« back to all changes in this revision
Viewing changes to serverguide/po/da.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/da.po
1
# Danish translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-08-16 02:24+0000\n"
12
"Last-Translator: AJenbo <anders@jenbo.dk>\n"
13
"Language-Team: Danish <da@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:45+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Dokumentationsprojekt til Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr ""
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30. september 2007"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Windows Networking"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"Computernetværk er ofte bygget op af forskellige systemer, og selvom et "
48
"netværk udelukkende bestående af Ubuntu skriveborde og servere kunne være "
49
"interessant, så må man erkende, at de fleste netværk vil bestå af både "
50
"Ubuntu og <trademark class=\"registered\">Microsoft</trademark><trademark "
51
"class=\"registered\">Windows</trademark> systemer som arbejder fredeligt "
52
"sammen. Dette afsnit af <phrase>Ubuntu</phrase>-serverguide vil introducere "
53
"de principper og værktøjer der anvendes til at konfigurere Ubuntu Server til "
54
"at dele netværkressourcer med Windows computere."
55
56
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
57
msgid "Introduction"
58
msgstr "Indledning"
59
60
#: serverguide/C/windows-networking.xml:27(para)
61
msgid ""
62
"Successfully networking your Ubuntu system with Windows clients involves "
63
"providing and integrating with services common to Windows environments. Such "
64
"services assist the sharing of data and information about the computers and "
65
"users involved in the network, and may be classified under three major "
66
"categories of functionality:"
67
msgstr ""
68
"For at anvende Ubuntu systemer sammen med Windows klienter er det nødvendigt "
69
"at anvende tjenester som er kendte af Windows miljøet. Sådanne tjenester "
70
"hjælper til med at dele data og information om de computere og brugere der "
71
"er sluttet til netværket. Disse tjenester kan opdeles i tre store kategorier:"
72
73
#: serverguide/C/windows-networking.xml:35(para)
74
msgid ""
75
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
76
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
77
"folders, volumes, and the sharing of printers throughout the network."
78
msgstr ""
79
"<emphasis role=\"bold\">Fil- og udskriftsdeling</emphasis>. Anvender "
80
"protokollen Server Message Block (SMB) til at dele filer, mapper, enheder og "
81
"printere i netværket."
82
83
#: serverguide/C/windows-networking.xml:41(para)
84
msgid ""
85
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
86
"information about the computers and users of the network with such "
87
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
88
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
89
msgstr ""
90
"<emphasis role=\"bold\">Katalogtjenester</emphasis>. Denne tjeneste deler "
91
"vigtige informationer om computere og brugere i netværket ved hjælp at "
92
"teknikker som Lightweight Directory Access Protocol (LDAP) og Microsoft "
93
"<trademark class=\"registered\">Active Directory</trademark>."
94
95
#: serverguide/C/windows-networking.xml:48(para)
96
msgid ""
97
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
98
"the identity of a computer or user of the network and determining the "
99
"information the computer or user is authorized to access using such "
100
"principles and technologies as file permissions, group policies, and the "
101
"Kerberos authentication service."
102
msgstr ""
103
"<emphasis role=\"bold\">Godkendelse og Adgang</emphasis>. Konstaterer "
104
"identiteten af en computer eller en bruger i netværket og afgør hvilken "
105
"information som computeren eller brugeren har tilladelse til at få adgang "
106
"til, ved at anvende retningslinjer og teknikker som filrettigheder, "
107
"grupperetningslinjer, og godkendelsestjenesten Kerberos."
108
109
#: serverguide/C/windows-networking.xml:56(para)
110
msgid ""
111
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
112
"clients and share network resources among them. One of the principal pieces "
113
"of software your Ubuntu system includes for Windows networking is the Samba "
114
"suite of SMB server applications and tools."
115
msgstr ""
116
"Heldigvis tilbyder dit Ubuntu system alle sådanne faciliteter til Windows "
117
"klienter og deler netværks-ressourcer mellem dem. Et af de vigtigste stykker "
118
"software dit Ubuntu system inkluderer til Windows networking er Samba pakken "
119
"med SMB server programmer og værktøjer."
120
121
#: serverguide/C/windows-networking.xml:62(para)
122
msgid ""
123
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
124
"of the common Samba use cases, and how to install and configure the "
125
"necessary packages. Additional detailed documentation and information on "
126
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
127
"website</ulink>."
128
msgstr ""
129
"Dette afsnit af <phrase>Ubuntu</phrase>-serverguide introducerer nogle af de "
130
"almindelige situationer for brug af Samba, og hvordan du installerer og "
131
"konfigurerer de nødvendige pakker. Yderligere detaljeret dokumentation og "
132
"information til Samba finder du på <ulink "
133
"url=\"http://www.samba.org\">Sambas hjemmeside</ulink>."
134
135
#: serverguide/C/windows-networking.xml:70(title)
136
msgid "Samba File Server"
137
msgstr ""
138
139
#: serverguide/C/windows-networking.xml:72(para)
140
msgid ""
141
"One of the most common ways to network Ubuntu and Windows computers is to "
142
"configure Samba as a File Server. This section covers setting up a "
143
"<application>Samba</application> server to share files with Windows clients."
144
msgstr ""
145
"En af de mest almindelige måder at køre netværk mellem Ubuntu og Windows "
146
"computere er at konfigurere Samba som en Fil Server. Dette afsnit dækker "
147
"opsætning af <application>Samba</application> server til deling af filer med "
148
"Windows klienter"
149
150
#: serverguide/C/windows-networking.xml:77(para)
151
msgid ""
152
"The server will be configured to share files with any client on the network "
153
"without prompting for a password. If your environment requires stricter "
154
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
155
msgstr ""
156
157
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
158
msgid "Installation"
159
msgstr "Installation"
160
161
#: serverguide/C/windows-networking.xml:85(para)
162
msgid ""
163
"The first step is to install the <application>samba</application> package. "
164
"From a terminal prompt enter:"
165
msgstr ""
166
167
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
168
msgid "sudo apt-get install samba"
169
msgstr "sudo apt-get install samba"
170
171
#: serverguide/C/windows-networking.xml:93(para)
172
msgid ""
173
"That's all there is to it; you are now ready to configure Samba to share "
174
"files."
175
msgstr ""
176
177
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
178
msgid "Configuration"
179
msgstr "Konfiguration"
180
181
#: serverguide/C/windows-networking.xml:101(para)
182
msgid ""
183
"The main Samba configuration file is located in "
184
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
185
"a significant amount of comments in order to document various configuration "
186
"directives."
187
msgstr ""
188
189
#: serverguide/C/windows-networking.xml:106(para)
190
msgid ""
191
"Not all the available options are included in the default configuration "
192
"file. See the <filename>smb.conf</filename><application>man</application> "
193
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
194
"Collection/\">Samba HOWTO Collection</ulink> for more details."
195
msgstr ""
196
197
#: serverguide/C/windows-networking.xml:116(para)
198
msgid ""
199
"First, edit the following key/value pairs in the "
200
"<emphasis>[global]</emphasis> section of "
201
"<filename>/etc/samba/smb.conf</filename>:"
202
msgstr ""
203
204
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
205
#, no-wrap
206
msgid ""
207
"\n"
208
" workgroup = EXAMPLE\n"
209
" ...\n"
210
" security = user\n"
211
msgstr ""
212
213
#: serverguide/C/windows-networking.xml:127(para)
214
msgid ""
215
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
216
"section, and is commented by default. Also, change "
217
"<emphasis>EXAMPLE</emphasis> to better match your environment."
218
msgstr ""
219
220
#: serverguide/C/windows-networking.xml:135(para)
221
msgid ""
222
"Create a new section at the bottom of the file, or uncomment one of the "
223
"examples, for the directory to be shared:"
224
msgstr ""
225
226
#: serverguide/C/windows-networking.xml:139(programlisting)
227
#, no-wrap
228
msgid ""
229
"\n"
230
"[share]\n"
231
" comment = Ubuntu File Server Share\n"
232
" path = /srv/samba/share\n"
233
" browsable = yes\n"
234
" guest ok = yes\n"
235
" read only = no\n"
236
" create mask = 0755\n"
237
msgstr ""
238
239
#: serverguide/C/windows-networking.xml:151(para)
240
msgid ""
241
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
242
"fit your needs."
243
msgstr ""
244
245
#: serverguide/C/windows-networking.xml:156(para)
246
msgid "<emphasis>path:</emphasis> the path to the directory to share."
247
msgstr ""
248
249
#: serverguide/C/windows-networking.xml:159(para)
250
msgid ""
251
"This example uses <filename>/srv/samba/sharename</filename> because, "
252
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
253
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
254
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
255
"specific data should be served. Technically Samba shares can be placed "
256
"anywhere on the filesystem as long as the permissions are correct, but "
257
"adhering to standards is recommended."
258
msgstr ""
259
260
#: serverguide/C/windows-networking.xml:168(para)
261
msgid ""
262
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
263
"directory using <application>Windows Explorer</application>."
264
msgstr ""
265
266
#: serverguide/C/windows-networking.xml:174(para)
267
msgid ""
268
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
269
"without supplying a password."
270
msgstr ""
271
272
#: serverguide/C/windows-networking.xml:179(para)
273
msgid ""
274
"<emphasis>read only:</emphasis> determines if the share is read only or if "
275
"write privileges are granted. Write privileges are allowed only when the "
276
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
277
"is <emphasis>yes</emphasis>, then access to the share is read only."
278
msgstr ""
279
280
#: serverguide/C/windows-networking.xml:184(para)
281
msgid ""
282
"<emphasis>create mask:</emphasis> determines the permissions new files will "
283
"have when created."
284
msgstr ""
285
286
#: serverguide/C/windows-networking.xml:193(para)
287
msgid ""
288
"Now that <application>Samba</application> is configured, the directory needs "
289
"to be created and the permissions changed. From a terminal enter:"
290
msgstr ""
291
292
#: serverguide/C/windows-networking.xml:199(command)
293
msgid "sudo mkdir -p /srv/samba/share"
294
msgstr ""
295
296
#: serverguide/C/windows-networking.xml:200(command)
297
msgid "sudo chown nobody.nogroup /srv/samba/share/"
298
msgstr ""
299
300
#: serverguide/C/windows-networking.xml:204(para)
301
msgid ""
302
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
303
"directory tree if it doesn't exist. Change the share name to fit your "
304
"environment."
305
msgstr ""
306
307
#: serverguide/C/windows-networking.xml:213(para)
308
msgid ""
309
"Finally, restart the <application>samba</application> services to enable the "
310
"new configuration:"
311
msgstr ""
312
313
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
314
msgid "sudo restart smbd"
315
msgstr ""
316
317
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
318
msgid "sudo restart nmbd"
319
msgstr ""
320
321
#: serverguide/C/windows-networking.xml:226(para)
322
msgid ""
323
"Once again, the above configuration gives all access to any client on the "
324
"local network. For a more secure configuration see <xref linkend=\"samba-"
325
"fileprint-security\"/>."
326
msgstr ""
327
328
#: serverguide/C/windows-networking.xml:232(para)
329
msgid ""
330
"From a Windows client you should now be able to browse to the Ubuntu file "
331
"server and see the shared directory. To check that everything is working try "
332
"creating a directory from Windows."
333
msgstr ""
334
335
#: serverguide/C/windows-networking.xml:237(para)
336
msgid ""
337
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
338
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
339
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
340
"share actually exists and the permissions are correct."
341
msgstr ""
342
343
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
344
msgid "Resources"
345
msgstr ""
346
347
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
348
msgid ""
349
"For in depth Samba configurations see the <ulink "
350
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
351
"Collection</ulink>"
352
msgstr ""
353
354
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
355
msgid ""
356
"The guide is also available in <ulink "
357
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
358
"format</ulink>."
359
msgstr ""
360
361
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
362
msgid ""
363
"O'Reilly's <ulink "
364
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
365
"another good reference."
366
msgstr ""
367
368
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
369
msgid ""
370
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
371
"</ulink> page."
372
msgstr ""
373
374
#: serverguide/C/windows-networking.xml:275(title)
375
msgid "Samba Print Server"
376
msgstr ""
377
378
#: serverguide/C/windows-networking.xml:277(para)
379
msgid ""
380
"Another common use of Samba is to configure it to share printers installed, "
381
"either locally or over the network, on an Ubuntu server. Similar to <xref "
382
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
383
"any client on the local network to use the installed printers without "
384
"prompting for a username and password."
385
msgstr ""
386
387
#: serverguide/C/windows-networking.xml:283(para)
388
msgid ""
389
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
390
"security\"/>."
391
msgstr ""
392
393
#: serverguide/C/windows-networking.xml:290(para)
394
msgid ""
395
"Before installing and configuring Samba it is best to already have a working "
396
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
397
"for details."
398
msgstr ""
399
400
#: serverguide/C/windows-networking.xml:295(para)
401
msgid ""
402
"To install the <application>samba</application> package, from a terminal "
403
"enter:"
404
msgstr ""
405
406
#: serverguide/C/windows-networking.xml:306(para)
407
msgid ""
408
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
409
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
410
"network, and change <emphasis>security</emphasis> to <emphasis "
411
"role=\"italic\">share</emphasis>:"
412
msgstr ""
413
414
#: serverguide/C/windows-networking.xml:318(para)
415
msgid ""
416
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
417
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
418
msgstr ""
419
420
#: serverguide/C/windows-networking.xml:322(programlisting)
421
#, no-wrap
422
msgid ""
423
"\n"
424
" browsable = yes\n"
425
" guest ok = yes\n"
426
msgstr ""
427
428
#: serverguide/C/windows-networking.xml:327(para)
429
msgid "After editing <filename>smb.conf</filename> restart Samba:"
430
msgstr ""
431
432
#: serverguide/C/windows-networking.xml:336(para)
433
msgid ""
434
"The default Samba configuration will automatically share any printers "
435
"installed. Simply install the printer locally on your Windows clients."
436
msgstr ""
437
438
#: serverguide/C/windows-networking.xml:365(para)
439
msgid ""
440
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
441
"more information on configuring CUPS."
442
msgstr ""
443
444
#: serverguide/C/windows-networking.xml:379(title)
445
msgid "Securing a Samba File and Print Server"
446
msgstr ""
447
448
#: serverguide/C/windows-networking.xml:382(title)
449
msgid "Samba Security Modes"
450
msgstr ""
451
452
#: serverguide/C/windows-networking.xml:384(para)
453
msgid ""
454
"There are two security levels available to the Common Internet Filesystem "
455
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
456
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
457
"allows more flexibility, providing four ways of implementing user-level "
458
"security and one way to implement share-level:"
459
msgstr ""
460
461
#: serverguide/C/windows-networking.xml:393(para)
462
msgid ""
463
"<emphasis>security = user:</emphasis> requires clients to supply a username "
464
"and password to connect to shares. Samba user accounts are separate from "
465
"system accounts, but the <application>libpam-smbpass</application> package "
466
"will sync system users and passwords with the Samba user database."
467
msgstr ""
468
469
#: serverguide/C/windows-networking.xml:400(para)
470
msgid ""
471
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
472
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
473
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
474
"linkend=\"samba-dc\"/> for further information."
475
msgstr ""
476
477
#: serverguide/C/windows-networking.xml:407(para)
478
msgid ""
479
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
480
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
481
"integration\"/> for details."
482
msgstr ""
483
484
#: serverguide/C/windows-networking.xml:413(para)
485
msgid ""
486
"<emphasis>security = server:</emphasis> this mode is left over from before "
487
"Samba could become a member server, and due to some security issues should "
488
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
489
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
490
"of the Samba guide for more details."
491
msgstr ""
492
493
#: serverguide/C/windows-networking.xml:421(para)
494
msgid ""
495
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
496
"without supplying a username and password."
497
msgstr ""
498
499
#: serverguide/C/windows-networking.xml:428(para)
500
msgid ""
501
"The security mode you choose will depend on your environment and what you "
502
"need the Samba server to accomplish."
503
msgstr ""
504
505
#: serverguide/C/windows-networking.xml:434(title)
506
msgid "Security = User"
507
msgstr ""
508
509
#: serverguide/C/windows-networking.xml:436(para)
510
msgid ""
511
"This section will reconfigure the Samba file and print server, from <xref "
512
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
513
"require authentication."
514
msgstr ""
515
516
#: serverguide/C/windows-networking.xml:441(para)
517
msgid ""
518
"First, install the <application>libpam-smbpass</application> package which "
519
"will sync the system users to the Samba user database:"
520
msgstr ""
521
522
#: serverguide/C/windows-networking.xml:447(command)
523
msgid "sudo apt-get install libpam-smbpass"
524
msgstr "sudo apt-get install libpam-smbpass"
525
526
#: serverguide/C/windows-networking.xml:451(para)
527
msgid ""
528
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
529
"<application>libpam-smbpass</application> is already installed."
530
msgstr ""
531
532
#: serverguide/C/windows-networking.xml:457(para)
533
msgid ""
534
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
535
"<emphasis>[share]</emphasis> section change:"
536
msgstr ""
537
538
#: serverguide/C/windows-networking.xml:461(programlisting)
539
#, no-wrap
540
msgid ""
541
"\n"
542
" guest ok = no\n"
543
msgstr ""
544
545
#: serverguide/C/windows-networking.xml:465(para)
546
msgid "Finally, restart Samba for the new settings to take effect:"
547
msgstr ""
548
549
#: serverguide/C/windows-networking.xml:474(para)
550
msgid ""
551
"Now when connecting to the shared directories or printers you should be "
552
"prompted for a username and password."
553
msgstr ""
554
555
#: serverguide/C/windows-networking.xml:479(para)
556
msgid ""
557
"If you choose to map a network drive to the share you can check the "
558
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
559
"enter the username and password once, at least until the password changes."
560
msgstr ""
561
562
#: serverguide/C/windows-networking.xml:487(title)
563
msgid "Share Security"
564
msgstr ""
565
566
#: serverguide/C/windows-networking.xml:489(para)
567
msgid ""
568
"There are several options available to increase the security for each "
569
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
570
"this section will cover some common options."
571
msgstr ""
572
573
#: serverguide/C/windows-networking.xml:495(title)
574
msgid "Groups"
575
msgstr "Grupper"
576
577
#: serverguide/C/windows-networking.xml:497(para)
578
msgid ""
579
"Groups define a collection of computers or users which have a common level "
580
"of access to particular network resources and offer a level of granularity "
581
"in controlling access to such resources. For example, if a group <emphasis "
582
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
583
"role=\"italic\">freda</emphasis>, <emphasis "
584
"role=\"italic\">danika</emphasis>, and <emphasis "
585
"role=\"italic\">rob</emphasis> and a second group <emphasis "
586
"role=\"italic\">support</emphasis> is defined and consists of users "
587
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
588
"role=\"italic\">jeremy</emphasis>, and <emphasis "
589
"role=\"italic\">vincent</emphasis> then certain network resources configured "
590
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
591
"subsequently enable access by freda, danika, and rob, but not jeremy or "
592
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
593
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
594
"role=\"italic\">support</emphasis> groups, she will be able to access "
595
"resources configured for access by both groups, whereas all other users will "
596
"have only access to resources explicitly allowing the group they are part of."
597
msgstr ""
598
599
#: serverguide/C/windows-networking.xml:511(para)
600
msgid ""
601
"By default Samba looks for the local system groups defined in "
602
"<filename>/etc/group</filename> to determine which users belong to which "
603
"groups. For more information on adding and removing users from groups see "
604
"<xref linkend=\"adding-deleting-users\"/>."
605
msgstr ""
606
607
#: serverguide/C/windows-networking.xml:517(para)
608
msgid ""
609
"When defining groups in the Samba configuration file, "
610
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
611
"preface the group name with an \"@\" symbol. For example, if you wished to "
612
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
613
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
614
"do so by entering the group name as <emphasis "
615
"role=\"bold\">@sysadmin</emphasis>."
616
msgstr ""
617
618
#: serverguide/C/windows-networking.xml:526(title)
619
msgid "File Permissions"
620
msgstr ""
621
622
#: serverguide/C/windows-networking.xml:528(para)
623
msgid ""
624
"File Permissions define the explicit rights a computer or user has to a "
625
"particular directory, file, or set of files. Such permissions may be defined "
626
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
627
"the explicit permissions of a defined file share."
628
msgstr ""
629
630
#: serverguide/C/windows-networking.xml:534(para)
631
msgid ""
632
"For example, if you have defined a Samba share called "
633
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
634
"only</emphasis> permissions to the group of users known as <emphasis "
635
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
636
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
637
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
638
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
639
"under the <emphasis>[share]</emphasis> entry:"
640
msgstr ""
641
642
#: serverguide/C/windows-networking.xml:543(programlisting)
643
#, no-wrap
644
msgid ""
645
"\n"
646
" read list = @qa\n"
647
" write list = @sysadmin, vincent\n"
648
msgstr ""
649
650
#: serverguide/C/windows-networking.xml:548(para)
651
msgid ""
652
"Another possible Samba permission is to declare "
653
"<emphasis>administrative</emphasis> permissions to a particular shared "
654
"resource. Users having administrative permissions may read, write, or modify "
655
"any information contained in the resource the user has been given explicit "
656
"administrative permissions to."
657
msgstr ""
658
659
#: serverguide/C/windows-networking.xml:554(para)
660
msgid ""
661
"For example, if you wanted to give the user <emphasis "
662
"role=\"italic\">melissa</emphasis> administrative permissions to the "
663
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
664
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
665
"under the <emphasis>[share]</emphasis> entry:"
666
msgstr ""
667
668
#: serverguide/C/windows-networking.xml:561(programlisting)
669
#, no-wrap
670
msgid ""
671
"\n"
672
" admin users = melissa\n"
673
msgstr ""
674
675
#: serverguide/C/windows-networking.xml:565(para)
676
msgid ""
677
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
678
"the changes to take effect:"
679
msgstr ""
680
681
#: serverguide/C/windows-networking.xml:575(para)
682
msgid ""
683
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
684
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
685
"<emphasis role=\"italic\">security = share</emphasis>"
686
msgstr ""
687
688
#: serverguide/C/windows-networking.xml:581(para)
689
msgid ""
690
"Now that Samba has been configured to limit which groups have access to the "
691
"shared directory, the filesystem permissions need to be updated."
692
msgstr ""
693
694
#: serverguide/C/windows-networking.xml:586(para)
695
msgid ""
696
"Traditional Linux file permissions do not map well to Windows NT Access "
697
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
698
"providing more fine grained control. For example, to enable ACLs on "
699
"<filename>/srv</filename> an EXT3 filesystem, edit "
700
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
701
msgstr ""
702
703
#: serverguide/C/windows-networking.xml:593(programlisting)
704
#, no-wrap
705
msgid ""
706
"\n"
707
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
708
"0 1\n"
709
msgstr ""
710
711
#: serverguide/C/windows-networking.xml:597(para)
712
msgid "Then remount the partition:"
713
msgstr ""
714
715
#: serverguide/C/windows-networking.xml:602(command)
716
msgid "sudo mount -v -o remount /srv"
717
msgstr "sudo mount -v -o remount /srv"
718
719
#: serverguide/C/windows-networking.xml:606(para)
720
msgid ""
721
"The above example assumes <filename>/srv</filename> on a separate partition. "
722
"If <filename>/srv</filename>, or wherever you have configured your share "
723
"path, is part of the <filename>/</filename> partition a reboot may be "
724
"required."
725
msgstr ""
726
727
#: serverguide/C/windows-networking.xml:613(para)
728
msgid ""
729
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
730
"group will be given read, write, and execute permissions to "
731
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
732
"will be given read and execute permissions, and the files will be owned by "
733
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
734
msgstr ""
735
736
#: serverguide/C/windows-networking.xml:621(command)
737
msgid "sudo chown -R melissa /srv/samba/share/"
738
msgstr ""
739
740
#: serverguide/C/windows-networking.xml:622(command)
741
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
742
msgstr ""
743
744
#: serverguide/C/windows-networking.xml:623(command)
745
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
746
msgstr ""
747
748
#: serverguide/C/windows-networking.xml:627(para)
749
msgid ""
750
"The <application>setfacl</application> command above gives "
751
"<emphasis>execute</emphasis> permissions to all files in the "
752
"<filename>/srv/samba/share</filename> directory, which you may or may not "
753
"want."
754
msgstr ""
755
756
#: serverguide/C/windows-networking.xml:633(para)
757
msgid ""
758
"Now from a Windows client you should notice the new file permissions are "
759
"implemented. See the <application>acl</application> and "
760
"<application>setfacl</application> man pages for more information on POSIX "
761
"ACLs."
762
msgstr ""
763
764
#: serverguide/C/windows-networking.xml:641(title)
765
msgid "Samba AppArmor Profile"
766
msgstr ""
767
768
#: serverguide/C/windows-networking.xml:643(para)
769
msgid ""
770
"Ubuntu comes with the <application>AppArmor</application> security module, "
771
"which provides mandatory access controls. The default AppArmor profile for "
772
"Samba will need to be adapted to your configuration. For more details on "
773
"using AppArmor see <xref linkend=\"apparmor\"/>."
774
msgstr ""
775
776
#: serverguide/C/windows-networking.xml:649(para)
777
msgid ""
778
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
779
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
780
"of the <application>apparmor-profiles</application> packages. To install the "
781
"package, from a terminal prompt enter:"
782
msgstr ""
783
784
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
785
msgid "sudo apt-get install apparmor-profiles"
786
msgstr "sudo apt-get install apparmor-profiles"
787
788
#: serverguide/C/windows-networking.xml:660(para)
789
msgid "This package contains profiles for several other binaries."
790
msgstr ""
791
792
#: serverguide/C/windows-networking.xml:665(para)
793
msgid ""
794
"By default the profiles for <application>smbd</application> and "
795
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
796
"allowing Samba to work without modifying the profile, and only logging "
797
"errors. To place the <application>smbd</application> profile into "
798
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
799
"profile will need to be modified to reflect any directories that are shared."
800
msgstr ""
801
802
#: serverguide/C/windows-networking.xml:672(para)
803
msgid ""
804
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
805
"for <emphasis>[share]</emphasis> from the file server example:"
806
msgstr ""
807
808
#: serverguide/C/windows-networking.xml:677(programlisting)
809
#, no-wrap
810
msgid ""
811
"\n"
812
" /srv/samba/share/ r,\n"
813
" /srv/samba/share/** rwkix,\n"
814
msgstr ""
815
"\n"
816
" /srv/samba/share/ r,\n"
817
" /srv/samba/share/** rwkix,\n"
818
819
#: serverguide/C/windows-networking.xml:682(para)
820
msgid ""
821
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
822
msgstr ""
823
824
#: serverguide/C/windows-networking.xml:687(command)
825
msgid "sudo aa-enforce /usr/sbin/smbd"
826
msgstr "sudo aa-enforce /usr/sbin/smbd"
827
828
#: serverguide/C/windows-networking.xml:688(command)
829
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
830
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
831
832
#: serverguide/C/windows-networking.xml:691(para)
833
msgid ""
834
"You should now be able to read, write, and execute files in the shared "
835
"directory as normal, and the <application>smbd</application> binary will "
836
"have access to only the configured files and directories. Be sure to add "
837
"entries for each directory you configure Samba to share. Also, any errors "
838
"will be logged to <filename>/var/log/syslog</filename>."
839
msgstr ""
840
841
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
842
msgid ""
843
"O'Reilly's <ulink "
844
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
845
"also a good reference."
846
msgstr ""
847
848
#: serverguide/C/windows-networking.xml:722(para)
849
msgid ""
850
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
851
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
852
"security."
853
msgstr ""
854
855
#: serverguide/C/windows-networking.xml:728(para)
856
msgid ""
857
"For more information on Samba and ACLs see the <ulink "
858
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
859
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
860
msgstr ""
861
862
#: serverguide/C/windows-networking.xml:744(title)
863
msgid "Samba as a Domain Controller"
864
msgstr ""
865
866
#: serverguide/C/windows-networking.xml:746(para)
867
msgid ""
868
"Although it cannot act as an Active Directory Primary Domain Controller "
869
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
870
"domain controller. A major advantage of this configuration is the ability to "
871
"centralize user and machine credentials. Samba can also use multiple "
872
"backends to store the user information."
873
msgstr ""
874
875
#: serverguide/C/windows-networking.xml:753(title)
876
msgid "Primary Domain Controller"
877
msgstr ""
878
879
#: serverguide/C/windows-networking.xml:755(para)
880
msgid ""
881
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
882
"using the default smbpasswd backend."
883
msgstr ""
884
885
#: serverguide/C/windows-networking.xml:762(para)
886
msgid ""
887
"First, install Samba, and <application>libpam-smbpass</application> to sync "
888
"the user accounts, by entering the following in a terminal prompt:"
889
msgstr ""
890
891
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
892
msgid "sudo apt-get install samba libpam-smbpass"
893
msgstr "sudo apt-get install samba libpam-smbpass"
894
895
#: serverguide/C/windows-networking.xml:774(para)
896
msgid ""
897
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
898
"The <emphasis>security</emphasis> mode should be set to <emphasis "
899
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
900
"should relate to your organization:"
901
msgstr ""
902
903
#: serverguide/C/windows-networking.xml:789(para)
904
msgid ""
905
"In the commented <quote>Domains</quote> section add or uncomment the "
906
"following:"
907
msgstr ""
908
909
#: serverguide/C/windows-networking.xml:793(programlisting)
910
#, no-wrap
911
msgid ""
912
"\n"
913
" domain logons = yes\n"
914
" logon path = \\\\%N\\%U\\profile\n"
915
" logon drive = H:\n"
916
" logon home = \\\\%N\\%U\n"
917
" logon script = logon.cmd\n"
918
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
919
"/var/lib/samba -s /bin/false %u\n"
920
msgstr ""
921
"\n"
922
" domain logons = yes\n"
923
" logon path = \\\\%N\\%U\\profile\n"
924
" logon drive = H:\n"
925
" logon home = \\\\%N\\%U\n"
926
" logon script = logon.cmd\n"
927
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
928
"/var/lib/samba -s /bin/false %u\n"
929
930
#: serverguide/C/windows-networking.xml:804(para)
931
msgid ""
932
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
933
"Samba to act as a domain controller."
