
msgstr ""
18939
18940
#: serverguide/C/mail.xml:1473(para)
18941
msgid ""
18942
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18943
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18944
"have a valid signature."
18945
msgstr ""
18946
18947
#: serverguide/C/mail.xml:1479(para)
18948
msgid ""
18949
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18950
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18951
"role=\"italic\">example.com</emphasis> the parent domain."
18952
msgstr ""
18953
18954
#: serverguide/C/mail.xml:1485(para)
18955
msgid ""
18956
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18957
"that have a valid signature from \"example.com\". This is usually used for "
18958
"discussion groups that sign their messages."
18959
msgstr ""
18960
18961
#: serverguide/C/mail.xml:1492(para)
18962
msgid ""
18963
"A domain can also have multiple Whitelist configurations. After, editing the "
18964
"file restart <application>amaisd-new</application>:"
18965
msgstr ""
18966
18967
#: serverguide/C/mail.xml:1501(para)
18968
msgid ""
18969
"In this context, once a domain has been added to the Whitelist the message "
18970
"will not receive any anti-virus or spam filtering. This may or may not be "
18971
"the intended behavior you wish for a domain."
18972
msgstr ""
18973
18974
#: serverguide/C/mail.xml:1511(para)
18975
msgid ""
18976
"For <application>Postfix</application> integration, enter the following from "
18977
"a terminal prompt:"
18978
msgstr ""
18979
18980
#: serverguide/C/mail.xml:1515(command)
18981
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18982
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18983
18984
#: serverguide/C/mail.xml:1517(para)
18985
msgid ""
18986
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18987
"to the end of the file:"
18988
msgstr ""
18989
18990
#: serverguide/C/mail.xml:1520(programlisting)
18991
#, no-wrap
18992
msgid ""
18993
"\n"
18994
"smtp-amavis unix - - - - 2 smtp\n"
18995
" -o smtp_data_done_timeout=1200\n"
18996
" -o smtp_send_xforward_command=yes\n"
18997
" -o disable_dns_lookups=yes\n"
18998
" -o max_use=20\n"
18999
"\n"
19000
"127.0.0.1:10025 inet n - - - - smtpd\n"
19001
" -o content_filter=\n"
19002
" -o local_recipient_maps=\n"
19003
" -o relay_recipient_maps=\n"
19004
" -o smtpd_restriction_classes=\n"
19005
" -o smtpd_delay_reject=no\n"
19006
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19007
" -o smtpd_helo_restrictions=\n"
19008
" -o smtpd_sender_restrictions=\n"
19009
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19010
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19011
" -o smtpd_end_of_data_restrictions=\n"
19012
" -o mynetworks=127.0.0.0/8\n"
19013
" -o smtpd_error_sleep_time=0\n"
19014
" -o smtpd_soft_error_limit=1001\n"
19015
" -o smtpd_hard_error_limit=1000\n"
19016
" -o smtpd_client_connection_count_limit=0\n"
19017
" -o smtpd_client_connection_rate_limit=0\n"
19018
" -o "
19019
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19020
msgstr ""
19021
19022
#: serverguide/C/mail.xml:1547(para)
19023
msgid ""
19024
"Also add the following two lines immediately below the "
19025
"<emphasis>\"pickup\"</emphasis> transport service:"
19026
msgstr ""
19027
19028
#: serverguide/C/mail.xml:1550(programlisting)
19029
#, no-wrap
19030
msgid ""
19031
"\n"
19032
" -o content_filter=\n"
19033
" -o receive_override_options=no_header_body_checks\n"
19034
msgstr ""
19035
19036
#: serverguide/C/mail.xml:1554(para)
19037
msgid ""
19038
"This will prevent messages that are generated to report on spam from being "
19039
"classified as spam."
19040
msgstr ""
19041
19042
#: serverguide/C/mail.xml:1557(para)
19043
msgid "Now restart <application>Postfix</application>:"
19044
msgstr ""
19045
19046
#: serverguide/C/mail.xml:1563(para)
19047
msgid "Content filtering with spam and virus detection is now enabled."
19048
msgstr ""
19049
19050
#: serverguide/C/mail.xml:1569(title)
19051
msgid "Amavisd-new and Spamassassin"
19052
msgstr ""
19053
19054
#: serverguide/C/mail.xml:1571(para)
19055
msgid ""
19056
"When integrating <application>Amavisd-new</application> with "
19057
"<application>Spamassassin</application>, if you choose to disable the bayes "
19058
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
19059
"<application>cron</application> to update the nightly rules, the result can "
19060
"cause a situation where a large amount of error messages are sent to the "
19061
"<emphasis>amavis</emphasis> user via the amavisd-new "
19062
"<application>cron</application> job."
19063
msgstr ""
19064
19065
#: serverguide/C/mail.xml:1578(para)
19066
msgid "There are several ways to handle this situation:"
19067
msgstr ""
19068
19069
#: serverguide/C/mail.xml:1584(para)
19070
msgid "Configure your MDA to filter messages you do not wish to see."
19071
msgstr ""
19072
19073
#: serverguide/C/mail.xml:1589(para)
19074
msgid ""
19075
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
19076
"<emphasis>use_bayes 0</emphasis>. For example, edit "
19077
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
19078
"the top before the <emphasis>test</emphasis> statements:"
19079
msgstr ""
19080
19081
#: serverguide/C/mail.xml:1593(programlisting)
19082
#, no-wrap
19083
msgid ""
19084
"\n"
19085
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
19086
"exit 0\n"
19087
msgstr ""
19088
19089
#: serverguide/C/mail.xml:1603(para)
19090
msgid ""
19091
"First, test that the <application>Amavisd-new</application> SMTP is "
19092
"listening:"
19093
msgstr ""
19094
19095
#: serverguide/C/mail.xml:1606(programlisting)
19096
#, no-wrap
19097
msgid ""
19098
"\n"
19099
"telnet localhost 10024\n"
19100
"Trying 127.0.0.1...\n"
19101
"Connected to localhost.\n"
19102
"Escape character is '^]'.\n"
19103
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19104
"^]\n"
19105
msgstr ""
19106
19107
#: serverguide/C/mail.xml:1614(para)
19108
msgid ""
19109
"In the Header of messages that go through the content filter you should see:"
19110
msgstr ""
19111
19112
#: serverguide/C/mail.xml:1617(programlisting)
19113
#, no-wrap
19114
msgid ""
19115
"\n"
19116
"X-Spam-Level: \n"
19117
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19118
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19119
"BAYES_00\n"
19120
"X-Spam-Level: \n"
19121
msgstr ""
19122
19123
#: serverguide/C/mail.xml:1624(para)
19124
msgid ""
19125
"Your output will vary, but the important thing is that there are <emphasis>X-"
19126
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19127
msgstr ""
19128
19129
#: serverguide/C/mail.xml:1632(para)
19130
msgid ""
19131
"The best way to figure out why something is going wrong is to check the log "
19132
"files."
19133
msgstr ""
19134
19135
#: serverguide/C/mail.xml:1637(para)
19136
msgid ""
19137
"For instructions on <application>Postfix</application> logging see the <xref "
19138
"linkend=\"postfix-troubleshooting\"/> section."
19139
msgstr ""
19140
19141
#: serverguide/C/mail.xml:1643(para)
19142
msgid ""
19143
"<application>Amavisd-new</application> uses "
19144
"<application>Syslog</application> to send messages to "
19145
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
19146
"increased by adding the <emphasis>$log_level</emphasis> option to "
19147
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
19148
"1 to 5."
19149
msgstr ""
19150
19151
#: serverguide/C/mail.xml:1648(programlisting)
19152
#, no-wrap
19153
msgid ""
19154
"\n"
19155
"$log_level = 2;\n"
19156
msgstr ""
19157
19158
#: serverguide/C/mail.xml:1652(para)
19159
msgid ""
19160
"When the <application>Amavisd-new</application> log output is increased "
19161
"<application>Spamassassin</application> log output is also increased."
19162
msgstr ""
19163
19164
#: serverguide/C/mail.xml:1659(para)
19165
msgid ""
19166
"The <application>ClamAV</application> log level can be increased by editing "
19167
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19168
msgstr ""
19169
19170
#: serverguide/C/mail.xml:1663(programlisting)
19171
#, no-wrap
19172
msgid ""
19173
"\n"
19174
"LogVerbose true\n"
19175
msgstr ""
19176
19177
#: serverguide/C/mail.xml:1666(para)
19178
msgid ""
19179
"By default <application>ClamAV</application> will send log messages to "
19180
"<filename>/var/log/clamav/clamav.log</filename>."
19181
msgstr ""
19182
19183
#: serverguide/C/mail.xml:1672(para)
19184
msgid ""
19185
"After changing an applications log settings remember to restart the service "
19186
"for the new settings to take affect. Also, once the issue you are "
19187
"troubleshooting is resolved it is a good idea to change the log settings "
19188
"back to normal."
19189
msgstr ""
19190
19191
#: serverguide/C/mail.xml:1680(para)
19192
msgid "For more information on filtering mail see the following links:"
19193
msgstr ""
19194
19195
#: serverguide/C/mail.xml:1686(ulink)
19196
msgid "Amavisd-new Documentation"
19197
msgstr ""
19198
19199
#: serverguide/C/mail.xml:1690(para)
19200
msgid ""
19201
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
19202
"Documentation</ulink> and <ulink "
19203
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19204
msgstr ""
19205
19206
#: serverguide/C/mail.xml:1697(ulink)
19207
msgid "Spamassassin Wiki"
19208
msgstr ""
19209
19210
#: serverguide/C/mail.xml:1702(ulink)
19211
msgid "Pyzor Homepage"
19212
msgstr ""
19213
19214
#: serverguide/C/mail.xml:1707(ulink)
19215
msgid "Razor Homepage"
19216
msgstr ""
19217
19218
#: serverguide/C/mail.xml:1712(ulink)
19219
msgid "DKIM.org"
19220
msgstr ""
19221
19222
#: serverguide/C/mail.xml:1717(ulink)
19223
msgid "Postfix Amavis New"
19224
msgstr ""
19225
19226
#: serverguide/C/mail.xml:1721(para)
19227
msgid ""
19228
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19229
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19230
msgstr ""
19231
19232
#: serverguide/C/lamp-applications.xml:13(title)
19233
msgid "LAMP Applications"
19234
msgstr "Aplicacions LAMP"
19235
19236
#: serverguide/C/lamp-applications.xml:19(para)
19237
msgid ""
19238
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19239
"Ubuntu servers. There is a plethora of Open Source applications written "
19240
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19241
"Content Management Systems, and Management Software such as phpMyAdmin."
19242
msgstr ""
19243
19244
#: serverguide/C/lamp-applications.xml:26(para)
19245
msgid ""
19246
"One advantage of LAMP is the substantial flexibility for different database, "
19247
"web server, and scripting languages. Popular substitutes for MySQL include "
19248
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19249
"instead of PHP."
19250
msgstr ""
19251
19252
#: serverguide/C/lamp-applications.xml:32(para)
19253
msgid ""
19254
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19255
"is:"
19256
msgstr ""
19257
19258
#: serverguide/C/lamp-applications.xml:38(para)
19259
msgid "Download an archive containing the application source files."
19260
msgstr ""
19261
19262
#: serverguide/C/lamp-applications.xml:43(para)
19263
msgid ""
19264
"Unpack the archive, usually in a directory accessible to a web server."
19265
msgstr ""
19266
19267
#: serverguide/C/lamp-applications.xml:48(para)
19268
msgid ""
19269
"Depending on where the source was extracted, configure a web server to serve "
19270
"the files."
19271
msgstr ""
19272
19273
#: serverguide/C/lamp-applications.xml:53(para)
19274
msgid "Configure the application to connect to the database."
19275
msgstr ""
19276
19277
#: serverguide/C/lamp-applications.xml:58(para)
19278
msgid ""
19279
"Run a script, or browse to a page of the application, to install the "
19280
"database needed by the application."
19281
msgstr ""
19282
19283
#: serverguide/C/lamp-applications.xml:63(para)
19284
msgid ""
19285
"Once the steps above, or similar steps, are completed you are ready to begin "
19286
"using the application."
19287
msgstr ""
19288
19289
#: serverguide/C/lamp-applications.xml:69(para)
19290
msgid ""
19291
"A disadvantage of using this approach is that the application files are not "
19292
"placed in the file system in a standard way, which can cause confusion as to "
19293
"where the application is installed. Another larger disadvantage is updating "
19294
"the application. When a new version is released, the same process used to "
19295
"install the application is needed to apply updates."
19296
msgstr ""
19297
19298
#: serverguide/C/lamp-applications.xml:76(para)
19299
msgid ""
19300
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19301
"packaged for Ubuntu, and are available for installation in the same way as "
19302
"non-LAMP applications. Depending on the application some extra configuration "
19303
"and setup steps may be needed, however."
19304
msgstr ""
19305
19306
#: serverguide/C/lamp-applications.xml:82(para)
19307
msgid ""
19308
"This section covers howto install and configure the Wiki applications "
19309
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19310
"and the MySQL management application <application>phpMyAdmin</application>."
19311
msgstr ""
19312
19313
#: serverguide/C/lamp-applications.xml:88(para)
19314
msgid ""
19315
"A Wiki is a website that allows the visitors to easily add, remove and "
19316
"modify available content easily. The ease of interaction and operation makes "
19317
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19318
"also referred to the collaborative software."
19319
msgstr ""
19320
19321
#: serverguide/C/lamp-applications.xml:100(title)
19322
msgid "Moin Moin"
19323
msgstr ""
19324
19325
#: serverguide/C/lamp-applications.xml:102(para)
19326
msgid ""
19327
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19328
"engine, and licensed under the GNU GPL."
19329
msgstr ""
19330
19331
#: serverguide/C/lamp-applications.xml:110(para)
19332
msgid ""
19333
"To install <application>MoinMoin</application>, run the following command in "
19334
"the command prompt:"
19335
msgstr ""
19336
19337
#: serverguide/C/lamp-applications.xml:116(command)
19338
msgid "sudo apt-get install python-moinmoin"
19339
msgstr "sudo apt-get install python-moinmoin"
19340
19341
#: serverguide/C/lamp-applications.xml:119(para)
19342
msgid ""
19343
"You should also install <application>apache2</application> web server. For "
19344
"installing <application>apache2</application> web server, please refer to "
19345
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19346
"linkend=\"httpd\"/> section."
19347
msgstr ""
19348
19349
#: serverguide/C/lamp-applications.xml:130(para)
19350
msgid ""
19351
"For configuring your first Wiki application, please run the following set of "
19352
"commands. Let us assume that you are creating a Wiki named "
19353
"<emphasis>mywiki</emphasis>:"
19354
msgstr ""
19355
"Per a configurar la vostra primera aplicació wiki, haureu d'executar el "
19356
"conjunt d'ordres següents.. Assumirem que volem crear un lloc wiki anomenat "
19357
"<emphasis>elmeuwiki</emphasis>:"
19358
19359
#: serverguide/C/lamp-applications.xml:137(command)
19360
msgid "cd /usr/share/moin"
19361
msgstr ""
19362
19363
#: serverguide/C/lamp-applications.xml:138(command)
19364
msgid "sudo mkdir mywiki"
19365
msgstr "sudo mkdir elmeuwiki"
19366
19367
#: serverguide/C/lamp-applications.xml:139(command)
19368
msgid "sudo cp -R data mywiki"
19369
msgstr "sudo cp -R data elmeuwiki"
19370
19371
#: serverguide/C/lamp-applications.xml:140(command)
19372
msgid "sudo cp -R underlay mywiki"
19373
msgstr "sudo cp -R underlay elmeuwiki"
19374
19375
#: serverguide/C/lamp-applications.xml:141(command)
19376
msgid "sudo cp server/moin.cgi mywiki"
19377
msgstr "sudo cp server/moin.cgi elmeuwiki"
19378
19379
#: serverguide/C/lamp-applications.xml:142(command)
19380
msgid "sudo chown -R www-data.www-data mywiki"
19381
msgstr "sudo chown -R www-data.www-data elmeuwiki"
19382
19383
#: serverguide/C/lamp-applications.xml:143(command)
19384
msgid "sudo chmod -R ug+rwX mywiki"
19385
msgstr "sudo chmod -R ug+rwX elmeuwiki"
19386
19387
#: serverguide/C/lamp-applications.xml:144(command)
19388
msgid "sudo chmod -R o-rwx mywiki"
19389
msgstr "sudo chmod -R o-rwx elmeuwiki"
19390
19391
#: serverguide/C/lamp-applications.xml:147(para)
19392
msgid ""
19393
"Now you should configure <application>MoinMoin</application> to find your "
19394
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19395
"<application>MoinMoin</application>, open "
19396
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19397
msgstr ""
19398
"ara haureu de configurar el <application>MoinMoin</application> per a trobar "
19399
"el vostre wiki nou <emphasis>elmeuwiki</emphasis>. Per a configurar el "
19400
"<application>MoinMoin</application>, obriu el fitxer "
19401
"<filename>/etc/moin/mywiki.py</filename> i canvieu la línia següent:"
19402
19403
#: serverguide/C/lamp-applications.xml:155(programlisting)
19404
#, no-wrap
19405
msgid "data_dir = '/org/mywiki/data'"
19406
msgstr "data_dir = '/org/elmeuwiki/data'"
19407
19408
#: serverguide/C/lamp-applications.xml:157(para)
19409
msgid "to"
19410
msgstr ""
19411
19412
#: serverguide/C/lamp-applications.xml:161(programlisting)
19413
#, no-wrap
19414
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19415
msgstr "data_dir = '/usr/share/moin/elmeuwiki/data'"
19416
19417
#: serverguide/C/lamp-applications.xml:163(para)
19418
msgid ""
19419
"Also, below the <emphasis>data_dir</emphasis> option add the "
19420
"<emphasis>data_underlay_dir</emphasis>:"
19421
msgstr ""
19422
19423
#: serverguide/C/lamp-applications.xml:167(programlisting)
19424
#, no-wrap
19425
msgid ""
19426
"\n"
19427
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19428
msgstr ""
19429
"\n"
19430
"data_underlay_dir='/usr/share/moin/elmeuwiki/underlay'\n"
19431
19432
#: serverguide/C/lamp-applications.xml:172(para)
19433
msgid ""
19434
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19435
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19436
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19437
"change."
19438
msgstr ""
19439
19440
#: serverguide/C/lamp-applications.xml:181(para)
19441
msgid ""
19442
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19443
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19444
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19445
"<quote>(\"mywiki\", r\".*\")</quote>."
19446
msgstr ""
19447
19448
#: serverguide/C/lamp-applications.xml:189(para)
19449
msgid ""
19450
"Once you have configured <application>MoinMoin</application> to find your "
19451
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19452
"<application>apache2</application> and make it ready for your Wiki "
19453
"application."
19454
msgstr ""
19455
19456
#: serverguide/C/lamp-applications.xml:196(para)
19457
msgid ""
19458
"You should add the following lines in <filename>/etc/apache2/sites-"
19459
"available/default</filename> file inside the <quote><VirtualHost "
19460
"*></quote> tag:"
19461
msgstr ""
19462
19463
#: serverguide/C/lamp-applications.xml:202(programlisting)
19464
#, no-wrap
19465
msgid ""
19466
"\n"
19467
"### moin\n"
19468
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19469
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19470
" <Directory /usr/share/moin/htdocs>\n"
19471
" Order allow,deny\n"
19472
" allow from all\n"
19473
" </Directory>\n"
19474
"### end moin\n"
19475
msgstr ""
19476
19477
#: serverguide/C/lamp-applications.xml:214(para)
19478
msgid ""
19479
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19480
"<emphasis>alias</emphasis> line above, to the "
19481
"<application>moinmoin</application> version installed."
19482
msgstr ""
19483
19484
#: serverguide/C/lamp-applications.xml:220(para)
19485
msgid ""
19486
"Once you configure the <application>apache2</application> web server and "
19487
"make it ready for your Wiki application, you should restart it. You can run "
19488
"the following command to restart the <application>apache2</application> web "
19489
"server:"
19490
msgstr ""
19491
19492
#: serverguide/C/lamp-applications.xml:233(title)
19493
msgid "Verification"
19494
msgstr ""
19495
19496
#: serverguide/C/lamp-applications.xml:235(para)
19497
msgid ""
19498
"You can verify the Wiki application and see if it works by pointing your web "
19499
"browser to the following URL:"
19500
msgstr ""
19501
19502
#: serverguide/C/lamp-applications.xml:239(programlisting)
19503
#, no-wrap
19504
msgid ""
19505
"\n"
19506
"http://localhost/mywiki\n"
19507
msgstr ""
19508
"\n"
19509
"http://localhost/elmeuwiki\n"
19510
19511
#: serverguide/C/lamp-applications.xml:243(para)
19512
msgid ""
19513
"You can also run the test command by pointing your web browser to the "
19514
"following URL:"
19515
msgstr ""
19516
19517
#: serverguide/C/lamp-applications.xml:248(programlisting)
19518
#, no-wrap
19519
msgid ""
19520
"\n"
19521
"http://localhost/mywiki?action=test\n"
19522
msgstr ""
19523
"\n"
19524
"http://localhost/elmeuwiki?action=test\n"
19525
19526
#: serverguide/C/lamp-applications.xml:252(para)
19527
msgid ""
19528
"For more details, please refer to the <ulink "
19529
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19530
msgstr ""
19531
19532
#: serverguide/C/lamp-applications.xml:263(para)
19533
msgid ""
19534
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19535
"Wiki</ulink>."
19536
msgstr ""
19537
19538
#: serverguide/C/lamp-applications.xml:268(para)
19539
msgid ""
19540
"Also, see the <ulink "
19541
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19542
"MoinMoin</ulink> page."
19543
msgstr ""
19544
19545
#: serverguide/C/lamp-applications.xml:277(title)
19546
msgid "MediaWiki"
19547
msgstr ""
19548
19549
#: serverguide/C/lamp-applications.xml:279(para)
19550
msgid ""
19551
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19552
"either use <application>MySQL</application> or "
19553
"<application>PostgreSQL</application> Database Management System."
19554
msgstr ""
19555
19556
#: serverguide/C/lamp-applications.xml:289(para)
19557
msgid ""
19558
"Before installing <application>MediaWiki</application> you should also "
19559
"install <application>Apache2</application>, the "
19560
"<application>PHP5</application> scripting language and Database a Management "
19561
"System. <application>MySQL</application> or "
19562
"<application>PostgreSQL</application> are the most common, choose one "
19563
"depending on your need. Please refer to those sections in this manual for "
19564
"installation instructions."
19565
msgstr ""
19566
19567
#: serverguide/C/lamp-applications.xml:297(para)
19568
msgid ""
19569
"To install <application>MediaWiki</application>, run the following command "
19570
"in the command prompt:"
19571
msgstr ""
19572
19573
#: serverguide/C/lamp-applications.xml:303(command)
19574
msgid "sudo apt-get install mediawiki php5-gd"
19575
msgstr "sudo apt-get install mediawiki php5-gd"
19576
19577
#: serverguide/C/lamp-applications.xml:306(para)
19578
msgid ""
19579
"For additional <application>MediaWiki</application> functionality see the "
19580
"<application>mediawiki-extensions</application> package."
19581
msgstr ""
19582
19583
#: serverguide/C/lamp-applications.xml:316(para)
19584
msgid ""
19585
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19586
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19587
"directory. You should uncomment the following line in this file to access "
19588
"MediaWiki application."
19589
msgstr ""
19590
19591
#: serverguide/C/lamp-applications.xml:324(screen)
19592
#, no-wrap
19593
msgid ""
19594
"\n"
19595
"# Alias /mediawiki /var/lib/mediawiki\n"
19596
msgstr ""
19597
19598
#: serverguide/C/lamp-applications.xml:328(para)
19599
msgid ""
19600
"After you uncomment the above line, restart Apache server and access "
19601
"MediaWiki using the following url:"
19602
msgstr ""
19603
19604
#: serverguide/C/lamp-applications.xml:333(programlisting)
19605
#, no-wrap
19606
msgid ""
19607
"\n"
19608
"http://localhost/mediawiki/config/index.php\n"
19609
msgstr ""
19610
19611
#: serverguide/C/lamp-applications.xml:338(para)
19612
msgid ""
19613
"Please read the <quote>Checking environment...</quote> section in this page. "
19614
"You should be able to fix many issues by carefully reading this section."