934
msgstr ""
935
936
#: serverguide/C/windows-networking.xml:809(para)
937
msgid ""
938
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
939
"their home directory. It is also possible to configure a "
940
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
941
"directory."
942
msgstr ""
943
944
#: serverguide/C/windows-networking.xml:815(para)
945
msgid ""
946
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
947
msgstr ""
948
949
#: serverguide/C/windows-networking.xml:820(para)
950
msgid ""
951
"<emphasis>logon home:</emphasis> specifies the home directory location."
952
msgstr ""
953
954
#: serverguide/C/windows-networking.xml:825(para)
955
msgid ""
956
"<emphasis>logon script:</emphasis> determines the script to be run locally "
957
"once a user has logged in. The script needs to be placed in the "
958
"<emphasis>[netlogon]</emphasis> share."
959
msgstr ""
960
961
#: serverguide/C/windows-networking.xml:831(para)
962
msgid ""
963
"<emphasis>add machine script:</emphasis> a script that will automatically "
964
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
965
"workstation to join the domain."
966
msgstr ""
967
968
#: serverguide/C/windows-networking.xml:835(para)
969
msgid ""
970
"In this example the <emphasis>machines</emphasis> group will need to be "
971
"created using the <application>addgroup</application> utility see <xref "
972
"linkend=\"adding-deleting-users\"/> for details."
973
msgstr ""
974
975
#: serverguide/C/windows-networking.xml:839(para)
976
msgid ""
977
"Also, rights need to be explicitly provided to the <emphasis>Domain "
978
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
979
"(and other admin functions) to work. This is achieved by executing:"
980
msgstr ""
981
982
#: serverguide/C/windows-networking.xml:844(command)
983
msgid ""
984
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
985
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
986
"SeRemoteShutdownPrivilege"
987
msgstr ""
988
989
#: serverguide/C/windows-networking.xml:851(para)
990
msgid ""
991
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
992
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
993
"commented."
994
msgstr ""
995
996
#: serverguide/C/windows-networking.xml:860(para)
997
msgid ""
998
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
999
"role=\"italic\">logon home</emphasis> to be mapped:"
1000
msgstr ""
1001
1002
#: serverguide/C/windows-networking.xml:865(programlisting)
1003
#, no-wrap
1004
msgid ""
1005
"\n"
1006
"[homes]\n"
1007
" comment = Home Directories\n"
1008
" browseable = no\n"
1009
" read only = no\n"
1010
" create mask = 0700\n"
1011
" directory mask = 0700\n"
1012
" valid users = %S\n"
1013
msgstr ""
1014
1015
#: serverguide/C/windows-networking.xml:878(para)
1016
msgid ""
1017
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1018
"share needs to be configured. To enable the share, uncomment:"
1019
msgstr ""
1020
1021
#: serverguide/C/windows-networking.xml:883(programlisting)
1022
#, no-wrap
1023
msgid ""
1024
"\n"
1025
"[netlogon]\n"
1026
" comment = Network Logon Service\n"
1027
" path = /srv/samba/netlogon\n"
1028
" guest ok = yes\n"
1029
" read only = yes\n"
1030
" share modes = no\n"
1031
msgstr ""
1032
1033
#: serverguide/C/windows-networking.xml:893(para)
1034
msgid ""
1035
"The original <emphasis>netlogon</emphasis> share path is "
1036
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1037
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1038
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1039
"location for site-specific data provided by the system."
1040
msgstr ""
1041
1042
#: serverguide/C/windows-networking.xml:904(para)
1043
msgid ""
1044
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1045
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1046
msgstr ""
1047
1048
#: serverguide/C/windows-networking.xml:910(command)
1049
msgid "sudo mkdir -p /srv/samba/netlogon"
1050
msgstr "sudo mkdir -p /srv/samba/netlogon"
1051
1052
#: serverguide/C/windows-networking.xml:911(command)
1053
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1054
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1055
1056
#: serverguide/C/windows-networking.xml:914(para)
1057
msgid ""
1058
"You can enter any normal Windows logon script commands in "
1059
"<filename>logon.cmd</filename> to customize the client's environment."
1060
msgstr ""
1061
1062
#: serverguide/C/windows-networking.xml:922(para)
1063
msgid ""
1064
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1065
"workstation to the domain, a system group needs to be mapped to the Windows "
1066
"<emphasis>Domain Admins</emphasis> group. Using the "
1067
"<application>net</application> utility, from a terminal enter:"
1068
msgstr ""
1069
1070
#: serverguide/C/windows-networking.xml:929(command)
1071
msgid ""
1072
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1073
"type=d"
1074
msgstr ""
1075
1076
#: serverguide/C/windows-networking.xml:933(para)
1077
msgid ""
1078
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1079
"prefer. Also, the user used to join the domain needs to be a member of the "
1080
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1081
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1082
"allows <application>sudo</application> use."
1083
msgstr ""
1084
1085
#: serverguide/C/windows-networking.xml:944(para)
1086
msgid "Finally, restart Samba to enable the new domain controller:"
1087
msgstr ""
1088
1089
#: serverguide/C/windows-networking.xml:956(para)
1090
msgid ""
1091
"You should now be able to join Windows clients to the Domain in the same "
1092
"manner as joining them to an NT4 domain running on a Windows server."
1093
msgstr ""
1094
1095
#: serverguide/C/windows-networking.xml:966(title)
1096
msgid "Backup Domain Controller"
1097
msgstr ""
1098
1099
#: serverguide/C/windows-networking.xml:968(para)
1100
msgid ""
1101
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1102
"Backup Domain Controller (BDC) as well. This will allow clients to "
1103
"authenticate in case the PDC becomes unavailable."
1104
msgstr ""
1105
1106
#: serverguide/C/windows-networking.xml:973(para)
1107
msgid ""
1108
"When configuring Samba as a BDC you need a way to sync account information "
1109
"with the PDC. There are multiple ways of accomplishing this "
1110
"<application>scp</application>, <application>rsync</application>, or by "
1111
"using <application>LDAP</application> as the <emphasis>passdb "
1112
"backend</emphasis>."
1113
msgstr ""
1114
1115
#: serverguide/C/windows-networking.xml:979(para)
1116
msgid ""
1117
"Using LDAP is the most robust way to sync account information, because both "
1118
"domain controllers can use the same information in real time. However, "
1119
"setting up a LDAP server may be overly complicated for a small number of "
1120
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1121
msgstr ""
1122
1123
#: serverguide/C/windows-networking.xml:988(para)
1124
msgid ""
1125
"First, install <application>samba</application> and <application>libpam-"
1126
"smbpass</application>. From a terminal enter:"
1127
msgstr ""
1128
1129
#: serverguide/C/windows-networking.xml:999(para)
1130
msgid ""
1131
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1132
"following in the <emphasis>[global]</emphasis>:"
1133
msgstr ""
1134
1135
#: serverguide/C/windows-networking.xml:1012(para)
1136
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1137
msgstr ""
1138
1139
#: serverguide/C/windows-networking.xml:1016(programlisting)
1140
#, no-wrap
1141
msgid ""
1142
"\n"
1143
" domain logons = yes\n"
1144
" domain master = no\n"
1145
msgstr ""
1146
1147
#: serverguide/C/windows-networking.xml:1024(para)
1148
msgid ""
1149
"Make sure a user has rights to read the files in "
1150
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1151
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1152
"files, enter:"
1153
msgstr ""
1154
1155
#: serverguide/C/windows-networking.xml:1030(command)
1156
msgid "sudo chgrp -R admin /var/lib/samba"
1157
msgstr "sudo chgrp -R admin /var/lib/samba"
1158
1159
#: serverguide/C/windows-networking.xml:1036(para)
1160
msgid ""
1161
"Next, sync the user accounts, using <application>scp</application> to copy "
1162
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1163
msgstr ""
1164
1165
#: serverguide/C/windows-networking.xml:1042(command)
1166
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1167
msgstr ""
1168
1169
#: serverguide/C/windows-networking.xml:1046(para)
1170
msgid ""
1171
"Replace <emphasis>username</emphasis> with a valid username and "
1172
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1173
msgstr ""
1174
1175
#: serverguide/C/windows-networking.xml:1055(para)
1176
msgid "Finally, restart <application>samba</application>:"
1177
msgstr ""
1178
1179
#: serverguide/C/windows-networking.xml:1067(para)
1180
msgid ""
1181
"You can test that your Backup Domain controller is working by stopping the "
1182
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1183
"the domain."
1184
msgstr ""
1185
1186
#: serverguide/C/windows-networking.xml:1072(para)
1187
msgid ""
1188
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1189
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1190
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1191
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1192
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1193
msgstr ""
1194
1195
#: serverguide/C/windows-networking.xml:1102(para)
1196
msgid ""
1197
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1198
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1199
"up a Primary Domain Controller."
1200
msgstr ""
1201
1202
#: serverguide/C/windows-networking.xml:1108(para)
1203
msgid ""
1204
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1205
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1206
"explains setting up a Backup Domain Controller."
1207
msgstr ""
1208
1209
#: serverguide/C/windows-networking.xml:1123(title)
1210
msgid "Samba Active Directory Integration"
1211
msgstr ""
1212
1213
#: serverguide/C/windows-networking.xml:1126(title)
1214
msgid "Accessing a Samba Share"
1215
msgstr ""
1216
1217
#: serverguide/C/windows-networking.xml:1128(para)
1218
msgid ""
1219
"Another, use for Samba is to integrate into an existing Windows network. "
1220
"Once part of an Active Directory domain, Samba can provide file and print "
1221
"services to AD users."
1222
msgstr ""
1223
1224
#: serverguide/C/windows-networking.xml:1133(para)
1225
msgid ""
1226
"The simplest way to join an AD domain is to use <application>Likewise-"
1227
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1228
"open\"/>."
1229
msgstr ""
1230
1231
#: serverguide/C/windows-networking.xml:1138(para)
1232
msgid ""
1233
"Once part of the domain, enter the following command in the terminal prompt:"
1234
msgstr ""
1235
1236
#: serverguide/C/windows-networking.xml:1143(command)
1237
msgid "sudo apt-get install samba smbfs smbclient"
1238
msgstr "sudo apt-get install samba smbfs smbclient"
1239
1240
#: serverguide/C/windows-networking.xml:1146(para)
1241
msgid ""
1242
"Since the <application>likewise-open</application> and "
1243
"<application>samba</application> packages use separate "
1244
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1245
"<filename role=\"directory\">/var/lib/samba</filename>:"
1246
msgstr ""
1247
1248
#: serverguide/C/windows-networking.xml:1152(command)
1249
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1250
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1251
1252
#: serverguide/C/windows-networking.xml:1153(command)
1253
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1254
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1255
1256
#: serverguide/C/windows-networking.xml:1156(para)
1257
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1258
msgstr ""
1259
1260
#: serverguide/C/windows-networking.xml:1160(programlisting)
1261
#, no-wrap
1262
msgid ""
1263
"\n"
1264
" workgroup = EXAMPLE\n"
1265
" ...\n"
1266
" security = ads\n"
1267
" realm = EXAMPLE.COM\n"
1268
" ...\n"
1269
" idmap backend = lwopen\n"
1270
" idmap uid = 50-9999999999\n"
1271
" idmap gid = 50-9999999999\n"
1272
msgstr ""
1273
1274
#: serverguide/C/windows-networking.xml:1171(para)
1275
msgid ""
1276
"Restart <application>samba</application> for the new settings to take effect:"
1277
msgstr ""
1278
1279
#: serverguide/C/windows-networking.xml:1180(para)
1280
msgid ""
1281
"You should now be able to access any <application>Samba</application> shares "
1282
"from a Windows client. However, be sure to give the appropriate AD users or "
1283
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1284
"security\"/> for more details."
1285
msgstr ""
1286
1287
#: serverguide/C/windows-networking.xml:1188(title)
1288
msgid "Accessing a Windows Share"
1289
msgstr ""
1290
1291
#: serverguide/C/windows-networking.xml:1190(para)
1292
msgid ""
1293
"Now that the Samba server is part of the Active Directory domain you can "
1294
"access any Windows server shares:"
1295
msgstr ""
1296
1297
#: serverguide/C/windows-networking.xml:1197(para)
1298
msgid ""
1299
"To mount a Windows file share enter the following in a terminal prompt:"
1300
msgstr ""
1301
1302
#: serverguide/C/windows-networking.xml:1201(command)
1303
msgid "mount.cifs //fs01.example.com/share mount_point"
1304
msgstr ""
1305
1306
#: serverguide/C/windows-networking.xml:1204(para)
1307
msgid ""
1308
"It is also possible to access shares on computers not part of an AD domain, "
1309
"but a username and password will need to be provided."
1310
msgstr ""
1311
1312
#: serverguide/C/windows-networking.xml:1212(para)
1313
msgid ""
1314
"To mount the share during boot place an entry in "
1315
"<filename>/etc/fstab</filename>, for example:"
1316
msgstr ""
1317
1318
#: serverguide/C/windows-networking.xml:1216(programlisting)
1319
#, no-wrap
1320
msgid ""
1321
"\n"
1322
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1323
"0 0\n"
1324
msgstr ""
1325
1326
#: serverguide/C/windows-networking.xml:1223(para)
1327
msgid ""
1328
"Another way to copy files from a Windows server is to use the "
1329
"<application>smbclient</application> utility. To list the files in a Windows "
1330
"share:"
1331
msgstr ""
1332
1333
#: serverguide/C/windows-networking.xml:1229(command)
1334
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1335
msgstr ""
1336
1337
#: serverguide/C/windows-networking.xml:1235(para)
1338
msgid "To copy a file from the share, enter:"
1339
msgstr ""
1340
1341
#: serverguide/C/windows-networking.xml:1240(command)
1342
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1343
msgstr ""
1344
1345
#: serverguide/C/windows-networking.xml:1243(para)
1346
msgid ""
1347
"This will copy the <filename>file.txt</filename> into the current directory."
1348
msgstr ""
1349
1350
#: serverguide/C/windows-networking.xml:1250(para)
1351
msgid "And to copy a file to the share:"
1352
msgstr ""
1353
1354
#: serverguide/C/windows-networking.xml:1255(command)
1355
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1356
msgstr ""
1357
1358
#: serverguide/C/windows-networking.xml:1258(para)
1359
msgid ""
1360
"This will copy the <filename>/etc/hosts</filename> to "
1361
"<filename>//fs01.example.com/share/hosts</filename>."
1362
msgstr ""
1363
1364
#: serverguide/C/windows-networking.xml:1265(para)
1365
msgid ""
1366
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1367
"<application>smbclient</application> command all at once. This is useful for "
1368
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1369
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1370
"and directory commands, simply execute:"
1371
msgstr ""
1372
1373
#: serverguide/C/windows-networking.xml:1272(command)
1374
msgid "smbclient //fs01.example.com/share -k"
1375
msgstr ""
1376
1377
#: serverguide/C/windows-networking.xml:1279(para)
1378
msgid ""
1379
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1380
"<emphasis>//192.168.0.5/share</emphasis>, "
1381
"<emphasis>username=steve,password=secret</emphasis>, and "
1382
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1383
"file name, and an actual username and password with rights to the share."
1384
msgstr ""
1385
1386
#: serverguide/C/windows-networking.xml:1290(para)
1387
msgid ""
1388
"For more <application>smbclient</application> options see the man page: "
1389
"<command>man smbclient</command>, also available <ulink "
1390
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1391
">online</ulink>."
1392
msgstr ""
1393
1394
#: serverguide/C/windows-networking.xml:1295(para)
1395
msgid ""
1396
"The <application>mount.cifs</application><ulink "
1397
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1398
"\">man page</ulink> is also useful for more detailed information."
1399
msgstr ""
1400
1401
#: serverguide/C/windows-networking.xml:1308(title)
1402
msgid "Likewise Open"
1403
msgstr ""
1404
1405
#: serverguide/C/windows-networking.xml:1310(para)
1406
msgid ""
1407
"<application>Likewise Open</application> simplifies the necessary "
1408
"configuration needed to authenticate a Linux machine to an Active Directory "
1409
"domain. Based on <application>winbind</application>, the "
1410
"<application>likewise-open</application> package takes the pain out of "
1411
"integrating Ubuntu authentication into an existing Windows network."
1412
msgstr ""
1413
1414
#: serverguide/C/windows-networking.xml:1319(para)
1415
msgid ""
1416
"There are two ways to use Likewise Open, <application>likewise-"
1417
"open</application> the command line utility and <application>likewise-open-"
1418
"gui</application>. This section focuses on the command line utility."
1419
msgstr ""
1420
1421
#: serverguide/C/windows-networking.xml:1324(para)
1422
msgid ""
1423
"To install the <application>likewise-open</application> package, open a "
1424
"terminal prompt and enter:"
1425
msgstr ""
1426
1427
#: serverguide/C/windows-networking.xml:1329(command)
1428
msgid "sudo apt-get install likewise-open"
1429
msgstr "sudo apt-get install likewise-open"
1430
1431
#: serverguide/C/windows-networking.xml:1334(title)
1432
msgid "Joining a Domain"
1433
msgstr ""
1434
1435
#: serverguide/C/windows-networking.xml:1336(para)
1436
msgid ""
1437
"The main executable file of the <application>likewise-open</application> "
1438
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1439
"join your computer to the domain. Before you join a domain you will need to "
1440
"make sure you have:"
1441
msgstr ""
1442
1443
#: serverguide/C/windows-networking.xml:1344(para)
1444
msgid ""
1445
"Access to an Active Directory user with appropriate rights to join the "
1446
"domain."
1447
msgstr ""
1448
1449
#: serverguide/C/windows-networking.xml:1349(para)
1450
msgid ""
1451
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1452
"you want to join. If your AD domain does not match a valid domain such as "
1453
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1454
"the form of <emphasis>domainname.local</emphasis>."
1455
msgstr ""
1456
1457
#: serverguide/C/windows-networking.xml:1356(para)
1458
msgid ""
1459
"DNS for the domain setup properly. In a production AD environment this "
1460
"should be the case. Proper Microsoft DNS is needed so that client "
1461
"workstations can determine the Active Directory domain is available."
1462
msgstr ""
1463
1464
#: serverguide/C/windows-networking.xml:1360(para)
1465
msgid ""
1466
"If you don't have a Windows DNS server on your network, see <xref "
1467
"linkend=\"likewise-open-ms-dns\"/> for details."
1468
msgstr ""
1469
1470
#: serverguide/C/windows-networking.xml:1367(para)
1471
msgid "To join a domain, from a terminal prompt enter:"
1472
msgstr ""
1473
1474
#: serverguide/C/windows-networking.xml:1372(command)
1475
msgid "sudo domainjoin-cli join example.com Administrator"
1476
msgstr ""
1477
1478
#: serverguide/C/windows-networking.xml:1376(para)
1479
msgid ""
1480
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1481
"<emphasis>Administrator</emphasis> with the appropriate user name."
1482
msgstr ""
1483
1484
#: serverguide/C/windows-networking.xml:1382(para)
1485
msgid ""
1486
"You will then be prompted for the user's password. If all goes well a "
1487
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1488
msgstr ""
1489
1490
#: serverguide/C/windows-networking.xml:1388(para)
1491
msgid ""
1492
"After joining the domain, it is necessary to reboot before attempting to "
1493
"authenticate against the domain."
1494
msgstr ""
1495
1496
#: serverguide/C/windows-networking.xml:1394(para)
1497
msgid ""
1498
"After successfully joining an Ubuntu machine to an Active Directory domain "
1499
"you can authenticate using any valid AD user. To login you will need to "
1500
"enter the user name as 'domain\\username'. For example to ssh to a server "
1501
"joined to the domain enter:"
1502
msgstr ""
1503
1504
#: serverguide/C/windows-networking.xml:1401(command)
1505
msgid "ssh 'example\\steve'@hostname"
1506
msgstr ""
1507
1508
#: serverguide/C/windows-networking.xml:1405(para)
1509
msgid ""
1510
"If configuring a Desktop the user name will need to be prefixed with "
1511
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1512
msgstr ""
1513
1514
#: serverguide/C/windows-networking.xml:1411(para)
1515
msgid ""
1516
"To make likewise-open use a default domain, you can add the following "
1517
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1518
msgstr ""
1519
1520
#: serverguide/C/windows-networking.xml:1415(programlisting)
1521
#, no-wrap
1522
msgid ""
1523
"\n"
1524
"winbind use default domain = yes\n"
1525
msgstr ""
1526
1527
#: serverguide/C/windows-networking.xml:1419(para)
1528
msgid "Then restart the <application>likewise-open</application> daemons:"
1529
msgstr ""
1530
1531
#: serverguide/C/windows-networking.xml:1424(command)
1532
msgid "sudo /etc/init.d/likewise-open restart"
1533
msgstr "sudo /etc/init.d/likewise-open restart"
1534
1535
#: serverguide/C/windows-networking.xml:1428(para)
1536
msgid ""
1537
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1538
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1539
"using only their username."
1540
msgstr ""
1541
1542
#: serverguide/C/windows-networking.xml:1434(para)
1543
msgid ""
1544
"The <application>domainjoin-cli</application> utility can also be used to "
1545
"leave the domain. From a terminal:"
1546
msgstr ""
1547
1548
#: serverguide/C/windows-networking.xml:1439(command)
1549
msgid "sudo domainjoin-cli leave"
1550
msgstr "sudo domainjoin-cli leave"
1551
1552
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1553
msgid "Other Utilities"
1554
msgstr ""
1555
1556
#: serverguide/C/windows-networking.xml:1446(para)
1557
msgid ""
1558
"The <application>likewise-open</application> package comes with a few other "
1559
"utilities that may be useful for gathering information about the Active "
1560
"Directory environment. These utilities are used to join the machine to the "
1561
"domain, and are the same as those available in the <application>samba-"
1562
"common</application> and <application>winbind</application> packages:"
1563
msgstr ""
1564
1565
#: serverguide/C/windows-networking.xml:1455(para)
1566
msgid ""
1567
"<application>lwinet</application>: Returns information about the network and "
1568
"the domain."
1569
msgstr ""
1570
1571
#: serverguide/C/windows-networking.xml:1460(para)
1572
msgid ""
1573
"<application>lwimsg</application>: Allows interaction with the "
1574
"<application>likewise-winbindd</application> daemon."
1575
msgstr ""
1576
1577
#: serverguide/C/windows-networking.xml:1465(para)
1578
msgid ""
1579
"<application>lwiinfo</application>: Displays information about various parts "
1580
"of the Domain."
1581
msgstr ""
1582
1583
#: serverguide/C/windows-networking.xml:1471(para)
1584
msgid "Please refer to each utility's man page specific for details."
1585
msgstr ""
1586
1587
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1588
msgid "Troubleshooting"
1589
msgstr "Fejlfinding"
1590
1591
#: serverguide/C/windows-networking.xml:1481(para)
1592
msgid ""
1593
"If the client has trouble joining the domain, double check that the "
1594
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1595
"example:"
1596
msgstr ""
1597
1598
#: serverguide/C/windows-networking.xml:1486(programlisting)
1599
#, no-wrap
1600
msgid ""
1601
"\n"
1602
"nameserver 192.168.0.1\n"
1603
msgstr ""
1604
1605
#: serverguide/C/windows-networking.xml:1491(para)
1606
msgid ""
1607
"For more information when joining a domain, use the <emphasis>--loglevel "
1608
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1609
"<application>domainjoin-cli</application> utility:"
1610
msgstr ""
1611
1612
#: serverguide/C/windows-networking.xml:1497(command)
1613
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1614
msgstr ""
1615
1616
#: serverguide/C/windows-networking.xml:1501(para)
1617
msgid ""
1618
"If an Active Directory user has trouble logging in, check the "
1619
"<filename>/var/log/auth.log</filename> for details."
1620
msgstr ""
1621
1622
#: serverguide/C/windows-networking.xml:1506(para)
1623
msgid ""
1624
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1625
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1626
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1627
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1628
"<emphasis>hosts</emphasis> option. For example:"
1629
msgstr ""
1630
1631
#: serverguide/C/windows-networking.xml:1512(programlisting)
1632
#, no-wrap
1633
msgid ""
1634
"\n"
1635
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1636
msgstr ""
1637
1638
#: serverguide/C/windows-networking.xml:1516(para)
1639
msgid "Change the above to:"
1640
msgstr ""
1641
1642
#: serverguide/C/windows-networking.xml:1520(programlisting)
1643
#, no-wrap
1644
msgid ""
1645
"\n"
1646
"hosts: files dns [NOTFOUND=return]\n"
1647
msgstr ""
1648
1649
#: serverguide/C/windows-networking.xml:1524(para)
1650
msgid "Then restart networking by entering:"
1651
msgstr ""
1652
1653
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1654
msgid "sudo /etc/init.d/networking restart"
1655
msgstr "sudo /etc/init.d/networking restart"
1656
1657
#: serverguide/C/windows-networking.xml:1532(para)
1658
msgid "You should now be able to join the Active Directory domain."
1659
msgstr ""
1660
1661
#: serverguide/C/windows-networking.xml:1540(title)
1662
msgid "Microsoft DNS"
1663
msgstr ""
1664
1665
#: serverguide/C/windows-networking.xml:1542(para)
1666
msgid ""
1667
"The following are instructions for installing DNS on an Active Directory "
1668
"domain controller running Windows Server 2003, but the instructions should "
1669
"be similar for other versions:"
1670
msgstr ""
1671
1672
#: serverguide/C/windows-networking.xml:1551(para)
1673
msgid ""
1674
"Click "
1675
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1676
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1677
"This will open the <application>Server Role Mangement</application> utility."
1678
msgstr ""
1679
1680
#: serverguide/C/windows-networking.xml:1559(para)
1681
msgid "Click <guilabel>Add or remove a role</guilabel>"
1682
msgstr ""
1683
1684
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1685
msgid "Click Next"
1686
msgstr ""
1687
1688
#: serverguide/C/windows-networking.xml:1561(para)
1689
msgid "Select \"DNS Server\""
1690
msgstr ""
1691
1692
#: serverguide/C/windows-networking.xml:1563(para)
1693
msgid "Click Next again to proceed"
1694
msgstr ""
1695
1696
#: serverguide/C/windows-networking.xml:1564(para)
1697
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1698
msgstr ""
1699
1700
#: serverguide/C/windows-networking.xml:1566(para)
1701
msgid ""
1702
"Make sure \"This server maintains the zone\" is selected and click Next."
1703
msgstr ""
1704
1705
#: serverguide/C/windows-networking.xml:1567(para)
1706
msgid "Enter your domain name and click Next"
1707
msgstr ""
1708
1709
#: serverguide/C/windows-networking.xml:1568(para)
1710
msgid "Click Next to \"Allow only secure dynamic updates\""
1711
msgstr ""
1712
1713
#: serverguide/C/windows-networking.xml:1570(para)
1714
msgid ""
1715
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1716
"should not forward queries\" and click Next."
1717
msgstr ""
1718
1719
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1720
msgid "Click Finish"
1721
msgstr ""
1722
1723
#: serverguide/C/windows-networking.xml:1577(para)
1724
msgid ""
1725
"DNS is now installed and can be further configured using the "
1726
"<application>Microsoft Management Console</application> DNS snap-in."
1727
msgstr ""
1728
1729
#: serverguide/C/windows-networking.xml:1585(para)
1730
msgid "Click Start"
1731
msgstr ""
1732
1733
#: serverguide/C/windows-networking.xml:1586(para)
1734
msgid "Control Panel"
1735
msgstr "Kontrolpanel"
1736
1737
#: serverguide/C/windows-networking.xml:1587(para)
1738
msgid "Network Connections"
1739
msgstr "Netværksforbindelser"
1740
1741
#: serverguide/C/windows-networking.xml:1588(para)
1742
msgid "Right Click \"Local Area Connection\""
1743
msgstr ""
1744
1745
#: serverguide/C/windows-networking.xml:1589(para)
1746
msgid "Click Properties"
1747
msgstr ""
1748
1749
#: serverguide/C/windows-networking.xml:1590(para)
1750
msgid "Double click \"Internet Protocol (TCP/IP)\""
1751
msgstr ""
1752
1753
#: serverguide/C/windows-networking.xml:1591(para)
1754
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1755
msgstr ""
1756
1757
#: serverguide/C/windows-networking.xml:1592(para)
1758
msgid "Click Ok"
1759
msgstr ""
1760
1761
#: serverguide/C/windows-networking.xml:1593(para)
1762
msgid "Click Ok again to save the settings"
1763
msgstr ""
1764
1765
#: serverguide/C/windows-networking.xml:1582(para)
1766
msgid ""
1767
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1768
msgstr ""
1769
1770
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1771
msgid "References"
1772
msgstr "Henvisninger"
1773
1774
#: serverguide/C/windows-networking.xml:1602(para)
1775
msgid ""
1776
"Please refer to the <ulink "
1777
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1778
"further information."
1779
msgstr ""
1780
1781
#: serverguide/C/windows-networking.xml:1606(para)
1782
msgid ""
1783
"For more <application>domainjoin-cli</application> options see the man page: "
1784
"<command>man domainjoin-cli</command>."
1785
msgstr ""
1786
1787
#: serverguide/C/windows-networking.xml:1610(para)
1788
msgid ""
1789
"Also, see the <ulink "
1790
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1791
"LikewiseOpen</ulink> page."