19615
msgstr ""
19616
19617
#: serverguide/C/lamp-applications.xml:345(para)
19618
msgid ""
19619
"Once the configuration is complete, you should copy the "
19620
"<filename>LocalSettings.php</filename> file to "
19621
"<filename>/etc/mediawiki</filename> directory:"
19622
msgstr ""
19623
19624
#: serverguide/C/lamp-applications.xml:352(command)
19625
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19626
msgstr ""
19627
19628
#: serverguide/C/lamp-applications.xml:355(para)
19629
msgid ""
19630
"You may also want to edit "
19631
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19632
msgstr ""
19633
19634
#: serverguide/C/lamp-applications.xml:360(programlisting)
19635
#, no-wrap
19636
msgid ""
19637
"\n"
19638
"ini_set( 'memory_limit', '64M' );\n"
19639
msgstr ""
19640
19641
#: serverguide/C/lamp-applications.xml:367(title)
19642
msgid "Extensions"
19643
msgstr ""
19644
19645
#: serverguide/C/lamp-applications.xml:368(para)
19646
msgid ""
19647
"The extensions add new features and enhancements for the MediaWiki "
19648
"application. The extensions give wiki administrators and end users the "
19649
"ability to customize MediaWiki to their requirements."
19650
msgstr ""
19651
19652
#: serverguide/C/lamp-applications.xml:374(para)
19653
msgid ""
19654
"You can download MediaWiki extensions as an archive file or checkout from "
19655
"the Subversion repository. You should copy it to "
19656
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19657
"also add the following line at the end of file: "
19658
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19659
msgstr ""
19660
19661
#: serverguide/C/lamp-applications.xml:382(programlisting)
19662
#, no-wrap
19663
msgid ""
19664
"\n"
19665
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19666
msgstr ""
19667
19668
#: serverguide/C/lamp-applications.xml:392(para)
19669
msgid ""
19670
"For more details, please refer to the <ulink "
19671
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19672
msgstr ""
19673
19674
#: serverguide/C/lamp-applications.xml:398(para)
19675
msgid ""
19676
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19677
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19678
"new MediaWiki administrators."
19679
msgstr ""
19680
19681
#: serverguide/C/lamp-applications.xml:404(para)
19682
msgid ""
19683
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19684
"Wiki MediaWiki</ulink> page is a good resource."
19685
msgstr ""
19686
19687
#: serverguide/C/lamp-applications.xml:414(title)
19688
msgid "phpMyAdmin"
19689
msgstr ""
19690
19691
#: serverguide/C/lamp-applications.xml:416(para)
19692
msgid ""
19693
"<application>phpMyAdmin</application> is a LAMP application specifically "
19694
"written for administering <application>MySQL</application> servers. Written "
19695
"in <application>PHP</application>, and accessed through a web browser, "
19696
"phpMyAdmin provides a graphical interface for database administration tasks."
19697
msgstr ""
19698
19699
#: serverguide/C/lamp-applications.xml:425(para)
19700
msgid ""
19701
"Before installing <application>phpMyAdmin</application> you will need access "
19702
"to a <application>MySQL</application> database either on the same host as "
19703
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19704
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19705
"enter:"
19706
msgstr ""
19707
19708
#: serverguide/C/lamp-applications.xml:432(command)
19709
msgid "sudo apt-get install phpmyadmin"
19710
msgstr "sudo apt-get install phpmyadmin"
19711
19712
#: serverguide/C/lamp-applications.xml:435(para)
19713
msgid ""
19714
"At the prompt choose which web server to be configured for "
19715
"<application>phpMyAdmin</application>. The rest of this section will use "
19716
"<application>Apache2</application> for the web server."
19717
msgstr ""
19718
19719
#: serverguide/C/lamp-applications.xml:440(para)
19720
msgid ""
19721
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19722
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19723
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19724
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19725
"user if you any setup, and enter the <application>MySQL</application> user's "
19726
"password."
19727
msgstr ""
19728
19729
#: serverguide/C/lamp-applications.xml:447(para)
19730
msgid ""
19731
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19732
"needed, create users, create/destroy databases and tables, etc."
19733
msgstr ""
19734
19735
#: serverguide/C/lamp-applications.xml:455(para)
19736
msgid ""
19737
"The configuration files for <application>phpMyAdmin</application> are "
19738
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19739
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19740
"configuration options that apply globally to "
19741
"<application>phpMyAdmin</application>."
19742
msgstr ""
19743
19744
#: serverguide/C/lamp-applications.xml:461(para)
19745
msgid ""
19746
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19747
"hosted on another server, adjust the following in "
19748
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19749
msgstr ""
19750
19751
#: serverguide/C/lamp-applications.xml:466(programlisting)
19752
#, no-wrap
19753
msgid ""
19754
"\n"
19755
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19756
msgstr ""
19757
19758
#: serverguide/C/lamp-applications.xml:471(para)
19759
msgid ""
19760
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19761
"remote database server name or IP address. Also, be sure that the "
19762
"<application>phpMyAdmin</application> host has permissions to access the "
19763
"remote database."
19764
msgstr ""
19765
19766
#: serverguide/C/lamp-applications.xml:477(para)
19767
msgid ""
19768
"Once configured, log out of <application>phpMyAdmin</application> and back "
19769
"in, and you should be accessing the new server."
19770
msgstr ""
19771
19772
#: serverguide/C/lamp-applications.xml:481(para)
19773
msgid ""
19774
"The <filename>config.header.inc.php</filename> and "
19775
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19776
"header and footer to <application>phpMyAdmin</application>."
19777
msgstr ""
19778
19779
#: serverguide/C/lamp-applications.xml:486(para)
19780
msgid ""
19781
"Another important configuration file is "
19782
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19783
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19784
"configure <application>Apache2</application> to serve the "
19785
"<application>phpMyAdmin</application> site. The file contains directives for "
19786
"loading <application>PHP</application>, directory permissions, etc. For more "
19787
"information on configuring <application>Apache2</application> see <xref "
19788
"linkend=\"httpd\"/>."
19789
msgstr ""
19790
19791
#: serverguide/C/lamp-applications.xml:500(para)
19792
msgid ""
19793
"The <application>phpMyAdmin</application> documentation comes installed with "
19794
"the package and can be accessed from the <emphasis>phpMyAdmin "
19795
"Documentation</emphasis> link (a question mark with a box around it) under "
19796
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19797
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19798
msgstr ""
19799
19800
#: serverguide/C/lamp-applications.xml:507(para)
19801
msgid ""
19802
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19803
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19804
msgstr ""
19805
19806
#: serverguide/C/lamp-applications.xml:512(para)
19807
msgid ""
19808
"A third resource is the <ulink "
19809
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19810
"Wiki</ulink> page."
19811
msgstr ""
19812
19813
#: serverguide/C/introduction.xml:14(para)
19814
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19815
msgstr ""
19816
"Us donem la benvinguda a la <emphasis>Guia del servidor Ubuntu</emphasis>."
19817
19818
#: serverguide/C/introduction.xml:15(para)
19819
msgid ""
19820
"Here you can find information on how to install and configure various server "
19821
"applications. It is a step-by-step, task-oriented guide for configuring and "
19822
"customizing your system."
19823
msgstr ""
19824
19825
#: serverguide/C/introduction.xml:19(para)
19826
msgid ""
19827
"This guide assumes you have a basic understanding of your Ubuntu system. "
19828
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19829
"but if you need detailed instructions installing Ubuntu please refer to the "
19830
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19831
"Installation Guide</ulink>."
19832
msgstr ""
19833
19834
#: serverguide/C/introduction.xml:25(para)
19835
msgid ""
19836
"A HTML version of the manual is available online at <ulink "
19837
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19838
"HTML files are also available in the <application>ubuntu-"
19839
"serverguide</application> package. See <xref linkend=\"package-"
19840
"management\"/> for details on installing packages."
19841
msgstr ""
19842
19843
#: serverguide/C/introduction.xml:32(para)
19844
msgid ""
19845
"If you choose to install the <application>ubuntu-serverguide</application> "
19846
"you can view this document from a console by:"
19847
msgstr ""
19848
19849
#: serverguide/C/introduction.xml:36(command)
19850
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19851
msgstr ""
19852
19853
#: serverguide/C/introduction.xml:39(para)
19854
msgid ""
19855
"If you are using a localized version of Ubuntu, replace "
19856
"<emphasis>C</emphasis> with your language localization (e.g. "
19857
"<emphasis>en_GB</emphasis>)."
19858
msgstr ""
19859
19860
#: serverguide/C/introduction.xml:53(title)
19861
msgid "Support"
19862
msgstr "Assistència"
19863
19864
#: serverguide/C/introduction.xml:55(para)
19865
msgid ""
19866
"There are a couple of different ways that Ubuntu Server Edition is "
19867
"supported, commercial support and community support. The main commercial "
19868
"support (and development funding) is available from Canonical Ltd. They "
19869
"supply reasonably priced support contracts on a per desktop or per server "
19870
"basis. For more information see the <ulink "
19871
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19872
"page."
19873
msgstr ""
19874
19875
#: serverguide/C/introduction.xml:62(para)
19876
msgid ""
19877
"Community support is also provided by dedicated individuals, and companies, "
19878
"that wish to make Ubuntu the best distribution possible. Support is provided "
19879
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19880
"large amount of information available can be overwhelming, but a good search "
19881
"engine query can usually provide an answer to your questions. See the <ulink "
19882
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19883
"information."
19884
msgstr ""
19885
19886
#: serverguide/C/installation.xml:14(para)
19887
msgid ""
19888
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19889
"Edition. For more detailed instructions, please refer to the <ulink "
19890
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19891
"Installation Guide</ulink>."
19892
msgstr ""
19893
19894
#: serverguide/C/installation.xml:19(title)
19895
msgid "Preparing to Install"
19896
msgstr "Preparació de la instal·lació"
19897
19898
#: serverguide/C/installation.xml:20(para)
19899
msgid ""
19900
"This section explains various aspects to consider before starting the "
19901
"installation."
19902
msgstr ""
19903
19904
#: serverguide/C/installation.xml:24(title)
19905
msgid "System Requirements"
19906
msgstr "Requeriments del sistema"
19907
19908
#: serverguide/C/installation.xml:25(para)
19909
msgid ""
19910
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19911
"and AMD64. The table below lists recommended hardware specifications. "
19912
"Depending on your needs, you might manage with less than this. However, most "
19913
"users risk being frustrated if they ignore these suggestions."
19914
msgstr ""
19915
19916
#: serverguide/C/installation.xml:27(title)
19917
msgid "Recommended Minimum Requirements"
19918
msgstr ""
19919
19920
#: serverguide/C/installation.xml:35(para)
19921
msgid "Install Type"
19922
msgstr ""
19923
19924
#: serverguide/C/installation.xml:36(para)
19925
msgid "RAM"
19926
msgstr ""
19927
19928
#: serverguide/C/installation.xml:37(para)
19929
msgid "Hard Drive Space"
19930
msgstr ""
19931
19932
#: serverguide/C/installation.xml:40(para)
19933
msgid "Base System"
19934
msgstr ""
19935
19936
#: serverguide/C/installation.xml:41(para)
19937
msgid "All Tasks Installed"
19938
msgstr ""
19939
19940
#: serverguide/C/installation.xml:46(para)
19941
msgid "Server"
19942
msgstr "Servidor"
19943
19944
#: serverguide/C/installation.xml:47(para)
19945
msgid "128 megabytes"
19946
msgstr ""
19947
19948
#: serverguide/C/installation.xml:48(para)
19949
msgid "500 megabytes"
19950
msgstr ""
19951
19952
#: serverguide/C/installation.xml:49(para)
19953
msgid "1 gigabyte"
19954
msgstr ""
19955
19956
#: serverguide/C/installation.xml:54(para)
19957
msgid ""
19958
"The Server Edition provides a common base for all sorts of server "
19959
"applications. It is a minimalist design providing a platform for the desired "
19960
"services, such as file/print services, web hosting, email hosting, etc."
19961
msgstr ""
19962
19963
#: serverguide/C/installation.xml:60(para)
19964
msgid ""
19965
"The requirements for UEC are slightly different for Front End requirements "
19966
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19967
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19968
msgstr ""
19969
19970
#: serverguide/C/installation.xml:68(title)
19971
msgid "Server and Desktop Differences"
19972
msgstr "Diferències entre el sistema d'escriptori i el de servidor"
19973
19974
#: serverguide/C/installation.xml:69(para)
19975
msgid ""
19976
"There are a few differences between the <emphasis>Ubuntu Server "
19977
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19978
"should be noted that both editions use the same "
19979
"<application>apt</application> repositories. Making it just as easy to "
19980
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19981
"Desktop Edition as it is on the Server Edition."
19982
msgstr ""
19983
19984
#: serverguide/C/installation.xml:75(para)
19985
msgid ""
19986
"The differences between the two editions are the lack of an X window "
19987
"environment in the Server Edition, the installation process, and different "
19988
"Kernel options."
19989
msgstr ""
19990
19991
#: serverguide/C/installation.xml:82(title)
19992
msgid "Kernel Differences:"
19993
msgstr "Diferències en el nucli"
19994
19995
#: serverguide/C/installation.xml:85(para)
19996
msgid ""
19997
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19998
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19999
"Edition."
20000
msgstr ""
20001
20002
#: serverguide/C/installation.xml:91(para)
20003
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20004
msgstr ""
20005
20006
#: serverguide/C/installation.xml:96(para)
20007
msgid ""
20008
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20009
"Desktop Edition."
20010
msgstr ""
20011
20012
#: serverguide/C/installation.xml:102(para)
20013
msgid ""
20014
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20015
"limited by memory addressing space."
20016
msgstr ""
20017
20018
#: serverguide/C/installation.xml:107(para)
20019
msgid ""
20020
"To see all kernel configuration options you can look through "
20021
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
20022
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
20023
"is a great resource on the options available."
20024
msgstr ""
20025
20026
#: serverguide/C/installation.xml:116(title)
20027
msgid "Backing Up"
20028
msgstr "Còpia de seguretat"
20029
20030
#: serverguide/C/installation.xml:119(para)
20031
msgid ""
20032
"Before installing <application>Ubuntu Server Edition</application> you "
20033
"should make sure all data on the system is backed up. See <xref "
20034
"linkend=\"backups\"/> for backup options."
20035
msgstr ""
20036
20037
#: serverguide/C/installation.xml:123(para)
20038
msgid ""
20039
"If this is not the first time an operating system has been installed on your "
20040
"computer, it is likely you will need to re-partition your disk to make room "
20041
"for Ubuntu."
20042
msgstr ""
20043
20044
#: serverguide/C/installation.xml:127(para)
20045
msgid ""
20046
"Any time you partition your disk, you should be prepared to lose everything "
20047
"on the disk should you make a mistake or something goes wrong during "
20048
"partitioning. The programs used in installation are quite reliable, most "
20049
"have seen years of use, but they also perform destructive actions."
20050
msgstr ""
20051
20052
#: serverguide/C/installation.xml:139(title)
20053
msgid "Installing from CD"
20054
msgstr "Instal·lació des d'un CD"
20055
20056
#: serverguide/C/installation.xml:140(para)
20057
msgid ""
20058
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20059
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20060
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20061
"a graphical installation program. Instead the Server Edition uses a console "
20062
"menu based process."
20063
msgstr ""
20064
20065
#: serverguide/C/installation.xml:147(para)
20066
msgid ""
20067
"First, download and burn the appropriate ISO file from the <ulink "
20068
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
20069
msgstr ""
20070
20071
#: serverguide/C/installation.xml:153(para)
20072
msgid "Boot the system from the CD-ROM drive."
20073
msgstr ""
20074
20075
#: serverguide/C/installation.xml:158(para)
20076
msgid ""
20077
"At the boot prompt you will be asked to select the language. Afterwards the "
20078
"installation process begins by asking for your keyboard layout."
20079
msgstr ""
20080
20081
#: serverguide/C/installation.xml:164(para)
20082
msgid ""
20083
"From the main boot menu there are some additional options to install Ubuntu "
20084
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20085
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20086
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20087
"will cover the basic Ubuntu Server install."
20088
msgstr ""
20089
20090
#: serverguide/C/installation.xml:172(para)
20091
msgid ""
20092
"The installer then discovers your hardware configuration, and configures the "
20093
"network settings using DHCP. If you do not wish to use DHCP at the next "
20094
"screen choose \"Go Back\", and you have the option to \"Configure the "
20095
"network manually\"."
20096
msgstr ""
20097
20098
#: serverguide/C/installation.xml:179(para)
20099
msgid "Next, the installer asks for the system's hostname and Time Zone."
20100
msgstr ""
20101
20102
#: serverguide/C/installation.xml:184(para)
20103
msgid ""
20104
"You can then choose from several options to configure the hard drive layout. "
20105
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
20106
msgstr ""
20107
20108
#: serverguide/C/installation.xml:190(para)
20109
msgid "The Ubuntu base system is then installed."
20110
msgstr ""
20111
20112
#: serverguide/C/installation.xml:195(para)
20113
msgid ""
20114
"A new user is setup, this user will have <emphasis>root</emphasis> access "
20115
"through the <application>sudo</application> utility."
20116
msgstr ""
20117
20118
#: serverguide/C/installation.xml:201(para)
20119
msgid ""
20120
"After the user is setup, you will be asked to encrypt your <filename "
20121
"role=\"directory\">home</filename> directory."
20122
msgstr ""
20123
20124
#: serverguide/C/installation.xml:207(para)
20125
msgid ""
20126
"The next step in the installation process is to decide how you want to "
20127
"update the system. There are three options:"
20128
msgstr ""
20129
20130
#: serverguide/C/installation.xml:213(para)
20131
msgid ""
20132
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20133
"log into the machine and manually install updates."
20134
msgstr ""
20135
20136
#: serverguide/C/installation.xml:219(para)
20137
msgid ""
20138
"<emphasis>Install security updates Automatically</emphasis>: will install "
20139
"the <application>unattended-upgrades</application> package, which will "
20140
"install security updates without the intervention of an administrator. For "
20141
"more details see <xref linkend=\"automatic-updates\"/>."
20142
msgstr ""
20143
20144
#: serverguide/C/installation.xml:226(para)
20145
msgid ""
20146
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20147
"service provided by Canonical to help manage your Ubuntu machines. See the "
20148
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
20149
"site for details."
20150
msgstr ""
20151
20152
#: serverguide/C/installation.xml:235(para)
20153
msgid ""
20154
"You now have the option to install, or not install, several package tasks. "
20155
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20156
"to launch <application>aptitude</application> to choose specific packages to "
20157
"install. For more information see <xref linkend=\"aptitude\"/>."
20158
msgstr ""
20159
20160
#: serverguide/C/installation.xml:243(para)
20161
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20162
msgstr ""
20163
20164
#: serverguide/C/installation.xml:249(para)
20165
msgid ""
20166
"If at any point during installation you are not satisfied by the default "
20167
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20168
"detailed installation menu that will allow you to modify the default "
20169
"settings."
20170
msgstr ""
20171
20172
#: serverguide/C/installation.xml:254(para)
20173
msgid ""
20174
"At some point during the installation process you may want to read the help "
20175
"screen provided by the installation system. To do this, press F1."
20176
msgstr ""
20177
20178
#: serverguide/C/installation.xml:259(para)
20179
msgid ""
20180
"Once again, for detailed instructions see the <ulink "
20181
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
20182
"Installation Guide</ulink>."
20183
msgstr ""
20184
20185
#: serverguide/C/installation.xml:265(title)
20186
msgid "Package Tasks"
20187
msgstr "Tasques de paquets"
20188
20189
#: serverguide/C/installation.xml:266(para)
20190
msgid ""
20191
"During the Server Edition installation you have the option of installing "
20192
"additional packages from the CD. The packages are grouped by the type of "
20193
"service they provide."
20194
msgstr ""
20195
20196
#: serverguide/C/installation.xml:272(para)
20197
msgid "Cloud computing: Walrus storage service"
20198
msgstr ""
20199
20200
#: serverguide/C/installation.xml:277(para)
20201
msgid "Cloud computing: all-in-one cluster"
20202
msgstr ""
20203
20204
#: serverguide/C/installation.xml:282(para)
20205
msgid "Cloud computing: Cluster controller"
20206
msgstr ""
20207
20208
#: serverguide/C/installation.xml:287(para)
20209
msgid "Cloud computing: Node controller"
20210
msgstr ""
20211
20212
#: serverguide/C/installation.xml:292(para)
20213
msgid "Cloud computing: Storage controller"
20214
msgstr ""
20215
20216
#: serverguide/C/installation.xml:297(para)
20217
msgid "Cloud computing: top-level cloud controller"
20218
msgstr ""
20219
20220
#: serverguide/C/installation.xml:302(para)
20221
msgid "DNS server: Selects the BIND DNS server and its documentation."
20222
msgstr ""
20223
20224
#: serverguide/C/installation.xml:307(para)
20225
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20226
msgstr ""
20227
20228
#: serverguide/C/installation.xml:312(para)
20229
msgid ""
20230
"Mail server: This task selects a variety of package useful for a general "
20231
"purpose mail server system."
20232
msgstr ""
20233
20234
#: serverguide/C/installation.xml:317(para)
20235
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20236
msgstr ""
20237
20238
#: serverguide/C/installation.xml:322(para)
20239
msgid ""
20240
"PostgreSQL database: This task selects client and server packages for the "
20241
"PostgreSQL database."
20242
msgstr ""
20243
20244
#: serverguide/C/installation.xml:327(para)
20245
msgid "Print server: This task sets up your system to be a print server."
20246
msgstr ""
20247
20248
#: serverguide/C/installation.xml:332(para)
20249
msgid ""
20250
"Samba File server: This task sets up your system to be a Samba file server, "
20251
"which is especially suitable in networks with both Windows and Linux systems."
20252
msgstr ""
20253
20254
#: serverguide/C/installation.xml:338(para)
20255
msgid ""
20256
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20257
"etc."
20258
msgstr ""
20259
20260
#: serverguide/C/installation.xml:343(para)
20261
msgid ""
20262
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20263
msgstr ""
20264
20265
#: serverguide/C/installation.xml:348(para)
20266
msgid ""
20267
"Manually select packages: Executes <application>apptitude</application> "
20268
"allowing you to individually select packages."
20269
msgstr ""
20270
20271
#: serverguide/C/installation.xml:353(para)
20272
msgid ""
20273
"Installing the package groups is accomplished using the "
20274
"<application>tasksel</application> utility. One of the important difference "
20275
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20276
"installed, a package is also configured to reasonable defaults, eventually "
20277
"prompting you for additional required information. Likewise, when installing "
20278
"a task, the packages are not only installed, but also configured to provided "
20279
"a fully integrated service."
20280
msgstr ""
20281
20282
#: serverguide/C/installation.xml:360(para)
20283
msgid ""
20284
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20285
"<xref linkend=\"uec\"/>."
20286
msgstr ""
20287
20288
#: serverguide/C/installation.xml:363(para)
20289
msgid ""
20290
"Once the installation process has finished you can view a list of available "
20291
"tasks by entering the following from a terminal prompt:"
20292
msgstr ""
20293
20294
#: serverguide/C/installation.xml:368(command)
20295
msgid "tasksel --list-tasks"
20296
msgstr ""
20297
20298
#: serverguide/C/installation.xml:371(para)
20299
msgid ""
20300
"The output will list tasks from other Ubuntu based distributions such as "
20301
"Kubuntu and Edubuntu. Note that you can also invoke the "
20302
"<command>tasksel</command> command by itself, which will bring up a menu of "
20303
"the different tasks available."
20304
msgstr ""
20305
20306
#: serverguide/C/installation.xml:377(para)
20307
msgid ""
20308
"You can view a list of which packages are installed with each task using the "
20309
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20310
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20311
"following:"
20312
msgstr ""
20313
20314
#: serverguide/C/installation.xml:382(command)
20315
msgid "tasksel --task-packages dns-server"
20316
msgstr ""
20317
20318
#: serverguide/C/installation.xml:384(para)
20319
msgid "The output of the command should list:"
20320
msgstr ""
20321
20322
#: serverguide/C/installation.xml:387(programlisting)
20323
#, no-wrap
20324
msgid ""
20325
"\n"
20326
"bind9-doc \n"
20327
"bind9utils \n"
20328
"bind9\n"
20329
msgstr ""
20330
20331
#: serverguide/C/installation.xml:392(para)
20332
msgid ""
20333
"Also, if you did not install one of the tasks during the installation "
20334
"process, but for example you decide to make your new LAMP server a DNS "
20335
"server as well. Simply insert the installation CD and from a terminal:"
20336
msgstr ""
20337
20338
#: serverguide/C/installation.xml:397(command)
20339
msgid "sudo tasksel install dns-server"
20340
msgstr "sudo tasksel install dns-server"
20341
20342
#: serverguide/C/installation.xml:402(title)
20343
msgid "Upgrading"
20344
msgstr "Actualització"
20345
20346
#: serverguide/C/installation.xml:403(para)
20347
msgid ""
20348
"There are several ways to upgrade from one Ubuntu release to another. This "
20349
"section gives an overview of the recommended upgrade method."