1792
msgstr ""
1793
1794
#: serverguide/C/web-servers.xml:13(title)
1795
msgid "Web Servers"
1796
msgstr ""
1797
1798
#: serverguide/C/web-servers.xml:14(para)
1799
msgid ""
1800
"A Web server is a software responsible for accepting HTTP requests from "
1801
"clients, which are known as Web browsers, and serving them HTTP responses "
1802
"along with optional data contents, which usually are Web pages such as HTML "
1803
"documents and linked objects (images, etc.)."
1804
msgstr ""
1805
1806
#: serverguide/C/web-servers.xml:19(title)
1807
msgid "HTTPD - Apache2 Web Server"
1808
msgstr ""
1809
1810
#: serverguide/C/web-servers.xml:20(para)
1811
msgid ""
1812
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1813
"are used to serve Web Pages requested by client computers. Clients typically "
1814
"request and view Web Pages using Web Browser applications such as "
1815
"<application>Firefox</application>, <application>Opera</application>, or "
1816
"<application>Mozilla</application>."
1817
msgstr ""
1818
1819
#: serverguide/C/web-servers.xml:24(para)
1820
msgid ""
1821
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1822
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1823
"resource. For example, to view the home page of the <ulink "
1824
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1825
"the FQDN. To request specific information about <ulink "
1826
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1827
"enter the FQDN followed by a path."
1828
msgstr ""
1829
1830
#: serverguide/C/web-servers.xml:29(para)
1831
msgid ""
1832
"The most common protocol used to transfer Web pages is the Hyper Text "
1833
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1834
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1835
"protocol for uploading and downloading files, are also supported."
1836
msgstr ""
1837
1838
#: serverguide/C/web-servers.xml:33(para)
1839
msgid ""
1840
"Apache Web Servers are often used in combination with the "
1841
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1842
"(<application>PHP</application>) scripting language, and other popular "
1843
"scripting languages such as <application>Python</application> and "
1844
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1845
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1846
"for the development and deployment of Web-based applications."
1847
msgstr ""
1848
1849
#: serverguide/C/web-servers.xml:42(para)
1850
msgid ""
1851
"The <application>Apache2</application> web server is available in Ubuntu "
1852
"Linux. To install Apache2:"
1853
msgstr ""
1854
1855
#: serverguide/C/web-servers.xml:48(para)
1856
msgid "At a terminal prompt enter the following command:"
1857
msgstr ""
1858
1859
#: serverguide/C/web-servers.xml:53(command)
1860
msgid "sudo apt-get install apache2"
1861
msgstr "sudo apt-get install apache2"
1862
1863
#: serverguide/C/web-servers.xml:63(para)
1864
msgid ""
1865
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1866
"text configuration files. These <emphasis>directives</emphasis> are "
1867
"separated between the following files and directories:"
1868
msgstr ""
1869
1870
#: serverguide/C/web-servers.xml:71(para)
1871
msgid ""
1872
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1873
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1874
msgstr ""
1875
1876
#: serverguide/C/web-servers.xml:77(para)
1877
msgid ""
1878
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1879
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1880
"serve content may add files, or symlinks, to this directory."
1881
msgstr ""
1882
1883
#: serverguide/C/web-servers.xml:83(para)
1884
msgid ""
1885
"<emphasis>envvars:</emphasis> file where Apache2 "
1886
"<emphasis>environment</emphasis> variables are set."
1887
msgstr ""
1888
1889
#: serverguide/C/web-servers.xml:88(para)
1890
msgid ""
1891
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1892
"file, named after the <application>httpd</application> daemon. The file can "
1893
"be used for <emphasis>user specific</emphasis> configuration options that "
1894
"globally effect Apache2."
1895
msgstr ""
1896
1897
#: serverguide/C/web-servers.xml:95(para)
1898
msgid ""
1899
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1900
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1901
"modules will have specific configuration files, however."
1902
msgstr ""
1903
1904
#: serverguide/C/web-servers.xml:101(para)
1905
msgid ""
1906
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1907
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1908
"configuration file is symlinked it will be enabled the next time "
1909
"<application>apache2</application> is restarted."
1910
msgstr ""
1911
1912
#: serverguide/C/web-servers.xml:108(para)
1913
msgid ""
1914
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1915
"TCP ports Apache2 is listening on."
1916
msgstr ""
1917
1918
#: serverguide/C/web-servers.xml:113(para)
1919
msgid ""
1920
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1921
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1922
"to be configured for multiple sites that have separate configurations."
1923
msgstr ""
1924
1925
#: serverguide/C/web-servers.xml:119(para)
1926
msgid ""
1927
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1928
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1929
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1930
"a configuration file in sites-available is symlinked, the site configured by "
1931
"it will be active once Apache2 is restarted."
1932
msgstr ""
1933
1934
#: serverguide/C/web-servers.xml:127(para)
1935
msgid ""
1936
"In addition, other configuration files may be added using the "
1937
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1938
"many configuration files. Any directive may be placed in any of these "
1939
"configuration files. Changes to the main configuration files are only "
1940
"recognized by Apache2 when it is started or restarted."
1941
msgstr ""
1942
1943
#: serverguide/C/web-servers.xml:136(para)
1944
msgid ""
1945
"The server also reads a file containing mime document types; the filename is "
1946
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1947
"<filename>/etc/mime.types</filename> by default."
1948
msgstr ""
1949
1950
#: serverguide/C/web-servers.xml:141(title)
1951
msgid "Basic Settings"
1952
msgstr "Grundindstillinger"
1953
1954
#: serverguide/C/web-servers.xml:142(para)
1955
msgid ""
1956
"This section explains Apache2 server essential configuration parameters. "
1957
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1958
"Documentation</ulink> for more details."
1959
msgstr ""
1960
1961
#: serverguide/C/web-servers.xml:150(para)
1962
msgid ""
1963
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1964
"it is configured with a single default virtual host (using the "
1965
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1966
"if you have a single site, or used as a template for additional virtual "
1967
"hosts if you have multiple sites. If left alone, the default virtual host "
1968
"will serve as your default site, or the site users will see if the URL they "
1969
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1970
"your custom sites. To modify the default virtual host, edit the file "
1971
"<filename>/etc/apache2/sites-available/default</filename>."
1972
msgstr ""
1973
1974
#: serverguide/C/web-servers.xml:163(para)
1975
msgid ""
1976
"The directives set for a virtual host only apply to that particular virtual "
1977
"host. If a directive is set server-wide and not defined within the virtual "
1978
"host settings, the default setting is used. For example, you can define a "
1979
"Webmaster email address and not define individual email addresses for each "
1980
"virtual host."
1981
msgstr ""
1982
1983
#: serverguide/C/web-servers.xml:171(para)
1984
msgid ""
1985
"If you wish to configure a new virtual host or site, copy that file into the "
1986
"same directory with a name you choose. For example:"
1987
msgstr ""
1988
1989
#: serverguide/C/web-servers.xml:177(command)
1990
msgid ""
1991
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1992
"available/mynewsite"
1993
msgstr ""
1994
1995
#: serverguide/C/web-servers.xml:180(para)
1996
msgid ""
1997
"Edit the new file to configure the new site using some of the directives "
1998
"described below."
1999
msgstr ""
2000
2001
#: serverguide/C/web-servers.xml:187(para)
2002
msgid ""
2003
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2004
"to be advertised for the server's administrator. The default value is "
2005
"webmaster@localhost. This should be changed to an email address that is "
2006
"delivered to you (if you are the server's administrator). If your website "
2007
"has a problem, Apache2 will display an error message containing this email "
2008
"address to report the problem to. Find this directive in your site's "
2009
"configuration file in /etc/apache2/sites-available."
2010
msgstr ""
2011
2012
#: serverguide/C/web-servers.xml:198(para)
2013
msgid ""
2014
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2015
"the IP address, Apache2 should listen on. If the IP address is not "
2016
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2017
"it runs on. The default value for the Listen directive is 80. Change this to "
2018
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2019
"that it will not be available to the Internet, to (for example) 81 to change "
2020
"the port that it listens on, or leave it as is for normal operation. This "
2021
"directive can be found and changed in its own file, "
2022
"<filename>/etc/apache2/ports.conf</filename>"
2023
msgstr ""
2024
2025
#: serverguide/C/web-servers.xml:211(para)
2026
msgid ""
2027
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2028
"FQDN your site should answer to. The default virtual host has no ServerName "
2029
"directive specified, so it will respond to all requests that do not match a "
2030
"ServerName directive in another virtual host. If you have just acquired the "
2031
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2032
"value of the ServerName directive in your virtual host configuration file "
2033
"should be ubunturocks.com. Add this directive to the new virtual host file "
2034
"you created earlier (<filename>/etc/apache2/sites-"
2035
"available/mynewsite</filename>)."
2036
msgstr ""
2037
2038
#: serverguide/C/web-servers.xml:223(para)
2039
msgid ""
2040
"You may also want your site to respond to www.ubunturocks.com, since many "
2041
"users will assume the www prefix is appropriate. Use the "
2042
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2043
"wildcards in the ServerAlias directive."
2044
msgstr ""
2045
2046
#: serverguide/C/web-servers.xml:230(para)
2047
msgid ""
2048
"For example, the following configuration will cause your site to respond to "
2049
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2050
msgstr ""
2051
2052
#: serverguide/C/web-servers.xml:236(programlisting)
2053
#, no-wrap
2054
msgid ""
2055
"\n"
2056
"ServerAlias *.ubunturocks.com\n"
2057
msgstr ""
2058
2059
#: serverguide/C/web-servers.xml:242(para)
2060
msgid ""
2061
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2062
"should look for the files that make up the site. The default value is "
2063
"/var/www. No site is configured there, but if you uncomment the "
2064
"<emphasis>RedirectMatch</emphasis> directive in "
2065
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2066
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2067
"this value in your site's virtual host file, and remember to create that "
2068
"directory if necessary!"
2069
msgstr ""
2070
2071
#: serverguide/C/web-servers.xml:254(para)
2072
msgid ""
2073
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2074
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2075
"enabled point to \"available\" sites."
2076
msgstr ""
2077
2078
#: serverguide/C/web-servers.xml:260(para)
2079
msgid ""
2080
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2081
"<application>a2ensite</application> utility and restart Apache2:"
2082
msgstr ""
2083
2084
#: serverguide/C/web-servers.xml:266(command)
2085
msgid "sudo a2ensite mynewsite"
2086
msgstr ""
2087
2088
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2089
msgid "sudo /etc/init.d/apache2 restart"
2090
msgstr "sudo /etc/init.d/apache2 restart"
2091
2092
#: serverguide/C/web-servers.xml:271(para)
2093
msgid ""
2094
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2095
"name for the VirtualHost. One method is to name the file after the "
2096
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2097
msgstr ""
2098
2099
#: serverguide/C/web-servers.xml:278(para)
2100
msgid ""
2101
"Similarly, use the <application>a2dissite</application> utility to disable "
2102
"sites. This is can be useful when troubleshooting configuration problems "
2103
"with multiple VirtualHosts:"
2104
msgstr ""
2105
2106
#: serverguide/C/web-servers.xml:284(command)
2107
msgid "sudo a2dissite mynewsite"
2108
msgstr ""
2109
2110
#: serverguide/C/web-servers.xml:290(title)
2111
msgid "Default Settings"
2112
msgstr "Standardindstillinger"
2113
2114
#: serverguide/C/web-servers.xml:292(para)
2115
msgid ""
2116
"This section explains configuration of the Apache2 server default settings. "
2117
"For example, if you add a virtual host, the settings you configure for the "
2118
"virtual host take precedence for that virtual host. For a directive not "
2119
"defined within the virtual host settings, the default value is used."
2120
msgstr ""
2121
2122
#: serverguide/C/web-servers.xml:304(para)
2123
msgid ""
2124
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2125
"server when a user requests an index of a directory by specifying a forward "
2126
"slash (/) at the end of the directory name."
2127
msgstr ""
2128
2129
#: serverguide/C/web-servers.xml:311(para)
2130
msgid ""
2131
"For example, when a user requests the page "
2132
"http://www.example.com/this_directory/, he or she will get either the "
2133
"DirectoryIndex page if it exists, a server-generated directory list if it "
2134
"does not and the Indexes option is specified, or a Permission Denied page if "
2135
"neither is true. The server will try to find one of the files listed in the "
2136
"DirectoryIndex directive and will return the first one it finds. If it does "
2137
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2138
"set for that directory, the server will generate and return a list, in HTML "
2139
"format, of the subdirectories and files in the directory. The default value, "
2140
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2141
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2142
"Apache2 finds a file in a requested directory matching any of these names, "
2143
"the first will be displayed."
2144
msgstr ""
2145
2146
#: serverguide/C/web-servers.xml:332(para)
2147
msgid ""
2148
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2149
"file for Apache2 to use for specific error events. For example, if a user "
2150
"requests a resource that does not exist, a 404 error will occur, and per "
2151
"Apache2's default configuration, the file "
2152
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2153
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2154
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2155
"redirects requests to the /error directory to "
2156
"<filename>/usr/share/apache2/error/</filename>."
2157
msgstr ""
2158
2159
#: serverguide/C/web-servers.xml:344(para)
2160
msgid ""
2161
"To see a list of the default ErrorDocument directives, use this command:"
2162
msgstr ""
2163
2164
#: serverguide/C/web-servers.xml:350(command)
2165
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2166
msgstr ""
2167
2168
#: serverguide/C/web-servers.xml:355(para)
2169
msgid ""
2170
"By default, the server writes the transfer log to the file "
2171
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2172
"per-site basis in your virtual host configuration files with the "
2173
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2174
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2175
"specify the file to which errors are logged, via the "
2176
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2177
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2178
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2179
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2180
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2181
"/etc/apache2/apache2.conf</filename> for the default value)."
2182
msgstr ""
2183
2184
#: serverguide/C/web-servers.xml:370(para)
2185
msgid ""
2186
"Some options are specified on a per-directory basis rather than per-server. "
2187
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2188
"is enclosed in XML-like tags, like so:"
2189
msgstr ""
2190
2191
#: serverguide/C/web-servers.xml:376(programlisting)
2192
#, no-wrap
2193
msgid ""
2194
"\n"
2195
"<Directory /var/www/mynewsite>\n"
2196
"...\n"
2197
"</Directory>\n"
2198
msgstr ""
2199
2200
#: serverguide/C/web-servers.xml:382(para)
2201
msgid ""
2202
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2203
"one or more of the following values (among others), separated by spaces:"
2204
msgstr ""
2205
2206
#: serverguide/C/web-servers.xml:394(para)
2207
msgid ""
2208
"Most files should not be executed as CGI scripts. This would be very "
2209
"dangerous. CGI scripts should kept in a directory separate from and outside "
2210
"your DocumentRoot, and only this directory should have the ExecCGI option "
2211
"set. This is the default, and the default location for CGI scripts is "
2212
"<filename>/usr/lib/cgi-bin</filename>."
2213
msgstr ""
2214
2215
#: serverguide/C/web-servers.xml:389(para)
2216
msgid ""
2217
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2218
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2219
msgstr ""
2220
2221
#: serverguide/C/web-servers.xml:405(para)
2222
msgid ""
2223
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2224
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2225
"other files. This is not a common option. See <ulink "
2226
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2227
"HOWTO</ulink> for more information."
2228
msgstr ""
2229
2230
#: serverguide/C/web-servers.xml:414(para)
2231
msgid ""
2232
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2233
"includes, but disable the <emphasis>#exec</emphasis> and "
2234
"<emphasis>#include</emphasis> commands in CGI scripts."
2235
msgstr ""
2236
2237
#: serverguide/C/web-servers.xml:426(para)
2238
msgid ""
2239
"For security reasons, this should usually not be set, and certainly should "
2240
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2241
"per-directory basis only if you are certain you want users to see the entire "
2242
"contents of the directory."
2243
msgstr ""
2244
2245
#: serverguide/C/web-servers.xml:421(para)
2246
msgid ""
2247
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2248
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2249
"index.html) exists in the requested directory. <placeholder-1/>"
2250
msgstr ""
2251
2252
#: serverguide/C/web-servers.xml:436(para)
2253
msgid ""
2254
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2255
"multiviews; this option is disabled by default for security reasons. See the "
2256
"<ulink "
2257
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2258
"Apache2 documentation on this option</ulink>."
2259
msgstr ""
2260
2261
#: serverguide/C/web-servers.xml:444(para)
2262
msgid ""
2263
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2264
"symbolic links if the target file or directory has the same owner as the "
2265
"link."
2266
msgstr ""
2267
2268
#: serverguide/C/web-servers.xml:456(title)
2269
msgid "httpd Settings"
2270
msgstr ""
2271
2272
#: serverguide/C/web-servers.xml:458(para)
2273
msgid ""
2274
"This section explains some basic <application>httpd</application> daemon "
2275
"configuration settings."
2276
msgstr ""
2277
2278
#: serverguide/C/web-servers.xml:462(para)
2279
msgid ""
2280
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2281
"the path to the lockfile used when the server is compiled with either "
2282
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2283
"stored on the local disk. It should be left to the default value unless the "
2284
"logs directory is located on an NFS share. If this is the case, the default "
2285
"value should be changed to a location on the local disk and to a directory "
2286
"that is readable only by root."
2287
msgstr ""
2288
2289
#: serverguide/C/web-servers.xml:471(para)
2290
msgid ""
2291
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2292
"file in which the server records its process ID (pid). This file should only "
2293
"be readable by root. In most cases, it should be left to the default value."
2294
msgstr ""
2295
2296
#: serverguide/C/web-servers.xml:477(para)
2297
msgid ""
2298
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2299
"used by the server to answer requests. This setting determines the server's "
2300
"access. Any files inaccessible to this user will also be inaccessible to "
2301
"your website's visitors. The default value for User is www-data."
2302
msgstr ""
2303
2304
#: serverguide/C/web-servers.xml:484(para)
2305
msgid ""
2306
"Unless you know exactly what you are doing, do not set the User directive to "
2307
"root. Using root as the User will create large security holes for your Web "
2308
"server."
2309
msgstr ""
2310
2311
#: serverguide/C/web-servers.xml:490(para)
2312
msgid ""
2313
"The Group directive is similar to the User directive. Group sets the group "
2314
"under which the server will answer requests. The default group is also www-"
2315
"data."
2316
msgstr ""
2317
2318
#: serverguide/C/web-servers.xml:496(title)
2319
msgid "Apache2 Modules"
2320
msgstr ""
2321
2322
#: serverguide/C/web-servers.xml:498(para)
2323
msgid ""
2324
"Apache2 is a modular server. This implies that only the most basic "
2325
"functionality is included in the core server. Extended features are "
2326
"available through modules which can be loaded into Apache2. By default, a "
2327
"base set of modules is included in the server at compile-time. If the server "
2328
"is compiled to use dynamically loaded modules, then modules can be compiled "
2329
"separately, and added at any time using the LoadModule directive. Otherwise, "
2330
"Apache2 must be recompiled to add or remove modules."
2331
msgstr ""
2332
2333
#: serverguide/C/web-servers.xml:510(para)
2334
msgid ""
2335
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2336
"Configuration directives may be conditionally included on the presence of a "
2337
"particular module by enclosing them in an "
2338
"<emphasis><IfModule></emphasis> block."
2339
msgstr ""
2340
2341
#: serverguide/C/web-servers.xml:517(para)
2342
msgid ""
2343
"You can install additional Apache2 modules and use them with your Web "
2344
"server. For example, run the following command from a terminal prompt to "
2345
"install the <emphasis>MySQL Authentication</emphasis> module:"
2346
msgstr ""
2347
2348
#: serverguide/C/web-servers.xml:524(command)
2349
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2350
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2351
2352
#: serverguide/C/web-servers.xml:527(para)
2353
msgid ""
2354
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2355
"additional modules."
2356
msgstr ""
2357
2358
#: serverguide/C/web-servers.xml:531(para)
2359
msgid ""
2360
"Use the <application>a2enmod</application> utility to enable a module:"
2361
msgstr ""
2362
2363
#: serverguide/C/web-servers.xml:537(command)
2364
msgid "sudo a2enmod auth_mysql"
2365
msgstr "sudo a2enmod auth_mysql"
2366
2367
#: serverguide/C/web-servers.xml:541(para)
2368
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2369
msgstr ""
2370
2371
#: serverguide/C/web-servers.xml:546(command)
2372
msgid "sudo a2dismod auth_mysql"
2373
msgstr "sudo a2dismod auth_mysql"
2374
2375
#: serverguide/C/web-servers.xml:553(title)
2376
msgid "HTTPS Configuration"
2377
msgstr ""
2378
2379
#: serverguide/C/web-servers.xml:555(para)
2380
msgid ""
2381
"The <application>mod_ssl</application> module adds an important feature to "
2382
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2383
"browser is communicating using SSL, the https:// prefix is used at the "
2384
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2385
"bar."
2386
msgstr ""
2387
2388
#: serverguide/C/web-servers.xml:564(para)
2389
msgid ""
2390
"The <application>mod_ssl</application> module is available in "
2391
"<application>apache2-common</application> package. Execute the following "
2392
"command from a terminal prompt to enable the "
2393
"<application>mod_ssl</application> module:"
2394
msgstr ""
2395
2396
#: serverguide/C/web-servers.xml:571(command)
2397
msgid "sudo a2enmod ssl"
2398
msgstr "sudo a2enmod ssl"
2399
2400
#: serverguide/C/web-servers.xml:574(para)
2401
msgid ""
2402
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2403
"available/default-ssl</filename>. In order for "
2404
"<application>Apache2</application> to provide HTTPS, a "
2405
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2406
"needed. The default HTTPS configuration will use a certificate and key "
2407
"generated by the <application>ssl-cert</application> package. They are good "
2408
"for testing, but the auto-generated certificate and key should be replaced "
2409
"by a certificate specific to the site or server. For information on "
2410
"generating a key and obtaining a certificate see <xref "
2411
"linkend=\"certificates-and-security\"/>"
2412
msgstr ""
2413
2414
#: serverguide/C/web-servers.xml:584(para)
2415
msgid ""
2416
"To configure <application>Apache2</application> for HTTPS, enter the "
2417
"following:"
2418
msgstr ""
2419
2420
#: serverguide/C/web-servers.xml:589(command)
2421
msgid "sudo a2ensite default-ssl"
2422
msgstr "sudo a2ensite default-ssl"
2423
2424
#: serverguide/C/web-servers.xml:593(para)
2425
msgid ""
2426
"The directories <filename>/etc/ssl/certs</filename> and "
2427
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2428
"install the certificate and key in another directory make sure to change "
2429
"<emphasis>SSLCertificateFile</emphasis> and "
2430
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2431
msgstr ""
2432
2433
#: serverguide/C/web-servers.xml:600(para)
2434
msgid ""
2435
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2436
"settings:"
2437
msgstr ""
2438
2439
#: serverguide/C/web-servers.xml:611(para)
2440
msgid ""
2441
"Depending on how you obtained your certificate you may need to enter a "
2442
"passphrase when <application>Apache2</application> starts."
2443
msgstr ""
2444
2445
#: serverguide/C/web-servers.xml:617(para)
2446
msgid ""
2447
"You can access the secure server pages by typing https://your_hostname/url/ "
2448
"in your browser address bar."
2449
msgstr ""
2450
2451
#: serverguide/C/web-servers.xml:628(para)
2452
msgid ""
2453
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2454
"Documentation</ulink> contains in depth information on Apache2 configuration "
2455
"directives. Also, see the <application>apache2-doc</application> package for "
2456
"the official Apache2 docs."
2457
msgstr ""
2458
2459
#: serverguide/C/web-servers.xml:635(para)
2460
msgid ""
2461
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2462
"Documentation</ulink> site for more SSL related information."
2463
msgstr ""
2464
2465
#: serverguide/C/web-servers.xml:641(para)
2466
msgid ""
2467
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2468
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2469
"configurations."
2470
msgstr ""
2471
2472
#: serverguide/C/web-servers.xml:647(para)
2473
msgid ""
2474
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2475
"server</emphasis> IRC channel on <ulink "
2476
"url=\"http://freenode.net/\">freenode.net</ulink>."
2477
msgstr ""
2478
2479
#: serverguide/C/web-servers.xml:653(para)
2480
msgid ""
2481
"Usually integrated with PHP and MySQL the <ulink "
2482
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2483
"Ubuntu Wiki </ulink> page is a good resource."
2484
msgstr ""
2485
2486
#: serverguide/C/web-servers.xml:664(title)
2487
msgid "PHP5 - Scripting Language"
2488
msgstr ""
2489
2490
#: serverguide/C/web-servers.xml:665(para)
2491
msgid ""
2492
"PHP is a general-purpose scripting language suited for Web development. The "
2493
"PHP script can be embedded into HTML. This section explains how to install "
2494
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2495
msgstr ""
2496
2497
#: serverguide/C/web-servers.xml:669(para)
2498
msgid ""
2499
"This section assumes you have installed and configured Apache2 Web Server "
2500
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2501
"sections in this document to install and configure Apache2 and MySQL "
2502
"respectively."
2503
msgstr ""
2504
2505
#: serverguide/C/web-servers.xml:676(para)
2506
msgid "The PHP5 is available in Ubuntu Linux."
2507
msgstr ""
2508
2509
#: serverguide/C/web-servers.xml:678(para)
2510
msgid ""
2511
"To install PHP5 you can enter the following command in the terminal prompt: "
2512
"<screen>\n"
2513
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2514
"</screen>"
2515
msgstr ""
2516
2517
#: serverguide/C/web-servers.xml:687(para)
2518
msgid ""
2519
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2520
"line you should install <application>php5-cli</application> package. To "
2521
"install <application>php5-cli</application> you can enter the following "
2522
"command in the terminal prompt: <screen>\n"
2523
"<command>sudo apt-get install php5-cli</command>\n"
2524
"</screen>"
2525
msgstr ""
2526
2527
#: serverguide/C/web-servers.xml:696(para)
2528
msgid ""
2529
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2530
"accomplish this, you should install <application>php5-cgi</application> "
2531
"package. You can run the following command in a terminal prompt to install "
2532
"<application>php5-cgi</application> package: <screen>\n"
2533
"<command>sudo apt-get install php5-cgi</command>\n"
2534
"</screen>"
2535
msgstr ""
2536
2537
#: serverguide/C/web-servers.xml:706(para)
2538
msgid ""
2539
"To use <application>MySQL</application> with PHP5 you should install "
2540
"<application>php5-mysql</application> package. To install <application>php5-"
2541
"mysql</application> you can enter the following command in the terminal "
2542
"prompt: <screen>\n"
2543
"<command>sudo apt-get install php5-mysql</command>\n"
2544
"</screen>"
2545
msgstr ""
2546
2547
#: serverguide/C/web-servers.xml:714(para)
2548
msgid ""
2549
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2550
"install <application>php5-pgsql</application> package. To install "
2551
"<application>php5-pgsql</application> you can enter the following command in "
2552
"the terminal prompt: <screen>\n"
2553
"<command>sudo apt-get install php5-pgsql</command>\n"
2554
"</screen>"
2555
msgstr ""
2556
2557
#: serverguide/C/web-servers.xml:727(para)
2558
msgid ""
2559
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2560
"you have installed <application>php5-cli</application> package, you can run "
2561
"PHP5 scripts from your command prompt."
2562
msgstr ""
2563
2564
#: serverguide/C/web-servers.xml:734(para)
2565
msgid ""
2566
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2567
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2568
"when you install the module. Please verify if the files "
2569
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2570
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2571
"not exists, you can enable the module using <command>a2enmod</command> "
2572
"command."
2573
msgstr ""
2574
2575
#: serverguide/C/web-servers.xml:745(para)
2576
msgid ""
2577
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2578
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2579
"following command at a terminal prompt to restart your web server: "
2580
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2581
msgstr ""
2582
2583
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2584
msgid "Testing"
2585
msgstr "Afprøver"
2586
2587
#: serverguide/C/web-servers.xml:754(para)
2588
msgid ""
2589
"To verify your installation, you can run following PHP5 phpinfo script:"
2590
msgstr ""
2591
2592
#: serverguide/C/web-servers.xml:757(programlisting)
2593
#, no-wrap
2594
msgid ""
2595
"\n"
2596
"<?php\n"
2597
" phpinfo();\n"
2598
"?>\n"
2599
msgstr ""
2600
2601
#: serverguide/C/web-servers.xml:762(para)
2602
msgid ""
2603
"You can save the content in a file <filename>phpinfo.php</filename> and "
2604
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2605
"server. When point your browser to "
2606
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2607
"various PHP5 configuration parameters."
2608
msgstr ""
2609
2610
#: serverguide/C/web-servers.xml:776(para)
2611
msgid ""
2612
"For more in depth information see <ulink "
2613
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2614
msgstr ""
2615
2616
#: serverguide/C/web-servers.xml:781(para)
2617
msgid ""
2618
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2619
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2620
"5</ulink> and the <ulink "
2621
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2622
msgstr ""
2623
2624
#: serverguide/C/web-servers.xml:788(para)
2625
msgid ""
2626
"Also, see the <ulink "
2627
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2628
"Ubuntu Wiki</ulink> page for more information."
2629
msgstr ""
2630
2631
#: serverguide/C/web-servers.xml:799(title)
2632
msgid "Squid - Proxy Server"
2633
msgstr ""
2634
2635
#: serverguide/C/web-servers.xml:800(para)
2636
msgid ""
2637
"Squid is a full-featured web proxy cache server application which provides "
2638
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2639
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2640
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2641
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2642
"caching. Squid also supports a wide variety of caching protocols, such as "
2643
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2644
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2645
"Protocol. (WCCP)"
2646
msgstr ""
2647
2648
#: serverguide/C/web-servers.xml:808(para)
2649
msgid ""
2650
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2651
"and caching server needs, and scales from the branch office to enterprise "
2652
"level networks while providing extensive, granular access control mechanisms "
2653
"and monitoring of critical parameters via the Simple Network Management "
2654
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2655
"Squid proxy, or caching servers, ensure your system is configured with a "
2656
"large amount of physical memory, as Squid maintains an in-memory cache for "
2657
"increased performance."
2658
msgstr ""
2659
2660
#: serverguide/C/web-servers.xml:817(para)
2661
msgid ""
2662
"At a terminal prompt, enter the following command to install the Squid "
2663
"server:"
2664
msgstr ""
2665
2666
#: serverguide/C/web-servers.xml:822(command)
2667
msgid "sudo apt-get install squid"
2668
msgstr "sudo apt-get install squid"
2669
2670
#: serverguide/C/web-servers.xml:828(para)
2671
msgid ""
2672
"Squid is configured by editing the directives contained within the "
2673
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2674
"examples illustrate some of the directives which may be modified to affect "
2675
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2676
"see the References section."
2677
msgstr ""
2678
2679
#: serverguide/C/web-servers.xml:834(para)
2680
msgid ""
2681
"Prior to editing the configuration file, you should make a copy of the "
2682
"original file and protect it from writing so you will have the original "
2683
"settings as a reference, and to re-use as necessary."
2684
msgstr ""
2685
2686
#: serverguide/C/web-servers.xml:837(para)
2687
msgid ""
2688
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2689
"writing with the following commands entered at a terminal prompt:"
2690
msgstr ""
2691
2692
#: serverguide/C/web-servers.xml:842(command)
2693
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2694
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2695
2696
#: serverguide/C/web-servers.xml:843(command)
2697
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2698
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
2699
2700
#: serverguide/C/web-servers.xml:849(para)
2701
msgid ""
2702
"To set your Squid server to listen on TCP port 8888 instead of the default "
2703
"TCP port 3128, change the http_port directive as such:"
2704
msgstr ""
2705
2706
#: serverguide/C/web-servers.xml:853(programlisting)
2707
#, no-wrap
2708
msgid ""
2709
"\n"
2710
"http_port 8888\n"
2711
msgstr ""
2712
2713
#: serverguide/C/web-servers.xml:858(para)
2714
msgid ""
2715
"Change the visible_hostname directive in order to give the Squid server a "
2716
"specific hostname. This hostname does not necessarily need to be the "
2717
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2718
msgstr ""
2719
2720
#: serverguide/C/web-servers.xml:862(programlisting)
2721
#, no-wrap
2722
msgid ""
2723
"\n"
2724
"visible_hostname weezie\n"
2725
msgstr ""
2726
2727
#: serverguide/C/web-servers.xml:867(para)
2728
msgid ""
2729
"Using Squid's access control, you may configure use of Internet services "
2730
"proxied by Squid to be available only users with certain Internet Protocol "
2731
"(IP) addresses. For example, we will illustrate access by users of the "
2732
"192.168.42.0/24 subnetwork only:"
2733
msgstr ""
2734
2735
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2736
msgid ""
2737
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2738
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2739
msgstr ""
2740
2741
#: serverguide/C/web-servers.xml:875(programlisting)
2742
#, no-wrap
2743
msgid ""
2744
"\n"
2745
"acl fortytwo_network src 192.168.42.0/24\n"
2746
msgstr ""
2747
2748
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2749
msgid ""
2750
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2751
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2752
msgstr ""
2753
2754
#: serverguide/C/web-servers.xml:882(programlisting)
2755
#, no-wrap
2756
msgid ""
2757
"\n"
2758
"http_access allow fortytwo_network\n"
2759
msgstr ""
2760
2761
#: serverguide/C/web-servers.xml:887(para)
2762
msgid ""
2763
"Using the excellent access control features of Squid, you may configure use "
2764
"of Internet services proxied by Squid to be available only during normal "
2765
"business hours. For example, we'll illustrate access by employees of a "
2766
"business which is operating between 9:00AM and 5:00PM, Monday through "
2767
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2768
msgstr ""
2769
2770
#: serverguide/C/web-servers.xml:895(programlisting)
2771
#, no-wrap
2772
msgid ""
2773
"\n"
2774
"acl biz_network src 10.1.42.0/24\n"
2775
"acl biz_hours time M T W T F 9:00-17:00\n"
2776
msgstr ""
2777
2778
#: serverguide/C/web-servers.xml:903(programlisting)
2779
#, no-wrap
2780
msgid ""
2781
"\n"
2782
"http_access allow biz_network biz_hours\n"
2783
msgstr ""
2784
2785
#: serverguide/C/web-servers.xml:910(para)
2786
msgid ""
2787
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2788
"save the file and restart the <application>squid</application> server "
2789
"application to effect the changes using the following command entered at a "
2790
"terminal prompt:"
2791
msgstr ""
2792
2793
#: serverguide/C/web-servers.xml:917(command)
2794
msgid "sudo /etc/init.d/squid restart"
2795
msgstr "sudo /etc/init.d/squid restart"
2796
2797
#: serverguide/C/web-servers.xml:924(ulink)
2798
msgid "Squid Website"
2799
msgstr ""
2800
2801
#: serverguide/C/web-servers.xml:926(para)
2802
msgid ""
2803
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2804
"Squid</ulink> page."
2805
msgstr ""
2806
2807
#: serverguide/C/web-servers.xml:933(title)
2808
msgid "Ruby on Rails"
2809
msgstr ""
2810
2811
#: serverguide/C/web-servers.xml:934(para)
2812
msgid ""
2813
"Ruby on Rails is an open source web framework for developing database backed "
2814
"web applications. It is optimized for sustainable productivity of the "
2815
"programmer since it lets the programmer to write code by favouring "
2816
"convention over configuration."
2817
msgstr ""
2818
2819
#: serverguide/C/web-servers.xml:941(para)
2820
msgid ""
2821
"Before installing <application>Rails</application> you should install "
2822
"<application>Apache</application> and <application>MySQL</application>. To "
2823
"install the <application>Apache</application> package, please refer to <xref "
2824
"linkend=\"httpd\"/>. For instructions on installing "
2825
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2826
msgstr ""
2827
2828
#: serverguide/C/web-servers.xml:949(para)
2829
msgid ""
2830
"Once you have <application>Apache</application> and "
2831
"<application>MySQL</application> packages installed, you are ready to "
2832
"install <application>Ruby on Rails</application> package."
2833
msgstr ""
2834
2835
#: serverguide/C/web-servers.xml:956(para)
2836
msgid ""
2837
"To install the <application>Ruby</application> base packages and "
2838
"<application>Ruby on Rails</application>, you can enter the following "
2839
"command in the terminal prompt:"
2840
msgstr ""
2841
2842
#: serverguide/C/web-servers.xml:962(command)
2843
msgid "sudo apt-get install rails"
2844
msgstr "sudo apt-get install rails"
2845
2846
#: serverguide/C/web-servers.xml:968(para)
2847
msgid ""
2848
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2849
"configuration file to setup your domains."
2850
msgstr ""
2851
2852
#: serverguide/C/web-servers.xml:972(para)
2853
msgid ""
2854
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2855
msgstr ""
2856
2857
#: serverguide/C/web-servers.xml:976(programlisting)
2858
#, no-wrap
2859
msgid ""
2860
"\n"
2861
"DocumentRoot /path/to/rails/application/public\n"
2862
msgstr ""
2863
2864
#: serverguide/C/web-servers.xml:979(para)
2865
msgid ""
2866
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2867
"directive:"
2868
msgstr ""
2869
2870
#: serverguide/C/web-servers.xml:983(programlisting)
2871
#, no-wrap
2872
msgid ""
2873
"\n"
2874
"<Directory \"/path/to/rails/application/public\">\n"
2875
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2876
" AllowOverride All\n"
2877
" Order allow,deny\n"
2878
" allow from all\n"
2879
" AddHandler cgi-script .cgi\n"
2880
"</Directory>\n"
2881
msgstr ""
2882
2883
#: serverguide/C/web-servers.xml:993(para)
2884
msgid ""
2885
"You should also enable the <application>mod_rewrite</application> module for "
2886
"Apache. To enable <application>mod_rewrite</application> module, please "
2887
"enter the following command in a terminal prompt:"
2888
msgstr ""
2889
2890
#: serverguide/C/web-servers.xml:999(command)
2891
msgid "sudo a2enmod rewrite"
2892
msgstr "sudo a2enmod rewrite"
2893
2894
#: serverguide/C/web-servers.xml:1002(para)
2895
msgid ""
2896
"Finally you will need to change the ownership of the "
2897
"<filename>/path/to/rails/application/public</filename> and "
2898
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2899
"used to run the <application>Apache</application> process:"
2900
msgstr ""
2901
2902
#: serverguide/C/web-servers.xml:1008(command)
2903
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2904
msgstr ""
2905
2906
#: serverguide/C/web-servers.xml:1009(command)
2907
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2908
msgstr ""
2909
2910
#: serverguide/C/web-servers.xml:1012(para)
2911
msgid ""
2912
"That's it! Now you have your Server ready for your <application>Ruby on "
2913
"Rails</application> applications."
2914
msgstr ""
2915
2916
#: serverguide/C/web-servers.xml:1021(para)
2917
msgid ""
2918
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2919
"for more information."
2920
msgstr ""
2921
2922
#: serverguide/C/web-servers.xml:1026(para)
2923
msgid ""
2924
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2925
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2926
"resource."
2927
msgstr ""
2928
2929
#: serverguide/C/web-servers.xml:1032(para)
2930
msgid ""
2931
"Another place for more information is the <ulink "
2932
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2933
"Wiki</ulink> page."
2934
msgstr ""
2935
2936
#: serverguide/C/web-servers.xml:1043(title)
2937
msgid "Apache Tomcat"
2938
msgstr ""
2939
2940
#: serverguide/C/web-servers.xml:1044(para)
2941
msgid ""
2942
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2943
"JSP (Java Server Pages) web applications."
2944
msgstr ""
2945
2946
#: serverguide/C/web-servers.xml:1046(para)
2947
msgid ""
2948
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2949
"different ways of running Tomcat. You can install them as a classic unique "
2950
"system-wide instance, that will be started at boot time and will run as the "
2951
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2952
"will run with your own user rights, and that you should start and stop by "
2953
"yourself. This second way is particularly useful in a development server "
2954
"context where multiple users need to test on their own private Tomcat "
2955
"instances."
2956
msgstr ""
2957
2958
#: serverguide/C/web-servers.xml:1056(title)
2959
msgid "System-wide installation"
2960
msgstr ""
2961
2962
#: serverguide/C/web-servers.xml:1057(para)
2963
msgid ""
2964
"To install the <application>Tomcat</application> server, you can enter the "
2965
"following command in the terminal prompt:"
2966
msgstr ""
2967
2968
#: serverguide/C/web-servers.xml:1060(command)
2969
msgid "sudo apt-get install tomcat6"
2970
msgstr "sudo apt-get install tomcat6"
2971
2972
#: serverguide/C/web-servers.xml:1062(para)
2973
msgid ""
2974
"This will install a Tomcat server with just a default ROOT webapp that "
2975
"displays a minimal \"It works\" page by default."
2976
msgstr ""
2977
2978
#: serverguide/C/web-servers.xml:1068(para)
2979
msgid ""
2980
"Tomcat configuration files can be found in "
2981
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2982
"will be described here, please see <ulink "
2983
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2984
"documentation</ulink> for more."
2985
msgstr ""
2986
2987
#: serverguide/C/web-servers.xml:1074(title)
2988
msgid "Changing default ports"
2989
msgstr ""
2990
2991
#: serverguide/C/web-servers.xml:1075(para)
2992
msgid ""
2993
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2994
"connector on port 8009. You might want to change those default ports to "
2995
"avoid conflict with another server on the system. This is done by changing "
2996
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2997
msgstr ""
2998
2999
#: serverguide/C/web-servers.xml:1080(programlisting)
3000
#, no-wrap
3001
msgid ""
3002
"\n"
3003
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3004
" connectionTimeout=\"20000\" \n"
3005
" redirectPort=\"8443\" />\n"
3006
"...\n"
3007
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3008
"/>\n"
3009
msgstr ""
3010
3011
#: serverguide/C/web-servers.xml:1089(title)
3012
msgid "Changing JVM used"
3013
msgstr ""
3014
3015
#: serverguide/C/web-servers.xml:1090(para)
3016
msgid ""
3017
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3018
"then try some other JVMs. If you have various JVMs installed, you can set "
3019
"which should be used by setting JAVA_HOME in "
3020
"<filename>/etc/default/tomcat6</filename>:"
3021
msgstr ""
3022
3023
#: serverguide/C/web-servers.xml:1094(programlisting)
3024
#, no-wrap
3025
msgid ""
3026
"\n"
3027
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3028
msgstr ""
3029
3030
#: serverguide/C/web-servers.xml:1099(title)
3031
msgid "Declaring users and roles"
3032
msgstr ""
3033
3034
#: serverguide/C/web-servers.xml:1100(para)
3035
msgid ""
3036
"Usernames, passwords and roles (groups) can be defined centrally in a "
3037
"Servlet container. In Tomcat 6.0 this is done in the "
3038
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3039
msgstr ""
3040
3041
#: serverguide/C/web-servers.xml:1103(programlisting)
3042
#, no-wrap
3043
msgid ""
3044
"\n"
3045
"<role rolename=\"admin\"/>\n"
3046
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3047
msgstr ""
3048
3049
#: serverguide/C/web-servers.xml:1111(title)
3050
msgid "Using Tomcat standard webapps"
3051
msgstr ""
3052
3053
#: serverguide/C/web-servers.xml:1112(para)
3054
msgid ""
3055
"Tomcat is shipped with webapps that you can install for documentation, "
3056
"administration or demo purposes."
3057
msgstr ""
3058
3059
#: serverguide/C/web-servers.xml:1115(title)
3060
msgid "Tomcat documentation"
3061
msgstr ""
3062
3063
#: serverguide/C/web-servers.xml:1116(para)
3064
msgid ""
3065
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3066
"documentation, packaged as a webapp that you can access by default at "
3067
"http://yourserver:8080/docs. You can install it by entering the following "
3068
"command in the terminal prompt:"
3069
msgstr ""
3070
3071
#: serverguide/C/web-servers.xml:1121(command)
3072
msgid "sudo apt-get install tomcat6-docs"
3073
msgstr "sudo apt-get install tomcat6-docs"
3074
3075
#: serverguide/C/web-servers.xml:1125(title)
3076
msgid "Tomcat administration webapps"
3077
msgstr ""
3078
3079
#: serverguide/C/web-servers.xml:1126(para)
3080
msgid ""
3081
"The <application>tomcat6-admin</application> package contains two webapps "
3082
"that can be used to administer the Tomcat server using a web interface. You "
3083
"can install them by entering the following command in the terminal prompt:"
3084
msgstr ""
3085
3086
#: serverguide/C/web-servers.xml:1131(command)
3087
msgid "sudo apt-get install tomcat6-admin"
3088
msgstr "sudo apt-get install tomcat6-admin"
3089
3090
#: serverguide/C/web-servers.xml:1133(para)
3091
msgid ""
3092
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3093
"access by default at http://yourserver:8080/manager/html. It is primarily "
3094
"used to get server status and restart webapps."
3095
msgstr ""
3096
3097
#: serverguide/C/web-servers.xml:1136(para)
3098
msgid ""
3099
"Access to the <emphasis>manager</emphasis> application is protected by "
3100
"default: you need to define a user with the role \"manager\" in "
3101
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3102
msgstr ""
3103
3104
#: serverguide/C/web-servers.xml:1140(para)
3105
msgid ""
3106
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3107
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3108
"used to create virtual hosts dynamically."
3109
msgstr ""
3110
3111
#: serverguide/C/web-servers.xml:1144(para)
3112
msgid ""
3113
"Access to the <emphasis>host-manager</emphasis> application is also "
3114
"protected by default: you need to define a user with the role \"admin\" in "
3115
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3116
msgstr ""
3117
3118
#: serverguide/C/web-servers.xml:1149(para)
3119
msgid ""
3120
"For security reasons, the tomcat6 user cannot write to the "
3121
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3122
"these admin webapps (application deployment, virtual host creation) need "
3123
"write access to that directory. If you want to use these features execute "
3124
"the following, to give users in the tomcat6 group the necessary rights:"
3125
msgstr ""
3126
3127
#: serverguide/C/web-servers.xml:1156(command)
3128
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3129
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
3130
3131
#: serverguide/C/web-servers.xml:1157(command)
3132
msgid "sudo chmod -R g+w /etc/tomcat6"
3133
msgstr "sudo chmod -R g+w /etc/tomcat6"
3134
3135
#: serverguide/C/web-servers.xml:1162(title)
3136
msgid "Tomcat examples webapps"
3137
msgstr ""
3138
3139
#: serverguide/C/web-servers.xml:1163(para)
3140
msgid ""
3141
"The <application>tomcat6-examples</application> package contains two webapps "
3142
"that can be used to test or demonstrate Servlets and JSP features, which you "
3143
"can access them by default at http://yourserver:8080/examples. You can "
3144
"install them by entering the following command in the terminal prompt:"
3145
msgstr ""
3146
3147
#: serverguide/C/web-servers.xml:1169(command)
3148
msgid "sudo apt-get install tomcat6-examples"
3149
msgstr "sudo apt-get install tomcat6-examples"
3150
3151
#: serverguide/C/web-servers.xml:1175(title)
3152
msgid "Using private instances"
3153
msgstr ""
3154
3155
#: serverguide/C/web-servers.xml:1176(para)
3156
msgid ""
3157
"Tomcat is heavily used in development and testing scenarios where using a "
3158
"single system-wide instance doesn't meet the requirements of multiple users "
3159
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3160
"help deploy your own user-oriented instances, allowing every user on a "
3161
"system to run (without root rights) separate private instances while still "
3162
"using the system-installed libraries."
3163
msgstr ""
3164
3165
#: serverguide/C/web-servers.xml:1183(para)
3166
msgid ""
3167
"It is possible to run the system-wide instance and the private instances in "
3168
"parallel, as long as they do not use the same TCP ports."
3169
msgstr ""
3170
3171
#: serverguide/C/web-servers.xml:1187(title)
3172
msgid "Installing private instance support"
3173
msgstr ""
3174
3175
#: serverguide/C/web-servers.xml:1188(para)
3176
msgid ""
3177
"You can install everything necessary to run private instances by entering "
3178
"the following command in the terminal prompt:"
3179
msgstr ""
3180
3181
#: serverguide/C/web-servers.xml:1191(command)
3182
msgid "sudo apt-get install tomcat6-user"
3183
msgstr "sudo apt-get install tomcat6-user"
3184
3185
#: serverguide/C/web-servers.xml:1195(title)
3186
msgid "Creating a private instance"
3187
msgstr ""
3188
3189
#: serverguide/C/web-servers.xml:1196(para)
3190
msgid ""
3191
"You can create a private instance directory by entering the following "
3192
"command in the terminal prompt:"
3193
msgstr ""
3194
3195
#: serverguide/C/web-servers.xml:1199(command)
3196
msgid "tomcat6-instance-create my-instance"
3197
msgstr ""
3198
3199
#: serverguide/C/web-servers.xml:1201(para)
3200
msgid ""
3201
"This will create a new <filename>my-instance</filename> directory with all "
3202
"the necessary subdirectories and scripts. You can for example install your "
3203
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3204
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3205
"are deployed by default."
3206
msgstr ""
3207
3208
#: serverguide/C/web-servers.xml:1209(title)
3209
msgid "Configuring your private instance"
3210
msgstr ""
3211
3212
#: serverguide/C/web-servers.xml:1210(para)
3213
msgid ""
3214
"You will find the classic Tomcat configuration files for your private "
3215
"instance in the <filename>conf/</filename> subdirectory. You should for "
3216
"example certainly edit the <filename>conf/server.xml</filename> file to "
3217
"change the default ports used by your private Tomcat instance to avoid "
3218
"conflict with other instances that might be running."
3219
msgstr ""
3220
3221
#: serverguide/C/web-servers.xml:1218(title)
3222
msgid "Starting/stopping your private instance"
3223
msgstr ""
3224
3225
#: serverguide/C/web-servers.xml:1219(para)
3226
msgid ""
3227
"You can start your private instance by entering the following command in the "
3228
"terminal prompt (supposing your instance is located in the <filename>my-"
3229
"instance</filename> directory):"
3230
msgstr ""
3231
3232
#: serverguide/C/web-servers.xml:1223(command)
3233
msgid "my-instance/bin/startup.sh"
3234
msgstr ""
3235
3236
#: serverguide/C/web-servers.xml:1225(para)
3237
msgid ""
3238
"You should check the <filename>logs/</filename> subdirectory for any error. "
3239
"If you have a <emphasis>java.net.BindException: Address already in "
3240
"use<null>:8080</emphasis> error, it means that the port you're using "
3241
"is already taken and that you should change it."
3242
msgstr ""
3243
3244
#: serverguide/C/web-servers.xml:1230(para)
3245
msgid ""
3246
"You can stop your instance by entering the following command in the terminal "
3247
"prompt (supposing your instance is located in the <filename>my-"
3248
"instance</filename> directory):"
3249
msgstr ""
3250
3251
#: serverguide/C/web-servers.xml:1234(command)
3252
msgid "my-instance/bin/shutdown.sh"
3253
msgstr ""
3254
3255
#: serverguide/C/web-servers.xml:1243(para)
3256
msgid ""
3257
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3258
"website for more information."
3259
msgstr ""
3260
3261
#: serverguide/C/web-servers.xml:1248(para)
3262
msgid ""
3263
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3264
"Definitive Guide</ulink> is a good resource for building web applications "
3265
"with Tomcat."
3266
msgstr ""
3267
3268
#: serverguide/C/web-servers.xml:1254(para)
3269
msgid ""
3270
"For additional books see the <ulink "
3271
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3272
"page."
3273
msgstr ""
3274
3275
#: serverguide/C/web-servers.xml:1259(para)
3276
msgid ""
3277
"Also, see the<ulink "
3278
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3279
"Tomcat</ulink> page."
3280
msgstr ""
3281
3282
#: serverguide/C/vpn.xml:13(title)
3283
msgid "VPN"
3284
msgstr ""
3285
3286
#: serverguide/C/vpn.xml:15(para)
3287
msgid ""
3288
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3289
"network connection between two or more networks. There are several ways to "
3290
"create a VPN using software as well as dedicated hardware appliances. This "
3291
"chapter will cover installing and configuring "
3292
"<application>OpenVPN</application> to create a VPN between two servers."
3293
msgstr ""
3294
3295
#: serverguide/C/vpn.xml:23(title)
3296
msgid "OpenVPN"
3297
msgstr ""
3298
3299
#: serverguide/C/vpn.xml:25(para)
3300
msgid ""
3301
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3302
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3303
"clients through a bridge interface on the VPN server. This guide will assume "
3304
"that one VPN node, the server in this case, has a bridge interface "
3305
"configured. For more information on setting up a bridge see <xref "
3306
"linkend=\"bridging\"/>."
3307
msgstr ""
3308
3309
#: serverguide/C/vpn.xml:35(para)
3310
msgid "To install <application>openvpn</application> in a terminal enter:"
3311
msgstr ""
3312
3313
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3314
msgid "sudo apt-get install openvpn"
3315
msgstr ""
3316
3317
#: serverguide/C/vpn.xml:45(title)
3318
msgid "Server Certificates"
3319
msgstr ""
3320
3321
#: serverguide/C/vpn.xml:47(para)
3322
msgid ""
3323
"Now that the <application>openvpn</application> package is installed, the "
3324
"certificates for the VPN server need to be created."
3325
msgstr ""
3326
3327
#: serverguide/C/vpn.xml:52(para)
3328
msgid ""
3329
"First, copy the <filename>easy-rsa</filename> directory to "
3330
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3331
"scripts will not be lost when the package is updated. You will also need to "
3332
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3333
"the current user permission to create files. From a terminal enter:"
3334
msgstr ""
3335
3336
#: serverguide/C/vpn.xml:59(command)
3337
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3338
msgstr "sudo mkdir /etc/openvpn/easy-rsa/"
3339
3340
#: serverguide/C/vpn.xml:60(command)
3341
msgid ""
3342
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3343
"rsa/"
3344
msgstr ""
3345
3346
#: serverguide/C/vpn.xml:61(command)
3347
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3348
msgstr ""
3349
3350
#: serverguide/C/vpn.xml:64(para)
3351
msgid ""
3352
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3353
"following to your environment:"
3354
msgstr ""
3355
3356
#: serverguide/C/vpn.xml:68(programlisting)
3357
#, no-wrap
3358
msgid ""
3359
"\n"
3360
"export KEY_COUNTRY=\"US\"\n"
3361
"export KEY_PROVINCE=\"NC\"\n"
3362
"export KEY_CITY=\"Winston-Salem\"\n"
3363
"export KEY_ORG=\"Example Company\"\n"
3364
"export KEY_EMAIL=\"steve@example.com\"\n"
3365
msgstr ""
3366
3367
#: serverguide/C/vpn.xml:76(para)
3368
msgid "Enter the following to create the server certificates:"
3369
msgstr ""
3370
3371
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3372
msgid "cd /etc/openvpn/easy-rsa/"
3373
msgstr ""
3374
3375
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3376
msgid "source vars"
3377
msgstr ""
3378
3379
#: serverguide/C/vpn.xml:83(command)
3380
msgid "./clean-all"
3381
msgstr ""
3382
3383
#: serverguide/C/vpn.xml:84(command)
3384
msgid "./build-dh"
3385
msgstr ""
3386
3387
#: serverguide/C/vpn.xml:85(command)
3388
msgid "./pkitool --initca"
3389
msgstr ""
3390
3391
#: serverguide/C/vpn.xml:86(command)
3392
msgid "./pkitool --server server"
3393
msgstr ""
3394
3395
#: serverguide/C/vpn.xml:87(command)
3396
msgid "cd keys"
3397
msgstr ""
3398
3399
#: serverguide/C/vpn.xml:88(command)
3400
msgid "openvpn --genkey --secret ta.key"
3401
msgstr ""
3402
3403
#: serverguide/C/vpn.xml:89(command)
3404
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3405
msgstr "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3406
3407
#: serverguide/C/vpn.xml:94(title)
3408
msgid "Client Certificates"
3409
msgstr "Klientcertifikater"
3410
3411
#: serverguide/C/vpn.xml:96(para)
3412
msgid ""
3413
"The VPN client will also need a certificate to authenticate itself to the "
3414
"server. To create the certificate, enter the following in a terminal:"
3415
msgstr ""
3416
3417
#: serverguide/C/vpn.xml:104(command)
3418
msgid "./pkitool hostname"
3419
msgstr ""
3420
3421
#: serverguide/C/vpn.xml:108(para)
3422
msgid ""
3423
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3424
"machine connecting to the VPN."
3425
msgstr ""
3426
3427
#: serverguide/C/vpn.xml:113(para)
3428
msgid "Copy the following files to the client:"
3429
msgstr ""
3430
3431
#: serverguide/C/vpn.xml:118(para)
3432
msgid "/etc/openvpn/ca.crt"
3433
msgstr ""
3434
3435
#: serverguide/C/vpn.xml:119(para)
3436
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3437
msgstr ""
3438
3439
#: serverguide/C/vpn.xml:120(para)
3440
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3441
msgstr ""
3442
3443
#: serverguide/C/vpn.xml:121(para)
3444
msgid "/etc/openvpn/ta.key"
3445
msgstr ""
3446
3447
#: serverguide/C/vpn.xml:125(para)
3448
msgid ""
3449
"Remember to adjust the above file names for your client machine's "
3450
"<emphasis>hostname</emphasis>."
3451
msgstr ""
3452
3453
#: serverguide/C/vpn.xml:130(para)
3454
msgid ""
3455
"It is best to use a secure method to copy the certificate and key files. The "
3456
"<application>scp</application> utility is a good choice, but copying the "
3457
"files to removable media then to the client, also works well."
3458
msgstr ""
3459
3460
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3461
msgid "Server Configuration"
3462
msgstr "Serverkonfiguration"
3463
3464
#: serverguide/C/vpn.xml:143(para)
3465
msgid ""
3466
"Now configure the <application>openvpn</application> server by creating "
3467
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3468
"terminal enter:"
3469
msgstr ""
3470
3471
#: serverguide/C/vpn.xml:149(command)
3472
msgid ""
3473
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3474
"/etc/openvpn/"
3475
msgstr ""
3476
3477
#: serverguide/C/vpn.xml:150(command)
3478
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3479
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
3480
3481
#: serverguide/C/vpn.xml:153(para)
3482
msgid ""
3483
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3484
"options to:"
3485
msgstr ""
3486
3487
#: serverguide/C/vpn.xml:157(programlisting)
3488
#, no-wrap
3489
msgid ""
3490
"\n"
3491
"local 172.18.100.101\n"
3492
"dev tap0\n"
3493
"up \"/etc/openvpn/up.sh br0\"\n"
3494
"down \"/etc/openvpn/down.sh br0\"\n"
3495
";server 10.8.0.0 255.255.255.0\n"
3496
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3497
"push \"route 172.18.100.1 255.255.255.0\"\n"
3498
"push \"dhcp-option DNS 172.18.100.20\"\n"
3499
"push \"dhcp-option DOMAIN example.com\"\n"
3500
"tls-auth ta.key 0 # This file is secret\n"
3501
"user nobody\n"
3502
"group nogroup\n"
3503
msgstr ""
3504
3505
#: serverguide/C/vpn.xml:174(para)
3506
msgid ""
3507
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3508
msgstr ""
3509
3510
#: serverguide/C/vpn.xml:179(para)
3511
msgid ""
3512
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3513
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3514
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3515
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3516
"to clients."