20350
msgstr ""
20351
20352
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20353
msgid "do-release-upgrade"
20354
msgstr "do-release-upgrade"
20355
20356
#: serverguide/C/installation.xml:408(para)
20357
msgid ""
20358
"The recommended way to upgrade a Server Edition installation is to use the "
20359
"<application>do-release-upgrade</application> utility. Part of the "
20360
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20361
"graphical dependencies and is installed by default."
20362
msgstr ""
20363
20364
#: serverguide/C/installation.xml:413(para)
20365
msgid ""
20366
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20367
"upgrade</command>. However, using <application>do-release-"
20368
"upgrade</application> is recommended because it has the ability to handle "
20369
"system configuration changes sometimes needed between releases."
20370
msgstr ""
20371
20372
#: serverguide/C/installation.xml:418(para)
20373
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20374
msgstr ""
20375
20376
#: serverguide/C/installation.xml:424(para)
20377
msgid ""
20378
"It is also possible to use <application>do-release-upgrade</application> to "
20379
"upgrade to a development version of Ubuntu. To accomplish this use the "
20380
"<emphasis>-d</emphasis> switch:"
20381
msgstr ""
20382
20383
#: serverguide/C/installation.xml:429(command)
20384
msgid "do-release-upgrade -d"
20385
msgstr "do-release-upgrade -d"
20386
20387
#: serverguide/C/installation.xml:432(para)
20388
msgid ""
20389
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20390
"for production environments."
20391
msgstr ""
20392
"L'actualització a una versió de desenvolupament <emphasis>no</emphasis> és "
20393
"recomanable per a entorns de producció."
20394
20395
#: serverguide/C/installation.xml:439(title)
20396
msgid "Advanced Installation"
20397
msgstr "Instal·lació avançada"
20398
20399
#: serverguide/C/installation.xml:442(title)
20400
msgid "Software RAID"
20401
msgstr ""
20402
20403
#: serverguide/C/installation.xml:444(para)
20404
msgid ""
20405
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20406
"the probability of catastrophic data loss in case of drive failure. RAID is "
20407
"implemented in either software (where the operating system knows about both "
20408
"drives and actively maintains both of them) or hardware (where a special "
20409
"controller makes the OS think there's only one drive and maintains the "
20410
"drives 'invisibly')."
20411
msgstr ""
20412
20413
#: serverguide/C/installation.xml:451(para)
20414
msgid ""
20415
"The RAID software included with current versions of Linux (and Ubuntu) is "
20416
"based on the <application>'mdadm'</application> driver and works very well, "
20417
"better even than many so-called 'hardware' RAID controllers. This section "
20418
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20419
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20420
"another for <emphasis>swap</emphasis>."
20421
msgstr ""
20422
20423
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20424
msgid ""
20425
"Follow the installation steps until you get to the <emphasis>Partition "
20426
"disks</emphasis> step, then:"
20427
msgstr ""
20428
20429
#: serverguide/C/installation.xml:468(para)
20430
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20431
msgstr ""
20432
20433
#: serverguide/C/installation.xml:475(para)
20434
msgid ""
20435
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20436
"partition table on this device?\"</emphasis>."
20437
msgstr ""
20438
20439
#: serverguide/C/installation.xml:479(para)
20440
msgid ""
20441
"Repeat this step for each drive you wish to be part of the RAID array."
20442
msgstr ""
20443
20444
#: serverguide/C/installation.xml:486(para)
20445
msgid ""
20446
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20447
"select <emphasis>\"Create a new partition\"</emphasis>."
20448
msgstr ""
20449
20450
#: serverguide/C/installation.xml:493(para)
20451
msgid ""
20452
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20453
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20454
"size is twice that of RAM. Enter the partition size, then choose "
20455
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20456
msgstr ""
20457
20458
#: serverguide/C/installation.xml:502(para)
20459
msgid ""
20460
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20461
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20462
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20463
"<emphasis>\"Done setting up partition\"</emphasis>."
20464
msgstr ""
20465
20466
#: serverguide/C/installation.xml:511(para)
20467
msgid ""
20468
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20469
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20470
"partition\"</emphasis>."
20471
msgstr ""
20472
20473
#: serverguide/C/installation.xml:519(para)
20474
msgid ""
20475
"Use the rest of the free space on the drive and choose "
20476
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20477
msgstr ""
20478
20479
#: serverguide/C/installation.xml:526(para)
20480
msgid ""
20481
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20482
"at the top, changing it to <emphasis>\"physical volume for "
20483
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20484
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20485
"<emphasis>\"Done setting up partition\"</emphasis>."
20486
msgstr ""
20487
20488
#: serverguide/C/installation.xml:536(para)
20489
msgid "Repeat steps three through eight for the other disk and partitions."
20490
msgstr ""
20491
20492
#: serverguide/C/installation.xml:545(title)
20493
msgid "RAID Configuration"
20494
msgstr ""
20495
20496
#: serverguide/C/installation.xml:547(para)
20497
msgid "With the partitions setup the arrays are ready to be configured:"
20498
msgstr ""
20499
20500
#: serverguide/C/installation.xml:554(para)
20501
msgid ""
20502
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20503
"Software RAID\"</emphasis> at the top."
20504
msgstr ""
20505
20506
#: serverguide/C/installation.xml:561(para)
20507
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20508
msgstr ""
20509
20510
#: serverguide/C/installation.xml:568(para)
20511
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20512
msgstr ""
20513
20514
#: serverguide/C/installation.xml:575(para)
20515
msgid ""
20516
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20517
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20518
msgstr ""
20519
20520
#: serverguide/C/installation.xml:581(para)
20521
msgid ""
20522
"In order to use <emphasis>RAID5</emphasis> you need at least "
20523
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20524
"<emphasis>two</emphasis> drives are required."
20525
msgstr ""
20526
20527
#: serverguide/C/installation.xml:590(para)
20528
msgid ""
20529
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20530
"of hard drives you have, for the array. Then select "
20531
"<emphasis>\"Continue\"</emphasis>."
20532
msgstr ""
20533
20534
#: serverguide/C/installation.xml:598(para)
20535
msgid ""
20536
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20537
"default, then choose <emphasis>\"Continue\"</emphasis>."
20538
msgstr ""
20539
20540
#: serverguide/C/installation.xml:605(para)
20541
msgid ""
20542
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20543
"etc. The numbers will usually match and the different letters correspond to "
20544
"different hard drives."
20545
msgstr ""
20546
20547
#: serverguide/C/installation.xml:610(para)
20548
msgid ""
20549
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20550
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20551
"go to the next step."
20552
msgstr ""
20553
20554
#: serverguide/C/installation.xml:618(para)
20555
msgid ""
20556
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20557
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20558
"and <emphasis>sdb2</emphasis>."
20559
msgstr ""
20560
20561
#: serverguide/C/installation.xml:626(para)
20562
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20563
msgstr ""
20564
20565
#: serverguide/C/installation.xml:636(title)
20566
msgid "Formatting"
20567
msgstr ""
20568
20569
#: serverguide/C/installation.xml:638(para)
20570
msgid ""
20571
"There should now be a list of hard drives and RAID devices. The next step is "
20572
"to format and set the mount point for the RAID devices. Treat the RAID "
20573
"device as a local hard drive, format and mount accordingly."
20574
msgstr ""
20575
20576
#: serverguide/C/installation.xml:646(para)
20577
msgid ""
20578
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20579
"#0\"</emphasis> partition."
20580
msgstr ""
20581
20582
#: serverguide/C/installation.xml:653(para)
20583
msgid ""
20584
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20585
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20586
msgstr ""
20587
20588
#: serverguide/C/installation.xml:661(para)
20589
msgid ""
20590
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20591
"#1\"</emphasis> partition."
20592
msgstr ""
20593
20594
#: serverguide/C/installation.xml:668(para)
20595
msgid ""
20596
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20597
"journaling file system\"</emphasis>."
20598
msgstr ""
20599
20600
#: serverguide/C/installation.xml:675(para)
20601
msgid ""
20602
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20603
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20604
"options as appropriate, then select <emphasis>\"Done setting up "
20605
"partition\"</emphasis>."
20606
msgstr ""
20607
20608
#: serverguide/C/installation.xml:683(para)
20609
msgid ""
20610
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20611
"disk\"</emphasis>."
20612
msgstr ""
20613
20614
#: serverguide/C/installation.xml:690(para)
20615
msgid ""
20616
"If you choose to place the root partition on a RAID array, the installer "
20617
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20618
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20619
msgstr ""
20620
20621
#: serverguide/C/installation.xml:695(para)
20622
msgid "The installation process will then continue normally."
20623
msgstr ""
20624
20625
#: serverguide/C/installation.xml:701(title)
20626
msgid "Degraded RAID"
20627
msgstr ""
20628
20629
#: serverguide/C/installation.xml:703(para)
20630
msgid ""
20631
"At some point in the life of the computer a disk failure event may occur. "
20632
"When this happens, using Software RAID, the operating system will place the "
20633
"array into what is known as a <emphasis>degraded</emphasis> state."
20634
msgstr ""
20635
20636
#: serverguide/C/installation.xml:708(para)
20637
msgid ""
20638
"If the array has become degraded, due to the chance of data corruption, by "
20639
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20640
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20641
"second prompt giving you the option to go ahead and boot the system, or "
20642
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20643
"the desired behavior, especially if the machine is in a remote location. "
20644
"Booting to a degraded array can be configured several ways:"
20645
msgstr ""
20646
20647
#: serverguide/C/installation.xml:719(para)
20648
msgid ""
20649
"The <application>dpkg-reconfigure</application> utility can be used to "
20650
"configure the default behavior, and during the process you will be queried "
20651
"about additional settings related to the array. Such as monitoring, email "
20652
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20653
"following:"
20654
msgstr ""
20655
20656
#: serverguide/C/installation.xml:726(command)
20657
msgid "sudo dpkg-reconfigure mdadm"
20658
msgstr "sudo dpkg-reconfigure mdadm"
20659
20660
#: serverguide/C/installation.xml:732(para)
20661
msgid ""
20662
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20663
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20664
"The file has the advantage of being able to pre-configure the system's "
20665
"behavior, and can also be manually edited:"
20666
msgstr ""
20667
20668
#: serverguide/C/installation.xml:738(programlisting)
20669
#, no-wrap
20670
msgid ""
20671
"\n"
20672
"BOOT_DEGRADED=true\n"
20673
msgstr ""
20674
20675
#: serverguide/C/installation.xml:743(para)
20676
msgid "The configuration file can be overridden by using a Kernel argument."
20677
msgstr ""
20678
20679
#: serverguide/C/installation.xml:751(para)
20680
msgid ""
20681
"Using a Kernel argument will allow the system to boot to a degraded array as "
20682
"well:"
20683
msgstr ""
20684
20685
#: serverguide/C/installation.xml:757(para)
20686
msgid ""
20687
"When the server is booting press <keycap>Shift</keycap> to open the "
20688
"<application>Grub</application> menu."
20689
msgstr ""
20690
20691
#: serverguide/C/installation.xml:762(para)
20692
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20693
msgstr ""
20694
20695
#: serverguide/C/installation.xml:767(para)
20696
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20697
msgstr ""
20698
20699
#: serverguide/C/installation.xml:772(para)
20700
msgid ""
20701
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20702
"end of the line."
20703
msgstr ""
20704
20705
#: serverguide/C/installation.xml:777(para)
20706
msgid ""
20707
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20708
"the system."
20709
msgstr ""
20710
20711
#: serverguide/C/installation.xml:786(para)
20712
msgid ""
20713
"Once the system has booted you can either repair the array see <xref "
20714
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20715
"another machine due to major hardware failure."
20716
msgstr ""
20717
20718
#: serverguide/C/installation.xml:793(title)
20719
msgid "RAID Maintenance"
20720
msgstr ""
20721
20722
#: serverguide/C/installation.xml:795(para)
20723
msgid ""
20724
"The <application>mdadm</application> utility can be used to view the status "
20725
"of an array, add disks to an array, remove disks, etc:"
20726
msgstr ""
20727
20728
#: serverguide/C/installation.xml:802(para)
20729
msgid "To view the status of an array, from a terminal prompt enter:"
20730
msgstr ""
20731
20732
#: serverguide/C/installation.xml:806(command)
20733
msgid "sudo mdadm -D /dev/md0"
20734
msgstr "sudo mdadm -D /dev/md0"
20735
20736
#: serverguide/C/installation.xml:809(para)
20737
msgid ""
20738
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20739
"display <emphasis>detailed</emphasis> information about the "
20740
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20741
"with the appropriate RAID device."
20742
msgstr ""
20743
20744
#: serverguide/C/installation.xml:815(para)
20745
msgid "To view the status of a disk in an array:"
20746
msgstr ""
20747
20748
#: serverguide/C/installation.xml:819(command)
20749
msgid "sudo mdadm -E /dev/sda1"
20750
msgstr "sudo mdadm -E /dev/sda1"
20751
20752
#: serverguide/C/installation.xml:821(para)
20753
msgid ""
20754
"The output if very similar to the <command>mdadm -D</command> command, "
20755
"adjust <filename>/dev/sda1</filename> for each disk."
20756
msgstr ""
20757
20758
#: serverguide/C/installation.xml:826(para)
20759
msgid "If a disk fails and needs to be removed from an array enter:"
20760
msgstr ""
20761
20762
#: serverguide/C/installation.xml:830(command)
20763
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20764
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
20765
20766
#: serverguide/C/installation.xml:832(para)
20767
msgid ""
20768
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20769
"the appropriate RAID device and disk."
20770
msgstr ""
20771
20772
#: serverguide/C/installation.xml:837(para)
20773
msgid "Similarly, to add a new disk:"
20774
msgstr ""
20775
20776
#: serverguide/C/installation.xml:841(command)
20777
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20778
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
20779
20780
#: serverguide/C/installation.xml:846(para)
20781
msgid ""
20782
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20783
"though there is nothing physically wrong with the drive. It is usually "
20784
"worthwhile to remove the drive from the array then re-add it. This will "
20785
"cause the drive to re-sync with the array. If the drive will not sync with "
20786
"the array, it is a good indication of hardware failure."
20787
msgstr ""
20788
20789
#: serverguide/C/installation.xml:852(para)
20790
msgid ""
20791
"The <filename>/proc/mdstat</filename> file also contains useful information "
20792
"about the system's RAID devices:"
20793
msgstr ""
20794
20795
#: serverguide/C/installation.xml:857(command)
20796
msgid "cat /proc/mdstat"
20797
msgstr ""
20798
20799
#: serverguide/C/installation.xml:858(computeroutput)
20800
#, no-wrap
20801
msgid ""
20802
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20803
"[raid10] \n"
20804
"md0 : active raid1 sda1[0] sdb1[1]\n"
20805
" 10016384 blocks [2/2] [UU]\n"
20806
" \n"
20807
"unused devices: <none>"
20808
msgstr ""
20809
20810
#: serverguide/C/installation.xml:865(para)
20811
msgid ""
20812
"The following command is great for watching the status of a syncing drive:"
20813
msgstr ""
20814
20815
#: serverguide/C/installation.xml:870(command)
20816
msgid "watch -n1 cat /proc/mdstat"
20817
msgstr ""
20818
20819
#: serverguide/C/installation.xml:873(para)
20820
msgid ""
20821
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20822
"<application>watch</application> command."
20823
msgstr ""
20824
20825
#: serverguide/C/installation.xml:877(para)
20826
msgid ""
20827
"If you do need to replace a faulty drive, after the drive has been replaced "
20828
"and synced, <application>grub</application> will need to be installed. To "
20829
"install <application>grub</application> on the new drive, enter the "
20830
"following:"
20831
msgstr ""
20832
20833
#: serverguide/C/installation.xml:883(command)
20834
msgid "sudo grub-install /dev/md0"
20835
msgstr "sudo grub-install /dev/md0"
20836
20837
#: serverguide/C/installation.xml:886(para)
20838
msgid ""
20839
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20840
msgstr ""
20841
20842
#: serverguide/C/installation.xml:894(para)
20843
msgid ""
20844
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20845
"can be configured. Please see the following links for more information:"
20846
msgstr ""
20847
20848
#: serverguide/C/installation.xml:901(para)
20849
msgid ""
20850
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20851
"Wiki Articles on RAID</ulink>."
20852
msgstr ""
20853
20854
#: serverguide/C/installation.xml:907(ulink)
20855
msgid "Software RAID HOWTO"
20856
msgstr ""
20857
20858
#: serverguide/C/installation.xml:912(ulink)
20859
msgid "Managing RAID on Linux"
20860
msgstr ""
20861
20862
#: serverguide/C/installation.xml:919(title)
20863
msgid "Logical Volume Manager (LVM)"
20864
msgstr ""
20865
20866
#: serverguide/C/installation.xml:921(para)
20867
msgid ""
20868
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20869
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20870
"hard disks. LVM volumes can be created on both software RAID partitions and "
20871
"standard partitions residing on a single disk. Volumes can also be extended, "
20872
"giving greater flexibility to systems as requirements change."
20873
msgstr ""
20874
20875
#: serverguide/C/installation.xml:930(para)
20876
msgid ""
20877
"A side effect of LVM's power and flexibility is a greater degree of "
20878
"complication. Before diving into the LVM installation process, it is best to "
20879
"get familiar with some terms."
20880
msgstr ""
20881
20882
#: serverguide/C/installation.xml:937(para)
20883
msgid ""
20884
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20885
"Volumes (LV)."
20886
msgstr ""
20887
20888
#: serverguide/C/installation.xml:942(para)
20889
msgid ""
20890
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20891
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20892
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20893
msgstr ""
20894
20895
#: serverguide/C/installation.xml:948(para)
20896
msgid ""
20897
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20898
"RAID partition. The Volume Group can be extended by adding more PVs."
20899
msgstr ""
20900
20901
#: serverguide/C/installation.xml:959(para)
20902
msgid ""
20903
"As an example this section covers installing Ubuntu Server Edition with "
20904
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20905
"the initial install only one Physical Volume (PV) will be part of the Volume "
20906
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20907
"can be extended."
20908
msgstr ""
20909
20910
#: serverguide/C/installation.xml:965(para)
20911
msgid ""
20912
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20913
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20914
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20915
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20916
"partitions and configure LVM. At this time the only way to configure a "
20917
"system with both LVM and standard partitions, during installation, is to use "
20918
"the Manual approach."
20919
msgstr ""
20920
20921
#: serverguide/C/installation.xml:982(para)
20922
msgid ""
20923
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20924
"<emphasis>\"Manual\"</emphasis>."
20925
msgstr ""
20926
20927
#: serverguide/C/installation.xml:989(para)
20928
msgid ""
20929
"Select the hard disk and on the next screen choose \"yes\" to "
20930
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20931
msgstr ""
20932
20933
#: serverguide/C/installation.xml:996(para)
20934
msgid ""
20935
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20936
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20937
msgstr ""
20938
20939
#: serverguide/C/installation.xml:1004(para)
20940
msgid ""
20941
"For the LVM <emphasis>/srv</emphasis>, create a new "
20942
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20943
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20944
"<emphasis>\"Done setting up the partition\"</emphasis>."
20945
msgstr ""
20946
20947
#: serverguide/C/installation.xml:1012(para)
20948
msgid ""
20949
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20950
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20951
"disk."
20952
msgstr ""
20953
20954
#: serverguide/C/installation.xml:1020(para)
20955
msgid ""
20956
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20957
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20958
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20959
"After entering a name, select the partition configured for LVM, and choose "
20960
"<emphasis>\"Continue\"</emphasis>."
20961
msgstr ""
20962
20963
#: serverguide/C/installation.xml:1029(para)
20964
msgid ""
20965
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20966
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20967
"volume group, and enter a name for the new LV, for example "
20968
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20969
"a size, which may be the full partition because it can always be extended "
20970
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20971
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20972
msgstr ""
20973
20974
#: serverguide/C/installation.xml:1039(para)
20975
msgid ""
20976
"Now add a filesystem to the new LVM. Select the partition under "
20977
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20978
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20979
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20980
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20981
msgstr ""
20982
20983
#: serverguide/C/installation.xml:1048(para)
20984
msgid ""
20985
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20986
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20987
"the installation."
20988
msgstr ""
20989
20990
#: serverguide/C/installation.xml:1056(para)
20991
msgid "There are some useful utilities to view information about LVM:"
20992
msgstr ""
20993
20994
#: serverguide/C/installation.xml:1061(para)
20995
msgid ""
20996
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20997
msgstr ""
20998
20999
#: serverguide/C/installation.xml:1062(para)
21000
msgid ""
21001
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21002
msgstr ""
21003
21004
#: serverguide/C/installation.xml:1063(para)
21005
msgid ""
21006
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21007
"Physical Volumes."
21008
msgstr ""
21009
21010
#: serverguide/C/installation.xml:1068(title)
21011
msgid "Extending Volume Groups"
21012
msgstr ""
21013
21014
#: serverguide/C/installation.xml:1070(para)
21015
msgid ""
21016
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21017
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21018
"adding it to the volume group (VG), extending the logical volume <filename "
21019
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21020
"example assumes a second hard disk has been added to the system. This hard "
21021
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21022
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
21023
"before issuing the commands below. You could lose some data if you issue "
21024
"those commands on a non-empty disk. In our example we will use the entire "
21025
"disk as a physical volume (you could choose to create partitions and use "
21026
"them as different physical volumes)"
21027
msgstr ""
21028
21029
#: serverguide/C/installation.xml:1082(para)
21030
msgid "First, create the physical volume, in a terminal execute:"
21031
msgstr ""
21032
21033
#: serverguide/C/installation.xml:1087(command)
21034
msgid "sudo pvcreate /dev/sdb"
21035
msgstr "sudo pvcreate /dev/sdb"
21036
21037
#: serverguide/C/installation.xml:1093(para)
21038
msgid "Now extend the Volume Group (VG):"
21039
msgstr ""
21040
21041
#: serverguide/C/installation.xml:1098(command)
21042
msgid "sudo vgextend vg01 /dev/sdb"
21043
msgstr "sudo vgextend vg01 /dev/sdb"
21044
21045
#: serverguide/C/installation.xml:1104(para)
21046
msgid ""
21047
"Use <application>vgdisplay</application> to find out the free physical "
21048
"extents - Free PE / size (the size you can allocate). We will assume a free "
21049
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
21050
"whole free space available. Use your own PE and/or free space."
21051
msgstr ""
21052
21053
#: serverguide/C/installation.xml:1110(para)
21054
msgid ""
21055
"The Logical Volume (LV) can now be extended by different methods, we will "
21056
"only see how to use the PE to extend the LV:"
21057
msgstr ""
21058
21059
#: serverguide/C/installation.xml:1115(command)
21060
msgid "sudo lvextend /dev/vg01/srv -l +511"
21061
msgstr "sudo lvextend /dev/vg01/srv -l +511"
21062
21063
#: serverguide/C/installation.xml:1118(para)
21064
msgid ""
21065
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21066
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21067
"Gig, Tera, etc bytes."
21068
msgstr ""
21069
21070
#: serverguide/C/installation.xml:1126(para)
21071
msgid ""
21072
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21073
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21074
"practice to unmount it anyway and check the filesystem, so that you don't "
21075
"mess up the day you want to reduce a logical volume (in that case unmounting "
21076
"first is compulsory)."
21077
msgstr ""
21078
21079
#: serverguide/C/installation.xml:1132(para)
21080
msgid ""
21081
"The following commands are for an <emphasis>EXT3</emphasis> or "
21082
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21083
"there may be other utilities available."
21084
msgstr ""
21085
21086
#: serverguide/C/installation.xml:1139(command)
21087
msgid "sudo e2fsck -f /dev/vg01/srv"
21088
msgstr "sudo e2fsck -f /dev/vg01/srv"
21089
21090
#: serverguide/C/installation.xml:1142(para)
21091
msgid ""
21092
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21093
"forces checking even if the system seems clean."
21094
msgstr ""
21095
21096
#: serverguide/C/installation.xml:1149(para)
21097
msgid "Finally, resize the filesystem:"
21098
msgstr ""
21099
21100
#: serverguide/C/installation.xml:1154(command)
21101
msgid "sudo resize2fs /dev/vg01/srv"
21102
msgstr "sudo resize2fs /dev/vg01/srv"
21103
21104
#: serverguide/C/installation.xml:1160(para)
21105
msgid "Now mount the partition and check its size."
21106
msgstr ""
21107
21108
#: serverguide/C/installation.xml:1165(command)
21109
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21110
msgstr ""
21111
21112
#: serverguide/C/installation.xml:1177(para)
21113
msgid ""
21114
"See the <ulink "
21115
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21116
"Articles</ulink>."
21117
msgstr ""
21118
21119
#: serverguide/C/installation.xml:1182(para)
21120
msgid ""
21121
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21122
"HOWTO</ulink> for more information."
21123
msgstr ""
21124
21125
#: serverguide/C/installation.xml:1187(para)
21126
msgid ""
21127
"Another good article is <ulink "
21128
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21129
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21130
"linuxdevcenter.com site."
21131
msgstr ""
21132
21133
#: serverguide/C/installation.xml:1194(para)
21134
msgid ""
21135
"For more information on <application>fdisk</application> see the <ulink "
21136
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
21137
"sk man page</ulink>."
21138
msgstr ""
21139
21140
#: serverguide/C/file-server.xml:13(title)
21141
msgid "File Servers"
21142
msgstr "Servidors de fitxers"
21143
21144
#: serverguide/C/file-server.xml:15(para)
21145
msgid ""
21146
"If you have more than one computer on a single network. At some point you "
21147
"will probably need to share files between them. In this section we cover "
21148
"installing and configuring FTP, NFS, and CUPS."
21149
msgstr ""
21150
21151
#: serverguide/C/file-server.xml:22(title)
21152
msgid "FTP Server"
21153
msgstr ""
21154
21155
#: serverguide/C/file-server.xml:24(para)
21156
msgid ""
21157
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21158
"files between computers. FTP works on a client/server model. The server "
21159
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21160
"listens for FTP requests from remote clients. When a request is received, it "
21161
"manages the login and sets up the connection. For the duration of the "
21162
"session it executes any of commands sent by the FTP client."
21163
msgstr ""
21164
21165
#: serverguide/C/file-server.xml:33(para)
21166
msgid "Access to an FTP server can be managed in two ways:"
21167
msgstr ""
21168
21169
#: serverguide/C/file-server.xml:37(para)
21170
msgid "Anonymous"
21171
msgstr ""
21172
21173
#: serverguide/C/file-server.xml:40(para)
21174
msgid "Authenticated"
21175
msgstr ""
21176
21177
#: serverguide/C/file-server.xml:43(para)
21178
msgid ""
21179
"In the Anonymous mode, remote clients can access the FTP server by using the "
21180
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21181
"address as the password. In the Authenticated mode a user must have an "
21182
"account and a password. User access to the FTP server directories and files "
21183
"is dependent on the permissions defined for the account used at login. As a "
21184
"general rule, the FTP daemon will hide the root directory of the FTP server "
21185
"and change it to the FTP Home directory. This hides the rest of the file "
21186
"system from remote sessions."
21187
msgstr ""
21188
21189
#: serverguide/C/file-server.xml:55(title)
21190
msgid "vsftpd - FTP Server Installation"
21191
msgstr ""
21192
21193
#: serverguide/C/file-server.xml:57(para)
21194
msgid ""
21195
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21196
"and maintain. To install <application>vsftpd</application> you can run the "
21197
"following command:"
21198
msgstr ""
21199
21200
#: serverguide/C/file-server.xml:65(command)
21201
msgid "sudo apt-get install vsftpd"
21202
msgstr "sudo apt-get install vsftpd"
21203
21204
#: serverguide/C/file-server.xml:71(title)
21205
msgid "Anonymous FTP Configuration"
21206
msgstr ""
21207
21208
#: serverguide/C/file-server.xml:73(para)
21209
msgid ""
21210
"By default <application>vsftpd</application> is configured to only allow "
21211
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21212
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21213
"default FTP directory."
21214
msgstr ""
21215
21216
#: serverguide/C/file-server.xml:80(para)
21217
msgid ""
21218
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21219
"example, simply create a directory in another location and change the "
21220
"<emphasis>ftp</emphasis> user's home directory:"
21221
msgstr ""
21222
21223
#: serverguide/C/file-server.xml:87(command)
21224
msgid "sudo mkdir /srv/ftp"
21225
msgstr "sudo mkdir /srv/ftp"
21226
21227
#: serverguide/C/file-server.xml:88(command)
21228
msgid "sudo usermod -d /srv/ftp ftp"
21229
msgstr "sudo usermod -d /srv/ftp ftp"
21230
21231
#: serverguide/C/file-server.xml:91(para)
21232
msgid "After making the change restart <application>vsftpd</application>:"
21233
msgstr ""
21234
21235
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21236
msgid "sudo /etc/init.d/vsftpd restart"
21237
msgstr "sudo /etc/init.d/vsftpd restart"
21238
21239
#: serverguide/C/file-server.xml:99(para)
21240
msgid ""
21241
"Finally, copy any files and directories you would like to make available "
21242
"through anonymous FTP to <filename>/srv/ftp</filename>."
21243
msgstr ""
21244
21245
#: serverguide/C/file-server.xml:106(title)
21246
msgid "User Authenticated FTP Configuration"
21247
msgstr ""
21248
21249
#: serverguide/C/file-server.xml:108(para)
21250
msgid ""
21251
"To configure <application>vsftpd</application> to authenticate system users "
21252
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
21253
msgstr ""
21254
21255
#: serverguide/C/file-server.xml:114(programlisting)
21256
#, no-wrap
21257
msgid ""
21258
"\n"
21259
"local_enable=YES\n"
21260
"write_enable=YES\n"
21261
msgstr ""
21262
21263
#: serverguide/C/file-server.xml:119(para)
21264
msgid "Now restart <application>vsftpd</application>:"
21265
msgstr ""
21266
21267
#: serverguide/C/file-server.xml:127(para)
21268
msgid ""
21269
"Now when system users login to FTP they will start in their "
21270
"<emphasis>home</emphasis> directories where they can download, upload, "
21271
"create directories, etc."
21272
msgstr ""
21273
21274
#: serverguide/C/file-server.xml:133(para)
21275
msgid ""
21276
"Similarly, by default, the anonymous users are not allowed to upload files "
21277
"to FTP server. To change this setting, you should uncomment the following "
21278
"line, and restart <application>vsftpd</application>:"
21279
msgstr ""
21280
21281
#: serverguide/C/file-server.xml:140(programlisting)
21282
#, no-wrap
21283
msgid ""
21284
"\n"
21285
"anon_upload_enable=YES\n"
21286
msgstr ""
21287
21288
#: serverguide/C/file-server.xml:145(para)
21289
msgid ""
21290
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21291
"not enable anonymous upload on servers accessed directly from the Internet."
21292
msgstr ""
21293
21294
#: serverguide/C/file-server.xml:151(para)
21295
msgid ""
21296
"The configuration file consists of many configuration parameters. The "
21297
"information about each parameter is available in the configuration file. "
21298
"Alternatively, you can refer to the man page, <command>man 5 "
21299
"vsftpd.conf</command> for details of each parameter."
21300
msgstr ""
21301
21302
#: serverguide/C/file-server.xml:162(title)
21303
msgid "Securing FTP"
21304
msgstr ""
21305
21306
#: serverguide/C/file-server.xml:164(para)
21307
msgid ""
21308
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21309
"<application>vsftpd</application> more secure. For example users can be "
21310
"limited to their home directories by uncommenting:"
21311
msgstr ""
21312
21313
#: serverguide/C/file-server.xml:170(programlisting)
21314
#, no-wrap
21315
msgid ""
21316
"\n"
21317
"chroot_local_user=YES\n"
21318
msgstr ""
21319
21320
#: serverguide/C/file-server.xml:174(para)
21321
msgid ""
21322
"You can also limit a specific list of users to just their home directories:"
21323
msgstr ""
21324
21325
#: serverguide/C/file-server.xml:178(programlisting)
21326
#, no-wrap
21327
msgid ""
21328
"\n"
21329
"chroot_list_enable=YES\n"
21330
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21331
msgstr ""
21332
21333
#: serverguide/C/file-server.xml:183(para)
21334
msgid ""
21335
"After uncommenting the above options, create a "
21336
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21337
"per line. Then restart <application>vsftpd</application>:"
21338
msgstr ""
21339
21340
#: serverguide/C/file-server.xml:192(para)
21341
msgid ""
21342
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21343
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21344
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21345
"add them to the list."
21346
msgstr ""
21347
21348
#: serverguide/C/file-server.xml:199(para)
21349
msgid ""
21350
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21351
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21352
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21353
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21354
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21355
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21356
"with a shell may not be ideal for some environments, such as a shared web "
21357
"host."
21358
msgstr ""
21359
21360
#: serverguide/C/file-server.xml:208(para)
21361
msgid ""
21362
"To configure <emphasis>FTPS</emphasis>, edit "
21363
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21364
msgstr ""
21365
21366
#: serverguide/C/file-server.xml:212(programlisting)
21367
#, no-wrap
21368
msgid ""
21369
"\n"
21370
"ssl_enable=Yes\n"
21371
msgstr ""
21372
21373
#: serverguide/C/file-server.xml:216(para)
21374
msgid "Also, notice the certificate and key related options:"
21375
msgstr ""
21376
21377
#: serverguide/C/file-server.xml:220(programlisting)
21378
#, no-wrap
21379
msgid ""
21380
"\n"
21381
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21382
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21383
msgstr ""
21384
21385
#: serverguide/C/file-server.xml:225(para)
21386
msgid ""
21387
"By default these options are set the certificate and key provided by the "
21388
"<application>ssl-cert</application> package. In a production environment "
21389
"these should be replaced with a certificate and key generated for the "
21390
"specific host. For more information on certificates see <xref "
21391
"linkend=\"certificates-and-security\"/>."
21392
msgstr ""
21393
21394
#: serverguide/C/file-server.xml:231(para)
21395
msgid ""
21396
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21397
"be forced to use <emphasis>FTPS</emphasis>:"
21398
msgstr ""
21399
21400
#: serverguide/C/file-server.xml:240(para)
21401
msgid ""
21402
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21403
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21404
"adding the <emphasis>nologin</emphasis> shell:"
21405
msgstr ""
21406
21407
#: serverguide/C/file-server.xml:245(programlisting)
21408
#, no-wrap
21409
msgid ""
21410
"\n"
21411
"# /etc/shells: valid login shells\n"
21412
"/bin/csh\n"
21413
"/bin/sh\n"
21414
"/usr/bin/es\n"
21415
"/usr/bin/ksh\n"
21416
"/bin/ksh\n"
21417
"/usr/bin/rc\n"
21418
"/usr/bin/tcsh\n"
21419
"/bin/tcsh\n"
21420
"/usr/bin/esh\n"
21421
"/bin/dash\n"
21422
"/bin/bash\n"
21423
"/bin/rbash\n"
21424
"/usr/bin/screen\n"
21425
"/usr/sbin/nologin\n"
21426
msgstr ""
21427
21428
#: serverguide/C/file-server.xml:263(para)
21429
msgid ""
21430
"This is necessary because, by default <application>vsftpd</application> uses "
21431
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21432
"configuration file contains:"
21433
msgstr ""
21434
21435
#: serverguide/C/file-server.xml:268(programlisting)
21436
#, no-wrap
21437
msgid ""
21438
"\n"
21439
"auth required pam_shells.so\n"
21440
msgstr ""
21441
21442
#: serverguide/C/file-server.xml:272(para)
21443
msgid ""
21444
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21445
"in the <filename>/etc/shells</filename> file."
21446
msgstr ""
21447
21448
#: serverguide/C/file-server.xml:277(para)
21449
msgid ""
21450
"Most popular FTP clients can be configured connect using FTPS. The "
21451
"<application>lftp</application> command line FTP client has the ability to "
21452
"use FTPS as well."
21453
msgstr ""
21454
21455
#: serverguide/C/file-server.xml:288(para)
21456
msgid ""
21457
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21458
"website</ulink> for more information."
21459
msgstr ""
21460
21461
#: serverguide/C/file-server.xml:293(para)
21462
msgid ""
21463
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21464
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21465
"\">vsftpd.conf man page</ulink>."
21466
msgstr ""
21467
21468
#: serverguide/C/file-server.xml:299(para)
21469
msgid ""
21470
"The CodeGurus article <ulink "
21471
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21472
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21473
"contrasting FTPS and SFTP."
21474
msgstr ""
21475
21476
#: serverguide/C/file-server.xml:305(para)
21477
msgid ""
21478
"Also, for more information see the <ulink "
21479
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21480
"page."
21481
msgstr ""
21482
21483
#: serverguide/C/file-server.xml:315(title)
21484
msgid "Network File System (NFS)"
21485
msgstr ""
21486
21487
#: serverguide/C/file-server.xml:316(para)
21488
msgid ""
21489
"NFS allows a system to share directories and files with others over a "
21490
"network. By using NFS, users and programs can access files on remote systems "
21491
"almost as if they were local files."
21492
msgstr ""
21493
21494
#: serverguide/C/file-server.xml:322(para)
21495
msgid "Some of the most notable benefits that NFS can provide are:"
21496
msgstr ""
21497
21498
#: serverguide/C/file-server.xml:328(para)
21499
msgid ""
21500
"Local workstations use less disk space because commonly used data can be "
21501
"stored on a single machine and still remain accessible to others over the "
21502
"network."
21503
msgstr ""
21504
21505
#: serverguide/C/file-server.xml:333(para)
21506
msgid ""
21507
"There is no need for users to have separate home directories on every "
21508
"network machine. Home directories could be set up on the NFS server and made "
21509
"available throughout the network."
21510
msgstr ""
21511
21512
#: serverguide/C/file-server.xml:339(para)
21513
msgid ""
21514
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21515
"be used by other machines on the network. This may reduce the number of "
21516
"removable media drives throughout the network."
21517
msgstr ""
21518
21519
#: serverguide/C/file-server.xml:349(para)
21520
msgid ""
21521
"At a terminal prompt enter the following command to install the NFS Server:"
21522
msgstr ""
21523
21524
#: serverguide/C/file-server.xml:355(command)
21525
msgid "sudo apt-get install nfs-kernel-server"
21526
msgstr "sudo apt-get install nfs-kernel-server"
21527
21528
#: serverguide/C/file-server.xml:361(para)
21529
msgid ""
21530
"You can configure the directories to be exported by adding them to the "
21531
"<filename>/etc/exports</filename> file. For example:"
21532
msgstr ""
21533
21534
#: serverguide/C/file-server.xml:366(screen)
21535
#, no-wrap
21536
msgid ""
21537
"\n"
21538
"/ubuntu *(ro,sync,no_root_squash)\n"
21539
"/home *(rw,sync,no_root_squash)\n"
21540
msgstr ""
21541
21542
#: serverguide/C/file-server.xml:372(para)
21543
msgid ""
21544
"You can replace * with one of the hostname formats. Make the hostname "
21545
"declaration as specific as possible so unwanted systems cannot access the "
21546
"NFS mount."
21547
msgstr ""
21548
21549
#: serverguide/C/file-server.xml:378(para)
21550
msgid ""
21551
"To start the NFS server, you can run the following command at a terminal "
21552
"prompt:"
21553
msgstr ""
21554
21555
#: serverguide/C/file-server.xml:383(command)
21556
msgid "sudo /etc/init.d/nfs-kernel-server start"
21557
msgstr "sudo /etc/init.d/nfs-kernel-server start"
21558
21559
#: serverguide/C/file-server.xml:388(title)
21560
msgid "NFS Client Configuration"
21561
msgstr ""
21562
21563
#: serverguide/C/file-server.xml:389(para)
21564
msgid ""
21565
"Use the <application>mount</application> command to mount a shared NFS "
21566
"directory from another machine, by typing a command line similar to the "
21567
"following at a terminal prompt:"
21568
msgstr ""
21569
21570
#: serverguide/C/file-server.xml:395(command)
21571
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21572
msgstr "sudo mount exemple.ordinador.cat:/ubuntu /local/ubuntu"
21573
21574
#: serverguide/C/file-server.xml:399(para)
21575
msgid ""
21576
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21577
"There should be no files or subdirectories in the "
21578
"<filename>/local/ubuntu</filename> directory."
21579
msgstr ""
21580
21581
#: serverguide/C/file-server.xml:406(para)
21582
msgid ""
21583
"An alternate way to mount an NFS share from another machine is to add a line "
21584
"to the <filename>/etc/fstab</filename> file. The line must state the "
21585
"hostname of the NFS server, the directory on the server being exported, and "
21586
"the directory on the local machine where the NFS share is to be mounted."
21587
msgstr ""
21588
21589
#: serverguide/C/file-server.xml:414(para)
21590
msgid ""
21591
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21592
"as follows:"
21593
msgstr ""
21594
21595
#: serverguide/C/file-server.xml:420(programlisting)
21596
#, no-wrap
21597
msgid ""
21598
"\n"
21599
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21600
"rsize=8192,wsize=8192,timeo=14,intr\n"
21601
msgstr ""
21602
21603
#: serverguide/C/file-server.xml:424(para)
21604
msgid ""
21605
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21606
"common</application> package is installed on your client. To install "
21607
"<application>nfs-common</application> enter the following command at the "
21608
"terminal prompt: <screen>\n"
21609
"<command>sudo apt-get install nfs-common</command>\n"
21610
"</screen>"
21611
msgstr ""
21612
21613
#: serverguide/C/file-server.xml:437(ulink)
21614
msgid "Linux NFS faq"
21615
msgstr ""
21616
21617
#: serverguide/C/file-server.xml:439(ulink)
21618
msgid "Ubuntu Wiki NFS Howto"
21619
msgstr ""
21620
21621
#: serverguide/C/file-server.xml:445(title)
21622
msgid "CUPS - Print Server"
21623
msgstr ""
21624
21625
#: serverguide/C/file-server.xml:446(para)
21626
msgid ""
21627
"The primary mechanism for Ubuntu printing and print services is the "
21628
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21629
"printing system is a freely available, portable printing layer which has "
21630
"become the new standard for printing in most Linux distributions."
21631
msgstr ""
21632
21633
#: serverguide/C/file-server.xml:453(para)
21634
msgid ""
21635
"CUPS manages print jobs and queues and provides network printing using the "
21636
"standard Internet Printing Protocol (IPP), while offering support for a very "
21637
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21638
"also supports PostScript Printer Description (PPD) and auto-detection of "
21639
"network printers, and features a simple web-based configuration and "
21640
"administration tool."
21641
msgstr ""
21642
21643
#: serverguide/C/file-server.xml:463(para)
21644
msgid ""
21645
"To install CUPS on your Ubuntu computer, simply use "
21646
"<application>sudo</application> with the <application>apt-get</application> "
21647
"command and give the packages to install as the first parameter. A complete "
21648
"CUPS install has many package dependencies, but they may all be specified on "
21649
"the same command line. Enter the following at a terminal prompt to install "
21650
"CUPS:"
21651
msgstr ""
21652
21653
#: serverguide/C/file-server.xml:468(command)
21654
msgid "sudo apt-get install cups"
21655
msgstr "sudo apt-get install cups"
21656
21657
#: serverguide/C/file-server.xml:471(para)
21658
msgid ""
21659
"Upon authenticating with your user password, the packages should be "
21660
"downloaded and installed without error. Upon the conclusion of installation, "
21661
"the CUPS server will be started automatically."
21662
msgstr ""
21663
21664
#: serverguide/C/file-server.xml:476(para)
21665
msgid ""
21666
"For troubleshooting purposes, you can access CUPS server errors via the "
21667
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21668
"error log does not show enough information to troubleshoot any problems you "
21669
"encounter, the verbosity of the CUPS log can be increased by changing the "
21670
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21671
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21672
"everything, from the default of \"info\". If you make this change, remember "
21673
"to change it back once you've solved your problem, to prevent the log file "
21674
"from becoming overly large."
21675
msgstr ""
21676
21677
#: serverguide/C/file-server.xml:489(para)
21678
msgid ""
21679
"The Common UNIX Printing System server's behavior is configured through the "
21680
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21681
"The CUPS configuration file follows the same syntax as the primary "
21682
"configuration file for the Apache HTTP server, so users familiar with "
21683
"editing Apache's configuration file should feel at ease when editing the "
21684
"CUPS configuration file. Some examples of settings you may wish to change "
21685
"initially will be presented here."
21686
msgstr ""
21687
21688
#: serverguide/C/file-server.xml:499(para)
21689
msgid ""
21690
"Prior to editing the configuration file, you should make a copy of the "
21691
"original file and protect it from writing, so you will have the original "
21692
"settings as a reference, and to reuse as necessary."
21693
msgstr ""
21694
21695
#: serverguide/C/file-server.xml:503(para)
21696
msgid ""
21697
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21698
"writing with the following commands, issued at a terminal prompt:"
21699
msgstr ""
21700
21701
#: serverguide/C/file-server.xml:509(command)
21702
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21703
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21704
21705
#: serverguide/C/file-server.xml:510(command)
21706
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21707
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
21708
21709
#: serverguide/C/file-server.xml:515(para)
21710
msgid ""
21711
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21712
"address of the designated administrator of the CUPS server, simply edit the "
21713
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21714
"preferred text editor, and add or modify the <emphasis "
21715
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21716
"you are the Administrator for the CUPS server, and your e-mail address is "
21717
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21718
"as such:"
21719
msgstr ""
21720
21721
#: serverguide/C/file-server.xml:526(screen)
21722
#, no-wrap
21723
msgid ""
21724
"\n"
21725
"ServerAdmin bjoy@somebigco.com\n"
21726
msgstr ""
21727
21728
#: serverguide/C/file-server.xml:532(para)
21729
msgid ""
21730
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21731
"server installation listens only on the loopback interface at IP address "
21732
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21733
"listen on an actual network adapter's IP address, you must specify either a "
21734
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21735
"addition of a Listen directive. For example, if your CUPS server resides on "
21736
"a local network at the IP address <emphasis "
21737
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21738
"accessible to the other systems on this subnetwork, you would edit the "
21739
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21740
"such:"
21741
msgstr ""
21742
21743
#: serverguide/C/file-server.xml:546(screen)
21744
#, no-wrap
21745
msgid ""
21746
"\n"
21747
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21748
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21749
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21750
"(IPP)\n"
21751
msgstr ""
21752
21753
#: serverguide/C/file-server.xml:552(para)
21754
msgid ""
21755
"In the example above, you may comment out or remove the reference to the "
21756
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21757
"</application> to listen on that interface, but would rather have it only "
21758
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21759
"listening for all network interfaces for which a certain hostname is bound, "
21760
"including the Loopback, you could create a Listen entry for the hostname "
21761
"<emphasis>socrates</emphasis> as such:"
21762
msgstr ""
21763
21764
#: serverguide/C/file-server.xml:562(screen)
21765
#, no-wrap
21766
msgid ""
21767
"\n"
21768
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21769
msgstr ""
21770
21771
#: serverguide/C/file-server.xml:566(para)
21772
msgid ""
21773
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21774
"instead, as in:"
21775
msgstr ""
21776
21777
#: serverguide/C/file-server.xml:568(screen)
21778
#, no-wrap
21779
msgid ""
21780
"\n"
21781
"Port 631 # Listen on port 631 on all interfaces\n"
21782
msgstr ""
21783
21784
#: serverguide/C/file-server.xml:575(para)
21785
msgid ""
21786
"For more examples of configuration directives in the CUPS server "
21787
"configuration file, view the associated system manual page by entering the "
21788
"following command at a terminal prompt:"
21789
msgstr ""
21790
21791
#: serverguide/C/file-server.xml:582(command)
21792
msgid "man cupsd.conf"
21793
msgstr ""
21794
21795
#: serverguide/C/file-server.xml:586(para)
21796
msgid ""
21797
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21798
"configuration file, you'll need to restart the CUPS server by typing the "
21799
"following command at a terminal prompt:"
21800
msgstr ""
21801
21802
#: serverguide/C/file-server.xml:592(command)
21803
msgid "sudo /etc/init.d/cups restart"
21804
msgstr "sudo /etc/init.d/cups restart"
21805
21806
#: serverguide/C/file-server.xml:598(title)
21807
msgid "Web Interface"
21808
msgstr ""
21809
21810
#: serverguide/C/file-server.xml:600(para)
21811
msgid ""
21812
"CUPS can be configured and monitored using a web interface, which by default "
21813
"is available at <ulink "
21814
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21815
"web interface can be used to perform all printer management tasks."