3517
msgstr ""
3518
3519
#: serverguide/C/vpn.xml:186(para)
3520
msgid ""
3521
"<emphasis>push</emphasis>: are directives to add networking options for "
3522
"clients."
3523
msgstr ""
3524
3525
#: serverguide/C/vpn.xml:191(para)
3526
msgid ""
3527
"<emphasis>user and group</emphasis>: configure which user and group the "
3528
"<application>openvpn</application> daemon executes as."
3529
msgstr ""
3530
3531
#: serverguide/C/vpn.xml:198(para)
3532
msgid ""
3533
"Replace all IP addresses and domain names above with those of your network."
3534
msgstr ""
3535
3536
#: serverguide/C/vpn.xml:203(para)
3537
msgid ""
3538
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3539
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3540
msgstr ""
3541
3542
#: serverguide/C/vpn.xml:207(programlisting)
3543
#, no-wrap
3544
msgid ""
3545
"\n"
3546
"#!/bin/sh\n"
3547
"\n"
3548
"BR=$1\n"
3549
"DEV=$2\n"
3550
"MTU=$3\n"
3551
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3552
"/usr/sbin/brctl addif $BR $DEV\n"
3553
msgstr ""
3554
3555
#: serverguide/C/vpn.xml:217(para)
3556
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3557
msgstr ""
3558
3559
#: serverguide/C/vpn.xml:221(programlisting)
3560
#, no-wrap
3561
msgid ""
3562
"\n"
3563
"#!/bin/sh\n"
3564
"\n"
3565
"BR=$1\n"
3566
"DEV=$2\n"
3567
"\n"
3568
"/usr/sbin/brctl delif $BR $DEV\n"
3569
"/sbin/ifconfig $DEV down\n"
3570
msgstr ""
3571
3572
#: serverguide/C/vpn.xml:231(para)
3573
msgid "Then make them executable:"
3574
msgstr ""
3575
3576
#: serverguide/C/vpn.xml:236(command)
3577
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3578
msgstr "sudo chmod 755 /etc/openvpn/down.sh"
3579
3580
#: serverguide/C/vpn.xml:237(command)
3581
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3582
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
3583
3584
#: serverguide/C/vpn.xml:240(para)
3585
msgid ""
3586
"After configuring the server, restart <application>openvpn</application> by "
3587
"entering:"
3588
msgstr ""
3589
3590
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3591
msgid "sudo /etc/init.d/openvpn restart"
3592
msgstr "sudo /etc/init.d/openvpn restart"
3593
3594
#: serverguide/C/vpn.xml:250(title)
3595
msgid "Client Configuration"
3596
msgstr ""
3597
3598
#: serverguide/C/vpn.xml:252(para)
3599
msgid "First, install <application>openvpn</application> on the client:"
3600
msgstr ""
3601
3602
#: serverguide/C/vpn.xml:260(para)
3603
msgid ""
3604
"Then with the server configured and the client certificates copied to the "
3605
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3606
"file by copying the example. In a terminal on the client machine enter:"
3607
msgstr ""
3608
3609
#: serverguide/C/vpn.xml:266(command)
3610
msgid ""
3611
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3612
"/etc/openvpn"
3613
msgstr ""
3614
3615
#: serverguide/C/vpn.xml:269(para)
3616
msgid ""
3617
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3618
"following options:"
3619
msgstr ""
3620
3621
#: serverguide/C/vpn.xml:273(programlisting)
3622
#, no-wrap
3623
msgid ""
3624
"\n"
3625
"dev tap\n"
3626
"remote vpn.example.com 1194\n"
3627
"cert hostname.crt\n"
3628
"key hostname.key\n"
3629
"tls-auth ta.key 1\n"
3630
msgstr ""
3631
3632
#: serverguide/C/vpn.xml:282(para)
3633
msgid ""
3634
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3635
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3636
"key filenames."
3637
msgstr ""
3638
3639
#: serverguide/C/vpn.xml:288(para)
3640
msgid "Finally, restart <application>openvpn</application>:"
3641
msgstr ""
3642
3643
#: serverguide/C/vpn.xml:296(para)
3644
msgid "You should now be able to connect to the remote LAN through the VPN."
3645
msgstr ""
3646
3647
#: serverguide/C/vpn.xml:307(para)
3648
msgid ""
3649
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3650
"additional information."
3651
msgstr ""
3652
3653
#: serverguide/C/vpn.xml:312(para)
3654
msgid ""
3655
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3656
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3657
msgstr ""
3658
3659
#: serverguide/C/vpn.xml:318(para)
3660
msgid ""
3661
"Another source of further information is the <ulink "
3662
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3663
"OpenVPN</ulink> page."
3664
msgstr ""
3665
3666
#: serverguide/C/virtualization.xml:13(title)
3667
msgid "Virtualization"
3668
msgstr "Virtualisering"
3669
3670
#: serverguide/C/virtualization.xml:14(para)
3671
msgid ""
3672
"Virtualization is being adopted in many different environments and "
3673
"situations. If you are a developer, virtualization can provide you with a "
3674
"contained environment where you can safely do almost any sort of development "
3675
"safe from messing up your main working environment. If you are a systems "
3676
"administrator, you can use virtualization to more easily separate your "
3677
"services and move them around based on demand."
3678
msgstr ""
3679
3680
#: serverguide/C/virtualization.xml:20(para)
3681
msgid ""
3682
"The default virtualization technology supported in Ubuntu is "
3683
"<application>KVM</application>, a technology that takes advantage of "
3684
"virtualization extensions built into Intel and AMD hardware. For hardware "
3685
"without virtualization extensions <application>Xen</application> and "
3686
"<application>Qemu</application> are popular solutions."
3687
msgstr ""
3688
3689
#: serverguide/C/virtualization.xml:27(title)
3690
msgid "libvirt"
3691
msgstr ""
3692
3693
#: serverguide/C/virtualization.xml:28(para)
3694
msgid ""
3695
"The <application>libvirt</application> library is used to interface with "
3696
"different virtualization technologies. Before getting started with "
3697
"<application>libvirt</application> it is best to make sure your hardware "
3698
"supports the necessary virtualization extensions for "
3699
"<application>KVM</application>. Enter the following from a terminal prompt:"
3700
msgstr ""
3701
3702
#: serverguide/C/virtualization.xml:35(command)
3703
msgid "kvm-ok"
3704
msgstr ""
3705
3706
#: serverguide/C/virtualization.xml:37(para)
3707
msgid ""
3708
"A message will be printed informing you if your CPU "
3709
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3710
"virtualization."
3711
msgstr ""
3712
3713
#: serverguide/C/virtualization.xml:41(para)
3714
msgid ""
3715
"On most computer whose processor supports virtualization, it is necessary to "
3716
"activate an option in the BIOS to enable it."
3717
msgstr ""
3718
3719
#: serverguide/C/virtualization.xml:47(title)
3720
msgid "Virtual Networking"
3721
msgstr ""
3722
3723
#: serverguide/C/virtualization.xml:49(para)
3724
msgid ""
3725
"There are a few different ways to allow a virtual machine access to the "
3726
"external network. The default virtual network configuration is "
3727
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3728
"traffic is NATed through the host interface to the outside network."
3729
msgstr ""
3730
3731
#: serverguide/C/virtualization.xml:54(para)
3732
msgid ""
3733
"To enable external hosts to directly access services on virtual machines a "
3734
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3735
"interfaces to connect to the outside network through the physical interface, "
3736
"making them appear as normal hosts to the rest of the network. For "
3737
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3738
msgstr ""
3739
3740
#: serverguide/C/virtualization.xml:63(para)
3741
msgid "To install the necessary packages, from a terminal prompt enter:"
3742
msgstr ""
3743
3744
#: serverguide/C/virtualization.xml:67(command)
3745
msgid "sudo apt-get install kvm libvirt-bin"
3746
msgstr "sudo apt-get install kvm libvirt-bin"
3747
3748
#: serverguide/C/virtualization.xml:69(para)
3749
msgid ""
3750
"After installing <application>libvirt-bin</application>, the user used to "
3751
"manage virtual machines will need to be added to the "
3752
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3753
"the advanced networking options."
3754
msgstr ""
3755
3756
#: serverguide/C/virtualization.xml:73(para)
3757
msgid "In a terminal enter:"
3758
msgstr ""
3759
3760
#: serverguide/C/virtualization.xml:77(command)
3761
msgid "sudo adduser $USER libvirtd"
3762
msgstr ""
3763
3764
#: serverguide/C/virtualization.xml:80(para)
3765
msgid ""
3766
"If the user chosen is the current user, you will need to log out and back in "
3767
"for the new group membership to take effect."
3768
msgstr ""
3769
3770
#: serverguide/C/virtualization.xml:84(para)
3771
msgid ""
3772
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3773
"Installing a virtual machine follows the same process as installing the "
3774
"operating system directly on the hardware. You either need a way to automate "
3775
"the installation, or a keyboard and monitor will need to be attached to the "
3776
"physical machine."
3777
msgstr ""
3778
3779
#: serverguide/C/virtualization.xml:89(para)
3780
msgid ""
3781
"In the case of virtual machines a Graphical User Interface (GUI) is "
3782
"analogous to using a physical keyboard and mouse. Instead of installing a "
3783
"GUI the <application>virt-viewer</application> application can be used to "
3784
"connect to a virtual machine's console using <application>VNC</application>. "
3785
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3786
msgstr ""
3787
3788
#: serverguide/C/virtualization.xml:94(para)
3789
msgid ""
3790
"There are several ways to automate the Ubuntu installation process, for "
3791
"example using preseeds, kickstart, etc. Refer to the <ulink "
3792
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
3793
"Installation Guide</ulink> for details."
3794
msgstr ""
3795
3796
#: serverguide/C/virtualization.xml:98(para)
3797
msgid ""
3798
"Yet another way to install an Ubuntu virtual machine is to use "
3799
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3800
"builder</application> allows you to setup advanced partitions, execute "
3801
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3802
"vmbuilder\"/>"
3803
msgstr ""
3804
3805
#: serverguide/C/virtualization.xml:104(title)
3806
msgid "virt-install"
3807
msgstr ""
3808
3809
#: serverguide/C/virtualization.xml:105(para)
3810
msgid ""
3811
"<application>virt-install</application> is part of the <application>python-"
3812
"virtinst</application> package. To install it, from a terminal prompt enter:"
3813
msgstr ""
3814
3815
#: serverguide/C/virtualization.xml:109(command)
3816
msgid "sudo apt-get install python-virtinst"
3817
msgstr "sudo apt-get install python-virtinst"
3818
3819
#: serverguide/C/virtualization.xml:111(para)
3820
msgid ""
3821
"There are several options available when using <application>virt-"
3822
"install</application>. For example:"
3823
msgstr ""
3824
3825
#: serverguide/C/virtualization.xml:115(command)
3826
msgid ""
3827
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3828
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3829
msgstr ""
3830
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3831
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3832
3833
#: serverguide/C/virtualization.xml:122(para)
3834
msgid ""
3835
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3836
"be <emphasis>web_devel</emphasis> in this example."
3837
msgstr ""
3838
3839
#: serverguide/C/virtualization.xml:127(para)
3840
msgid ""
3841
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3842
"machine will use."
3843
msgstr ""
3844
3845
#: serverguide/C/virtualization.xml:132(para)
3846
msgid ""
3847
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3848
"disk which can be a file, partition, or logical volume. In this example a "
3849
"file named <filename>web_devel.img</filename>."
3850
msgstr ""
3851
3852
#: serverguide/C/virtualization.xml:138(para)
3853
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3854
msgstr ""
3855
3856
#: serverguide/C/virtualization.xml:143(para)
3857
msgid ""
3858
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3859
"file can be either an ISO file or the path to the host's CDROM device."
3860
msgstr ""
3861
3862
#: serverguide/C/virtualization.xml:149(para)
3863
msgid ""
3864
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3865
"technologies."
3866
msgstr ""
3867
3868
#: serverguide/C/virtualization.xml:154(para)
3869
msgid ""
3870
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3871
msgstr ""
3872
3873
#: serverguide/C/virtualization.xml:159(para)
3874
msgid ""
3875
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3876
"virtual machine's console."
3877
msgstr ""
3878
3879
#: serverguide/C/virtualization.xml:164(para)
3880
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3881
msgstr ""
3882
3883
#: serverguide/C/virtualization.xml:169(para)
3884
msgid ""
3885
"After launching <application>virt-install</application> you can connect to "
3886
"the virtual machine's console either locally using a GUI or with the "
3887
"<application>virt-viewer</application> utility."
3888
msgstr ""
3889
3890
#: serverguide/C/virtualization.xml:175(title)
3891
msgid "virt-clone"
3892
msgstr ""
3893
3894
#: serverguide/C/virtualization.xml:176(para)
3895
msgid ""
3896
"The <application>virt-clone</application> application can be used to copy "
3897
"one virtual machine to another. For example:"
3898
msgstr ""
3899
3900
#: serverguide/C/virtualization.xml:180(command)
3901
msgid ""
3902
"sudo virt-clone -o web_devel -n database_devel -f "
3903
"/path/to/database_devel.img --connect=qemu:///system"
3904
msgstr ""
3905
"sudo virt-clone -o web_devel -n database_devel -f "
3906
"/path/to/database_devel.img --connect=qemu:///system"
3907
3908
#: serverguide/C/virtualization.xml:184(para)
3909
msgid "<emphasis>-o:</emphasis> original virtual machine."
3910
msgstr ""
3911
3912
#: serverguide/C/virtualization.xml:189(para)
3913
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3914
msgstr ""
3915
3916
#: serverguide/C/virtualization.xml:194(para)
3917
msgid ""
3918
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3919
"be used by the new virtual machine."
3920
msgstr ""
3921
3922
#: serverguide/C/virtualization.xml:199(para)
3923
msgid ""
3924
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3925
msgstr ""
3926
3927
#: serverguide/C/virtualization.xml:204(para)
3928
msgid ""
3929
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3930
"help troubleshoot problems with <application>virt-clone</application>."
3931
msgstr ""
3932
3933
#: serverguide/C/virtualization.xml:209(para)
3934
msgid ""
3935
"Replace <emphasis>web_devel</emphasis> and "
3936
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3937
msgstr ""
3938
3939
#: serverguide/C/virtualization.xml:215(title)
3940
msgid "Virtual Machine Management"
3941
msgstr ""
3942
3943
#: serverguide/C/virtualization.xml:217(title)
3944
msgid "virsh"
3945
msgstr ""
3946
3947
#: serverguide/C/virtualization.xml:218(para)
3948
msgid ""
3949
"There are several utilities available to manage virtual machines and "
3950
"<application>libvirt</application>. The <application>virsh</application> "
3951
"utility can be used from the command line. Some examples:"
3952
msgstr ""
3953
3954
#: serverguide/C/virtualization.xml:224(para)
3955
msgid "To list running virtual machines:"
3956
msgstr ""
3957
3958
#: serverguide/C/virtualization.xml:228(command)
3959
msgid "virsh -c qemu:///system list"
3960
msgstr "virsh -c qemu:///system list"
3961
3962
#: serverguide/C/virtualization.xml:232(para)
3963
msgid "To start a virtual machine:"
3964
msgstr ""
3965
3966
#: serverguide/C/virtualization.xml:236(command)
3967
msgid "virsh -c qemu:///system start web_devel"
3968
msgstr "virsh -c qemu:///system start web_devel"
3969
3970
#: serverguide/C/virtualization.xml:240(para)
3971
msgid "Similarly, to start a virtual machine at boot:"
3972
msgstr ""
3973
3974
#: serverguide/C/virtualization.xml:244(command)
3975
msgid "virsh -c qemu:///system autostart web_devel"
3976
msgstr "virsh -c qemu:///system autostart web_devel"
3977
3978
#: serverguide/C/virtualization.xml:248(para)
3979
msgid "Reboot a virtual machine with:"
3980
msgstr ""
3981
3982
#: serverguide/C/virtualization.xml:252(command)
3983
msgid "virsh -c qemu:///system reboot web_devel"
3984
msgstr "virsh -c qemu:///system reboot web_devel"
3985
3986
#: serverguide/C/virtualization.xml:256(para)
3987
msgid ""
3988
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3989
"order to be restored later. The following will save the virtual machine "
3990
"state into a file named according to the date:"
3991
msgstr ""
3992
3993
#: serverguide/C/virtualization.xml:261(command)
3994
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3995
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
3996
3997
#: serverguide/C/virtualization.xml:263(para)
3998
msgid "Once saved the virtual machine will no longer be running."
3999
msgstr ""
4000
4001
#: serverguide/C/virtualization.xml:268(para)
4002
msgid "A saved virtual machine can be restored using:"
4003
msgstr ""
4004
4005
#: serverguide/C/virtualization.xml:272(command)
4006
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4007
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
4008
4009
#: serverguide/C/virtualization.xml:276(para)
4010
msgid "To shutdown a virtual machine do:"
4011
msgstr ""
4012
4013
#: serverguide/C/virtualization.xml:280(command)
4014
msgid "virsh -c qemu:///system shutdown web_devel"
4015
msgstr "virsh -c qemu:///system shutdown web_devel"
4016
4017
#: serverguide/C/virtualization.xml:284(para)
4018
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4019
msgstr ""
4020
4021
#: serverguide/C/virtualization.xml:288(command)
4022
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4023
msgstr ""
4024
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4025
4026
#: serverguide/C/virtualization.xml:293(para)
4027
msgid ""
4028
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4029
"appropriate virtual machine name, and <filename>web_devel-"
4030
"022708.state</filename> with a descriptive file name."
4031
msgstr ""
4032
4033
#: serverguide/C/virtualization.xml:300(title)
4034
msgid "Virtual Machine Manager"
4035
msgstr ""
4036
4037
#: serverguide/C/virtualization.xml:301(para)
4038
msgid ""
4039
"The <application>virt-manager</application> package contains a graphical "
4040
"utility to manage local and remote virtual machines. To install virt-manager "
4041
"enter:"
4042
msgstr ""
4043
4044
#: serverguide/C/virtualization.xml:306(command)
4045
msgid "sudo apt-get install virt-manager"
4046
msgstr "sudo apt-get install virt-manager"
4047
4048
#: serverguide/C/virtualization.xml:308(para)
4049
msgid ""
4050
"Since <application>virt-manager</application> requires a Graphical User "
4051
"Interface (GUI) environment it is recommended to be installed on a "
4052
"workstation or test machine instead of a production server. To connect to "
4053
"the local <application>libvirt</application> service enter:"
4054
msgstr ""
4055
4056
#: serverguide/C/virtualization.xml:314(command)
4057
msgid "virt-manager -c qemu:///system"
4058
msgstr "virt-manager -c qemu:///system"
4059
4060
#: serverguide/C/virtualization.xml:316(para)
4061
msgid ""
4062
"You can connect to the <application>libvirt</application> service running on "
4063
"another host by entering the following in a terminal prompt:"
4064
msgstr ""
4065
4066
#: serverguide/C/virtualization.xml:320(command)
4067
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4068
msgstr ""
4069
4070
#: serverguide/C/virtualization.xml:323(para)
4071
msgid ""
4072
"The above example assumes that <application>SSH</application> connectivity "
4073
"between the management system and virtnode1.mydomain.com has already been "
4074
"configured, and uses SSH keys for authentication. SSH "
4075
"<emphasis>keys</emphasis> are needed because "
4076
"<application>libvirt</application> sends the password prompt to another "
4077
"process. For details on configuring <application>SSH</application> see <xref "
4078
"linkend=\"openssh-server\"/>"
4079
msgstr ""
4080
4081
#: serverguide/C/virtualization.xml:333(title)
4082
msgid "Virtual Machine Viewer"
4083
msgstr ""
4084
4085
#: serverguide/C/virtualization.xml:334(para)
4086
msgid ""
4087
"The <application>virt-viewer</application> application allows you to connect "
4088
"to a virtual machine's console. <application>virt-viewer</application> does "
4089
"require a Graphical User Interface (GUI) to interface with the virtual "
4090
"machine."
4091
msgstr ""
4092
4093
#: serverguide/C/virtualization.xml:338(para)
4094
msgid ""
4095
"To install <application>virt-viewer</application> from a terminal enter:"
4096
msgstr ""
4097
4098
#: serverguide/C/virtualization.xml:342(command)
4099
msgid "sudo apt-get install virt-viewer"
4100
msgstr "sudo apt-get install virt-viewer"
4101
4102
#: serverguide/C/virtualization.xml:344(para)
4103
msgid ""
4104
"Once a virtual machine is installed and running you can connect to the "
4105
"virtual machine's console by using:"
4106
msgstr ""
4107
4108
#: serverguide/C/virtualization.xml:348(command)
4109
msgid "virt-viewer -c qemu:///system web_devel"
4110
msgstr "virt-viewer -c qemu:///system web_devel"
4111
4112
#: serverguide/C/virtualization.xml:350(para)
4113
msgid ""
4114
"Similar to <application>virt-manager</application>, <application>virt-"
4115
"viewer</application> can connect to a remote host using "
4116
"<emphasis>SSH</emphasis> with key authentication, as well:"
4117
msgstr ""
4118
4119
#: serverguide/C/virtualization.xml:355(command)
4120
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4121
msgstr ""
4122
4123
#: serverguide/C/virtualization.xml:357(para)
4124
msgid ""
4125
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4126
"appropriate virtual machine name."
4127
msgstr ""
4128
4129
#: serverguide/C/virtualization.xml:360(para)
4130
msgid ""
4131
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4132
"can also setup <application>SSH</application> access to the virtual machine. "
4133
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4134
"more details."
4135
msgstr ""
4136
4137
#: serverguide/C/virtualization.xml:369(para)
4138
msgid ""
4139
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4140
"for more details."
4141
msgstr ""
4142
4143
#: serverguide/C/virtualization.xml:374(para)
4144
msgid ""
4145
"For more information on <application>libvirt</application> see the <ulink "
4146
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4147
msgstr ""
4148
4149
#: serverguide/C/virtualization.xml:379(para)
4150
msgid ""
4151
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4152
"Manager</ulink> site has more information on <application>virt-"
4153
"manager</application> development."
4154
msgstr ""
4155
4156
#: serverguide/C/virtualization.xml:385(para)
4157
msgid ""
4158
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4159
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4160
"technology in Ubuntu."
4161
msgstr ""
4162
4163
#: serverguide/C/virtualization.xml:391(para)
4164
msgid ""
4165
"Another good resource is the <ulink "
4166
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4167
msgstr ""
4168
4169
#: serverguide/C/virtualization.xml:399(title)
4170
msgid "JeOS and vmbuilder"
4171
msgstr ""
4172
4173
#: serverguide/C/virtualization.xml:405(title)
4174
msgid "What is JeOS"
4175
msgstr ""
4176
4177
#: serverguide/C/virtualization.xml:407(para)
4178
msgid ""
4179
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4180
"variant of the Ubuntu Server operating system, configured specifically for "
4181
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4182
"only as an option either:"
4183
msgstr ""
4184
4185
#: serverguide/C/virtualization.xml:414(para)
4186
msgid ""
4187
"While installing from the Server Edition ISO (pressing "
4188
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4189
"installation\", which is the package selection equivalent to JeOS)."
4190
msgstr ""
4191
4192
#: serverguide/C/virtualization.xml:420(para)
4193
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4194
msgstr ""
4195
4196
#: serverguide/C/virtualization.xml:426(para)
4197
msgid ""
4198
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4199
"kernel that only contains the base elements needed to run within a "
4200
"virtualized environment."
4201
msgstr ""
4202
4203
#: serverguide/C/virtualization.xml:431(para)
4204
msgid ""
4205
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4206
"in the latest virtualization products from VMware. This combination of "
4207
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4208
"delivers a highly efficient use of server resources in large virtual "
4209
"deployments."
4210
msgstr ""
4211
4212
#: serverguide/C/virtualization.xml:437(para)
4213
msgid ""
4214
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4215
"can configure their supporting OS exactly as they require. They have the "
4216
"peace of mind that updates, whether for security or enhancement reasons, "
4217
"will be limited to the bare minimum of what is required in their specific "
4218
"environment. In turn, users deploying virtual appliances built on top of "
4219
"JeOS will have to go through fewer updates and therefore less maintenance "
4220
"than they would have had to with a standard full installation of a server."
4221
msgstr ""
4222
4223
#: serverguide/C/virtualization.xml:446(title)
4224
msgid "What is vmbuilder"
4225
msgstr ""
4226
4227
#: serverguide/C/virtualization.xml:448(para)
4228
msgid ""
4229
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4230
"will fetch the various package and build a virtual machine tailored for your "
4231
"needs in about a minute. vmbuilder is a script that automates the process of "
4232
"creating a ready to use Linux based VM. The currently supported hypervisors "
4233
"are KVM and Xen."
4234
msgstr ""
4235
4236
#: serverguide/C/virtualization.xml:454(para)
4237
msgid ""
4238
"You can pass command line options to add extra packages, remove packages, "
4239
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4240
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4241
"a local mirror, you can bootstrap a VM in less than a minute."
4242
msgstr ""
4243
4244
#: serverguide/C/virtualization.xml:460(para)
4245
msgid ""
4246
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4247
"vm-builder</application> started with little emphasis as a hack to help "
4248
"developers test their new code in a virtual machine without having to "
4249
"restart from scratch each time. As a few Ubuntu administrators started to "
4250
"notice this script, a few of them went on improving it and adapting it for "
4251
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4252
"virtualization specialist, not the golf player) decided to rewrite it from "
4253
"scratch for Intrepid as a python script with a few new design goals:"
4254
msgstr ""
4255
4256
#: serverguide/C/virtualization.xml:470(para)
4257
msgid "Develop it so that it can be reused by other distributions."
4258
msgstr ""
4259
4260
#: serverguide/C/virtualization.xml:475(para)
4261
msgid ""
4262
"Use a plugin mechanisms for all virtualization interactions so that others "
4263
"can easily add logic for other virtualization environments."
4264
msgstr ""
4265
4266
#: serverguide/C/virtualization.xml:480(para)
4267
msgid ""
4268
"Provide an easy to maintain web interface as an option to the command line "
4269
"interface."
4270
msgstr ""
4271
4272
#: serverguide/C/virtualization.xml:486(para)
4273
msgid "But the general principles and commands remain the same."
4274
msgstr ""
4275
4276
#: serverguide/C/virtualization.xml:493(title)
4277
msgid "Initial Setup"
4278
msgstr ""
4279
4280
#: serverguide/C/virtualization.xml:495(para)
4281
msgid ""
4282
"It is assumed that you have installed and configured "
4283
"<application>libvirt</application> and <application>KVM</application> "
4284
"locally on the machine you are using. For details on how to perform this, "
4285
"please refer to:"
4286
msgstr ""
4287
4288
#: serverguide/C/virtualization.xml:507(para)
4289
msgid ""
4290
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4291
"page."
4292
msgstr ""
4293
4294
#: serverguide/C/virtualization.xml:513(para)
4295
msgid ""
4296
"We also assume that you know how to use a text based text editor such as "
4297
"nano or vi. If you have not used any of them before, you can get an overview "
4298
"of the various text editors available by reading the <ulink "
4299
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4300
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4301
"principle should remain on other virtualization technologies."
4302
msgstr ""
4303
4304
#: serverguide/C/virtualization.xml:521(title)
4305
msgid "Install vmbuilder"
4306
msgstr ""
4307
4308
#: serverguide/C/virtualization.xml:523(para)
4309
msgid ""
4310
"The name of the package that we need to install is <application>python-vm-"
4311
"builder</application>. In a terminal prompt enter:"
4312
msgstr ""
4313
4314
#: serverguide/C/virtualization.xml:528(command)
4315
msgid "sudo apt-get install python-vm-builder"
4316
msgstr "sudo apt-get install python-vm-builder"
4317
4318
#: serverguide/C/virtualization.xml:532(para)
4319
msgid ""
4320
"If you are running Hardy, you can still perform most of this using the older "
4321
"version of the package named <application>ubuntu-vm-builder</application>, "
4322
"there are only a few changes to the syntax of the tool."
4323
msgstr ""
4324
4325
#: serverguide/C/virtualization.xml:541(title)
4326
msgid "Defining Your Virtual Machine"
4327
msgstr ""
4328
4329
#: serverguide/C/virtualization.xml:543(para)
4330
msgid ""
4331
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4332
"are a few thing to consider:"
4333
msgstr ""
4334
4335
#: serverguide/C/virtualization.xml:549(para)
4336
msgid ""
4337
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4338
"will know how to extend disk size to fit their need, so either plan for a "
4339
"large virtual disk to allow for your appliance to grow, or explain fairly "
4340
"well in your documentation how to allocate more space. It might actually be "
4341
"a good idea to store data on some separate external storage."
4342
msgstr ""
4343
4344
#: serverguide/C/virtualization.xml:556(para)
4345
msgid ""
4346
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4347
"whatever you think is a safe minimum for your appliance."
4348
msgstr ""
4349
4350
#: serverguide/C/virtualization.xml:562(para)
4351
msgid ""
4352
"The <application>vmbuilder</application> command has 2 main parameters: the "
4353
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4354
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4355
"and can be found using the following command:"
4356
msgstr ""
4357
4358
#: serverguide/C/virtualization.xml:568(command)
4359
msgid "vmbuilder --help"
4360
msgstr ""
4361
4362
#: serverguide/C/virtualization.xml:572(title)
4363
msgid "Base Parameters"
4364
msgstr ""
4365
4366
#: serverguide/C/virtualization.xml:574(para)
4367
msgid ""
4368
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4369
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4370
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4371
msgstr ""
4372
4373
#: serverguide/C/virtualization.xml:580(command)
4374
msgid ""
4375
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4376
"-libvirt qemu:///system"
4377
msgstr ""
4378
4379
#: serverguide/C/virtualization.xml:583(para)
4380
msgid ""
4381
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4382
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4383
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4384
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4385
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4386
"libvirt</emphasis> tells to inform the local virtualization environment to "
4387
"add the resulting VM to the list of available machines."