21816
msgstr ""
21817
21818
#: serverguide/C/file-server.xml:604(para)
21819
msgid ""
21820
"In order to perform administrative tasks via the web interface, you must "
21821
"either have the root account enabled on your server, or authenticate as a "
21822
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21823
"reasons, CUPS won't authenticate a user that doesn't have a password."
21824
msgstr ""
21825
21826
#: serverguide/C/file-server.xml:607(para)
21827
msgid ""
21828
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21829
"at the terminal prompt: <screen>\n"
21830
"<command>sudo usermod -aG lpadmin username</command>\n"
21831
"</screen>"
21832
msgstr ""
21833
21834
#: serverguide/C/file-server.xml:613(para)
21835
msgid ""
21836
"Further documentation is available in the <emphasis "
21837
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21838
msgstr ""
21839
21840
#: serverguide/C/file-server.xml:621(ulink)
21841
msgid "CUPS Website"
21842
msgstr ""
21843
21844
#: serverguide/C/file-server.xml:624(ulink)
21845
msgid "Ubuntu Wiki CUPS page"
21846
msgstr ""
21847
21848
#: serverguide/C/dns.xml:13(title)
21849
msgid "Domain Name Service (DNS)"
21850
msgstr "Servei de noms de domini (DNS)"
21851
21852
#: serverguide/C/dns.xml:14(para)
21853
msgid ""
21854
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21855
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21856
"alleviates the need to remember IP addresses. Computers that run DNS are "
21857
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21858
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21859
"common program used for maintaining a name server on Linux."
21860
msgstr ""
21861
21862
#: serverguide/C/dns.xml:24(para)
21863
msgid ""
21864
"At a terminal prompt, enter the following command to install "
21865
"<application>dns</application>:"
21866
msgstr ""
21867
21868
#: serverguide/C/dns.xml:28(command)
21869
msgid "sudo apt-get install bind9"
21870
msgstr "sudo apt-get install bind9"
21871
21872
#: serverguide/C/dns.xml:30(para)
21873
msgid ""
21874
"A very useful package for testing and troubleshooting DNS issues is the "
21875
"dnsutils package. To install <application>dnsutils</application> enter the "
21876
"following:"
21877
msgstr ""
21878
21879
#: serverguide/C/dns.xml:35(command)
21880
msgid "sudo apt-get install dnsutils"
21881
msgstr "sudo apt-get install dnsutils"
21882
21883
#: serverguide/C/dns.xml:40(para)
21884
msgid ""
21885
"There are many ways to configure <application>BIND9</application>. Some of "
21886
"the most common configurations are a caching nameserver, primary master, and "
21887
"as a secondary master."
21888
msgstr ""
21889
21890
#: serverguide/C/dns.xml:46(para)
21891
msgid ""
21892
"When configured as a caching nameserver BIND9 will find the answer to name "
21893
"queries and remember the answer when the domain is queried again."
21894
msgstr ""
21895
21896
#: serverguide/C/dns.xml:52(para)
21897
msgid ""
21898
"As a primary master server BIND9 reads the data for a zone from a file on "
21899
"it's host and is authoritative for that zone."
21900
msgstr ""
21901
21902
#: serverguide/C/dns.xml:57(para)
21903
msgid ""
21904
"In a secondary master configuration BIND9 gets the zone data from another "
21905
"nameserver authoritative for the zone."
21906
msgstr ""
21907
21908
#: serverguide/C/dns.xml:65(para)
21909
msgid ""
21910
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21911
"directory. The primary configuration file is "
21912
"<filename>/etc/bind/named.conf</filename>."
21913
msgstr ""
21914
21915
#: serverguide/C/dns.xml:72(para)
21916
msgid ""
21917
"The <emphasis>include</emphasis> line specifies the filename which contains "
21918
"the DNS options. The <emphasis>directory</emphasis> line in the "
21919
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21920
"look for files. All files BIND uses will be relative to this directory."
21921
msgstr ""
21922
21923
#: serverguide/C/dns.xml:80(para)
21924
msgid ""
21925
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21926
"nameservers in the world. The servers change over time, so the "
21927
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21928
"This is usually done as updates to the <application>bind9</application> "
21929
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21930
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21931
msgstr ""
21932
21933
#: serverguide/C/dns.xml:90(para)
21934
msgid ""
21935
"It is possible to configure the same server to be a caching name server, "
21936
"primary master, and secondary master. A server can be the Start of Authority "
21937
"(SOA) for one zone, while providing secondary service for another zone. All "
21938
"the while providing caching services for hosts on the local LAN."
21939
msgstr ""
21940
21941
#: serverguide/C/dns.xml:98(title)
21942
msgid "Caching Nameserver"
21943
msgstr ""
21944
21945
#: serverguide/C/dns.xml:99(para)
21946
msgid ""
21947
"The default configuration is setup to act as a caching server. All that is "
21948
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21949
"uncomment and edit the following in "
21950
"<filename>/etc/bind/named.conf.options</filename>:"
21951
msgstr ""
21952
21953
#: serverguide/C/dns.xml:103(programlisting)
21954
#, no-wrap
21955
msgid ""
21956
"\n"
21957
"forwarders {\n"
21958
" 1.2.3.4;\n"
21959
" 5.6.7.8;\n"
21960
" };\n"
21961
msgstr ""
21962
21963
#: serverguide/C/dns.xml:110(para)
21964
msgid ""
21965
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21966
"the IP Adresses of actual nameservers."
21967
msgstr ""
21968
21969
#: serverguide/C/dns.xml:114(para)
21970
msgid ""
21971
"Now restart the DNS server, to enable the new configuration. From a terminal "
21972
"prompt:"
21973
msgstr ""
21974
21975
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21976
msgid "sudo /etc/init.d/bind9 restart"
21977
msgstr "sudo /etc/init.d/bind9 restart"
21978
21979
#: serverguide/C/dns.xml:120(para)
21980
msgid ""
21981
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21982
"DNS server."
21983
msgstr ""
21984
21985
#: serverguide/C/dns.xml:125(title)
21986
msgid "Primary Master"
21987
msgstr ""
21988
21989
#: serverguide/C/dns.xml:126(para)
21990
msgid ""
21991
"In this section <application>BIND9</application> will be configured as the "
21992
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21993
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21994
"(Fully Qualified Domain Name)."
21995
msgstr ""
21996
21997
#: serverguide/C/dns.xml:132(title)
21998
msgid "Forward Zone File"
21999
msgstr ""
22000
22001
#: serverguide/C/dns.xml:133(para)
22002
msgid ""
22003
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
22004
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
22005
msgstr ""
22006
22007
#: serverguide/C/dns.xml:137(programlisting)
22008
#, no-wrap
22009
msgid ""
22010
"\n"
22011
"zone \"example.com\" {\n"
22012
"\ttype master;\n"
22013
" file \"/etc/bind/db.example.com\";\n"
22014
"};\n"
22015
msgstr ""
22016
22017
#: serverguide/C/dns.xml:143(para)
22018
msgid ""
22019
"Now use an existing zone file as a template to create the "
22020
"<filename>/etc/bind/db.example.com</filename> file:"
22021
msgstr ""
22022
22023
#: serverguide/C/dns.xml:147(command)
22024
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22025
msgstr ""
22026
22027
#: serverguide/C/dns.xml:149(para)
22028
msgid ""
22029
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
22030
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
22031
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22032
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22033
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22034
"leaving the \".\" at the end."
22035
msgstr ""
22036
22037
#: serverguide/C/dns.xml:155(para)
22038
msgid ""
22039
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22040
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
22041
msgstr ""
22042
22043
#: serverguide/C/dns.xml:159(programlisting)
22044
#, no-wrap
22045
msgid ""
22046
"\n"
22047
";\n"
22048
"; BIND data file for local loopback interface\n"
22049
";\n"
22050
"$TTL 604800\n"
22051
"@ IN SOA ns.example.com. root.example.com. (\n"
22052
" 2 ; Serial\n"
22053
" 604800 ; Refresh\n"
22054
" 86400 ; Retry\n"
22055
" 2419200 ; Expire\n"
22056
" 604800 ) ; Negative Cache TTL\n"
22057
";\n"
22058
"@ IN NS ns.example.com.\n"
22059
"@ IN A 127.0.0.1\n"
22060
"@ IN AAAA ::1\n"
22061
"ns IN A 192.168.1.10\n"
22062
msgstr ""
22063
22064
#: serverguide/C/dns.xml:176(para)
22065
msgid ""
22066
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22067
"make changes to the zone file. If you make multiple changes before "
22068
"restarting BIND9, simply increment the Serial once."
22069
msgstr ""
22070
22071
#: serverguide/C/dns.xml:180(para)
22072
msgid ""
22073
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22074
"linkend=\"dns-record-types\"/> for details."
22075
msgstr ""
22076
22077
#: serverguide/C/dns.xml:184(para)
22078
msgid ""
22079
"Many admins like to use the last date edited as the serial of a zone, such "
22080
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
22081
"<emphasis>ss</emphasis> is the Serial Number)"
22082
msgstr ""
22083
22084
#: serverguide/C/dns.xml:189(para)
22085
msgid ""
22086
"Once you have made a change to the zone file "
22087
"<application>BIND9</application> will need to be restarted for the changes "
22088
"to take effect:"
22089
msgstr ""
22090
22091
#: serverguide/C/dns.xml:198(title)
22092
msgid "Reverse Zone File"
22093
msgstr ""
22094
22095
#: serverguide/C/dns.xml:199(para)
22096
msgid ""
22097
"Now that the zone is setup and resolving names to IP Adresses a "
22098
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22099
"DNS to resolve an address to a name."
22100
msgstr ""
22101
22102
#: serverguide/C/dns.xml:203(para)
22103
msgid "Edit /etc/bind/named.conf.local and add the following:"
22104
msgstr ""
22105
22106
#: serverguide/C/dns.xml:206(programlisting)
22107
#, no-wrap
22108
msgid ""
22109
"\n"
22110
"zone \"1.168.192.in-addr.arpa\" {\n"
22111
" type master;\n"
22112
" notify no;\n"
22113
" file \"/etc/bind/db.192\";\n"
22114
"};\n"
22115
msgstr ""
22116
22117
#: serverguide/C/dns.xml:214(para)
22118
msgid ""
22119
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22120
"whatever network you are using. Also, name the zone file "
22121
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
22122
"first octet of your network."
22123
msgstr ""
22124
22125
#: serverguide/C/dns.xml:219(para)
22126
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22127
msgstr ""
22128
22129
#: serverguide/C/dns.xml:223(command)
22130
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22131
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22132
22133
#: serverguide/C/dns.xml:225(para)
22134
msgid ""
22135
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22136
"same options as <filename>/etc/bind/db.example.com</filename>:"
22137
msgstr ""
22138
22139
#: serverguide/C/dns.xml:229(programlisting)
22140
#, no-wrap
22141
msgid ""
22142
"\n"
22143
";\n"
22144
"; BIND reverse data file for local loopback interface\n"
22145
";\n"
22146
"$TTL 604800\n"
22147
"@ IN SOA ns.example.com. root.example.com. (\n"
22148
" 2 ; Serial\n"
22149
" 604800 ; Refresh\n"
22150
" 86400 ; Retry\n"
22151
" 2419200 ; Expire\n"
22152
" 604800 ) ; Negative Cache TTL\n"
22153
";\n"
22154
"@ IN NS ns.\n"
22155
"10 IN PTR ns.example.com.\n"
22156
msgstr ""
22157
22158
#: serverguide/C/dns.xml:244(para)
22159
msgid ""
22160
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22161
"incremented on each change as well. For each <emphasis>A record</emphasis> "
22162
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22163
"create a <emphasis>PTR record</emphasis> in "
22164
"<filename>/etc/bind/db.192</filename>."
22165
msgstr ""
22166
22167
#: serverguide/C/dns.xml:249(para)
22168
msgid ""
22169
"After creating the reverse zone file restart "
22170
"<application>BIND9</application>:"
22171
msgstr ""
22172
22173
#: serverguide/C/dns.xml:258(title)
22174
msgid "Secondary Master"
22175
msgstr ""
22176
22177
#: serverguide/C/dns.xml:259(para)
22178
msgid ""
22179
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22180
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22181
"availability of the domain should the Primary become unavailable."
22182
msgstr ""
22183
22184
#: serverguide/C/dns.xml:263(para)
22185
msgid ""
22186
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22187
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22188
"and Reverse zone definitions in "
22189
"<filename>/etc/bind/named.conf.local</filename>:"
22190
msgstr ""
22191
22192
#: serverguide/C/dns.xml:267(programlisting)
22193
#, no-wrap
22194
msgid ""
22195
"\n"
22196
"zone \"example.com\" {\n"
22197
" type master;\n"
22198
"\tfile \"/etc/bind/db.example.com\";\n"
22199
" allow-transfer { 192.168.1.11; };\n"
22200
"};\n"
22201
"\n"
22202
"zone \"1.168.192.in-addr.arpa\" {\n"
22203
" type master;\n"
22204
" notify no;\n"
22205
" file \"/etc/bind/db.192\";\n"
22206
"\tallow-transfer { 192.168.1.11; };\n"
22207
"};\n"
22208
msgstr ""
22209
22210
#: serverguide/C/dns.xml:282(para)
22211
msgid ""
22212
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22213
"Secondary nameserver."
22214
msgstr ""
22215
22216
#: serverguide/C/dns.xml:286(para)
22217
msgid ""
22218
"Next, on the Secondary Master, install the <application>bind9</application> "
22219
"package the same way as on the Primary. Then edit the "
22220
"<filename>/etc/bind/named.conf.local</filename> and add the following "
22221
"declarations for the Forward and Reverse zones:"
22222
msgstr ""
22223
22224
#: serverguide/C/dns.xml:290(programlisting)
22225
#, no-wrap
22226
msgid ""
22227
"\n"
22228
"zone \"example.com\" {\n"
22229
"\ttype slave;\n"
22230
" file \"/var/cache/bind/db.example.com\";\n"
22231
" masters { 192.168.1.10; };\n"
22232
"}; \n"
22233
" \n"
22234
"zone \"1.168.192.in-addr.arpa\" {\n"
22235
"\ttype slave;\n"
22236
" file \"/var/cache/bind/db.192\";\n"
22237
" masters { 192.168.1.10; };\n"
22238
"};\n"
22239
msgstr ""
22240
22241
#: serverguide/C/dns.xml:304(para)
22242
msgid ""
22243
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22244
"Primary nameserver."
22245
msgstr ""
22246
22247
#: serverguide/C/dns.xml:308(para)
22248
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22249
msgstr ""
22250
22251
#: serverguide/C/dns.xml:314(para)
22252
msgid ""
22253
"In <filename>/var/log/syslog</filename> you should see something similar to:"
22254
msgstr ""
22255
22256
#: serverguide/C/dns.xml:317(programlisting)
22257
#, no-wrap
22258
msgid ""
22259
"\n"
22260
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22261
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
22262
msgstr ""
22263
22264
#: serverguide/C/dns.xml:322(para)
22265
msgid ""
22266
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22267
"on the Primary is larger than the one on the Secondary."
22268
msgstr ""
22269
22270
#: serverguide/C/dns.xml:328(para)
22271
msgid ""
22272
"The default directory for non-authoritative zone files is "
22273
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22274
"<application>AppArmor</application> to allow the "
22275
"<application>named</application> daemon to write to it. For more information "
22276
"on AppArmor see <xref linkend=\"apparmor\"/>."
22277
msgstr ""
22278
22279
#: serverguide/C/dns.xml:339(para)
22280
msgid ""
22281
"This section covers ways to help determine the cause when problems happen "
22282
"with DNS and <application>BIND9</application>."
22283
msgstr ""
22284
22285
#: serverguide/C/dns.xml:345(title)
22286
msgid "resolv.conf"
22287
msgstr ""
22288
22289
#: serverguide/C/dns.xml:346(para)
22290
msgid ""
22291
"The first step in testing <application>BIND9</application> is to add the "
22292
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22293
"be configured as well as another host to double check things. Simply edit "
22294
"<filename>/etc/resolv.conf</filename> and add the following:"
22295
msgstr ""
22296
22297
#: serverguide/C/dns.xml:351(programlisting)
22298
#, no-wrap
22299
msgid ""
22300
"\n"
22301
"nameserver\t192.168.1.10\n"
22302
"nameserver\t192.168.1.11\n"
22303
msgstr ""
22304
22305
#: serverguide/C/dns.xml:356(para)
22306
msgid ""
22307
"You should also add the IP Address of the Secondary nameserver in case the "
22308
"Primary becomes unavailable."
22309
msgstr ""
22310
22311
#: serverguide/C/dns.xml:362(title)
22312
msgid "dig"
22313
msgstr ""
22314
22315
#: serverguide/C/dns.xml:363(para)
22316
msgid ""
22317
"If you installed the <application>dnsutils</application> package you can "
22318
"test your setup using the DNS lookup utility <application>dig</application>:"
22319
msgstr ""
22320
22321
#: serverguide/C/dns.xml:369(para)
22322
msgid ""
22323
"After installing <application>BIND9</application> use "
22324
"<application>dig</application> against the loopback interface to make sure "
22325
"it is listening on port 53. From a terminal prompt:"
22326
msgstr ""
22327
22328
#: serverguide/C/dns.xml:374(command)
22329
msgid "dig -x 127.0.0.1"
22330
msgstr ""
22331
22332
#: serverguide/C/dns.xml:376(para)
22333
msgid "You should see lines similar to the following in the command output:"
22334
msgstr ""
22335
22336
#: serverguide/C/dns.xml:379(programlisting)
22337
#, no-wrap
22338
msgid ""
22339
"\n"
22340
";; Query time: 1 msec\n"
22341
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22342
msgstr ""
22343
22344
#: serverguide/C/dns.xml:385(para)
22345
msgid ""
22346
"If you have configured <application>BIND9</application> as a "
22347
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22348
"the query time:"
22349
msgstr ""
22350
22351
#: serverguide/C/dns.xml:390(command)
22352
msgid "dig ubuntu.com"
22353
msgstr ""
22354
22355
#: serverguide/C/dns.xml:392(para)
22356
msgid "Note the query time toward the end of the command output:"
22357
msgstr ""
22358
22359
#: serverguide/C/dns.xml:395(programlisting)
22360
#, no-wrap
22361
msgid ""
22362
"\n"
22363
";; Query time: 49 msec\n"
22364
msgstr ""
22365
22366
#: serverguide/C/dns.xml:398(para)
22367
msgid "After a second dig there should be improvement:"
22368
msgstr ""
22369
22370
#: serverguide/C/dns.xml:401(programlisting)
22371
#, no-wrap
22372
msgid ""
22373
"\n"
22374
";; Query time: 1 msec\n"
22375
msgstr ""
22376
22377
#: serverguide/C/dns.xml:408(title)
22378
msgid "ping"
22379
msgstr "ping"
22380
22381
#: serverguide/C/dns.xml:410(para)
22382
msgid ""
22383
"Now to demonstrate how applications make use of DNS to resolve a host name "
22384
"use the <application>ping</application> utility to send an ICMP echo "
22385
"request. From a terminal prompt enter:"
22386
msgstr ""
22387
22388
#: serverguide/C/dns.xml:416(command)
22389
msgid "ping example.com"
22390
msgstr ""
22391
22392
#: serverguide/C/dns.xml:418(para)
22393
msgid ""
22394
"This tests if the nameserver can resolve the name "
22395
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22396
"should resemble:"
22397
msgstr ""
22398
22399
#: serverguide/C/dns.xml:422(programlisting)
22400
#, no-wrap
22401
msgid ""
22402
"\n"
22403
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22404
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22405
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22406
msgstr ""
22407
22408
#: serverguide/C/dns.xml:429(title)
22409
msgid "named-checkzone"
22410
msgstr ""
22411
22412
#: serverguide/C/dns.xml:430(para)
22413
msgid ""
22414
"A great way to test your zone files is by using the <application>named-"
22415
"checkzone</application> utility installed with the "
22416
"<application>bind9</application> package. This utility allows you to make "
22417
"sure the configuration is correct before restarting "
22418
"<application>BIND9</application> and making the changes live."
22419
msgstr ""
22420
22421
#: serverguide/C/dns.xml:437(para)
22422
msgid ""
22423
"To test our example Forward zone file enter the following from a command "
22424
"prompt:"
22425
msgstr ""
22426
22427
#: serverguide/C/dns.xml:441(command)
22428
msgid "named-checkzone example.com /etc/bind/db.example.com"
22429
msgstr ""
22430
22431
#: serverguide/C/dns.xml:443(para)
22432
msgid ""
22433
"If everything is configured correctly you should see output similar to:"
22434
msgstr ""
22435
22436
#: serverguide/C/dns.xml:446(programlisting)
22437
#, no-wrap
22438
msgid ""
22439
"\n"
22440
"zone example.com/IN: loaded serial 6\n"
22441
"OK\n"
22442
msgstr ""
22443
22444
#: serverguide/C/dns.xml:452(para)
22445
msgid "Similarly, to test the Reverse zone file enter the following:"
22446
msgstr ""
22447
22448
#: serverguide/C/dns.xml:456(command)
22449
msgid "named-checkzone example.com /etc/bind/db.192"
22450
msgstr ""
22451
22452
#: serverguide/C/dns.xml:458(para)
22453
msgid "The output should be similar to:"
22454
msgstr ""
22455
22456
#: serverguide/C/dns.xml:461(programlisting)
22457
#, no-wrap
22458
msgid ""
22459
"\n"
22460
"zone example.com/IN: loaded serial 3\n"
22461
"OK\n"
22462
msgstr ""
22463
22464
#: serverguide/C/dns.xml:468(para)
22465
msgid ""
22466
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22467
"different."
22468
msgstr ""
22469
22470
#: serverguide/C/dns.xml:475(title)
22471
msgid "Logging"
22472
msgstr ""
22473
22474
#: serverguide/C/dns.xml:476(para)
22475
msgid ""
22476
"<application>BIND9</application> has a wide variety of logging configuration "
22477
"options available. There are two main options. The "
22478
"<emphasis>channel</emphasis> option configures where logs go, and the "
22479
"<emphasis>category</emphasis> option determines what information to log."
22480
msgstr ""
22481
22482
#: serverguide/C/dns.xml:480(para)
22483
msgid "If no logging option is configured the default option is:"
22484
msgstr ""
22485
22486
#: serverguide/C/dns.xml:483(programlisting)
22487
#, no-wrap
22488
msgid ""
22489
"\n"
22490
"logging {\n"
22491
" category default { default_syslog; default_debug; };\n"
22492
" category unmatched { null; };\n"
22493
"};\n"
22494
msgstr ""
22495
22496
#: serverguide/C/dns.xml:489(para)
22497
msgid ""
22498
"This section covers configuring <application>BIND9</application> to send "
22499
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22500
"file."
22501
msgstr ""
22502
22503
#: serverguide/C/dns.xml:494(para)
22504
msgid ""
22505
"First, we need to configure a channel to specify which file to send the "
22506
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22507
"the following:"
22508
msgstr ""
22509
22510
#: serverguide/C/dns.xml:498(programlisting)
22511
#, no-wrap
22512
msgid ""
22513
"\n"
22514
"logging {\n"
22515
" channel query.log { \n"
22516
" file \"/var/log/query.log\";\n"
22517
" severity debug 3; \n"
22518
" }; \n"
22519
"};\n"
22520
msgstr ""
22521
22522
#: serverguide/C/dns.xml:508(para)
22523
msgid "Next, configure a category to send all DNS queries to the query file:"
22524
msgstr ""
22525
22526
#: serverguide/C/dns.xml:511(programlisting)
22527
#, no-wrap
22528
msgid ""
22529
"\n"
22530
"logging {\n"
22531
" channel query.log { \n"
22532
" file \"/var/log/query.log\"; \n"
22533
" severity debug 3; \n"
22534
" }; \n"
22535
" <emphasis>category queries { query.log; };</emphasis> \n"
22536
"};\n"
22537
msgstr ""
22538
22539
#: serverguide/C/dns.xml:523(para)
22540
msgid ""
22541
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22542
"level isn't specified level 1 is the default."
22543
msgstr ""
22544
22545
#: serverguide/C/dns.xml:529(para)
22546
msgid ""
22547
"Since the <emphasis>named daemon</emphasis> runs as the "
22548
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22549
"file must be created and the ownership changed:"
22550
msgstr ""
22551
22552
#: serverguide/C/dns.xml:534(command)
22553
msgid "sudo touch /var/log/query.log"
22554
msgstr "sudo touch /var/log/query.log"
22555
22556
#: serverguide/C/dns.xml:535(command)
22557
msgid "sudo chown bind /var/log/query.log"
22558
msgstr "sudo chown bind /var/log/query.log"
22559
22560
#: serverguide/C/dns.xml:539(para)
22561
msgid ""
22562
"Before <application>named</application> daemon can write to the new log file "
22563
"the <application>AppArmor</application> profile must be updated. First, edit "
22564
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22565
msgstr ""
22566
22567
#: serverguide/C/dns.xml:543(programlisting)
22568
#, no-wrap
22569
msgid ""
22570
"\n"
22571
"/var/log/query.log w,\n"
22572
msgstr ""
22573
22574
#: serverguide/C/dns.xml:546(para)
22575
msgid "Next, reload the profile:"
22576
msgstr ""
22577
22578
#: serverguide/C/dns.xml:550(command)
22579
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22580
msgstr "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22581
22582
#: serverguide/C/dns.xml:552(para)
22583
msgid ""
22584
"For more information on <application>AppArmor</application> see <xref "
22585
"linkend=\"apparmor\"/>"
22586
msgstr ""
22587
22588
#: serverguide/C/dns.xml:557(para)
22589
msgid ""
22590
"Now restart <application>BIND9</application> for the changes to take effect:"
22591
msgstr ""
22592
22593
#: serverguide/C/dns.xml:565(para)
22594
msgid ""
22595
"You should see the file <filename>/var/log/query.log</filename> fill with "
22596
"query information. This is a simple example of the "
22597
"<application>BIND9</application> logging options. For coverage of advanced "
22598
"options see <xref linkend=\"dns-more-info\"/>."
22599
msgstr ""
22600
22601
#: serverguide/C/dns.xml:574(title)
22602
msgid "Common Record Types"
22603
msgstr ""
22604
22605
#: serverguide/C/dns.xml:575(para)
22606
msgid "This section covers some of the most common DNS record types."
22607
msgstr ""
22608
22609
#: serverguide/C/dns.xml:580(para)
22610
msgid ""
22611
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22612
msgstr ""
22613
22614
#: serverguide/C/dns.xml:583(programlisting)
22615
#, no-wrap
22616
msgid ""
22617
"\n"
22618
"www IN A 192.168.1.12\n"
22619
msgstr ""
22620
22621
#: serverguide/C/dns.xml:588(para)
22622
msgid ""
22623
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22624
"record. You cannot create a CNAME record pointing to another CNAME record."
22625
msgstr ""
22626
22627
#: serverguide/C/dns.xml:591(programlisting)
22628
#, no-wrap
22629
msgid ""
22630
"\n"
22631
"web IN CNAME www\n"
22632
msgstr ""
22633
22634
#: serverguide/C/dns.xml:596(para)
22635
msgid ""
22636
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22637
"to. Must point to an A record, not a CNAME."
22638
msgstr ""
22639
22640
#: serverguide/C/dns.xml:599(programlisting)
22641
#, no-wrap
22642
msgid ""
22643
"\n"
22644
" IN MX 1 mail.example.com.\n"
22645
"mail IN A 192.168.1.13\n"
22646
msgstr ""
22647
22648
#: serverguide/C/dns.xml:605(para)
22649
msgid ""
22650
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22651
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22652
"Secondary servers are defined."
22653
msgstr ""
22654
22655
#: serverguide/C/dns.xml:609(programlisting)
22656
#, no-wrap
22657
msgid ""
22658
"\n"
22659
" IN NS ns.example.com.\n"
22660
"\tIN NS ns2.example.com.\n"
22661
"ns IN A 192.168.1.10\n"
22662
"ns2\tIN A\t 192.168.1.11\n"
22663
msgstr ""
22664
22665
#: serverguide/C/dns.xml:622(para)
22666
msgid ""
22667
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22668
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22669
msgstr ""
22670
22671
#: serverguide/C/dns.xml:627(para)
22672
msgid ""
22673
"For in depth coverage of <emphasis>DNS</emphasis> and "
22674
"<application>BIND9</application> see <ulink "
22675
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22676
msgstr ""
22677
22678
#: serverguide/C/dns.xml:632(para)
22679
msgid ""
22680
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22681
"BIND</ulink> is a popular book now in it's fifth edition."
22682
msgstr ""
22683
22684
#: serverguide/C/dns.xml:637(para)
22685
msgid ""
22686
"A great place to ask for <application>BIND9</application> assistance, and "
22687
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22688
"server</emphasis> IRC channel on <ulink "
22689
"url=\"http://freenode.net\">freenode</ulink>."
22690
msgstr ""
22691
22692
#: serverguide/C/dns.xml:643(para)
22693
msgid ""
22694
"Also, see the <ulink "
22695
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22696
"HOWTO</ulink> in the Ubuntu Wiki."
22697
msgstr ""
22698
22699
#: serverguide/C/databases.xml:13(title)
22700
msgid "Databases"
22701
msgstr "Bases de dades"
22702
22703
#: serverguide/C/databases.xml:14(para)
22704
msgid "Ubuntu provides two popular database servers. They are:"
22705
msgstr ""
22706
22707
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22708
msgid "PostgreSQL"
22709
msgstr ""
22710
22711
#: serverguide/C/databases.xml:25(para)
22712
msgid ""
22713
"They are available in the main repository. This section explains how to "
22714
"install and configure these database servers."
22715
msgstr ""
22716
22717
#: serverguide/C/databases.xml:32(para)
22718
msgid ""
22719
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22720
"It is intended for mission-critical, heavy-load production systems as well "
22721
"as for embedding into mass-deployed software."
22722
msgstr ""
22723
22724
#: serverguide/C/databases.xml:41(para)
22725
msgid "To install MySQL, run the following command from a terminal prompt:"
22726
msgstr ""
22727
22728
#: serverguide/C/databases.xml:46(command)
22729
msgid "sudo apt-get install mysql-server"
22730
msgstr "sudo apt-get install mysql-server"
22731
22732
#: serverguide/C/databases.xml:48(para)
22733
msgid ""
22734
"During the installation process you will be prompted to enter a password for "
22735
"the <application>MySQL</application> root user."
22736
msgstr ""
22737
22738
#: serverguide/C/databases.xml:53(para)
22739
msgid ""
22740
"Once the installation is complete, the MySQL server should be started "
22741
"automatically. You can run the following command from a terminal prompt to "
22742
"check whether the MySQL server is running:"
22743
msgstr ""
22744
22745
#: serverguide/C/databases.xml:61(command)
22746
msgid "sudo netstat -tap | grep mysql"
22747
msgstr "sudo netstat -tap | grep mysql"
22748
22749
#: serverguide/C/databases.xml:70(programlisting)
22750
#, no-wrap
22751
msgid ""
22752
"\n"
22753
"tcp 0 0 localhost:mysql *:* LISTEN "
22754
" 2556/mysqld\n"
22755
msgstr ""
22756
22757
#: serverguide/C/databases.xml:74(para)
22758
msgid ""
22759
"If the server is not running correctly, you can type the following command "
22760
"to start it:"
22761
msgstr ""
22762
22763
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22764
msgid "sudo /etc/init.d/mysql restart"
22765
msgstr "sudo /etc/init.d/mysql restart"
22766
22767
#: serverguide/C/databases.xml:85(para)
22768
msgid ""
22769
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22770
"the basic settings -- log file, port number, etc. For example, to configure "
22771
"<application>MySQL</application> to listen for connections from network "
22772
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22773
"server's IP address:"
22774
msgstr ""
22775
22776
#: serverguide/C/databases.xml:91(programlisting)
22777
#, no-wrap
22778
msgid ""
22779
"\n"
22780
"bind-address = 192.168.0.5\n"
22781
msgstr ""
22782
22783
#: serverguide/C/databases.xml:95(para)
22784
msgid "Replace 192.168.0.5 with the appropriate address."
22785
msgstr ""
22786
22787
#: serverguide/C/databases.xml:99(para)
22788
msgid ""
22789
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22790
"<application>mysql</application> daemon will need to be restarted:"
22791
msgstr ""
22792
22793
#: serverguide/C/databases.xml:107(para)
22794
msgid ""
22795
"If you would like to change the "
22796
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22797
"terminal enter:"
22798
msgstr ""
22799
22800
#: serverguide/C/databases.xml:113(command)
22801
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22802
msgstr ""
22803
22804
#: serverguide/C/databases.xml:116(para)
22805
msgid ""
22806
"The <application>mysql</application> daemon will be stopped, and you will be "
22807
"prompted to enter a new password."
22808
msgstr ""
22809
22810
#: serverguide/C/databases.xml:125(para)
22811
msgid ""
22812
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22813
"more information."
22814
msgstr ""
22815
22816
#: serverguide/C/databases.xml:130(para)
22817
msgid ""
22818
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22819
"<application>mysql-doc-5.0</application> package. To install the package "
22820
"enter the following in a terminal:"
22821
msgstr ""
22822
22823
#: serverguide/C/databases.xml:135(command)
22824
msgid "sudo apt-get install mysql-doc-5.0"
22825
msgstr "sudo apt-get install mysql-doc-5.0"
22826
22827
#: serverguide/C/databases.xml:137(para)
22828
msgid ""
22829
"The documentation is in HTML format, to view them enter "
22830
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22831
"chapter/index.html</command> in your browser's address bar."
22832
msgstr ""
22833
22834
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22835
msgid ""
22836
"For general SQL information see <ulink "
22837
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22838
"Special Edition</ulink> by Rafe Colburn."
22839
msgstr ""
22840
22841
#: serverguide/C/databases.xml:149(para)
22842
msgid ""
22843
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22844
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22845
msgstr ""
22846
22847
#: serverguide/C/databases.xml:158(para)
22848
msgid ""
22849
"PostgreSQL is an object-relational database system that has the features of "
22850
"traditional commercial database systems with enhancements to be found in "
22851
"next-generation DBMS systems."
22852
msgstr ""
22853
22854
#: serverguide/C/databases.xml:165(para)
22855
msgid ""
22856
"To install PostgreSQL, run the following command in the command prompt:"
22857
msgstr ""
22858
22859
#: serverguide/C/databases.xml:172(command)
22860
msgid "sudo apt-get install postgresql"
22861
msgstr "sudo apt-get install postgresql"
22862
22863
#: serverguide/C/databases.xml:176(para)
22864
msgid ""
22865
"Once the installation is complete, you should configure the PostgreSQL "
22866
"server based on your needs, although the default configuration is viable."
22867
msgstr ""
22868
22869
#: serverguide/C/databases.xml:184(para)
22870
msgid ""
22871
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22872
"client authentication methods. By default, IDENT authentication method is "
22873
"used for <application>postgres</application> and local users. Please refer "
22874
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22875
"PostgreSQL Administrator's Guide</ulink>."
22876
msgstr ""
22877
22878
#: serverguide/C/databases.xml:191(para)
22879
msgid ""
22880
"The following discussion assumes that you wish to enable TCP/IP connections "
22881
"and use the MD5 method for client authentication. PostgreSQL configuration "
22882
"files are stored in the "
22883
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22884
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22885
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22886
msgstr ""
22887
22888
#: serverguide/C/databases.xml:201(para)
22889
msgid ""
22890
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22891
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22892
msgstr ""
22893
22894
#: serverguide/C/databases.xml:208(para)
22895
msgid ""
22896
"To enable TCP/IP connections, edit the file "
22897
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22898
msgstr ""
22899
22900
#: serverguide/C/databases.xml:210(para)
22901
msgid ""
22902
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22903
"change it to:"
22904
msgstr ""
22905
22906
#: serverguide/C/databases.xml:213(programlisting)
22907
#, no-wrap
22908
msgid ""
22909
"\n"
22910
"listen_addresses = 'localhost'\n"
22911
msgstr ""
22912
22913
#: serverguide/C/databases.xml:217(para)
22914
msgid ""
22915
"To allow other computers to connect to your "
22916
"<application>PostgreSQL</application> server replace 'localhost' with the "
22917
"<emphasis>IP Address</emphasis> of your server."
22918
msgstr ""
22919
22920
#: serverguide/C/databases.xml:222(para)
22921
msgid ""
22922
"You may also edit all other parameters, if you know what you are doing! For "
22923
"details, refer to the configuration file or to the PostgreSQL documentation."
22924
msgstr ""
22925
22926
#: serverguide/C/databases.xml:227(para)
22927
msgid ""
22928
"Now that we can connect to our <application>PostgreSQL</application> server, "
22929
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22930
"user. Run the following command at a terminal prompt to connect to the "
22931
"default PostgreSQL template database:"
22932
msgstr ""
22933
22934
#: serverguide/C/databases.xml:234(command)
22935
msgid "sudo -u postgres psql template1"
22936
msgstr "sudo -u postgres psql template1"
22937
22938
#: serverguide/C/databases.xml:236(para)
22939
msgid ""
22940
"The above command connects to PostgreSQL database "
22941
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22942
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22943
"run the following SQL command at the <application>psql</application> prompt "
22944
"to configure the password for the user <emphasis "
22945
"role=\"italics\">postgres</emphasis>."
22946
msgstr ""
22947
22948
#: serverguide/C/databases.xml:244(command)
22949
msgid "ALTER USER postgres with encrypted password 'your_password';"
22950
msgstr ""
22951
22952
#: serverguide/C/databases.xml:246(para)
22953
msgid ""
22954
"After configuring the password, edit the file "
22955
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22956
"<emphasis>MD5</emphasis> authentication with the "
22957
"<emphasis>postgres</emphasis> user:"
22958
msgstr ""
22959
22960
#: serverguide/C/databases.xml:252(programlisting)
22961
#, no-wrap
22962
msgid ""
22963
"\n"
22964
"local all postgres md5\n"
22965
msgstr ""
22966
22967
#: serverguide/C/databases.xml:256(para)
22968
msgid ""
22969
"Finally, you should restart the <application>PostgreSQL</application> "
22970
"service to initialize the new configuration. From a terminal prompt enter "
22971
"the following to restart <application>PostgreSQL</application>:"
22972
msgstr ""
22973
22974
#: serverguide/C/databases.xml:262(command)
22975
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22976
msgstr "sudo /etc/init.d/postgresql-8.4 restart"
22977
22978
#: serverguide/C/databases.xml:265(para)
22979
msgid ""
22980
"The above configuration is not complete by any means. Please refer <ulink "
22981
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22982
"Administrator's Guide</ulink> to configure more parameters."
22983
msgstr ""
22984
22985
#: serverguide/C/databases.xml:276(para)
22986
msgid ""
22987
"As mentioned above the <ulink "
22988
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22989
"Guide</ulink> is an excellent resource. The guide is also available in the "
22990
"<application>postgresql-doc-8.4</application> package. Execute the following "
22991
"in a terminal to install the package:"
22992
msgstr ""
22993
22994
#: serverguide/C/databases.xml:282(command)
22995
msgid "sudo apt-get install postgresql-doc-8.4"
22996
msgstr "sudo apt-get install postgresql-doc-8.4"
22997
22998
#: serverguide/C/databases.xml:284(para)
22999
msgid ""
23000
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23001
"8.4/html/index.html</command> into the address bar of your browser."
23002
msgstr ""
23003
23004
#: serverguide/C/databases.xml:296(para)
23005
msgid ""
23006
"Also, see the <ulink "
23007
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23008
"Wiki</ulink> page for more information."
23009
msgstr ""
23010
23011
#: serverguide/C/clustering.xml:13(title)
23012
msgid "Clustering"
23013
msgstr "Clusterització"
23014
23015
#: serverguide/C/clustering.xml:16(title)
23016
msgid "DRBD"
23017
msgstr "DRBD"
23018
23019
#: serverguide/C/clustering.xml:18(para)
23020
msgid ""
23021
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
23022
"multiple hosts. The replication is transparent to other applications on the "
23023
"host systems. Any block device hard disks, partitions, RAID devices, logical "
23024
"volumes, etc can be mirrored."
23025
msgstr ""
23026
23027
#: serverguide/C/clustering.xml:24(para)
23028
msgid ""
23029
"To get started using <application>drbd</application>, first install the "
23030
"necessary packages. From a terminal enter:"
23031
msgstr ""
23032
23033
#: serverguide/C/clustering.xml:29(command)
23034
msgid "sudo apt-get install drbd8-utils"
23035
msgstr "sudo apt-get install drbd8-utils"
23036
23037
#: serverguide/C/clustering.xml:33(para)
23038
msgid ""
23039
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
23040
"virtual machine you will need to manually compile the "
23041
"<application>drbd</application> module. It may be easier to install the "
23042
"<application>linux-server</application> package inside the virtual machine."
23043
msgstr ""
23044
23045
#: serverguide/C/clustering.xml:40(para)
23046
msgid ""
23047
"This section covers setting up a <application>drbd</application> to "
23048
"replicate a separate <filename>/srv</filename> partition, with an "
23049
"<application>ext3</application> filesystem between two hosts. The partition "
23050
"size is not particularly relevant, but both partitions need to be the same "
23051
"size."
23052
msgstr ""
23053
23054
#: serverguide/C/clustering.xml:49(para)
23055
msgid ""
23056
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
23057
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
23058
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
23059
"See <xref linkend=\"dns\"/> for details."
23060
msgstr ""
23061
23062
#: serverguide/C/clustering.xml:57(para)
23063
msgid ""
23064
"To configure <application>drbd</application>, on the first host edit "
23065
"<filename>/etc/drbd.conf</filename>:"
23066
msgstr ""
23067
23068
#: serverguide/C/clustering.xml:61(programlisting)
23069
#, no-wrap
23070
msgid ""
23071
"\n"
23072
"global { usage-count no; }\n"
23073
"common { syncer { rate 100M; } }\n"
23074
"resource r0 {\n"
23075
" protocol C;\n"
23076
" startup {\n"
23077
" wfc-timeout 15;\n"
23078
" degr-wfc-timeout 60;\n"
23079
" }\n"
23080
" net {\n"
23081
" cram-hmac-alg sha1;\n"
23082
" shared-secret \"secret\";\n"
23083
" }\n"
23084
" on drbd01 {\n"
23085
" device /dev/drbd0;\n"
23086
" disk /dev/sdb1;\n"
23087
" address 192.168.0.1:7788;\n"
23088
" meta-disk internal;\n"
23089
" }\n"
23090
" on drbd02 {\n"
23091
" device /dev/drbd0;\n"
23092
" disk /dev/sdb1;\n"
23093
" address 192.168.0.2:7788;\n"
23094
" meta-disk internal;\n"
23095
" }\n"
23096
"} \n"
23097
msgstr ""
23098
"\n"
23099
"global { usage-count no; }\n"
23100
"common { syncer { rate 100M; } }\n"
23101
"resource r0 {\n"
23102
" protocol C;\n"
23103
" startup {\n"
23104
" wfc-timeout 15;\n"
23105
" degr-wfc-timeout 60;\n"
23106
" }\n"
23107
" net {\n"
23108
" cram-hmac-alg sha1;\n"
23109
" shared-secret \"secret\";\n"
23110
" }\n"
23111
" on drbd01 {\n"
23112
" device /dev/drbd0;\n"
23113
" disk /dev/sdb1;\n"
23114
" address 192.168.0.1:7788;\n"
23115
" meta-disk internal;\n"
23116
" }\n"
23117
" on drbd02 {\n"
23118
" device /dev/drbd0;\n"
23119
" disk /dev/sdb1;\n"
23120
" address 192.168.0.2:7788;\n"
23121
" meta-disk internal;\n"
23122
" }\n"
23123
"} \n"
23124
23125
#: serverguide/C/clustering.xml:90(para)
23126
msgid ""
23127
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
23128
"this example their default values are fine."
23129
msgstr ""
23130
"Hi ha moltes altres opcions al fitxer <filename>/etc/drbd.conf</filename>, "
23131
"però per a aquest exemple ja n'hi ha prou amb els seus valors per defecte."
23132
23133
#: serverguide/C/clustering.xml:98(para)
23134
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
23135
msgstr ""
23136
23137
#: serverguide/C/clustering.xml:103(command)
23138
msgid "scp /etc/drbd.conf drbd02:~"
23139
msgstr "scp /etc/drbd.conf drbd02:~"
23140
23141
#: serverguide/C/clustering.xml:109(para)
23142
msgid ""
23143
"And, on <emphasis>drbd02</emphasis> move the file to "
23144
"<filename>/etc</filename>:"
23145
msgstr ""
23146
23147
#: serverguide/C/clustering.xml:114(command)
23148
msgid "sudo mv drbd.conf /etc/"
23149
msgstr "sudo mv drbd.conf /etc/"
23150
23151
#: serverguide/C/clustering.xml:120(para)
23152
msgid ""
23153
"Next, on both hosts, start the <application>drbd</application> daemon:"
23154
msgstr ""
23155
23156
#: serverguide/C/clustering.xml:125(command)
23157
msgid "sudo /etc/init.d/drbd start"
23158
msgstr "sudo /etc/init.d/drbd start"
23159
23160
#: serverguide/C/clustering.xml:131(para)
23161
msgid ""
23162
"Now using the <application>drbdadm</application> utility initialize the meta "
23163
"data storage. On each server execute:"
23164
msgstr ""
23165
23166
#: serverguide/C/clustering.xml:137(command)
23167
msgid "sudo drbdadm create-md r0"
23168
msgstr "sudo drbdadm create-md r0"
23169
23170
#: serverguide/C/clustering.xml:143(para)
23171
msgid ""
23172
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
23173
"primary, enter the following:"
23174
msgstr ""
23175
23176
#: serverguide/C/clustering.xml:148(command)
23177
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
23178
msgstr "sudo drbdadm -- --overwrite-data-of-peer primary all"
23179
23180
#: serverguide/C/clustering.xml:154(para)
23181
msgid ""
23182
"After executing the above command, the data will start syncing with the "
23183
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
23184
"the following:"
23185
msgstr ""
23186
23187
#: serverguide/C/clustering.xml:160(command)
23188
msgid "watch -n1 cat /proc/drbd"
23189
msgstr "watch -n1 cat /proc/drbd"
23190
23191
#: serverguide/C/clustering.xml:163(para)
23192
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
23193
msgstr ""
23194
23195
#: serverguide/C/clustering.xml:170(para)
23196
msgid ""
23197
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
23198
msgstr ""
23199
23200
#: serverguide/C/clustering.xml:175(command)
23201
msgid "sudo mkfs.ext3 /dev/drbd0"
23202
msgstr "sudo mkfs.ext3 /dev/drbd0"
23203
23204
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
23205
msgid "sudo mount /dev/drbd0 /srv"
23206
msgstr "sudo mount /dev/drbd0 /srv"
23207
23208
#: serverguide/C/clustering.xml:186(para)
23209
msgid ""
23210
"To test that the data is actually syncing between the hosts copy some files "
23211
"on the <emphasis>drbd01</emphasis>, the primary, to "
23212
"<filename>/srv</filename>:"
23213
msgstr ""
23214
23215
#: serverguide/C/clustering.xml:195(para)
23216
msgid "Next, unmount <filename>/srv</filename>:"
23217
msgstr ""
23218
23219
#: serverguide/C/clustering.xml:203(para)
23220
msgid ""
23221
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
23222
"<emphasis>secondary</emphasis> role:"
23223
msgstr ""
23224
23225
#: serverguide/C/clustering.xml:208(command)
23226
msgid "sudo drbdadm secondary r0"
23227
msgstr "sudo drbdadm secondary r0"
23228
23229
#: serverguide/C/clustering.xml:211(para)
23230
msgid ""
23231
"Now on the <emphasis>secondary</emphasis> server "
23232
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
23233
msgstr ""
23234
23235
#: serverguide/C/clustering.xml:216(command)
23236
msgid "sudo drbdadm primary r0"
23237
msgstr "sudo drbdadm primary r0"
23238
23239
#: serverguide/C/clustering.xml:219(para)
23240
msgid "Lastly, mount the partition:"
23241
msgstr ""
23242
23243
#: serverguide/C/clustering.xml:227(para)
23244
msgid ""
23245
"Using <emphasis>ls</emphasis> you should see "
23246
"<filename>/srv/default</filename> copied from the former "
23247
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
23248
msgstr ""
23249
23250
#: serverguide/C/clustering.xml:238(para)
23251
msgid ""
23252
"For more information on <application>DRBD</application> see the <ulink "
23253
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
23254
msgstr ""
23255
23256
#: serverguide/C/clustering.xml:243(para)
23257
msgid ""
23258
"The <ulink "
23259
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
23260
">drbd.conf man page</ulink> contains details on the options not covered in "
23261
"this guide."