4388
msgstr ""
4389
4390
#: serverguide/C/virtualization.xml:591(para)
4391
msgid "Notes:"
4392
msgstr "Noter:"
4393
4394
#: serverguide/C/virtualization.xml:597(para)
4395
msgid ""
4396
"Because of the nature of operations performed by vmbuilder, it needs to have "
4397
"root privilege, hence the use of sudo."
4398
msgstr ""
4399
4400
#: serverguide/C/virtualization.xml:602(para)
4401
msgid ""
4402
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4403
"a 64 bit machine (--arch amd64)."
4404
msgstr ""
4405
4406
#: serverguide/C/virtualization.xml:607(para)
4407
msgid ""
4408
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4409
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4410
"use <emphasis>--flavour</emphasis> server instead."
4411
msgstr ""
4412
4413
#: serverguide/C/virtualization.xml:615(title)
4414
msgid "JeOS Installation Parameters"
4415
msgstr ""
4416
4417
#: serverguide/C/virtualization.xml:618(title)
4418
msgid "JeOS Networking"
4419
msgstr ""
4420
4421
#: serverguide/C/virtualization.xml:621(title)
4422
msgid "Assigning a fixed IP address"
4423
msgstr ""
4424
4425
#: serverguide/C/virtualization.xml:623(para)
4426
msgid ""
4427
"As a virtual appliance that may be deployed on various very different "
4428
"networks, it is very difficult to know what the actual network will look "
4429
"like. In order to simplify configuration, it is a good idea to take an "
4430
"approach similar to what network hardware vendors usually do, namely "
4431
"assigning an initial fixed IP address to the appliance in a private class "
4432
"network that you will provide in your documentation. An address in the range "
4433
"192.168.0.0/255 is usually a good choice."
4434
msgstr ""
4435
4436
#: serverguide/C/virtualization.xml:630(para)
4437
msgid "To do this we'll use the following parameters:"
4438
msgstr ""
4439
4440
#: serverguide/C/virtualization.xml:636(para)
4441
msgid ""
4442
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4443
"dhcp if not specified)"
4444
msgstr ""
4445
4446
#: serverguide/C/virtualization.xml:641(para)
4447
msgid ""
4448
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4449
"255.255.255.0)"
4450
msgstr ""
4451
4452
#: serverguide/C/virtualization.xml:646(para)
4453
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4454
msgstr ""
4455
4456
#: serverguide/C/virtualization.xml:651(para)
4457
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4458
msgstr ""
4459
4460
#: serverguide/C/virtualization.xml:656(para)
4461
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4462
msgstr ""
4463
4464
#: serverguide/C/virtualization.xml:661(para)
4465
msgid ""
4466
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4467
msgstr ""
4468
4469
#: serverguide/C/virtualization.xml:667(para)
4470
msgid ""
4471
"We assume for now that default values are good enough, so the resulting "
4472
"invocation becomes:"
4473
msgstr ""
4474
4475
#: serverguide/C/virtualization.xml:672(command)
4476
msgid ""
4477
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4478
"-libvirt qemu:///system --ip 192.168.0.100"
4479
msgstr ""
4480
4481
#: serverguide/C/virtualization.xml:677(title)
4482
msgid "Modifying the libvirt Template to use Bridging"
4483
msgstr ""
4484
4485
#: serverguide/C/virtualization.xml:679(para)
4486
msgid ""
4487
"Because our appliance will be likely to need to be accessed by remote hosts, "
4488
"we need to configure libvirt so that the appliance uses bridge networking. "
4489
"To do this we use vmbuilder template mechanism to modify the default one."
4490
msgstr ""
4491
4492
#: serverguide/C/virtualization.xml:684(para)
4493
msgid ""
4494
"In our working directory we create the template hierarchy and copy the "
4495
"default template:"
4496
msgstr ""
4497
4498
#: serverguide/C/virtualization.xml:689(command)
4499
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4500
msgstr ""
4501
4502
#: serverguide/C/virtualization.xml:690(command)
4503
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4504
msgstr "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4505
4506
#: serverguide/C/virtualization.xml:693(para)
4507
msgid ""
4508
"We can then edit "
4509
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4510
"change:"
4511
msgstr ""
4512
4513
#: serverguide/C/virtualization.xml:697(programlisting)
4514
#, no-wrap
4515
msgid ""
4516
"\n"
4517
" <interface type='network'>\n"
4518
" <source network='default'/>\n"
4519
" </interface>\n"
4520
msgstr ""
4521
4522
#: serverguide/C/virtualization.xml:703(para)
4523
msgid "To:"
4524
msgstr "Til:"
4525
4526
#: serverguide/C/virtualization.xml:707(programlisting)
4527
#, no-wrap
4528
msgid ""
4529
"\n"
4530
" <interface type='bridge'>\n"
4531
" <source bridge='br0'/>\n"
4532
" </interface>\n"
4533
msgstr ""
4534
4535
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4536
msgid "Partitioning"
4537
msgstr ""
4538
4539
#: serverguide/C/virtualization.xml:719(para)
4540
msgid ""
4541
"Partitioning of the virtual appliance will have to take into consideration "
4542
"what you are planning to do with is. Because most appliances want to have a "
4543
"separate storage for data, having a separate <filename>/var</filename> would "
4544
"make sense."
4545
msgstr ""
4546
4547
#: serverguide/C/virtualization.xml:724(para)
4548
msgid ""
4549
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4550
msgstr ""
4551
4552
#: serverguide/C/virtualization.xml:728(programlisting)
4553
#, no-wrap
4554
msgid ""
4555
"\n"
4556
"--part PATH\n"
4557
" Allows you to specify a partition table in a partition file, located at "
4558
"PATH. Each line of the partition file should specify\n"
4559
" (root first):\n"
4560
" mountpoint size\n"
4561
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4562
"disk starts on a\n"
4563
" line with ’---’. ie :\n"
4564
" root 1000\n"
4565
" /opt 1000\n"
4566
" swap 256\n"
4567
" ---\n"
4568
" /var 2000\n"
4569
" /log 1500\n"
4570
msgstr ""
4571
4572
#: serverguide/C/virtualization.xml:743(para)
4573
msgid ""
4574
"In our case we will define a text file name "
4575
"<filename>vmbuilder.partition</filename> which will contain the following:"
4576
msgstr ""
4577
4578
#: serverguide/C/virtualization.xml:747(programlisting)
4579
#, no-wrap
4580
msgid ""
4581
"\n"
4582
"root 8000\n"
4583
"swap 4000\n"
4584
"---\n"
4585
"/var 20000\n"
4586
msgstr ""
4587
4588
#: serverguide/C/virtualization.xml:755(para)
4589
msgid ""
4590
"Note that as we are using virtual disk images, the actual sizes that we put "
4591
"here are maximum sizes for these volumes."
4592
msgstr ""
4593
4594
#: serverguide/C/virtualization.xml:760(para)
4595
msgid "Our command line now looks like:"
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:765(command)
4599
msgid ""
4600
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4601
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4602
msgstr ""
4603
4604
#: serverguide/C/virtualization.xml:770(para)
4605
msgid ""
4606
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4607
"next line."
4608
msgstr ""
4609
4610
#: serverguide/C/virtualization.xml:777(title)
4611
msgid "User and Password"
4612
msgstr ""
4613
4614
#: serverguide/C/virtualization.xml:779(para)
4615
msgid ""
4616
"Again setting up a virtual appliance, you will need to provide a default "
4617
"user and password that is generic so that you can include it in your "
4618
"documentation. We will see later on in this tutorial how we will provide "
4619
"some security by defining a script that will be run the first time a user "
4620
"actually logs in the appliance, that will, among other things, ask him to "
4621
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4622
"as my user name, and <emphasis>'default'</emphasis> as the password."
4623
msgstr ""
4624
4625
#: serverguide/C/virtualization.xml:787(para)
4626
msgid "To do this we use the following optional parameters:"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:793(para)
4630
msgid ""
4631
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4632
"Default: ubuntu."
4633
msgstr ""
4634
4635
#: serverguide/C/virtualization.xml:798(para)
4636
msgid ""
4637
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4638
"added. Default: Ubuntu."
4639
msgstr ""
4640
4641
#: serverguide/C/virtualization.xml:803(para)
4642
msgid ""
4643
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4644
"Default: ubuntu."
4645
msgstr ""
4646
4647
#: serverguide/C/virtualization.xml:809(para)
4648
msgid "Our resulting command line becomes:"
4649
msgstr ""
4650
4651
#: serverguide/C/virtualization.xml:814(command)
4652
msgid ""
4653
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4654
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4655
"-user user --name user --pass default"
4656
msgstr ""
4657
4658
#: serverguide/C/virtualization.xml:822(title)
4659
msgid "Installing Required Packages"
4660
msgstr ""
4661
4662
#: serverguide/C/virtualization.xml:824(para)
4663
msgid ""
4664
"In this example we will be installing a package "
4665
"<application>(Limesurvey)</application> that accesses a "
4666
"<application>MySQL</application> database and has a web interface. We will "
4667
"therefore require our OS to provide us with:"
4668
msgstr ""
4669
4670
#: serverguide/C/virtualization.xml:831(para)
4671
msgid "Apache"
4672
msgstr "Apache"
4673
4674
#: serverguide/C/virtualization.xml:832(para)
4675
msgid "PHP"
4676
msgstr "PHP"
4677
4678
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4679
msgid "MySQL"
4680
msgstr "MySQL"
4681
4682
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4683
msgid "OpenSSH Server"
4684
msgstr "OpenSSH Server"
4685
4686
#: serverguide/C/virtualization.xml:835(para)
4687
msgid "Limesurvey (as an example application that we have packaged)"
4688
msgstr ""
4689
4690
#: serverguide/C/virtualization.xml:838(para)
4691
msgid ""
4692
"This is done using vmbuilder by specifying the --addpkg option multiple "
4693
"times:"
4694
msgstr ""
4695
4696
#: serverguide/C/virtualization.xml:842(programlisting)
4697
#, no-wrap
4698
msgid ""
4699
"\n"
4700
"--addpkg PKG\n"
4701
" Install PKG into the guest (can be specfied multiple times)\n"
4702
msgstr ""
4703
4704
#: serverguide/C/virtualization.xml:847(para)
4705
msgid ""
4706
"However, due to the way vmbuilder operates, packages that have to ask "
4707
"questions to the user during the post install phase are not supported and "
4708
"should instead be installed while interactivity can occur. This is the case "
4709
"of Limesurvey, which we will have to install later, once the user logs in."
4710
msgstr ""
4711
4712
#: serverguide/C/virtualization.xml:853(para)
4713
msgid ""
4714
"Other packages that ask simple debconf question, such as <application>mysql-"
4715
"server</application> asking to set a password, the package can be installed "
4716
"immediately, but we will have to reconfigure it the first time the user logs "
4717
"in."
4718
msgstr ""
4719
4720
#: serverguide/C/virtualization.xml:859(para)
4721
msgid ""
4722
"If some packages that we need to install are not in main, we need to enable "
4723
"the additional repositories using --comp and --ppa:"
4724
msgstr ""
4725
4726
#: serverguide/C/virtualization.xml:863(programlisting)
4727
#, no-wrap
4728
msgid ""
4729
"\n"
4730
"--components COMP1,COMP2,...,COMPN\n"
4731
" A comma separated list of distro components to include (e.g. "
4732
"main,universe). This defaults\n"
4733
" to \"main\"\n"
4734
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4735
msgstr ""
4736
4737
#: serverguide/C/virtualization.xml:870(para)
4738
msgid ""
4739
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4740
"PPA (personal package archive) address so that it is added to the VM "
4741
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4742
"to the command line:"
4743
msgstr ""
4744
4745
#: serverguide/C/virtualization.xml:876(command)
4746
msgid ""
4747
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4748
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4749
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4750
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4751
"server --ppa nijaba"
4752
msgstr ""
4753
4754
#: serverguide/C/virtualization.xml:883(title)
4755
msgid "OpenSSH"
4756
msgstr ""
4757
4758
#: serverguide/C/virtualization.xml:885(para)
4759
msgid ""
4760
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4761
"it will allow our admins to access the appliance remotely. However, pushing "
4762
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4763
"security risk as all these server will share the same secret key, making it "
4764
"very easy for hackers to target our appliance with all the tools they need "
4765
"to crack it open in a breeze. As for the user password, we will instead rely "
4766
"on a script that will install OpenSSH the first time a user logs in so that "
4767
"the key generated will be different for each appliance. For this we'll use a "
4768
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4769
"interaction."
4770
msgstr ""
4771
4772
#: serverguide/C/virtualization.xml:897(title)
4773
msgid "Speed Considerations"
4774
msgstr ""
4775
4776
#: serverguide/C/virtualization.xml:900(title)
4777
msgid "Package Caching"
4778
msgstr ""
4779
4780
#: serverguide/C/virtualization.xml:902(para)
4781
msgid ""
4782
"When vmbuilder creates builds your system, it has to go fetch each one of "
4783
"the packages that composes it over the network to one of the official "
4784
"repositories, which, depending on your internet connection speed and the "
4785
"load of the mirror, can have a big impact on the actual build time. In order "
4786
"to reduce this, it is recommended to either have a local repository (which "
4787
"can be created using <application>apt-mirror</application>) or using a "
4788
"caching proxy such as <application>apt-proxy</application>. The later option "
4789
"being much simpler to implement and requiring less disk space, it is the one "
4790
"we will pick in this tutorial. To install it, simply type:"
4791
msgstr ""
4792
4793
#: serverguide/C/virtualization.xml:912(command)
4794
msgid "sudo apt-get install apt-proxy"
4795
msgstr "sudo apt-get install apt-proxy"
4796
4797
#: serverguide/C/virtualization.xml:915(para)
4798
msgid ""
4799
"Once this is complete, your (empty) proxy is ready for use on "
4800
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4801
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4802
"option:"
4803
msgstr ""
4804
4805
#: serverguide/C/virtualization.xml:920(programlisting)
4806
#, no-wrap
4807
msgid ""
4808
"\n"
4809
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4810
" is http://archive.ubuntu.com/ubuntu for official\n"
4811
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4812
" otherwise\n"
4813
msgstr ""
4814
4815
#: serverguide/C/virtualization.xml:927(para)
4816
msgid "So we add to the command line:"
4817
msgstr ""
4818
4819
#: serverguide/C/virtualization.xml:932(command)
4820
msgid "--mirror http://mirroraddress:9999/ubuntu"
4821
msgstr ""
4822
4823
#: serverguide/C/virtualization.xml:936(para)
4824
msgid ""
4825
"The mirror address specified here will also be used in the "
4826
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4827
"is useful to specify here an address that can be resolved by the guest or to "
4828
"plan on reseting this address later on, such as in a <emphasis>--"
4829
"firstboot</emphasis> script."
4830
msgstr ""
4831
4832
#: serverguide/C/virtualization.xml:945(title)
4833
msgid "Install a Local Mirror"
4834
msgstr ""
4835
4836
#: serverguide/C/virtualization.xml:947(para)
4837
msgid ""
4838
"If we are in a larger environment, it may make sense to setup a local mirror "
4839
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4840
"script that will handle the mirroring for you. You should plan on having "
4841
"about 20 gigabyte of free space per supported release and architecture."
4842
msgstr ""
4843
4844
#: serverguide/C/virtualization.xml:953(para)
4845
msgid ""
4846
"By default, <application>apt-mirror</application> uses the configuration "
4847
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4848
"replicate only the architecture of the local machine. If you would like to "
4849
"support other architectures on your mirror, simply duplicate the lines "
4850
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4851
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4852
"archives as well, you will have:"
4853
msgstr ""
4854
4855
#: serverguide/C/virtualization.xml:960(programlisting)
4856
#, no-wrap
4857
msgid ""
4858
"\n"
4859
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
4860
"multiverse \n"
4861
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4862
"universe multiverse\n"
4863
"\n"
4864
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4865
"universe multiverse \n"
4866
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4867
"universe multiverse \n"
4868
"\n"
4869
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4870
"universe multiverse \n"
4871
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4872
"restricted universe multiverse \n"
4873
"\n"
4874
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4875
"universe multiverse \n"
4876
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4877
"restricted universe multiverse \n"
4878
"\n"
4879
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4880
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4881
"installer \n"
4882
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4883
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4884
"installer \n"
4885
msgstr ""
4886
4887
#: serverguide/C/virtualization.xml:977(para)
4888
msgid ""
4889
"Notice that the source packages are not mirrored as they are seldom used "
4890
"compared to the binaries and they do take a lot more space, but they can be "
4891
"easily added to the list."
4892
msgstr ""
4893
4894
#: serverguide/C/virtualization.xml:982(para)
4895
msgid ""
4896
"Once the mirror has finished replicating (and this can be quite long), you "
4897
"need to configure Apache so that your mirror files (in "
4898
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4899
"default), are published by your Apache server. For more information on "
4900
"Apache see <xref linkend=\"httpd\"/>."
4901
msgstr ""
4902
4903
#: serverguide/C/virtualization.xml:991(title)
4904
msgid "Installing in a RAM Disk"
4905
msgstr ""
4906
4907
#: serverguide/C/virtualization.xml:993(para)
4908
msgid ""
4909
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4910
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4911
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4912
"-tmpfs</emphasis> will help you do just that:"
4913
msgstr ""
4914
4915
#: serverguide/C/virtualization.xml:999(programlisting)
4916
#, no-wrap
4917
msgid ""
4918
"\n"
4919
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4920
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4921
msgstr ""
4922
4923
#: serverguide/C/virtualization.xml:1004(para)
4924
msgid ""
4925
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4926
"have 1G of free ram."
4927
msgstr ""
4928
4929
#: serverguide/C/virtualization.xml:1011(title)
4930
msgid "Package the Application"
4931
msgstr ""
4932
4933
#: serverguide/C/virtualization.xml:1013(para)
4934
msgid "Two option are available to us:"
4935
msgstr ""
4936
4937
#: serverguide/C/virtualization.xml:1019(para)
4938
msgid ""
4939
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4940
"package. Since this is outside of the scope of this tutorial, we will not "
4941
"perform this here and invite the reader to read the documentation on how to "
4942
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4943
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4944
"repository for your package so that updates can be conveniently pulled from "
4945
"it. See the <ulink url=\"http://www.debian-"
4946
"administration.org/articles/286\">Debian Administration</ulink> article for "
4947
"a tutorial on this."
4948
msgstr ""
4949
4950
#: serverguide/C/virtualization.xml:1028(para)
4951
msgid ""
4952
"Manually install the application under <filename>/opt</filename> as "
4953
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4954
"guidelines</ulink>."
4955
msgstr ""
4956
4957
#: serverguide/C/virtualization.xml:1035(para)
4958
msgid ""
4959
"In our case we'll use <application>Limesurvey</application> as example web "
4960
"application for which we wish to provide a virtual appliance. As noted "
4961
"before, we've made a version of the package available in a PPA (Personal "
4962
"Package Archive)."
4963
msgstr ""
4964
4965
#: serverguide/C/virtualization.xml:1042(title)
4966
msgid "Finishing Install"
4967
msgstr ""
4968
4969
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
4970
msgid "First Boot"
4971
msgstr ""
4972
4973
#: serverguide/C/virtualization.xml:1047(para)
4974
msgid ""
4975
"As we mentioned earlier, the first time the machine boots we'll need to "
4976
"install <application>openssh-server</application> so that the key generated "
4977
"for it is unique for each machine. To do this, we'll write a script called "
4978
"<filename>boot.sh</filename> as follows:"
4979
msgstr ""
4980
4981
#: serverguide/C/virtualization.xml:1053(programlisting)
4982
#, no-wrap
4983
msgid ""
4984
"\n"
4985
"# This script will run the first time the virtual machine boots\n"
4986
"# It is ran as root.\n"
4987
"\n"
4988
"apt-get update\n"
4989
"apt-get install -qqy --force-yes openssh-server\n"
4990
msgstr ""
4991
4992
#: serverguide/C/virtualization.xml:1061(para)
4993
msgid ""
4994
"And we add the <command>--firstboot boot.sh</command> option to our command "
4995
"line."
4996
msgstr ""
4997
4998
#: serverguide/C/virtualization.xml:1067(title)
4999
msgid "First Login"
5000
msgstr ""
5001
5002
#: serverguide/C/virtualization.xml:1069(para)
5003
msgid ""
5004
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5005
"set them up the first time a user logs in using a script named login.sh. "
5006
"We'll also use this script to let the user specify:"
5007
msgstr ""
5008
5009
#: serverguide/C/virtualization.xml:1075(para)
5010
msgid "His own password"
5011
msgstr ""
5012
5013
#: serverguide/C/virtualization.xml:1076(para)
5014
msgid "Define the keyboard and other locale info he wants to use"
5015
msgstr ""
5016
5017
#: serverguide/C/virtualization.xml:1079(para)
5018
msgid "So we'll define <filename>login.sh</filename> as follows:"
5019
msgstr ""
5020
5021
#: serverguide/C/virtualization.xml:1083(programlisting)
5022
#, no-wrap
5023
msgid ""
5024
"\n"
5025
"# This script is ran the first time a user logs in\n"
5026
"\n"
5027
"echo \"Your appliance is about to be finished to be set up.\"\n"
5028
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5029
"echo \"starting by changing your user password.\"\n"
5030
"\n"
5031
"passwd\n"
5032
"\n"
5033
"#give the opportunity to change the keyboard\n"
5034
"sudo dpkg-reconfigure console-setup\n"
5035
"\n"
5036
"#configure the mysql server root password\n"
5037
"sudo dpkg-reconfigure mysql-server-5.0\n"
5038
"\n"
5039
"#install limesurvey\n"
5040
"sudo apt-get install -qqy --force-yes limesurvey\n"
5041
"\n"
5042
"echo \"Your appliance is now configured. To use it point your\"\n"
5043
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5044
msgstr ""
5045
5046
#: serverguide/C/virtualization.xml:1105(para)
5047
msgid ""
5048
"And we add the <command>--firstlogin login.sh</command> option to our "
5049
"command line."
5050
msgstr ""
5051
5052
#: serverguide/C/virtualization.xml:1112(title)
5053
msgid "Useful Additions"
5054
msgstr ""
5055
5056
#: serverguide/C/virtualization.xml:1115(title)
5057
msgid "Configuring Automatic Updates"
5058
msgstr ""
5059
5060
#: serverguide/C/virtualization.xml:1117(para)
5061
msgid ""
5062
"To have your system be configured to update itself on a regular basis, we "
5063
"will just install <application>unattended-upgrades</application>, so we add "
5064
"the following option to our command line:"
5065
msgstr ""
5066
5067
#: serverguide/C/virtualization.xml:1123(command)
5068
msgid "--addpkg unattended-upgrades"
5069
msgstr ""
5070
5071
#: serverguide/C/virtualization.xml:1126(para)
5072
msgid ""
5073
"As we have put our application package in a PPA, the process will update not "
5074
"only the system, but also the application each time we update the version in "
5075
"the PPA."
5076
msgstr ""
5077
5078
#: serverguide/C/virtualization.xml:1133(title)
5079
msgid "ACPI Event Handling"
5080
msgstr ""
5081
5082
#: serverguide/C/virtualization.xml:1135(para)
5083
msgid ""
5084
"For your virtual machine to be able to handle restart and shutdown events it "
5085
"is being sent, it is a good idea to install the acpid package as well. To do "
5086
"this we just add the following option:"
5087
msgstr ""
5088
5089
#: serverguide/C/virtualization.xml:1141(command)
5090
msgid "--addpkg acpid"
5091
msgstr ""
5092
5093
#: serverguide/C/virtualization.xml:1147(title)
5094
msgid "Final Command"
5095
msgstr ""
5096
5097
#: serverguide/C/virtualization.xml:1149(para)
5098
msgid "Here is the command with all the options discussed above:"
5099
msgstr ""
5100
5101
#: serverguide/C/virtualization.xml:1154(command)
5102
msgid ""
5103
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5104
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5105
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5106
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5107
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5108
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5109
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5110
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5111
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5112
"firstlogin login.sh"
5113
msgstr ""
5114
5115
#: serverguide/C/virtualization.xml:1169(para)
5116
msgid ""
5117
"If you are interested in learning more, have questions or suggestions, "
5118
"please contact the Ubuntu Server Team at:"
5119
msgstr ""
5120
5121
#: serverguide/C/virtualization.xml:1174(para)
5122
msgid "IRC: #ubuntu-server on freenode"
5123
msgstr ""
5124
5125
#: serverguide/C/virtualization.xml:1179(para)
5126
msgid ""
5127
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5128
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5129
msgstr ""
5130
5131
#: serverguide/C/virtualization.xml:1184(para)
5132
msgid ""
5133
"Also, see the <ulink "
5134
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5135
"Wiki</ulink> page."
5136
msgstr ""
5137
5138
#: serverguide/C/virtualization.xml:1192(title)
5139
msgid "UEC"
5140
msgstr ""
5141
5142
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5143
msgid "Overview"
5144
msgstr "Oversigt"
5145
5146
#: serverguide/C/virtualization.xml:1197(para)
5147
msgid ""
5148
"This tutorial covers <application>UEC</application> installation from the "
5149
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5150
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5151
"and one or more nodes attached."
5152
msgstr ""
5153
5154
#: serverguide/C/virtualization.xml:1202(para)
5155
msgid ""
5156
"From this Tutorial you will learn how to install, configure, register and "
5157
"perform several operations on a basic <application>UEC</application> setup "
5158
"that results in a cloud with a one controller <emphasis>\"front-"
5159
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5160
"instances. You will also use examples to help get you started using your own "
5161
"private compute cloud."
5162
msgstr ""
5163
5164
#: serverguide/C/virtualization.xml:1210(title)
5165
msgid "Prerequisites"
5166
msgstr ""
5167
5168
#: serverguide/C/virtualization.xml:1212(para)
5169
msgid ""
5170
"To deploy a minimal cloud infrastructure, you’ll need at least "
5171
"<emphasis>two</emphasis> dedicated systems:"
5172
msgstr ""
5173
5174
#: serverguide/C/virtualization.xml:1218(para)
5175
msgid "A front end."
5176
msgstr ""
5177
5178
#: serverguide/C/virtualization.xml:1223(para)
5179
msgid "One or more node(s)."
5180
msgstr ""
5181
5182
#: serverguide/C/virtualization.xml:1229(para)
5183
msgid ""
5184
"The following are recommendations, rather than fixed requirements. However, "
5185
"our experience in developing this documentation indicated the following "
5186
"suggestions."
5187
msgstr ""
5188
5189
#: serverguide/C/virtualization.xml:1234(title)
5190
msgid "Front End Requirements"
5191
msgstr ""
5192
5193
#: serverguide/C/virtualization.xml:1236(para)
5194
msgid "Use the following table for a system that will run one or more of:"
5195
msgstr ""
5196
5197
#: serverguide/C/virtualization.xml:1241(para)
5198
msgid "Cloud Controller (CLC)"
5199
msgstr ""
5200
5201
#: serverguide/C/virtualization.xml:1242(para)
5202
msgid "Cluster Controller (CC)"
5203
msgstr ""
5204
5205
#: serverguide/C/virtualization.xml:1243(para)
5206
msgid "Walrus (the S3-like storage service)"
5207
msgstr ""
5208
5209
#: serverguide/C/virtualization.xml:1244(para)
5210
msgid "Storage Controller (SC)"
5211
msgstr ""
5212
5213
#: serverguide/C/virtualization.xml:1248(title)
5214
msgid "UEC Front End Requirements"
5215
msgstr ""
5216
5217
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5218
msgid "Hardware"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5222
msgid "Minimum"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5226
msgid "Suggested"
5227
msgstr ""
5228
5229
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5230
msgid "Notes"
5231
msgstr ""
5232
5233
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5234
msgid "CPU"
5235
msgstr ""
5236
5237
#: serverguide/C/virtualization.xml:1265(para)
5238
msgid "1 GHz"
5239
msgstr ""
5240
5241
#: serverguide/C/virtualization.xml:1266(para)
5242
msgid "2 x 2 GHz"
5243
msgstr ""
5244
5245
#: serverguide/C/virtualization.xml:1267(para)
5246
msgid ""
5247
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5248
"a dual core processor."
5249
msgstr ""
5250
5251
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5252
msgid "Memory"
5253
msgstr ""
5254
5255
#: serverguide/C/virtualization.xml:1271(para)
5256
msgid "2 GB"
5257
msgstr ""
5258
5259
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5260
msgid "4 GB"
5261
msgstr ""
5262
5263
#: serverguide/C/virtualization.xml:1273(para)
5264
msgid "The Java web front end benefits from lots of available memory."
5265
msgstr ""
5266
5267
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5268
msgid "Disk"
5269
msgstr ""
5270
5271
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5272
msgid "5400 RPM IDE"
5273
msgstr ""
5274
5275
#: serverguide/C/virtualization.xml:1278(para)
5276
msgid "7200 RPM SATA"
5277
msgstr ""
5278
5279
#: serverguide/C/virtualization.xml:1279(para)
5280
msgid ""
5281
"Slower disks will work, but will yield much longer instance startup times."
5282
msgstr ""
5283
5284
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5285
msgid "Disk Space"
5286
msgstr ""
5287
5288
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5289
msgid "40 GB"
5290
msgstr ""
5291
5292
#: serverguide/C/virtualization.xml:1284(para)
5293
msgid "200 GB"
5294
msgstr ""
5295
5296
#: serverguide/C/virtualization.xml:1285(para)
5297
msgid ""
5298
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5299
"does not like to run out of disk space."