23262
msgstr ""
23263
23264
#: serverguide/C/clustering.xml:249(para)
23265
msgid ""
23266
"Also, see the <ulink "
23267
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
23268
"rbdadm man page</ulink>."
23269
msgstr ""
23270
23271
#: serverguide/C/clustering.xml:254(para)
23272
msgid ""
23273
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23274
"Wiki</ulink> page also has more information."
23275
msgstr ""
23276
23277
#: serverguide/C/chat.xml:13(title)
23278
msgid "Chat Applications"
23279
msgstr "Aplicacions de xat"
23280
23281
#: serverguide/C/chat.xml:19(para)
23282
msgid ""
23283
"In this section, we will discuss how to install and configure a IRC server, "
23284
"<application>ircd-irc2</application>. We will also discuss how to install "
23285
"and configure Jabber, an instance messaging server."
23286
msgstr ""
23287
23288
#: serverguide/C/chat.xml:28(title)
23289
msgid "IRC Server"
23290
msgstr ""
23291
23292
#: serverguide/C/chat.xml:30(para)
23293
msgid ""
23294
"The Ubuntu repository has many Internet Relay Chat servers. This section "
23295
"explains how to install and configure the original IRC server "
23296
"<application>ircd-irc2</application>."
23297
msgstr ""
23298
23299
#: serverguide/C/chat.xml:39(para)
23300
msgid ""
23301
"To install <application>ircd-irc2</application>, run the following command "
23302
"in the command prompt:"
23303
msgstr ""
23304
23305
#: serverguide/C/chat.xml:45(command)
23306
msgid "sudo apt-get install ircd-irc2"
23307
msgstr "sudo apt-get install ircd-irc2"
23308
23309
#: serverguide/C/chat.xml:48(para)
23310
msgid ""
23311
"The configuration files are stored in <filename>/etc/ircd</filename> "
23312
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
23313
"irc2</filename> directory."
23314
msgstr ""
23315
23316
#: serverguide/C/chat.xml:59(para)
23317
msgid ""
23318
"The IRC settings can be done in the configuration file "
23319
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23320
"this file by editing the following line:"
23321
msgstr ""
23322
23323
#: serverguide/C/chat.xml:64(programlisting)
23324
#, no-wrap
23325
msgid ""
23326
"\n"
23327
"M:irc.localhost::Debian ircd default configuration::000A\n"
23328
msgstr ""
23329
23330
#: serverguide/C/chat.xml:68(para)
23331
msgid ""
23332
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23333
"you set irc.livecipher.com as IRC host name, please make sure "
23334
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23335
"name should not be same as the host name."
23336
msgstr ""
23337
23338
#: serverguide/C/chat.xml:75(para)
23339
msgid ""
23340
"The IRC admin details can be configured by editing the following line:"
23341
msgstr ""
23342
23343
#: serverguide/C/chat.xml:80(programlisting)
23344
#, no-wrap
23345
msgid ""
23346
"\n"
23347
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23348
"Server::IRCnet:\n"
23349
msgstr ""
23350
23351
#: serverguide/C/chat.xml:84(para)
23352
msgid ""
23353
"You should add specific lines to configure the list of IRC ports to listen "
23354
"on, to configure Operator credentials, to configure client authentication, "
23355
"etc. For details, please refer to the example configuration file "
23356
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23357
msgstr ""
23358
23359
#: serverguide/C/chat.xml:92(para)
23360
msgid ""
23361
"The IRC banner to be displayed in the IRC client, when the user connects to "
23362
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23363
msgstr ""
23364
23365
#: serverguide/C/chat.xml:97(para)
23366
msgid ""
23367
"After making necessary changes to the configuration file, you can restart "
23368
"the IRC server using following command:"
23369
msgstr ""
23370
23371
#: serverguide/C/chat.xml:101(programlisting)
23372
#, no-wrap
23373
msgid ""
23374
"\n"
23375
"sudo /etc/init.d/ircd-irc2 restart\n"
23376
msgstr ""
23377
"\n"
23378
"sudo /etc/init.d/ircd-irc2 restart\n"
23379
23380
#: serverguide/C/chat.xml:109(para)
23381
msgid ""
23382
"You may also be interested to take a look at other IRC servers available in "
23383
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23384
"<application>ircd-hybrid</application>."
23385
msgstr ""
23386
23387
#: serverguide/C/chat.xml:117(para)
23388
msgid ""
23389
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23390
"FAQ</ulink> for more details about the IRC Server."
23391
msgstr ""
23392
23393
#: serverguide/C/chat.xml:124(para)
23394
msgid ""
23395
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23396
"IRCD</ulink> page has more information."
23397
msgstr ""
23398
23399
#: serverguide/C/chat.xml:132(title)
23400
msgid "Jabber Instant Messaging Server"
23401
msgstr ""
23402
23403
#: serverguide/C/chat.xml:134(para)
23404
msgid ""
23405
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23406
"XMPP, an open standard for instant messaging, and used by many popular "
23407
"applications. This section covers setting up a <emphasis>Jabberd "
23408
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23409
"to providing messaging services to users over the Internet."
23410
msgstr ""
23411
23412
#: serverguide/C/chat.xml:143(para)
23413
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23414
msgstr ""
23415
23416
#: serverguide/C/chat.xml:148(command)
23417
msgid "sudo apt-get install jabberd2"
23418
msgstr "sudo apt-get install jabberd2"
23419
23420
#: serverguide/C/chat.xml:155(para)
23421
msgid ""
23422
"A couple of XML configuration files will be used to configure "
23423
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23424
"authentication. This is a very simple form of authentication. However, "
23425
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23426
"Postgresql, etc for for user authentication."
23427
msgstr ""
23428
23429
#: serverguide/C/chat.xml:162(para)
23430
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23431
msgstr ""
23432
23433
#: serverguide/C/chat.xml:166(programlisting)
23434
#, no-wrap
23435
msgid ""
23436
"\n"
23437
" <id>jabber.example.com</id>\n"
23438
msgstr ""
23439
23440
#: serverguide/C/chat.xml:171(para)
23441
msgid ""
23442
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23443
"id, of your server."
23444
msgstr ""
23445
23446
#: serverguide/C/chat.xml:176(para)
23447
msgid "Now in the <storage> section change the <driver> to:"
23448
msgstr ""
23449
23450
#: serverguide/C/chat.xml:180(programlisting)
23451
#, no-wrap
23452
msgid ""
23453
"\n"
23454
" <driver>db</driver>\n"
23455
msgstr ""
23456
23457
#: serverguide/C/chat.xml:184(para)
23458
msgid ""
23459
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23460
"<emphasis><local></emphasis> section change:"
23461
msgstr ""
23462
23463
#: serverguide/C/chat.xml:188(programlisting)
23464
#, no-wrap
23465
msgid ""
23466
"\n"
23467
" <id>jabber.example.com</id>\n"
23468
msgstr ""
23469
23470
#: serverguide/C/chat.xml:192(para)
23471
msgid ""
23472
"And in the <authreg> section adjust the <module> section to:"
23473
msgstr ""
23474
23475
#: serverguide/C/chat.xml:196(programlisting)
23476
#, no-wrap
23477
msgid ""
23478
"\n"
23479
" <module>db</module>\n"
23480
msgstr ""
23481
23482
#: serverguide/C/chat.xml:200(para)
23483
msgid ""
23484
"Finally, restart <application>jabberd2</application> to enable the new "
23485
"settings:"
23486
msgstr ""
23487
23488
#: serverguide/C/chat.xml:205(command)
23489
msgid "sudo /etc/init.d/jabberd2 restart"
23490
msgstr "sudo /etc/init.d/jabberd2 restart"
23491
23492
#: serverguide/C/chat.xml:208(para)
23493
msgid ""
23494
"You should now be able to connect to the server using a Jabber client like "
23495
"<application>Pidgin</application> for example."
23496
msgstr ""
23497
23498
#: serverguide/C/chat.xml:213(para)
23499
msgid ""
23500
"The advantage of using Berkeley DB for user data is that after being "
23501
"configured no additional maintenance is required. If you need more control "
23502
"over user accounts and credentials another authentication method is "
23503
"recommended."
23504
msgstr ""
23505
23506
#: serverguide/C/chat.xml:225(para)
23507
msgid ""
23508
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23509
"Site</ulink> contains more details on configuring "
23510
"<application>Jabberd2</application>."
23511
msgstr ""
23512
23513
#: serverguide/C/chat.xml:231(para)
23514
msgid ""
23515
"For more authentication options see the <ulink "
23516
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23517
"Guide</ulink>."
23518
msgstr ""
23519
23520
#: serverguide/C/chat.xml:236(para)
23521
msgid ""
23522
"Also, the <ulink "
23523
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23524
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23525
msgstr ""
23526
23527
#: serverguide/C/backups.xml:13(title)
23528
msgid "Backups"
23529
msgstr "Còpies de seguretat"
23530
23531
#: serverguide/C/backups.xml:14(para)
23532
msgid ""
23533
"There are many ways to backup an Ubuntu installation. The most important "
23534
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23535
"consisting of what to backup, where to back it up to, and how to restore it."
23536
msgstr ""
23537
23538
#: serverguide/C/backups.xml:18(para)
23539
msgid ""
23540
"The following sections discuss various ways of accomplishing these tasks."
23541
msgstr ""
23542
23543
#: serverguide/C/backups.xml:22(title)
23544
msgid "Shell Scripts"
23545
msgstr ""
23546
23547
#: serverguide/C/backups.xml:23(para)
23548
msgid ""
23549
"One of the simplest ways to backup a system is using a <emphasis>shell "
23550
"script</emphasis>. For example, a script can be used to configure which "
23551
"directories to backup, and use those directories as arguments to the "
23552
"<application>tar</application> utility creating an archive file. The archive "
23553
"file can then be moved or copied to another location. The archive can also "
23554
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23555
msgstr ""
23556
23557
#: serverguide/C/backups.xml:29(para)
23558
msgid ""
23559
"The <application>tar</application> utility creates one archive file out of "
23560
"many files or directories. <application>tar</application> can also filter "
23561
"the files through compression utilities reducing the size of the archive "
23562
"file."
23563
msgstr ""
23564
23565
#: serverguide/C/backups.xml:35(title)
23566
msgid "Simple Shell Script"
23567
msgstr ""
23568
23569
#: serverguide/C/backups.xml:36(para)
23570
msgid ""
23571
"The following shell script uses <application>tar</application> to create an "
23572
"archive file on a remotely mounted NFS file system. The archive filename is "
23573
"determined using additional command line utilities."
23574
msgstr ""
23575
23576
#: serverguide/C/backups.xml:40(programlisting)
23577
#, no-wrap
23578
msgid ""
23579
"\n"
23580
"#!/bin/sh\n"
23581
"####################################\n"
23582
"#\n"
23583
"# Backup to NFS mount script.\n"
23584
"#\n"
23585
"####################################\n"
23586
"\n"
23587
"# What to backup. \n"
23588
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23589
"\n"
23590
"# Where to backup to.\n"
23591
"dest=\"/mnt/backup\"\n"
23592
"\n"
23593
"# Create archive filename.\n"
23594
"day=$(date +%A)\n"
23595
"hostname=$(hostname -s)\n"
23596
"archive_file=\"$hostname-$day.tgz\"\n"
23597
"\n"
23598
"# Print start status message.\n"
23599
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23600
"date\n"
23601
"echo\n"
23602
"\n"
23603
"# Backup the files using tar.\n"
23604
"tar czf $dest/$archive_file $backup_files\n"
23605
"\n"
23606
"# Print end status message.\n"
23607
"echo\n"
23608
"echo \"Backup finished\"\n"
23609
"date\n"
23610
"\n"
23611
"# Long listing of files in $dest to check file sizes.\n"
23612
"ls -lh $dest\n"
23613
msgstr ""
23614
23615
#: serverguide/C/backups.xml:77(para)
23616
msgid ""
23617
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23618
"would like to backup. The list should be customized to fit your needs."
23619
msgstr ""
23620
23621
#: serverguide/C/backups.xml:83(para)
23622
msgid ""
23623
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23624
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23625
"day of the week, giving a backup history of seven days. There are other ways "
23626
"to accomplish this including other ways using the "
23627
"<application>date</application> utility."
23628
msgstr ""
23629
23630
#: serverguide/C/backups.xml:90(para)
23631
msgid ""
23632
"<emphasis>$hostname:</emphasis> variable containing the "
23633
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23634
"archive filename gives you the option of placing daily archive files from "
23635
"multiple systems in the same directory."
23636
msgstr ""
23637
23638
#: serverguide/C/backups.xml:97(para)
23639
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23640
msgstr ""
23641
23642
#: serverguide/C/backups.xml:102(para)
23643
msgid ""
23644
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23645
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23646
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23647
"details using <emphasis>NFS</emphasis>."
23648
msgstr ""
23649
23650
#: serverguide/C/backups.xml:109(para)
23651
msgid ""
23652
"<emphasis>status messages:</emphasis> optional messages printed to the "
23653
"console using the <application>echo</application> utility."
23654
msgstr ""
23655
23656
#: serverguide/C/backups.xml:115(para)
23657
msgid ""
23658
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23659
"<application>tar</application> command used to create the archive file."
23660
msgstr ""
23661
23662
#: serverguide/C/backups.xml:121(para)
23663
msgid "<emphasis>c:</emphasis> creates an archive."
23664
msgstr ""
23665
23666
#: serverguide/C/backups.xml:126(para)
23667
msgid ""
23668
"<emphasis>z:</emphasis> filter the archive through the "
23669
"<application>gzip</application> utility compressing the archive."
23670
msgstr ""
23671
23672
#: serverguide/C/backups.xml:131(para)
23673
msgid ""
23674
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23675
"<application>tar</application> output will be sent to STDOUT."
23676
msgstr ""
23677
23678
#: serverguide/C/backups.xml:138(para)
23679
msgid ""
23680
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23681
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23682
"of the destination directory. This is useful for a quick file size check of "
23683
"the archive file. This check should not replace testing the archive file."
23684
msgstr ""
23685
23686
#: serverguide/C/backups.xml:145(para)
23687
msgid ""
23688
"This is a simple example of a backup shell script. There are large amount of "
23689
"options that can be included in a backup script. See <xref linkend=\"backup-"
23690
"shellscript-references\"/> for links to resources providing more in depth "
23691
"shell scripting information."
23692
msgstr ""
23693
23694
#: serverguide/C/backups.xml:152(title)
23695
msgid "Executing the Script"
23696
msgstr ""
23697
23698
#: serverguide/C/backups.xml:154(title)
23699
msgid "Executing from a Terminal"
23700
msgstr ""
23701
23702
#: serverguide/C/backups.xml:155(para)
23703
msgid ""
23704
"The simplest way of executing the above backup script is to copy and paste "
23705
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23706
"from a terminal prompt:"
23707
msgstr ""
23708
23709
#: serverguide/C/backups.xml:160(command)
23710
msgid "sudo bash backup.sh"
23711
msgstr "sudo bash backup.sh"
23712
23713
#: serverguide/C/backups.xml:162(para)
23714
msgid ""
23715
"This is a great way to test the script to make sure everything works as "
23716
"expected."
23717
msgstr ""
23718
23719
#: serverguide/C/backups.xml:167(title)
23720
msgid "Executing with cron"
23721
msgstr ""
23722
23723
#: serverguide/C/backups.xml:168(para)
23724
msgid ""
23725
"The <application>cron</application> utility can be used to automate the "
23726
"script execution. The <application>cron</application> daemon allows the "
23727
"execution of scripts, or commands, at a specified time and date."
23728
msgstr ""
23729
23730
#: serverguide/C/backups.xml:172(para)
23731
msgid ""
23732
"<application>cron</application> is configured through entries in a "
23733
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23734
"separated into fields:"
23735
msgstr ""
23736
23737
#: serverguide/C/backups.xml:176(programlisting)
23738
#, no-wrap
23739
msgid ""
23740
"\n"
23741
"# m h dom mon dow command\n"
23742
msgstr ""
23743
23744
#: serverguide/C/backups.xml:181(para)
23745
msgid ""
23746
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23747
msgstr ""
23748
23749
#: serverguide/C/backups.xml:186(para)
23750
msgid ""
23751
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23752
msgstr ""
23753
23754
#: serverguide/C/backups.xml:191(para)
23755
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23756
msgstr ""
23757
23758
#: serverguide/C/backups.xml:196(para)
23759
msgid ""
23760
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23761
msgstr ""
23762
23763
#: serverguide/C/backups.xml:201(para)
23764
msgid ""
23765
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23766
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23767
"valid."
23768
msgstr ""
23769
23770
#: serverguide/C/backups.xml:206(para)
23771
msgid "<emphasis>command:</emphasis> the command to execute."
23772
msgstr ""
23773
23774
#: serverguide/C/backups.xml:211(para)
23775
msgid ""
23776
"To add or change entries in a <filename>crontab</filename> file the "
23777
"<application>crontab -e</application> command should be used. Also, the "
23778
"contents of a <filename>crontab</filename> file can be viewed using the "
23779
"<application>crontab -l</application> command."
23780
msgstr ""
23781
23782
#: serverguide/C/backups.xml:215(para)
23783
msgid ""
23784
"To execute the <application>backup.sh</application> script listed above "
23785
"using <application>cron</application>. Enter the following from a terminal "
23786
"prompt:"
23787
msgstr ""
23788
23789
#: serverguide/C/backups.xml:220(command)
23790
msgid "sudo crontab -e"
23791
msgstr "sudo crontab -e"
23792
23793
#: serverguide/C/backups.xml:223(para)
23794
msgid ""
23795
"Using <application>sudo</application> with the <application>crontab -"
23796
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23797
"This is necessary if you are backing up directories only the root user has "
23798
"access to."
23799
msgstr ""
23800
23801
#: serverguide/C/backups.xml:228(para)
23802
msgid "Add the following entry to the <filename>crontab</filename> file:"
23803
msgstr ""
23804
23805
#: serverguide/C/backups.xml:231(programlisting)
23806
#, no-wrap
23807
msgid ""
23808
"\n"
23809
"# m h dom mon dow command\n"
23810
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23811
msgstr ""
23812
23813
#: serverguide/C/backups.xml:235(para)
23814
msgid ""
23815
"The <application>backup.sh</application> script will now be executed every "
23816
"day at 12:00 am."
23817
msgstr ""
23818
23819
#: serverguide/C/backups.xml:239(para)
23820
msgid ""
23821
"The <application>backup.sh</application> script will need to be copied to "
23822
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23823
"to execute properly. The script can reside anywhere on the file system "
23824
"simply change the script path appropriately."
23825
msgstr ""
23826
23827
#: serverguide/C/backups.xml:244(para)
23828
msgid ""
23829
"For more in depth <application>crontab</application> options see <xref "
23830
"linkend=\"backup-shellscript-references\"/>."
23831
msgstr ""
23832
23833
#: serverguide/C/backups.xml:250(title)
23834
msgid "Restoring from the Archive"
23835
msgstr ""
23836
23837
#: serverguide/C/backups.xml:251(para)
23838
msgid ""
23839
"Once an archive has been created it is important to test the archive. The "
23840
"archive can be tested by listing the files it contains, but the best test is "
23841
"to <emphasis>restore</emphasis> a file from the archive."
23842
msgstr ""
23843
23844
#: serverguide/C/backups.xml:257(para)
23845
msgid "To see a listing of the archive contents. From a terminal prompt:"
23846
msgstr ""
23847
23848
#: serverguide/C/backups.xml:261(command)
23849
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23850
msgstr ""
23851
23852
#: serverguide/C/backups.xml:265(para)
23853
msgid "To restore a file from the archive to a different directory enter:"
23854
msgstr ""
23855
23856
#: serverguide/C/backups.xml:269(command)
23857
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23858
msgstr ""
23859
23860
#: serverguide/C/backups.xml:271(para)
23861
msgid ""
23862
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23863
"redirects the extracted files to the specified directory. The above example "
23864
"will extract the <filename>/etc/hosts</filename> file to "
23865
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23866
"recreates the directory structure that it contains."
23867
msgstr ""
23868
23869
#: serverguide/C/backups.xml:276(para)
23870
msgid ""
23871
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23872
"the file to restore."
23873
msgstr ""
23874
23875
#: serverguide/C/backups.xml:281(para)
23876
msgid "To restore all files in the archive enter the following:"
23877
msgstr ""
23878
23879
#: serverguide/C/backups.xml:285(command)
23880
msgid "cd /"
23881
msgstr ""
23882
23883
#: serverguide/C/backups.xml:286(command)
23884
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23885
msgstr "sudo tar -xzvf /mnt/backup/ordinador-dilluns.tgz"
23886
23887
#: serverguide/C/backups.xml:291(para)
23888
msgid "This will overwrite the files currently on the file system."
23889
msgstr ""
23890
23891
#: serverguide/C/backups.xml:300(para)
23892
msgid ""
23893
"For more information on shell scripting see the <ulink "
23894
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23895
msgstr ""
23896
23897
#: serverguide/C/backups.xml:305(para)
23898
msgid ""
23899
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23900
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23901
"great resource for shell scripting."
23902
msgstr ""
23903
23904
#: serverguide/C/backups.xml:311(para)
23905
msgid ""
23906
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23907
"Wiki Page</ulink> contains details on advanced "
23908
"<application>cron</application> options."
23909
msgstr ""
23910
23911
#: serverguide/C/backups.xml:318(para)
23912
msgid ""
23913
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23914
"tar Manual</ulink> for more <application>tar</application> options."
23915
msgstr ""
23916
23917
#: serverguide/C/backups.xml:324(para)
23918
msgid ""
23919
"The Wikipedia <ulink "
23920
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23921
"Scheme</ulink> article contains information on other backup rotation schemes."
23922
msgstr ""
23923
23924
#: serverguide/C/backups.xml:330(para)
23925
msgid ""
23926
"The shell script uses <application>tar</application> to create the archive, "
23927
"but there many other command line utilities that can be used. For example:"
23928
msgstr ""
23929
23930
#: serverguide/C/backups.xml:336(para)
23931
msgid ""
23932
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23933
"files to and from archives."
23934
msgstr ""
23935
23936
#: serverguide/C/backups.xml:341(para)
23937
msgid ""
23938
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23939
"the <application>coreutils</application> package. A low level utility that "
23940
"can copy data from one format to another"
23941
msgstr ""
23942
23943
#: serverguide/C/backups.xml:347(para)
23944
msgid ""
23945
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23946
"snap shot utility used to create copies of an entire file system."
23947
msgstr ""
23948
23949
#: serverguide/C/backups.xml:358(title)
23950
msgid "Archive Rotation"
23951
msgstr ""
23952
23953
#: serverguide/C/backups.xml:359(para)
23954
msgid ""
23955
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23956
"allows for seven different archives. For a server whose data doesn't change "
23957
"often this may be enough. If the server has a large amount of data a more "
23958
"robust rotation scheme should be used."
23959
msgstr ""
23960
23961
#: serverguide/C/backups.xml:365(title)
23962
msgid "Rotating NFS Archives"
23963
msgstr ""
23964
23965
#: serverguide/C/backups.xml:366(para)
23966
msgid ""
23967
"In this section the shell script will be slightly modified to implement a "
23968
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23969
msgstr ""
23970
23971
#: serverguide/C/backups.xml:372(para)
23972
msgid ""
23973
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23974
"Friday."
23975
msgstr ""
23976
23977
#: serverguide/C/backups.xml:377(para)
23978
msgid ""
23979
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23980
"weekly backups a month."