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5303
msgid "Networking"
5304
msgstr "Netværk"
5305
5306
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5307
msgid "100 Mbps"
5308
msgstr ""
5309
5310
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5311
msgid "1000 Mbps"
5312
msgstr ""
5313
5314
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5315
msgid ""
5316
"Machine images are hundreds of MB, and need to be copied over the network to "
5317
"nodes."
5318
msgstr ""
5319
5320
#: serverguide/C/virtualization.xml:1299(title)
5321
msgid "Node Requirements"
5322
msgstr ""
5323
5324
#: serverguide/C/virtualization.xml:1301(para)
5325
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5326
msgstr ""
5327
5328
#: serverguide/C/virtualization.xml:1306(para)
5329
msgid "the Node Controller (NC)"
5330
msgstr ""
5331
5332
#: serverguide/C/virtualization.xml:1310(title)
5333
msgid "UEC Node Requirements"
5334
msgstr ""
5335
5336
#: serverguide/C/virtualization.xml:1327(para)
5337
msgid "VT Extensions"
5338
msgstr ""
5339
5340
#: serverguide/C/virtualization.xml:1328(para)
5341
msgid "VT, 64-bit, Multicore"
5342
msgstr ""
5343
5344
#: serverguide/C/virtualization.xml:1329(para)
5345
msgid ""
5346
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5347
"only run 1 VM per CPU core on a Node."
5348
msgstr ""
5349
5350
#: serverguide/C/virtualization.xml:1333(para)
5351
msgid "1 GB"
5352
msgstr ""
5353
5354
#: serverguide/C/virtualization.xml:1335(para)
5355
msgid "Additional memory means more, and larger guests."
5356
msgstr ""
5357
5358
#: serverguide/C/virtualization.xml:1340(para)
5359
msgid "7200 RPM SATA or SCSI"
5360
msgstr ""
5361
5362
#: serverguide/C/virtualization.xml:1341(para)
5363
msgid ""
5364
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5365
"bottleneck."
5366
msgstr ""
5367
5368
#: serverguide/C/virtualization.xml:1346(para)
5369
msgid "100 GB"
5370
msgstr ""
5371
5372
#: serverguide/C/virtualization.xml:1347(para)
5373
msgid ""
5374
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5375
"space."
5376
msgstr ""
5377
5378
#: serverguide/C/virtualization.xml:1363(title)
5379
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5380
msgstr ""
5381
5382
#: serverguide/C/virtualization.xml:1367(para)
5383
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5384
msgstr ""
5385
5386
#: serverguide/C/virtualization.xml:1372(para)
5387
msgid ""
5388
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5389
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5390
"components are present."
5391
msgstr ""
5392
5393
#: serverguide/C/virtualization.xml:1377(para)
5394
msgid ""
5395
"You can then choose which components to install, based on your chosen <ulink "
5396
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5397
msgstr ""
5398
5399
#: serverguide/C/virtualization.xml:1382(para)
5400
msgid ""
5401
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5402
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5403
msgstr ""
5404
5405
#: serverguide/C/virtualization.xml:1388(para)
5406
msgid ""
5407
"It will ask two other cloud-specific questions during the course of the "
5408
"install:"
5409
msgstr ""
5410
5411
#: serverguide/C/virtualization.xml:1393(para)
5412
msgid "Name of your cluster."
5413
msgstr ""
5414
5415
#: serverguide/C/virtualization.xml:1396(para)
5416
msgid "e.g. <emphasis>cluster1</emphasis>."
5417
msgstr ""
5418
5419
#: serverguide/C/virtualization.xml:1399(para)
5420
msgid ""
5421
"A range of public IP addresses on the LAN that the cloud can allocate to "
5422
"instances."
5423
msgstr ""
5424
5425
#: serverguide/C/virtualization.xml:1402(para)
5426
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5427
msgstr ""
5428
5429
#: serverguide/C/virtualization.xml:1410(title)
5430
msgid "Installing the Node Controller(s)"
5431
msgstr ""
5432
5433
#: serverguide/C/virtualization.xml:1412(para)
5434
msgid ""
5435
"The node controller install is even simpler. Just make sure that you are "
5436
"connected to the network on which the cloud/cluster controller is already "
5437
"running."
5438
msgstr ""
5439
5440
#: serverguide/C/virtualization.xml:1418(para)
5441
msgid "Boot from the same ISO on the node(s)."
5442
msgstr ""
5443
5444
#: serverguide/C/virtualization.xml:1423(para)
5445
msgid ""
5446
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5447
msgstr ""
5448
5449
#: serverguide/C/virtualization.xml:1428(para)
5450
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5451
msgstr ""
5452
5453
#: serverguide/C/virtualization.xml:1433(para)
5454
msgid ""
5455
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5456
"install for you."
5457
msgstr ""
5458
5459
#: serverguide/C/virtualization.xml:1438(para)
5460
msgid "Confirm the partitioning scheme."
5461
msgstr ""
5462
5463
#: serverguide/C/virtualization.xml:1443(para)
5464
msgid ""
5465
"The rest of the installation should proceed uninterrupted; complete the "
5466
"installation and reboot the node."
5467
msgstr ""
5468
5469
#: serverguide/C/virtualization.xml:1451(title)
5470
msgid "Register the Node(s)"
5471
msgstr ""
5472
5473
#: serverguide/C/virtualization.xml:1456(para)
5474
msgid ""
5475
"Nodes are the physical systems within <application>UEC</application> that "
5476
"actually run the virtual machine instances of the cloud."
5477
msgstr ""
5478
5479
#: serverguide/C/virtualization.xml:1460(para)
5480
msgid "All component registration should be automatic, assuming:"
5481
msgstr ""
5482
5483
#: serverguide/C/virtualization.xml:1466(para)
5484
msgid "Public SSH keys have been exchanged properly."
5485
msgstr ""
5486
5487
#: serverguide/C/virtualization.xml:1471(para)
5488
msgid "The services are configured properly."
5489
msgstr ""
5490
5491
#: serverguide/C/virtualization.xml:1476(para)
5492
msgid ""
5493
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5494
msgstr ""
5495
5496
#: serverguide/C/virtualization.xml:1481(para)
5497
msgid "Verify Registration."
5498
msgstr ""
5499
5500
#: serverguide/C/virtualization.xml:1487(para)
5501
msgid ""
5502
"Steps a to e should only be required if you're using the <ulink "
5503
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5504
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5505
"should already be completed automatically for you, and therefore you can "
5506
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5507
msgstr ""
5508
5509
#: serverguide/C/virtualization.xml:1495(para)
5510
msgid "Exchange Public Keys"
5511
msgstr ""
5512
5513
#: serverguide/C/virtualization.xml:1497(para)
5514
msgid ""
5515
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5516
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5517
"Controller as the eucalyptus user."
5518
msgstr ""
5519
5520
#: serverguide/C/virtualization.xml:1502(para)
5521
msgid ""
5522
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5523
"ssh key by:"
5524
msgstr ""
5525
5526
#: serverguide/C/virtualization.xml:1508(para)
5527
msgid ""
5528
"On the target controller, temporarily set a password for the eucalyptus user:"
5529
msgstr ""
5530
5531
#: serverguide/C/virtualization.xml:1512(command)
5532
msgid "sudo passwd eucalyptus"
5533
msgstr ""
5534
5535
#: serverguide/C/virtualization.xml:1516(para)
5536
msgid "Then, on the Cloud Controller:"
5537
msgstr ""
5538
5539
#: serverguide/C/virtualization.xml:1520(command)
5540
msgid ""
5541
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5542
"eucalyptus@<IP_OF_NODE>"
5543
msgstr ""
5544
5545
#: serverguide/C/virtualization.xml:1524(para)
5546
msgid ""
5547
"You can now remove the password of the eucalyptus account on the target "
5548
"controller, if you wish:"
5549
msgstr ""
5550
5551
#: serverguide/C/virtualization.xml:1528(command)
5552
msgid "sudo passwd -d eucalyptus"
5553
msgstr ""
5554
5555
#: serverguide/C/virtualization.xml:1535(para)
5556
msgid "Configuring the Services"
5557
msgstr ""
5558
5559
#: serverguide/C/virtualization.xml:1537(para)
5560
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5561
msgstr ""
5562
5563
#: serverguide/C/virtualization.xml:1543(para)
5564
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5565
msgstr ""
5566
5567
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5568
msgid ""
5569
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5570
"cc.conf</filename>"
5571
msgstr ""
5572
5573
#: serverguide/C/virtualization.xml:1549(para)
5574
msgid ""
5575
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5576
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5577
"addresses."
5578
msgstr ""
5579
5580
#: serverguide/C/virtualization.xml:1556(para)
5581
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5582
msgstr ""
5583
5584
#: serverguide/C/virtualization.xml:1560(para)
5585
msgid ""
5586
"Define the shell variable WALRUS_IP_ADDR in "
5587
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5588
"address."
5589
msgstr ""
5590
5591
#: serverguide/C/virtualization.xml:1565(para)
5592
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5593
msgstr ""
5594
5595
#: serverguide/C/virtualization.xml:1571(para)
5596
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5597
msgstr ""
5598
5599
#: serverguide/C/virtualization.xml:1577(para)
5600
msgid ""
5601
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5602
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5603
"addresses."
5604
msgstr ""
5605
5606
#: serverguide/C/virtualization.xml:1587(para)
5607
msgid "Publish"
5608
msgstr ""
5609
5610
#: serverguide/C/virtualization.xml:1589(para)
5611
msgid "Now start the publication services."
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:1595(emphasis)
5615
msgid "Walrus Controller:"
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:1597(command)
5619
msgid "sudo start eucalyptus-walrus-publication"
5620
msgstr ""
5621
5622
#: serverguide/C/virtualization.xml:1601(emphasis)
5623
msgid "Cluster Controller:"
5624
msgstr ""
5625
5626
#: serverguide/C/virtualization.xml:1603(command)
5627
msgid "sudo start eucalyptus-cc-publication"
5628
msgstr ""
5629
5630
#: serverguide/C/virtualization.xml:1607(emphasis)
5631
msgid "Storage Controller:"
5632
msgstr ""
5633
5634
#: serverguide/C/virtualization.xml:1609(command)
5635
msgid "sudo start eucalyptus-sc-publication"
5636
msgstr ""
5637
5638
#: serverguide/C/virtualization.xml:1613(emphasis)
5639
msgid "Node Controller:"
5640
msgstr ""
5641
5642
#: serverguide/C/virtualization.xml:1615(command)
5643
msgid "sudo start eucalyptus-nc-publication"
5644
msgstr ""
5645
5646
#: serverguide/C/virtualization.xml:1622(para)
5647
msgid "Start the Listener"
5648
msgstr ""
5649
5650
#: serverguide/C/virtualization.xml:1624(para)
5651
msgid ""
5652
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5653
"Controller(s)</emphasis>, run:"
5654
msgstr ""
5655
5656
#: serverguide/C/virtualization.xml:1629(command)
5657
msgid "sudo start uec-component-listener"
5658
msgstr ""
5659
5660
#: serverguide/C/virtualization.xml:1634(para)
5661
msgid "Verify Registration"
5662
msgstr ""
5663
5664
#: serverguide/C/virtualization.xml:1637(command)
5665
msgid "cat /var/log/eucalyptus/registration.log"
5666
msgstr ""
5667
5668
#: serverguide/C/virtualization.xml:1638(computeroutput)
5669
#, no-wrap
5670
msgid ""
5671
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5672
"10.1.1.75\n"
5673
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5674
"0\n"
5675
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5676
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5677
"0\n"
5678
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5679
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5680
"returned 0\n"
5681
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5682
"10.1.1.71\n"
5683
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5684
msgstr ""
5685
5686
#: serverguide/C/virtualization.xml:1649(para)
5687
msgid "The output on your machine will vary from the example above."
5688
msgstr ""
5689
5690
#: serverguide/C/virtualization.xml:1659(title)
5691
msgid "Obtain Credentials"
5692
msgstr ""
5693
5694
#: serverguide/C/virtualization.xml:1661(para)
5695
msgid ""
5696
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5697
"users of the cloud will need to retrieve their credentials. This can be done "
5698
"either through a web browser, or at the command line."
5699
msgstr ""
5700
5701
#: serverguide/C/virtualization.xml:1667(title)
5702
msgid "From a Web Browser"
5703
msgstr ""
5704
5705
#: serverguide/C/virtualization.xml:1671(para)
5706
msgid ""
5707
"From your web browser (either remotely or on your Ubuntu server) access the "
5708
"following URL:"
5709
msgstr ""
5710
5711
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
5712
#, no-wrap
5713
msgid ""
5714
"\n"
5715
"https://<cloud-controller-ip-address>:8443/\n"
5716
msgstr ""
5717
5718
#: serverguide/C/virtualization.xml:1679(para)
5719
msgid ""
5720
"You must use a secure connection, so make sure you use \"https\" not "
5721
"\"http\" in your URL. You will get a security certificate warning. You will "
5722
"have to add an exception to view the page. If you do not accept it you will "
5723
"not be able to view the Eucalyptus configuration page."
5724
msgstr ""
5725
5726
#: serverguide/C/virtualization.xml:1687(para)
5727
msgid ""
5728
"Use username <emphasis>'admin'</emphasis> and password "
5729
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5730
"to change your password)."
5731
msgstr ""
5732
5733
#: serverguide/C/virtualization.xml:1693(para)
5734
msgid ""
5735
"Then follow the on-screen instructions to update the admin password and "
5736
"email address."
5737
msgstr ""
5738
5739
#: serverguide/C/virtualization.xml:1698(para)
5740
msgid ""
5741
"Once the first time configuration process is completed, click the "
5742
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5743
"the screen."
5744
msgstr ""
5745
5746
#: serverguide/C/virtualization.xml:1704(para)
5747
msgid ""
5748
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5749
"certificates."
5750
msgstr ""
5751
5752
#: serverguide/C/virtualization.xml:1709(para)
5753
msgid "Save them to <filename>~/.euca</filename>."
5754
msgstr ""
5755
5756
#: serverguide/C/virtualization.xml:1714(para)
5757
msgid ""
5758
"Unzip the downloaded zip file into a safe location "
5759
"(<filename>~/.euca</filename>)."
5760
msgstr ""
5761
5762
#: serverguide/C/virtualization.xml:1718(command)
5763
msgid "unzip -d ~/.euca mycreds.zip"
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1725(title)
5767
msgid "From a Command Line"
5768
msgstr ""
5769
5770
#: serverguide/C/virtualization.xml:1729(para)
5771
msgid ""
5772
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5773
"Controller</emphasis>, you can run:"
5774
msgstr ""
5775
5776
#: serverguide/C/virtualization.xml:1733(command)
5777
msgid "mkdir -p ~/.euca"
5778
msgstr ""
5779
5780
#: serverguide/C/virtualization.xml:1734(command)
5781
msgid "chmod 700 ~/.euca"
5782
msgstr ""
5783
5784
#: serverguide/C/virtualization.xml:1735(command)
5785
msgid "cd ~/.euca"
5786
msgstr ""
5787
5788
#: serverguide/C/virtualization.xml:1736(command)
5789
msgid "sudo euca_conf --get-credentials mycreds.zip"
5790
msgstr ""
5791
5792
#: serverguide/C/virtualization.xml:1737(command)
5793
msgid "unzip mycreds.zip"
5794
msgstr ""
5795
5796
#: serverguide/C/virtualization.xml:1738(command)
5797
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5798
msgstr ""
5799
5800
#: serverguide/C/virtualization.xml:1739(command)
5801
msgid "cd -"
5802
msgstr ""
5803
5804
#: serverguide/C/virtualization.xml:1746(title)
5805
msgid "Extracting and Using Your Credentials"
5806
msgstr ""
5807
5808
#: serverguide/C/virtualization.xml:1748(para)
5809
msgid ""
5810
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5811
"certificates."
5812
msgstr ""
5813
5814
#: serverguide/C/virtualization.xml:1754(para)
5815
msgid "Install the required cloud user tools:"
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:1758(command)
5819
msgid "sudo apt-get install euca2ools"
5820
msgstr ""
5821
5822
#: serverguide/C/virtualization.xml:1762(para)
5823
msgid ""
5824
"To validate that everything is working correctly, get the local cluster "
5825
"availability details:"
5826
msgstr ""
5827
5828
#: serverguide/C/virtualization.xml:1766(command)
5829
msgid ". ~/.euca/eucarc"
5830
msgstr ""
5831
5832
#: serverguide/C/virtualization.xml:1767(command)
5833
msgid "euca-describe-availability-zones verbose"
5834
msgstr ""
5835
5836
#: serverguide/C/virtualization.xml:1768(computeroutput)
5837
#, no-wrap
5838
msgid ""
5839
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5840
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5841
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5842
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5843
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5844
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5845
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5846
msgstr ""
5847
5848
#: serverguide/C/virtualization.xml:1778(para)
5849
msgid "Your output from the above command will vary."
5850
msgstr ""
5851
5852
#: serverguide/C/virtualization.xml:1788(title)
5853
msgid "Install an Image from the Store"
5854
msgstr ""
5855
5856
#: serverguide/C/virtualization.xml:1790(para)
5857
msgid ""
5858
"The following is by far the simplest way to install an image. However, "
5859
"advanced users may be interested in learning how to <ulink "
5860
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5861
"own image</ulink>."
5862
msgstr ""
5863
5864
#: serverguide/C/virtualization.xml:1795(para)
5865
msgid ""
5866
"The simplest way to add an image to <application>UEC</application> is to "
5867
"install it from the Image Store on the UEC web interface."
5868
msgstr ""
5869
5870
#: serverguide/C/virtualization.xml:1801(para)
5871
msgid ""
5872
"Access the web interface at the following URL (Make sure you specify https):"
5873
msgstr ""
5874
5875
#: serverguide/C/virtualization.xml:1809(para)
5876
msgid ""
5877
"Enter your login and password (if requested, as you may still be logged in "
5878
"from earlier)."
5879
msgstr ""
5880
5881
#: serverguide/C/virtualization.xml:1814(para)
5882
msgid "Click on the <emphasis>Store</emphasis> tab."
5883
msgstr ""
5884
5885
#: serverguide/C/virtualization.xml:1819(para)
5886
msgid "Browse available images."
5887
msgstr ""
5888
5889
#: serverguide/C/virtualization.xml:1824(para)
5890
msgid "Click on <emphasis>install</emphasis> for the image you want."
5891
msgstr ""
5892
5893
#: serverguide/C/virtualization.xml:1830(para)
5894
msgid ""
5895
"Once the image has been downloaded and installed, you can click on "
5896
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5897
"button to view the command to execute to instantiate (start) this image. The "
5898
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5899
"tab."
5900
msgstr ""
5901
5902
#: serverguide/C/virtualization.xml:1838(title)
5903
msgid "Run an Image"
5904
msgstr ""
5905
5906
#: serverguide/C/virtualization.xml:1840(para)
5907
msgid "There are multiple ways to instantiate an image in UEC:"
5908
msgstr ""
5909
5910
#: serverguide/C/virtualization.xml:1845(para)
5911
msgid "Use the command line."
5912
msgstr ""
5913
5914
#: serverguide/C/virtualization.xml:1846(para)
5915
msgid ""
5916
"Use one of the UEC compatible management tools such as "
5917
"<emphasis>Landscape</emphasis>."
5918
msgstr ""
5919
5920
#: serverguide/C/virtualization.xml:1848(para)
5921
msgid ""
5922
"Use the <ulink "
5923
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5924
"extension to Firefox."
5925
msgstr ""
5926
5927
#: serverguide/C/virtualization.xml:1854(para)
5928
msgid "Here we will describe the process from the command line:"
5929
msgstr ""
5930
5931
#: serverguide/C/virtualization.xml:1860(para)
5932
msgid ""
5933
"Before running an instance of your image, you should first create a "
5934
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5935
"instance as root, once it boots. The key is stored, so you will only have to "
5936
"do this once."
5937
msgstr ""
5938
5939
#: serverguide/C/virtualization.xml:1864(para)
5940
msgid "Run the following command:"
5941
msgstr ""
5942
5943
#: serverguide/C/virtualization.xml:1867(programlisting)
5944
#, no-wrap
5945
msgid ""
5946
"\n"
5947
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5948
" mkdir -p -m 700 ~/.euca\n"
5949
" touch ~/.euca/mykey.priv\n"
5950
" chmod 0600 ~/.euca/mykey.priv\n"
5951
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5952
"fi\n"
5953
msgstr ""
5954
5955
#: serverguide/C/virtualization.xml:1876(para)
5956
msgid ""
5957
"You can call your key whatever you like (in this example, the key is called "
5958
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5959
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5960
"a list of created keys stored in the system."
5961
msgstr ""
5962
5963
#: serverguide/C/virtualization.xml:1883(para)
5964
msgid "You must also allow access to port 22 in your instances:"
5965
msgstr ""
5966
5967
#: serverguide/C/virtualization.xml:1887(command)
5968
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5969
msgstr ""
5970
5971
#: serverguide/C/virtualization.xml:1891(para)
5972
msgid "Next, you can create instances of your registered image:"
5973
msgstr ""
5974
5975
#: serverguide/C/virtualization.xml:1895(command)
5976
msgid "euca-run-instances $EMI -k mykey -t m1.small"
5977
msgstr ""
5978
5979
#: serverguide/C/virtualization.xml:1898(para)
5980
msgid ""
5981
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5982
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5983
"on the <emphasis>Store</emphasis> page to see the sample command."
5984
msgstr ""
5985
5986
#: serverguide/C/virtualization.xml:1905(para)
5987
msgid ""
5988
"The first time you run an instance, the system will be setting up caches for "
5989
"the image from which it will be created. This can often take some time the "
5990
"first time an instance is run given that VM images are usually quite large."
5991
msgstr ""
5992
5993
#: serverguide/C/virtualization.xml:1909(para)
5994
msgid "To monitor the state of your instance, run:"
5995
msgstr ""
5996
5997
#: serverguide/C/virtualization.xml:1913(command)
5998
msgid "watch -n5 euca-describe-instances"
5999
msgstr ""
6000
6001
#: serverguide/C/virtualization.xml:1915(para)
6002
msgid ""
6003
"In the output, you should see information about the instance, including its "
6004
"state. While first-time caching is being performed, the instance's state "
6005
"will be <emphasis>'pending'</emphasis>."
6006
msgstr ""
6007
6008
#: serverguide/C/virtualization.xml:1921(para)
6009
msgid ""
6010
"When the instance is fully started, the above state will become "
6011
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6012
"instance in the output, then connect to it:"
6013
msgstr ""
6014
6015
#: serverguide/C/virtualization.xml:1926(command)
6016
msgid ""
6017
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6018
"'{print $4}')"
6019
msgstr ""
6020
6021
#: serverguide/C/virtualization.xml:1927(command)
6022
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6023
msgstr ""
6024
6025
#: serverguide/C/virtualization.xml:1931(para)
6026
msgid ""
6027
"And when you are done with this instance, exit your SSH connection, then "
6028
"terminate your instance:"
6029
msgstr ""
6030
6031
#: serverguide/C/virtualization.xml:1935(command)
6032
msgid ""
6033
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6034
"awk '{print $2}')"
6035
msgstr ""
6036
6037
#: serverguide/C/virtualization.xml:1936(command)
6038
msgid "euca-terminate-instances $INSTANCEID"
6039
msgstr ""
6040
6041
#: serverguide/C/virtualization.xml:1944(para)
6042
msgid ""
6043
"The <application>cloud-init</application> package provides \"first boot\" "
6044
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6045
"generic filesystem image that is booting and customizing it for this "
6046
"particular instance. That includes things like:"
6047
msgstr ""
6048
6049
#: serverguide/C/virtualization.xml:1952(para)
6050
msgid "Setting the hostname."
6051
msgstr ""
6052
6053
#: serverguide/C/virtualization.xml:1957(para)
6054
msgid ""
6055
"Putting the provided ssh public keys into "
6056
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6057
msgstr ""
6058
6059
#: serverguide/C/virtualization.xml:1962(para)
6060
msgid "Running a user provided script, or otherwise modifying the image."
6061
msgstr ""
6062
6063
#: serverguide/C/virtualization.xml:1968(para)
6064
msgid ""
6065
"Setting hostname and configuring a system so the person who launched it can "
6066
"actually log into it are not terribly interesting. The interesting things "
6067
"that can be done with <application>cloud-init</application> are made "
6068
"possible by data provided at launch time called <ulink "
6069
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6070
"85\">user-data</ulink>."
6071
msgstr ""
6072
6073
#: serverguide/C/virtualization.xml:1974(para)
6074
msgid "First, install the <application>cloud-init</application> package:"
6075
msgstr ""
6076
6077
#: serverguide/C/virtualization.xml:1979(command)
6078
msgid "sudo apt-get install cloud-init"
6079
msgstr ""
6080
6081
#: serverguide/C/virtualization.xml:1982(para)
6082
msgid ""
6083
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6084
"stored and executed as root late in the boot process of the instance's first "
6085
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6086
"directed to the console."
6087
msgstr ""
6088
6089
#: serverguide/C/virtualization.xml:1987(para)
6090
msgid ""
6091
"For example, create a file named <filename>ud.txt</filename> containing:"
6092
msgstr ""
6093
6094
#: serverguide/C/virtualization.xml:1991(programlisting)
6095
#, no-wrap
6096
msgid ""
6097
"\n"
6098
"#!/bin/sh\n"
6099
"echo ========== Hello World: $(date) ==========\n"
6100
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6101
msgstr ""
6102
6103
#: serverguide/C/virtualization.xml:1997(para)
6104
msgid ""
6105
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6106
msgstr ""
6107
6108
#: serverguide/C/virtualization.xml:2002(command)
6109
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6110
msgstr ""
6111
6112
#: serverguide/C/virtualization.xml:2005(para)
6113
msgid ""
6114
"Wait now for the system to come up and console to be available. To see the "
6115
"result of the data file commands enter:"
6116
msgstr ""
6117
6118
#: serverguide/C/virtualization.xml:2010(command)
6119
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6120
msgstr ""
6121
6122
#: serverguide/C/virtualization.xml:2011(computeroutput)
6123
#, no-wrap
6124
msgid ""
6125
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6126
"I have been up for 28.26 sec"
6127
msgstr ""
6128
6129
#: serverguide/C/virtualization.xml:2016(para)
6130
msgid "Your output may vary."
6131
msgstr ""
6132
6133
#: serverguide/C/virtualization.xml:2021(para)
6134
msgid ""
6135
"The simple approach shown above gives a great deal of power. The user-data "
6136
"can contain a script in any language where an interpreter already exists in "
6137
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6138
")."
6139
msgstr ""
6140
6141
#: serverguide/C/virtualization.xml:2026(para)
6142
msgid ""
6143
"For many cases, the user may not be interested in writing a program. For "
6144
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6145
"configuration based approach towards customization. To utilize the cloud-"
6146
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6147
"config'</emphasis>."
6148
msgstr ""
6149
6150
#: serverguide/C/virtualization.xml:2031(para)
6151
msgid ""
6152
"For example, create a text file named <filename>clout-config.txt</filename> "
6153
"containing:"
6154
msgstr ""
6155
6156
#: serverguide/C/virtualization.xml:2035(programlisting)
6157
#, no-wrap
6158
msgid ""
6159
"\n"
6160
"#cloud-config\n"
6161
"apt_upgrade: true\n"
6162
"apt_sources:\n"
6163
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6164
"\n"
6165
"packages:\n"
6166
"- build-essential\n"
6167
"- pastebinit\n"
6168
"\n"
6169
"runcmd:\n"
6170
"- echo ======= Hello World =====\n"
6171
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6172
msgstr ""
6173
6174
#: serverguide/C/virtualization.xml:2050(para)
6175
msgid "Create a new instance:"
6176
msgstr ""
6177
6178
#: serverguide/C/virtualization.xml:2055(command)
6179
msgid ""
6180
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6181
"config.txt"
6182
msgstr ""
6183
6184
#: serverguide/C/virtualization.xml:2058(para)
6185
msgid "Now, when the above system is booted, it will have:"
6186
msgstr ""
6187
6188
#: serverguide/C/virtualization.xml:2063(para)
6189
msgid "Added the Apache Edgers PPA."
6190
msgstr ""
6191
6192
#: serverguide/C/virtualization.xml:2064(para)
6193
msgid "Run an upgrade to get all updates available"
6194
msgstr ""
6195
6196
#: serverguide/C/virtualization.xml:2065(para)
6197
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6198
msgstr ""
6199
6200
#: serverguide/C/virtualization.xml:2066(para)
6201
msgid "Printed a similar message to the script above"
6202
msgstr ""
6203
6204
#: serverguide/C/virtualization.xml:2070(para)
6205
msgid ""
6206
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6207
"the latest version of Apache from upstream source repositories. Package "
6208
"versions in the PPA are unsupported, and depending on your situation, this "
6209
"may or may not be desirable. See the <ulink "
6210
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6211
"Edgers</ulink> web page for more details."