23981
msgstr ""
23982
23983
#: serverguide/C/backups.xml:382(para)
23984
msgid ""
23985
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23986
"rotating two monthly backups based on if the month is odd or even."
23987
msgstr ""
23988
23989
#: serverguide/C/backups.xml:388(para)
23990
msgid "Here is the new script:"
23991
msgstr ""
23992
23993
#: serverguide/C/backups.xml:391(programlisting)
23994
#, no-wrap
23995
msgid ""
23996
"\n"
23997
"#!/bin/bash\n"
23998
"####################################\n"
23999
"#\n"
24000
"# Backup to NFS mount script with\n"
24001
"# grandfather-father-son rotation.\n"
24002
"#\n"
24003
"####################################\n"
24004
"\n"
24005
"# What to backup. \n"
24006
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24007
"\n"
24008
"# Where to backup to.\n"
24009
"dest=\"/mnt/backup\"\n"
24010
"\n"
24011
"# Setup variables for the archive filename.\n"
24012
"day=$(date +%A)\n"
24013
"hostname=$(hostname -s)\n"
24014
"\n"
24015
"# Find which week of the month 1-4 it is.\n"
24016
"day_num=$(date +%d)\n"
24017
"if (( $day_num <= 7 )); then\n"
24018
" week_file=\"$hostname-week1.tgz\"\n"
24019
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
24020
" week_file=\"$hostname-week2.tgz\"\n"
24021
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
24022
" week_file=\"$hostname-week3.tgz\"\n"
24023
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
24024
" week_file=\"$hostname-week4.tgz\"\n"
24025
"fi\n"
24026
"\n"
24027
"# Find if the Month is odd or even.\n"
24028
"month_num=$(date +%m)\n"
24029
"month=$(expr $month_num % 2)\n"
24030
"if [ $month -eq 0 ]; then\n"
24031
" month_file=\"$hostname-month2.tgz\"\n"
24032
"else\n"
24033
" month_file=\"$hostname-month1.tgz\"\n"
24034
"fi\n"
24035
"\n"
24036
"# Create archive filename.\n"
24037
"if [ $day_num == 1 ]; then\n"
24038
"\tarchive_file=$month_file\n"
24039
"elif [ $day != \"Saturday\" ]; then\n"
24040
" archive_file=\"$hostname-$day.tgz\"\n"
24041
"else \n"
24042
"\tarchive_file=$week_file\n"
24043
"fi\n"
24044
"\n"
24045
"# Print start status message.\n"
24046
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24047
"date\n"
24048
"echo\n"
24049
"\n"
24050
"# Backup the files using tar.\n"
24051
"tar czf $dest/$archive_file $backup_files\n"
24052
"\n"
24053
"# Print end status message.\n"
24054
"echo\n"
24055
"echo \"Backup finished\"\n"
24056
"date\n"
24057
"\n"
24058
"# Long listing of files in $dest to check file sizes.\n"
24059
"ls -lh $dest/\n"
24060
msgstr ""
24061
24062
#: serverguide/C/backups.xml:456(para)
24063
msgid ""
24064
"The script can be executed using the same methods as in <xref "
24065
"linkend=\"backup-executing-shellscript\"/>."
24066
msgstr ""
24067
24068
#: serverguide/C/backups.xml:459(para)
24069
msgid ""
24070
"It is good practice to take backup media off site in case of a disaster. In "
24071
"the shell script example the backup media is another server providing an NFS "
24072
"share. In all likelihood taking the NFS server to another location would not "
24073
"be practical. Depending upon connection speeds it may be an option to copy "
24074
"the archive file over a WAN link to a server in another location."
24075
msgstr ""
24076
24077
#: serverguide/C/backups.xml:465(para)
24078
msgid ""
24079
"Another option is to copy the archive file to an external hard drive which "
24080
"can then be taken off site. Since the price of external hard drives continue "
24081
"to decrease it may be cost-effective to use two drives for each archive "
24082
"level. This would allow you to have one external drive attached to the "
24083
"backup server and one in another location."
24084
msgstr ""
24085
24086
#: serverguide/C/backups.xml:472(title)
24087
msgid "Tape Drives"
24088
msgstr ""
24089
24090
#: serverguide/C/backups.xml:473(para)
24091
msgid ""
24092
"A tape drive attached to the server can be used instead of a NFS share. "
24093
"Using a tape drive simplifies archive rotation, and taking the media off "
24094
"site as well."
24095
msgstr ""
24096
24097
#: serverguide/C/backups.xml:477(para)
24098
msgid ""
24099
"When using a tape drive the filename portions of the script aren't needed "
24100
"because the date is sent directly to the tape device. Some commands to "
24101
"manipulate the tape are needed. This is accomplished using "
24102
"<application>mt</application>, a magnetic tape control utility part of the "
24103
"<application>cpio</application> package."
24104
msgstr ""
24105
24106
#: serverguide/C/backups.xml:482(para)
24107
msgid "Here is the shell script modified to use a tape drive:"
24108
msgstr ""
24109
24110
#: serverguide/C/backups.xml:485(programlisting)
24111
#, no-wrap
24112
msgid ""
24113
"\n"
24114
"#!/bin/bash\n"
24115
"####################################\n"
24116
"#\n"
24117
"# Backup to tape drive script.\n"
24118
"#\n"
24119
"####################################\n"
24120
"\n"
24121
"# What to backup. \n"
24122
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24123
"\n"
24124
"# Where to backup to.\n"
24125
"dest=\"/dev/st0\"\n"
24126
"\n"
24127
"# Print start status message.\n"
24128
"echo \"Backing up $backup_files to $dest\"\n"
24129
"date\n"
24130
"echo\n"
24131
"\n"
24132
"# Make sure the tape is rewound.\n"
24133
"mt -f $dest rewind\n"
24134
"\n"
24135
"# Backup the files using tar.\n"
24136
"tar czf $dest $backup_files\n"
24137
"\n"
24138
"# Rewind and eject the tape.\n"
24139
"mt -f $dest rewoffl\n"
24140
"\n"
24141
"# Print end status message.\n"
24142
"echo\n"
24143
"echo \"Backup finished\"\n"
24144
"date\n"
24145
msgstr ""
24146
24147
#: serverguide/C/backups.xml:519(para)
24148
msgid ""
24149
"The default device name for a SCSI tape drive is "
24150
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24151
"system."
24152
msgstr ""
24153
24154
#: serverguide/C/backups.xml:524(para)
24155
msgid ""
24156
"Restoring from a tape drive is basically the same as restoring from a file. "
24157
"Simply rewind the tape and use the device path instead of a file path. For "
24158
"example to restore the <filename>/etc/hosts</filename> file to "
24159
"<filename>/tmp/etc/hosts</filename>:"
24160
msgstr ""
24161
24162
#: serverguide/C/backups.xml:529(command)
24163
msgid "mt -f /dev/st0 rewind"
24164
msgstr ""
24165
24166
#: serverguide/C/backups.xml:530(command)
24167
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24168
msgstr ""
24169
24170
#: serverguide/C/backups.xml:535(title)
24171
msgid "Bacula"
24172
msgstr ""
24173
24174
#: serverguide/C/backups.xml:536(para)
24175
msgid ""
24176
"<application>Bacula</application> is a backup program enabling you to "
24177
"backup, restore, and verify data across your network. There are Bacula "
24178
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
24179
"wide solution."
24180
msgstr ""
24181
24182
#: serverguide/C/backups.xml:542(para)
24183
msgid ""
24184
"<application>Bacula</application> is made up of several components and "
24185
"services used to manage which files to backup and where to back them up to:"
24186
msgstr ""
24187
24188
#: serverguide/C/backups.xml:548(para)
24189
msgid ""
24190
"<application>Bacula Director:</application> a service that controls all "
24191
"backup, restore, verify, and archive operations."
24192
msgstr ""
24193
24194
#: serverguide/C/backups.xml:553(para)
24195
msgid ""
24196
"<application>Bacula Console:</application> an application allowing "
24197
"communication with the Director. There are three versions of the Console:"
24198
msgstr ""
24199
24200
#: serverguide/C/backups.xml:558(para)
24201
msgid "Text based command line version."
24202
msgstr ""
24203
24204
#: serverguide/C/backups.xml:559(para)
24205
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24206
msgstr ""
24207
24208
#: serverguide/C/backups.xml:560(para)
24209
msgid "wxWidgets GUI interface."
24210
msgstr ""
24211
24212
#: serverguide/C/backups.xml:564(para)
24213
msgid ""
24214
"<application>Bacula File:</application> also known as the "
24215
"<application>Bacula Client</application> program. This application is "
24216
"installed on machines to be backed up, and is responsible for the data "
24217
"requested by the Director."
24218
msgstr ""
24219
24220
#: serverguide/C/backups.xml:570(para)
24221
msgid ""
24222
"<application>Bacula Storage:</application> the programs that perform the "
24223
"storage and recovery of data to the physical media."
24224
msgstr ""
24225
24226
#: serverguide/C/backups.xml:575(para)
24227
msgid ""
24228
"<application>Bacula Catalog:</application> is responsible for maintaining "
24229
"the file indexes and volume databases for all files backed up, enabling "
24230
"quick location and restoration of archived files. The Catalog supports three "
24231
"different databases MySQL, PostgreSQL, and SQLite."
24232
msgstr ""
24233
24234
#: serverguide/C/backups.xml:581(para)
24235
msgid ""
24236
"<application>Bacula Monitor:</application> allows the monitoring of the "
24237
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24238
"available as a GTK+ GUI application."
24239
msgstr ""
24240
24241
#: serverguide/C/backups.xml:587(para)
24242
msgid ""
24243
"These services and applications can be run on multiple servers and clients, "
24244
"or they can be installed on one machine if backing up a single disk or "
24245
"volume."
24246
msgstr ""
24247
24248
#: serverguide/C/backups.xml:594(para)
24249
msgid ""
24250
"There are multiple packages containing the different "
24251
"<application>Bacula</application> components. To install Bacula, from a "
24252
"terminal prompt enter:"
24253
msgstr ""
24254
24255
#: serverguide/C/backups.xml:599(command)
24256
msgid "sudo apt-get install bacula"
24257
msgstr "sudo apt-get install bacula"
24258
24259
#: serverguide/C/backups.xml:601(para)
24260
msgid ""
24261
"By default installing the <application>bacula</application> package will use "
24262
"a <application>MySQL</application> database for the Catalog. If you want to "
24263
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
24264
"director-sqlite3</application> or <application>bacula-director-"
24265
"pgsql</application> respectively."
24266
msgstr ""
24267
24268
#: serverguide/C/backups.xml:607(para)
24269
msgid ""
24270
"During the install process you will be asked to supply credentials for the "
24271
"database <emphasis>administrator</emphasis> and the "
24272
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
24273
"database administrator will need to have the appropriate rights to create a "
24274
"database, see <xref linkend=\"mysql\"/> for more information."
24275
msgstr ""
24276
24277
#: serverguide/C/backups.xml:617(para)
24278
msgid ""
24279
"<application>Bacula</application> configuration files are formatted based on "
24280
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24281
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
24282
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
24283
"directory."
24284
msgstr ""
24285
24286
#: serverguide/C/backups.xml:622(para)
24287
msgid ""
24288
"The various <application>Bacula</application> components must authorize "
24289
"themselves to each other. This is accomplished using the "
24290
"<emphasis>password</emphasis> directive. For example, the "
24291
"<emphasis>Storage</emphasis> resource password in the "
24292
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
24293
"<emphasis>Director</emphasis> resource password in "
24294
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24295
msgstr ""
24296
24297
#: serverguide/C/backups.xml:628(para)
24298
msgid ""
24299
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24300
"to archive the <application>Bacula</application> Catalog. If you plan on "
24301
"using the server to backup more than one client you should change the name "
24302
"of this job to something more descriptive. To change the name edit "
24303
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24304
msgstr ""
24305
24306
#: serverguide/C/backups.xml:633(programlisting)
24307
#, no-wrap
24308
msgid ""
24309
"\n"
24310
"#\n"
24311
"# Define the main nightly save backup job\n"
24312
"# By default, this job will back up to disk in \n"
24313
"Job {\n"
24314
" Name = \"BackupServer\"\n"
24315
" JobDefs = \"DefaultJob\"\n"
24316
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24317
"}\n"
24318
msgstr ""
24319
24320
#: serverguide/C/backups.xml:644(para)
24321
msgid ""
24322
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24323
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24324
"your appropriate hostname, or other descriptive name."
24325
msgstr ""
24326
24327
#: serverguide/C/backups.xml:649(para)
24328
msgid ""
24329
"The <emphasis>Console</emphasis> can be used to query the "
24330
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24331
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24332
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24333
"the following from a terminal:"
24334
msgstr ""
24335
24336
#: serverguide/C/backups.xml:655(command)
24337
msgid "sudo adduser $username bacula"
24338
msgstr "sudo adduser $nomusuari bacula"
24339
24340
#: serverguide/C/backups.xml:658(para)
24341
msgid ""
24342
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24343
"you are adding the current user to the group you should log out and back in "
24344
"for the new permissions to take effect."
24345
msgstr ""
24346
24347
#: serverguide/C/backups.xml:665(title)
24348
msgid "Localhost Backup"
24349
msgstr ""
24350
24351
#: serverguide/C/backups.xml:666(para)
24352
msgid ""
24353
"This section describes how to backup specified directories on a single host "
24354
"to a local tape drive."
24355
msgstr ""
24356
24357
#: serverguide/C/backups.xml:671(para)
24358
msgid ""
24359
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24360
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24361
msgstr ""
24362
24363
#: serverguide/C/backups.xml:674(programlisting)
24364
#, no-wrap
24365
msgid ""
24366
"\n"
24367
"Device {\n"
24368
" Name = \"Tape Drive\"\n"
24369
" Device Type = tape\n"
24370
" Media Type = DDS-4\n"
24371
" Archive Device = /dev/st0\n"
24372
" Hardware end of medium = No;\n"
24373
" AutomaticMount = yes; # when device opened, read it\n"
24374
" AlwaysOpen = Yes;\n"
24375
" RemovableMedia = yes;\n"
24376
" RandomAccess = no;\n"
24377
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24378
"}\n"
24379
msgstr ""
24380
24381
#: serverguide/C/backups.xml:688(para)
24382
msgid ""
24383
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24384
"Type and Archive Device to match your hardware."
24385
msgstr ""
24386
24387
#: serverguide/C/backups.xml:691(para)
24388
msgid "You could also uncomment one of the other examples in the file."
24389
msgstr ""
24390
24391
#: serverguide/C/backups.xml:696(para)
24392
msgid ""
24393
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24394
"<application>Storage</application> daemon will need to be restarted:"
24395
msgstr ""
24396
24397
#: serverguide/C/backups.xml:701(command)
24398
msgid "sudo /etc/init.d/bacula-sd restart"
24399
msgstr "sudo /etc/init.d/bacula-sd restart"
24400
24401
#: serverguide/C/backups.xml:705(para)
24402
msgid ""
24403
"Now add a <emphasis>Storage</emphasis> resource in "
24404
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24405
msgstr ""
24406
24407
#: serverguide/C/backups.xml:708(programlisting)
24408
#, no-wrap
24409
msgid ""
24410
"\n"
24411
"# Definition of \"Tape Drive\" storage device\n"
24412
"Storage {\n"
24413
" Name = TapeDrive\n"
24414
" # Do not use \"localhost\" here \n"
24415
" Address = backupserver # N.B. Use a fully qualified name "
24416
"here\n"
24417
" SDPort = 9103\n"
24418
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24419
" Device = \"Tape Drive\"\n"
24420
" Media Type = tape\n"
24421
"}\n"
24422
msgstr ""
24423
24424
#: serverguide/C/backups.xml:720(para)
24425
msgid ""
24426
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24427
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24428
"to the actual host name."
24429
msgstr ""
24430
24431
#: serverguide/C/backups.xml:724(para)
24432
msgid ""
24433
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24434
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24435
msgstr ""
24436
24437
#: serverguide/C/backups.xml:730(para)
24438
msgid ""
24439
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24440
"directories to backup, by adding:"
24441
msgstr ""
24442
24443
#: serverguide/C/backups.xml:733(programlisting)
24444
#, no-wrap
24445
msgid ""
24446
"\n"
24447
"# LocalhostBacup FileSet.\n"
24448
"FileSet {\n"
24449
" Name = \"LocalhostFiles\"\n"
24450
" Include {\n"
24451
" Options {\n"
24452
" signature = MD5\n"
24453
" compression=GZIP\n"
24454
" }\n"
24455
" File = /etc\n"
24456
" File = /home\n"
24457
" }\n"
24458
"}\n"
24459
msgstr ""
24460
24461
#: serverguide/C/backups.xml:747(para)
24462
msgid ""
24463
"This <emphasis>FileSet</emphasis> will backup the <filename "
24464
"role=\"directory\">/etc</filename> and <filename "
24465
"role=\"directory\">/home</filename> directories. The "
24466
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24467
"create a MD5 signature for each file backed up, and to compress the files "
24468
"using GZIP."
24469
msgstr ""
24470
24471
#: serverguide/C/backups.xml:754(para)
24472
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24473
msgstr ""
24474
24475
#: serverguide/C/backups.xml:757(programlisting)
24476
#, no-wrap
24477
msgid ""
24478
"\n"
24479
"# LocalhostBackup Schedule -- Daily.\n"
24480
"Schedule {\n"
24481
" Name = \"LocalhostDaily\"\n"
24482
" Run = Full daily at 00:01\n"
24483
"}\n"
24484
msgstr ""
24485
24486
#: serverguide/C/backups.xml:764(para)
24487
msgid ""
24488
"The job will run every day at 00:01 or 12:01 am. There are many other "
24489
"scheduling options available."
24490
msgstr ""
24491
24492
#: serverguide/C/backups.xml:769(para)
24493
msgid "Finally create the <emphasis>Job</emphasis>:"
24494
msgstr ""
24495
24496
#: serverguide/C/backups.xml:772(programlisting)
24497
#, no-wrap
24498
msgid ""
24499
"\n"
24500
"# Localhost backup.\n"
24501
"Job {\n"
24502
" Name = \"LocalhostBackup\"\n"
24503
" JobDefs = \"DefaultJob\"\n"
24504
" Enabled = yes\n"
24505
" Level = Full\n"
24506
" FileSet = \"LocalhostFiles\"\n"
24507
" Schedule = \"LocalhostDaily\"\n"
24508
" Storage = TapeDrive\n"
24509
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24510
"} \n"
24511
msgstr ""
24512
24513
#: serverguide/C/backups.xml:785(para)
24514
msgid ""
24515
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24516
"drive."
24517
msgstr ""
24518
24519
#: serverguide/C/backups.xml:790(para)
24520
msgid ""
24521
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24522
"current tape does not have a label <application>Bacula</application> will "
24523
"send an email letting you know. To label a tape using the "
24524
"<application>Console</application> enter the following from a terminal:"
24525
msgstr ""
24526
24527
#: serverguide/C/backups.xml:796(command)
24528
msgid "bconsole"
24529
msgstr ""
24530
24531
#: serverguide/C/backups.xml:800(para)
24532
msgid "At the Bacula Console prompt enter:"
24533
msgstr ""
24534
24535
#: serverguide/C/backups.xml:804(command)
24536
msgid "label"
24537
msgstr ""
24538
24539
#: serverguide/C/backups.xml:808(para)
24540
msgid ""
24541
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24542
msgstr ""
24543
24544
#: serverguide/C/backups.xml:818(userinput)
24545
#, no-wrap
24546
msgid "2"
24547
msgstr ""
24548
24549
#: serverguide/C/backups.xml:812(computeroutput)
24550
#, no-wrap
24551
msgid ""
24552
"\n"
24553
"Automatically selected Catalog: MyCatalog\n"
24554
"Using Catalog \"MyCatalog\"\n"
24555
"The defined Storage resources are:\n"
24556
" 1: File\n"
24557
" 2: TapeDrive\n"
24558
"Select Storage resource (1-2):<placeholder-1/>\n"
24559
msgstr ""
24560
24561
#: serverguide/C/backups.xml:823(para)
24562
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24563
msgstr ""
24564
24565
#: serverguide/C/backups.xml:828(userinput)
24566
#, no-wrap
24567
msgid "Sunday"
24568
msgstr ""
24569
24570
#: serverguide/C/backups.xml:827(computeroutput)
24571
#, no-wrap
24572
msgid ""
24573
"\n"
24574
"Enter new Volume name: <placeholder-1/>\n"
24575
"Defined Pools:\n"
24576
" 1: Default\n"
24577
" 2: Scratch"
24578
msgstr ""
24579
24580
#: serverguide/C/backups.xml:833(para)
24581
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24582
msgstr ""
24583
24584
#: serverguide/C/backups.xml:838(para)
24585
msgid "Now, select the <emphasis>Pool</emphasis>:"
24586
msgstr ""
24587
24588
#: serverguide/C/backups.xml:843(userinput)
24589
#, no-wrap
24590
msgid "1"
24591
msgstr ""
24592
24593
#: serverguide/C/backups.xml:842(computeroutput)
24594
#, no-wrap
24595
msgid ""
24596
"\n"
24597
"Select the Pool (1-2): <placeholder-1/>\n"
24598
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24599
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24600
msgstr ""
24601
24602
#: serverguide/C/backups.xml:850(para)
24603
msgid ""
24604
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24605
"backup the localhost to an attached tape drive."
24606
msgstr ""
24607
24608
#: serverguide/C/backups.xml:858(para)
24609
msgid ""
24610
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24611
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24612
"Manual</ulink>"
24613
msgstr ""
24614
24615
#: serverguide/C/backups.xml:864(para)
24616
msgid ""
24617
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24618
"the latest Bacula news and developments."
24619
msgstr ""
24620
24621
#: serverguide/C/backups.xml:869(para)
24622
msgid ""
24623
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24624
"Ubuntu Wiki</ulink> page."
24625
msgstr ""
24626
24627
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24628
#: serverguide/C/backups.xml:0(None)
24629
msgid "translator-credits"
24630
msgstr ""
24631
"Launchpad Contributions:\n"
24632
" Albert Abril https://launchpad.net/~abrilc\n"
24633
" David Planella https://launchpad.net/~dpm\n"
24634
" J. https://launchpad.net/~jose-manuel-rodriguez-moreno\n"
24635
" Joan Gonzalez https://launchpad.net/~joan-gonzalez\n"
24636
" Matthew East https://launchpad.net/~mdke\n"
24637
" anna marti https://launchpad.net/~anna-marti-gomez"
24638
24639
#~ msgid "sudo /etc/init.d/samba restart"
24640
#~ msgstr "sudo /etc/init.d/samba restart"
24641
24642
#~ msgid "OpenNebula"
24643
#~ msgstr "OpenNebula"
24644
24645
#~ msgid "sudo apt-get install opennebula-node"
24646
#~ msgstr "sudo apt-get install opennebula-node"
24647
24648
#~ msgid "sudo apt-get install opennebula"
24649
#~ msgstr "sudo apt-get install opennebula"
24650
24651
#~ msgid ""
24652
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
24653
#~ "/etc/ssh/ssh_known_hosts\""
24654
#~ msgstr ""
24655
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
24656
#~ "/etc/ssh/ssh_known_hosts\""
24657
24658
#~ msgid ""
24659
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
24660
#~ "/etc/ssh/ssh_known_hosts\""
24661
#~ msgstr ""
24662
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
24663
#~ "/etc/ssh/ssh_known_hosts\""
24664
24665
#~ msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
24666
#~ msgstr "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 nomusuari"
24667
24668
#~ msgid "sudo apt-get install ebox"
24669
#~ msgstr "sudo apt-get install ebox"
24670
24671
#~ msgid ""
24672
#~ "sudo cp /etc/ldapscripts/ldapadduser.template.sample "
24673
#~ "/etc/ldapscripts/ldapadduser.template"
24674
#~ msgstr ""
24675
#~ "sudo cp /etc/ldapscripts/ldapadduser.template.sample "
24676
#~ "/etc/ldapscripts/ldapadduser.template"
24677
24678
#~ msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
24679
#~ msgstr "sudo mv keytab.kdc01 /etc/kr5b.keytab"
24680
24681
#~ msgid "sudo apt-get install dkim-filter python-policyd-spf"
24682
#~ msgstr "sudo apt-get install dkim-filter python-policyd-spf"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1