6212
msgstr ""
6213
6214
#: serverguide/C/virtualization.xml:2077(para)
6215
msgid ""
6216
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6217
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6218
"It is present to allow you to get the full power of a scripting language if "
6219
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6220
msgstr ""
6221
6222
#: serverguide/C/virtualization.xml:2082(para)
6223
msgid ""
6224
"For more information on what kinds of things can be done with "
6225
"<application>cloud-config</application>, see <ulink "
6226
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6227
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6228
msgstr ""
6229
6230
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6231
msgid "More Information"
6232
msgstr "Yderligere information"
6233
6234
#: serverguide/C/virtualization.xml:2093(para)
6235
msgid ""
6236
"How to use the <ulink "
6237
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6238
"Controller</ulink>"
6239
msgstr ""
6240
6241
#: serverguide/C/virtualization.xml:2097(para)
6242
msgid "Controlling eucalyptus services:"
6243
msgstr ""
6244
6245
#: serverguide/C/virtualization.xml:2102(para)
6246
msgid ""
6247
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6248
msgstr ""
6249
6250
#: serverguide/C/virtualization.xml:2103(para)
6251
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6252
msgstr ""
6253
6254
#: serverguide/C/virtualization.xml:2106(para)
6255
msgid "Locations of some important files:"
6256
msgstr ""
6257
6258
#: serverguide/C/virtualization.xml:2113(emphasis)
6259
msgid "Log files:"
6260
msgstr ""
6261
6262
#: serverguide/C/virtualization.xml:2116(para)
6263
msgid "/var/log/eucalyptus"
6264
msgstr ""
6265
6266
#: serverguide/C/virtualization.xml:2121(emphasis)
6267
msgid "Configuration files:"
6268
msgstr ""
6269
6270
#: serverguide/C/virtualization.xml:2124(para)
6271
msgid "/etc/eucalyptus"
6272
msgstr ""
6273
6274
#: serverguide/C/virtualization.xml:2129(emphasis)
6275
msgid "Database:"
6276
msgstr ""
6277
6278
#: serverguide/C/virtualization.xml:2132(para)
6279
msgid "/var/lib/eucalyptus/db"
6280
msgstr ""
6281
6282
#: serverguide/C/virtualization.xml:2137(emphasis)
6283
msgid "Keys:"
6284
msgstr ""
6285
6286
#: serverguide/C/virtualization.xml:2140(para)
6287
msgid "/var/lib/eucalyptus"
6288
msgstr ""
6289
6290
#: serverguide/C/virtualization.xml:2141(para)
6291
msgid "/var/lib/eucalyptus/.ssh"
6292
msgstr ""
6293
6294
#: serverguide/C/virtualization.xml:2147(para)
6295
msgid ""
6296
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6297
"running the client tools."
6298
msgstr ""
6299
6300
#: serverguide/C/virtualization.xml:2158(para)
6301
msgid ""
6302
"For information on loading instances see the <ulink "
6303
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6304
"page."
6305
msgstr ""
6306
6307
#: serverguide/C/virtualization.xml:2163(para)
6308
msgid ""
6309
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6310
"documentation, downloads)</ulink>."
6311
msgstr ""
6312
6313
#: serverguide/C/virtualization.xml:2168(para)
6314
msgid ""
6315
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6316
"(bugs, code)</ulink>."
6317
msgstr ""
6318
6319
#: serverguide/C/virtualization.xml:2173(para)
6320
msgid ""
6321
"<ulink "
6322
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6323
"ptus Troubleshooting (1.5)</ulink>."
6324
msgstr ""
6325
6326
#: serverguide/C/virtualization.xml:2178(para)
6327
msgid ""
6328
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6329
"Cloud_Infrastructures/Eucalyptus/03-"
6330
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6331
"RightScale</ulink>."
6332
msgstr ""
6333
6334
#: serverguide/C/virtualization.xml:2184(para)
6335
msgid ""
6336
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6337
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6338
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6339
msgstr ""
6340
6341
#: serverguide/C/virtualization.xml:2193(title)
6342
msgid "Glossary"
6343
msgstr ""
6344
6345
#: serverguide/C/virtualization.xml:2195(para)
6346
msgid ""
6347
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6348
"unfamiliar to some readers. This page is intended to provide a glossary of "
6349
"such terms and acronyms."
6350
msgstr ""
6351
6352
#: serverguide/C/virtualization.xml:2202(para)
6353
msgid ""
6354
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6355
"computing resources through virtual machines, provisioned and recollected "
6356
"dynamically."
6357
msgstr ""
6358
6359
#: serverguide/C/virtualization.xml:2208(para)
6360
msgid ""
6361
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6362
"provides the web UI (an https server on port 8443), and implements the "
6363
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6364
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6365
"cloud</application> package."
6366
msgstr ""
6367
6368
#: serverguide/C/virtualization.xml:2215(para)
6369
msgid ""
6370
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6371
"Cluster Controller. There can be more than one Cluster in an installation of "
6372
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6373
"floor2, floor2)."
6374
msgstr ""
6375
6376
#: serverguide/C/virtualization.xml:2221(para)
6377
msgid ""
6378
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6379
"manages collections of node resources. This service is provided by the "
6380
"Ubuntu <application>eucalyptus-cc</application> package."
6381
msgstr ""
6382
6383
#: serverguide/C/virtualization.xml:2227(para)
6384
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6385
msgstr ""
6386
6387
#: serverguide/C/virtualization.xml:2232(para)
6388
msgid ""
6389
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6390
"pay-by-the-gigabyte public cloud computing offering."
6391
msgstr ""
6392
6393
#: serverguide/C/virtualization.xml:2237(para)
6394
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6395
msgstr ""
6396
6397
#: serverguide/C/virtualization.xml:2242(para)
6398
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6399
msgstr ""
6400
6401
#: serverguide/C/virtualization.xml:2247(para)
6402
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6403
msgstr ""
6404
6405
#: serverguide/C/virtualization.xml:2252(para)
6406
msgid ""
6407
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6408
"Linking Your Programs To Useful Systems. An open source project originally "
6409
"from the University of California at Santa Barbara, now supported by "
6410
"Eucalyptus Systems, a Canonical Partner."
6411
msgstr ""
6412
6413
#: serverguide/C/virtualization.xml:2259(para)
6414
msgid ""
6415
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6416
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6417
"cluster controller)."
6418
msgstr ""
6419
6420
#: serverguide/C/virtualization.xml:2265(para)
6421
msgid ""
6422
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6423
"running virtual machines, running a node controller. Within Ubuntu, this "
6424
"generally means that the CPU has VT extensions, and can run the KVM "
6425
"hypervisor."
6426
msgstr ""
6427
6428
#: serverguide/C/virtualization.xml:2271(para)
6429
msgid ""
6430
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6431
"on nodes which host the virtual machines that comprise the cloud. This "
6432
"service is provided by the Ubuntu package <application>eucalyptus-"
6433
"nc</application>."
6434
msgstr ""
6435
6436
#: serverguide/C/virtualization.xml:2277(para)
6437
msgid ""
6438
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6439
"gigabyte persistent storage solution for EC2."
6440
msgstr ""
6441
6442
#: serverguide/C/virtualization.xml:2282(para)
6443
msgid ""
6444
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6445
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6446
"installation can have its own Storage Controller. This component is provided "
6447
"by the <application>eucalyptus-sc</application> package."
6448
msgstr ""
6449
6450
#: serverguide/C/virtualization.xml:2289(para)
6451
msgid ""
6452
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6453
"solution, based on Eucalyptus."
6454
msgstr ""
6455
6456
#: serverguide/C/virtualization.xml:2294(para)
6457
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6458
msgstr ""
6459
6460
#: serverguide/C/virtualization.xml:2299(para)
6461
msgid ""
6462
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6463
"some modern CPUs, allowing for accelerated virtual machine hosting."
6464
msgstr ""
6465
6466
#: serverguide/C/virtualization.xml:2304(para)
6467
msgid ""
6468
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6469
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6470
"put/get abstractions."
6471
msgstr ""
6472
6473
#: serverguide/C/vcs.xml:13(title)
6474
msgid "Version Control System"
6475
msgstr ""
6476
6477
#: serverguide/C/vcs.xml:14(para)
6478
msgid ""
6479
"Version control is the art of managing changes to information. It has long "
6480
"been a critical tool for programmers, who typically spend their time making "
6481
"small changes to software and then undoing those changes the next day. But "
6482
"the usefulness of version control software extends far beyond the bounds of "
6483
"the software development world. Anywhere you can find people using computers "
6484
"to manage information that changes often, there is room for version control."
6485
msgstr ""
6486
6487
#: serverguide/C/vcs.xml:17(title)
6488
msgid "Bazaar"
6489
msgstr ""
6490
6491
#: serverguide/C/vcs.xml:18(para)
6492
msgid ""
6493
"Bazaar is a new version control system sponsored by Canonical, the "
6494
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6495
"support a central repository model, Bazaar also supports "
6496
"<emphasis>distributed version control</emphasis>, giving people the ability "
6497
"to collaborate more efficiently. In particular, Bazaar is designed to "
6498
"maximize the level of community participation in open source projects."
6499
msgstr ""
6500
6501
#: serverguide/C/vcs.xml:29(para)
6502
msgid ""
6503
"At a terminal prompt, enter the following command to install "
6504
"<application>bzr</application>: <screen>\n"
6505
"<command>sudo apt-get install bzr</command>\n"
6506
"</screen>"
6507
msgstr ""
6508
6509
#: serverguide/C/vcs.xml:40(para)
6510
msgid ""
6511
"To introduce yourself to <application>bzr</application>, use the "
6512
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6513
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6514
"</screen>"
6515
msgstr ""
6516
6517
#: serverguide/C/vcs.xml:49(title)
6518
msgid "Learning Bazaar"
6519
msgstr ""
6520
6521
#: serverguide/C/vcs.xml:50(para)
6522
msgid ""
6523
"Bazaar comes with bundled documentation installed into "
6524
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6525
"is a good place to start. The <application>bzr</application> command also "
6526
"comes with built-in help: <screen>\n"
6527
"<command>$ bzr help</command>\n"
6528
"</screen>"
6529
msgstr ""
6530
6531
#: serverguide/C/vcs.xml:60(para)
6532
msgid ""
6533
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6534
"<command>$ bzr help foo</command>\n"
6535
"</screen>"
6536
msgstr ""
6537
6538
#: serverguide/C/vcs.xml:68(title)
6539
msgid "Launchpad Integration"
6540
msgstr ""
6541
6542
#: serverguide/C/vcs.xml:69(para)
6543
msgid ""
6544
"While highly useful as a stand-alone system, Bazaar has good, optional "
6545
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6546
"the collaborative development system used by Canonical and the broader open "
6547
"source community to manage and extend Ubuntu itself. For information on how "
6548
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6549
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6550
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6551
msgstr ""
6552
6553
#: serverguide/C/vcs.xml:81(title)
6554
msgid "Subversion"
6555
msgstr "Subversion"
6556
6557
#: serverguide/C/vcs.xml:82(para)
6558
msgid ""
6559
"Subversion is an open source version control system. Using Subversion, you "
6560
"can record the history of source files and documents. It manages files and "
6561
"directories over time. A tree of files is placed into a central repository. "
6562
"The repository is much like an ordinary file server, except that it "
6563
"remembers every change ever made to files and directories."
6564
msgstr ""
6565
6566
#: serverguide/C/vcs.xml:87(para)
6567
msgid ""
6568
"To access Subversion repository using the HTTP protocol, you must install "
6569
"and configure a web server. Apache2 is proven to work with Subversion. "
6570
"Please refer to the HTTP subsection in the Apache2 section to install and "
6571
"configure Apache2. To access the Subversion repository using the HTTPS "
6572
"protocol, you must install and configure a digital certificate in your "
6573
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6574
"section to install and configure the digital certificate."
6575
msgstr ""
6576
6577
#: serverguide/C/vcs.xml:96(para)
6578
msgid ""
6579
"To install Subversion, run the following command from a terminal prompt:"
6580
msgstr ""
6581
6582
#: serverguide/C/vcs.xml:101(command)
6583
msgid "sudo apt-get install subversion libapache2-svn"
6584
msgstr "sudo apt-get install subversion libapache2-svn"
6585
6586
#: serverguide/C/vcs.xml:108(para)
6587
msgid ""
6588
"This step assumes you have installed above mentioned packages on your "
6589
"system. This section explains how to create a Subversion repository and "
6590
"access the project."
6591
msgstr ""
6592
6593
#: serverguide/C/vcs.xml:111(title)
6594
msgid "Create Subversion Repository"
6595
msgstr ""
6596
6597
#: serverguide/C/vcs.xml:112(para)
6598
msgid ""
6599
"The Subversion repository can be created using the following command from a "
6600
"terminal prompt:"
6601
msgstr ""
6602
6603
#: serverguide/C/vcs.xml:116(command)
6604
msgid "svnadmin create /path/to/repos/project"
6605
msgstr ""
6606
6607
#: serverguide/C/vcs.xml:121(title)
6608
msgid "Importing Files"
6609
msgstr "Importerer filer"
6610
6611
#: serverguide/C/vcs.xml:122(para)
6612
msgid ""
6613
"Once you create the repository you can <emphasis>import</emphasis> files "
6614
"into the repository. To import a directory, enter the following from a "
6615
"terminal prompt: <screen>\n"
6616
"<command>svn import /path/to/import/directory "
6617
"file:///path/to/repos/project</command>\n"
6618
"</screen>"
6619
msgstr ""
6620
6621
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6622
msgid "Access Methods"
6623
msgstr "Tilgangsmetoder"
6624
6625
#: serverguide/C/vcs.xml:135(para)
6626
msgid ""
6627
"Subversion repositories can be accessed (checked out) through many different "
6628
"methods --on local disk, or through various network protocols. A repository "
6629
"location, however, is always a URL. The table describes how different URL "
6630
"schemes map to the available access methods."
6631
msgstr ""
6632
6633
#: serverguide/C/vcs.xml:146(para)
6634
msgid "Schema"
6635
msgstr ""
6636
6637
#: serverguide/C/vcs.xml:147(para)
6638
msgid "Access Method"
6639
msgstr ""
6640
6641
#: serverguide/C/vcs.xml:152(para)
6642
msgid "file://"
6643
msgstr "file://"
6644
6645
#: serverguide/C/vcs.xml:153(para)
6646
msgid "direct repository access (on local disk)"
6647
msgstr ""
6648
6649
#: serverguide/C/vcs.xml:156(para)
6650
msgid "http://"
6651
msgstr "http://"
6652
6653
#: serverguide/C/vcs.xml:157(para)
6654
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6655
msgstr ""
6656
6657
#: serverguide/C/vcs.xml:160(para)
6658
msgid "https://"
6659
msgstr "https://"
6660
6661
#: serverguide/C/vcs.xml:161(para)
6662
msgid "Same as http://, but with SSL encryption"
6663
msgstr ""
6664
6665
#: serverguide/C/vcs.xml:164(para)
6666
msgid "svn://"
6667
msgstr "svn://"
6668
6669
#: serverguide/C/vcs.xml:165(para)
6670
msgid "Access via custom protocol to an svnserve server"
6671
msgstr ""
6672
6673
#: serverguide/C/vcs.xml:168(para)
6674
msgid "svn+ssh://"
6675
msgstr "svn+ssh://"
6676
6677
#: serverguide/C/vcs.xml:169(para)
6678
msgid "Same as svn://, but through an SSH tunnel"
6679
msgstr ""
6680
6681
#: serverguide/C/vcs.xml:175(para)
6682
msgid ""
6683
"In this section, we will see how to configure Subversion for all these "
6684
"access methods. Here, we cover the basics. For more advanced usage details, "
6685
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6686
msgstr ""
6687
6688
#: serverguide/C/vcs.xml:182(title)
6689
msgid "Direct repository access (file://)"
6690
msgstr ""
6691
6692
#: serverguide/C/vcs.xml:183(para)
6693
msgid ""
6694
"This is the simplest of all access methods. It does not require any "
6695
"Subversion server process to be running. This access method is used to "
6696
"access Subversion from the same machine. The syntax of the command, entered "
6697
"at a terminal prompt, is as follows:"
6698
msgstr ""
6699
6700
#: serverguide/C/vcs.xml:190(command)
6701
msgid "svn co file:///path/to/repos/project"
6702
msgstr ""
6703
6704
#: serverguide/C/vcs.xml:193(para)
6705
msgid "or"
6706
msgstr "eller"
6707
6708
#: serverguide/C/vcs.xml:196(command)
6709
msgid "svn co file://localhost/path/to/repos/project"
6710
msgstr ""
6711
6712
#: serverguide/C/vcs.xml:200(para)
6713
msgid ""
6714
"If you do not specify the hostname, there are three forward slashes (///) -- "
6715
"two for the protocol (file, in this case) plus the leading slash in the "
6716
"path. If you specify the hostname, you must use two forward slashes (//)."
6717
msgstr ""
6718
6719
#: serverguide/C/vcs.xml:202(para)
6720
msgid ""
6721
"The repository permissions depend on filesystem permissions. If the user has "
6722
"read/write permission, he can checkout from and commit to the repository."
6723
msgstr ""
6724
6725
#: serverguide/C/vcs.xml:205(title)
6726
msgid "Access via WebDAV protocol (http://)"
6727
msgstr ""
6728
6729
#: serverguide/C/vcs.xml:206(para)
6730
msgid ""
6731
"To access the Subversion repository via WebDAV protocol, you must configure "
6732
"your Apache 2 web server. Add the following snippet between the "
6733
"<emphasis><VirtualHost></emphasis> and "
6734
"<emphasis></VirtualHost></emphasis> elements in "
6735
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6736
"VirtualHost file:"
6737
msgstr ""
6738
6739
#: serverguide/C/vcs.xml:212(programlisting)
6740
#, no-wrap
6741
msgid ""
6742
"\n"
6743
" <Location /svn>\n"
6744
" DAV svn\n"
6745
" SVNPath /home/svn\n"
6746
" AuthType Basic\n"
6747
" AuthName \"Your repository name\"\n"
6748
" AuthUserFile /etc/subversion/passwd\n"
6749
" Require valid-user\n"
6750
" </Location> \n"
6751
msgstr ""
6752
6753
#: serverguide/C/vcs.xml:223(para)
6754
msgid ""
6755
"The above configuration snippet assumes that Subversion repositories are "
6756
"created under <filename>/home/svn/</filename> directory using "
6757
"<command>svnadmin</command> command. They can be accessible using "
6758
"<command>http://hostname/svn/repos_name</command> url."
6759
msgstr ""
6760
6761
#: serverguide/C/vcs.xml:229(para)
6762
msgid ""
6763
"To import or commit files to your Subversion repository over HTTP, the "
6764
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6765
"HTTP user is <command>www-data</command>. To change the ownership of the "
6766
"repository files enter the following command from terminal prompt:"
6767
msgstr ""
6768
6769
#: serverguide/C/vcs.xml:238(command)
6770
msgid "sudo chown -R www-data:www-data /path/to/repos"
6771
msgstr ""
6772
6773
#: serverguide/C/vcs.xml:241(para)
6774
msgid ""
6775
"By changing the ownership of repository as <command>www-data</command> you "
6776
"will not be able to import or commit files into the repository by running "
6777
"<command>svn import file:///</command> command as any user other than "
6778
"<command>www-data</command>."
6779
msgstr ""
6780
6781
#: serverguide/C/vcs.xml:250(para)
6782
msgid ""
6783
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6784
"that will contain user authentication details. To create a file issue the "
6785
"following command at a command prompt (which will create the file and add "
6786
"the first user):"
6787
msgstr ""
6788
6789
#: serverguide/C/vcs.xml:256(command)
6790
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6791
msgstr ""
6792
6793
#: serverguide/C/vcs.xml:259(para)
6794
msgid ""
6795
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6796
"option replaces the old file. Instead use this form:"
6797
msgstr ""
6798
6799
#: serverguide/C/vcs.xml:264(command)
6800
msgid "sudo htpasswd /etc/subversion/password user_name"
6801
msgstr ""
6802
6803
#: serverguide/C/vcs.xml:268(para)
6804
msgid ""
6805
"This command will prompt you to enter the password. Once you enter the "
6806
"password, the user is added. Now, to access the repository you can run the "
6807
"following command:"
6808
msgstr ""
6809
6810
#: serverguide/C/vcs.xml:269(command)
6811
msgid "svn co http://servername/svn"
6812
msgstr ""
6813
6814
#: serverguide/C/vcs.xml:271(para)
6815
msgid ""
6816
"The password is transmitted as plain text. If you are worried about password "
6817
"snooping, you are advised to use SSL encryption. For details, please refer "
6818
"next section."
6819
msgstr ""
6820
6821
#: serverguide/C/vcs.xml:277(title)
6822
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6823
msgstr ""
6824
6825
#: serverguide/C/vcs.xml:278(para)
6826
msgid ""
6827
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6828
"(https://) is similar to http:// except that you must install and configure "
6829
"the digital certificate in your Apache2 web server. To use SSL with "
6830
"Subversion add the above Apache2 configuration to "
6831
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6832
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6833
"configuration\"/>."
6834
msgstr ""
6835
6836
#: serverguide/C/vcs.xml:287(para)
6837
msgid ""
6838
"You can install a digital certificate issued by a signing authority. "
6839
"Alternatively, you can install your own self-signed certificate."
6840
msgstr ""
6841
6842
#: serverguide/C/vcs.xml:292(para)
6843
msgid ""
6844
"This step assumes you have installed and configured a digital certificate in "
6845
"your Apache 2 web server. Now, to access the Subversion repository, please "
6846
"refer to the above section! The access methods are exactly the same, except "
6847
"the protocol. You must use https:// to access the Subversion repository."
6848
msgstr ""
6849
6850
#: serverguide/C/vcs.xml:302(title)
6851
msgid "Access via custom protocol (svn://)"
6852
msgstr ""
6853
6854
#: serverguide/C/vcs.xml:303(para)
6855
msgid ""
6856
"Once the Subversion repository is created, you can configure the access "
6857
"control. You can edit the <filename> "
6858
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6859
"access control. For example, to set up authentication, you can uncomment the "
6860
"following lines in the configuration file:"
6861
msgstr ""
6862
6863
#: serverguide/C/vcs.xml:310(programlisting)
6864
#, no-wrap
6865
msgid ""
6866
"# [general]\n"
6867
"# password-db = passwd"
6868
msgstr ""
6869
6870
#: serverguide/C/vcs.xml:313(para)
6871
msgid ""
6872
"After uncommenting the above lines, you can maintain the user list in the "
6873
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6874
"directory and add the new user. The syntax is as follows:"
6875
msgstr ""
6876
6877
#: serverguide/C/vcs.xml:319(programlisting)
6878
#, no-wrap
6879
msgid "username = password"
6880
msgstr ""
6881
6882
#: serverguide/C/vcs.xml:320(para)
6883
msgid "For more details, please refer to the file."
6884
msgstr ""
6885
6886
#: serverguide/C/vcs.xml:324(para)
6887
msgid ""
6888
"Now, to access Subversion via the svn:// custom protocol, either from the "
6889
"same machine or a different machine, you can run svnserver using svnserve "
6890
"command. The syntax is as follows:"
6891
msgstr ""
6892
6893
#: serverguide/C/vcs.xml:329(programlisting)
6894
#, no-wrap
6895
msgid ""
6896
"$ svnserve -d --foreground -r /path/to/repos\n"
6897
"# -d -- daemon mode\n"
6898
"# --foreground -- run in foreground (useful for debugging)\n"
6899
"# -r -- root of directory to serve\n"
6900
"\n"
6901
"For more usage details, please refer to:\n"
6902
"$ svnserve --help"
6903
msgstr ""
6904
6905
#: serverguide/C/vcs.xml:337(para)
6906
msgid ""
6907
"Once you run this command, Subversion starts listening on default port "
6908
"(3690). To access the project repository, you must run the following command "
6909
"from a terminal prompt:"
6910
msgstr ""
6911
6912
#: serverguide/C/vcs.xml:340(command)
6913
msgid "svn co svn://hostname/project project --username user_name"
6914
msgstr ""
6915
6916
#: serverguide/C/vcs.xml:343(para)
6917
msgid ""
6918
"Based on server configuration, it prompts for password. Once you are "
6919
"authenticated, it checks out the code from Subversion repository. To "
6920
"synchronize the project repository with the local copy, you can run the "
6921
"<command>update</command> sub-command. The syntax of the command, entered at "
6922
"a terminal prompt, is as follows:"
6923
msgstr ""
6924
6925
#: serverguide/C/vcs.xml:351(command)
6926
msgid "cd project_dir ; svn update"
6927
msgstr ""
6928
6929
#: serverguide/C/vcs.xml:354(para)
6930
msgid ""
6931
"For more details about using each Subversion sub-command, you can refer to "
6932
"the manual. For example, to learn more about the co (checkout) command, "
6933
"please run the following command from a terminal prompt:"
6934
msgstr ""
6935
6936
#: serverguide/C/vcs.xml:358(command)
6937
msgid "svn co help"
6938
msgstr ""
6939
6940
#: serverguide/C/vcs.xml:362(title)
6941
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6942
msgstr ""
6943
6944
#: serverguide/C/vcs.xml:363(para)
6945
msgid ""
6946
"The configuration and server process is same as in the svn:// method. For "
6947
"details, please refer to the above section. This step assumes you have "
6948
"followed the above step and started the Subversion server using "
6949
"<application>svnserve</application> command."
6950
msgstr ""
6951
6952
#: serverguide/C/vcs.xml:369(para)
6953
msgid ""
6954
"It is also assumed that the ssh server is running on that machine and that "
6955
"it is allowing incoming connections. To confirm, please try to login to that "
6956
"machine using ssh. If you can login, everything is perfect. If you cannot "
6957
"login, please address it before continuing further."
6958
msgstr ""
6959
6960
#: serverguide/C/vcs.xml:375(para)
6961
msgid ""
6962
"The svn+ssh:// protocol is used to access the Subversion repository using "
6963
"SSL encryption. The data transfer is encrypted using this method. To access "
6964
"the project repository (for example with a checkout), you must use the "
6965
"following command syntax:"
6966
msgstr ""
6967
6968
#: serverguide/C/vcs.xml:382(command)
6969
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6970
msgstr ""
6971
6972
#: serverguide/C/vcs.xml:386(para)
6973
msgid ""
6974
"You must use the full path (/path/to/repos/project) to access the Subversion "
6975
"repository using this access method."
6976
msgstr ""
6977
6978
#: serverguide/C/vcs.xml:389(para)
6979
msgid ""
6980
"Based on server configuration, it prompts for password. You must enter the "
6981
"password you use to login via ssh. Once you are authenticated, it checks out "
6982
"the code from the Subversion repository."
6983
msgstr ""
6984
6985
#: serverguide/C/vcs.xml:399(title)
6986
msgid "CVS Server"
6987
msgstr ""
6988
6989
#: serverguide/C/vcs.xml:400(para)
6990
msgid ""
6991
"CVS is a version control system. You can use it to record the history of "
6992
"source files."
6993
msgstr ""
6994
6995
#: serverguide/C/vcs.xml:406(para)
6996
msgid ""
6997
"To install <application>CVS</application>, run the following command from a "
6998
"terminal prompt: <screen>\n"
6999
"<command>sudo apt-get install cvs</command>\n"
7000
"</screen> After you install <application>cvs</application>, you should "
7001
"install <application>xinetd</application> to start/stop the cvs server. At "
7002
"the prompt, enter the following command to install "
7003
"<application>xinetd</application>: <screen>\n"
7004
"<command>sudo apt-get install xinetd</command>\n"
7005
"</screen>"
7006
msgstr ""
7007
7008
#: serverguide/C/vcs.xml:439(programlisting)
7009
#, no-wrap
7010
msgid ""
7011
"\n"
7012
"service cvspserver\n"
7013
"{\n"
7014
" port = 2401\n"
7015
" socket_type = stream\n"
7016
" protocol = tcp\n"
7017
" user = root\n"
7018
" wait = no\n"
7019
" type = UNLISTED\n"
7020
" server = /usr/bin/cvs\n"
7021
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7022
" disable = no\n"
7023
"}\n"
7024
msgstr ""
7025
7026
#: serverguide/C/vcs.xml:455(para)
7027
msgid ""
7028
"Be sure to edit the repository if you have changed the default repository "
7029
"(<application>/var/lib/cvs</application>) directory."
7030
msgstr ""
7031
7032
#: serverguide/C/vcs.xml:424(para)
7033
msgid ""
7034
"Once you install cvs, the repository will be automatically initialized. By "
7035
"default, the repository resides under the "
7036
"<application>/var/lib/cvs</application> directory. You can change this path "
7037
"by running following command: <screen>\n"
7038
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7039
"</screen> Once the initial repository is set up, you can configure "
7040
"<application>xinetd</application> to start the CVS server. You can copy the "
7041
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7042
"<placeholder-1/><placeholder-2/> Once you have configured "
7043
"<application>xinetd</application> you can start the cvs server by running "
7044
"following command: <screen>\n"
7045
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7046
"</screen>"
7047
msgstr ""
7048
7049
#: serverguide/C/vcs.xml:468(para)
7050
msgid ""
7051
"You can confirm that the CVS server is running by issuing the following "
7052
"command:"
7053
msgstr ""
7054
7055
#: serverguide/C/vcs.xml:475(command)
7056
msgid "sudo netstat -tap | grep cvs"
7057
msgstr "sudo netstat -tap | grep cvs"
7058
7059
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7060
msgid ""
7061
"When you run this command, you should see the following line or something "
7062
"similar:"
7063
msgstr ""
7064
7065
#: serverguide/C/vcs.xml:484(programlisting)
7066
#, no-wrap
7067
msgid ""
7068
"\n"
7069
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7070
msgstr ""
7071
7072
#: serverguide/C/vcs.xml:488(para)
7073
msgid ""
7074
"From here you can continue to add users, add new projects, and manage the "
7075
"CVS server."
7076
msgstr ""
7077
7078
#: serverguide/C/vcs.xml:493(para)
7079
msgid ""
7080
"CVS allows the user to add users independently of the underlying OS "
7081
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7082
"although it has potential security issues. Please refer to the CVS manual "
7083
"for details."
7084
msgstr ""
7085
7086
#: serverguide/C/vcs.xml:503(title)
7087
msgid "Add Projects"
7088
msgstr ""
7089
7090
#: serverguide/C/vcs.xml:515(para)
7091
msgid ""
7092
"You can use the CVSROOT environment variable to store the CVS root "
7093
"directory. Once you export the CVSROOT environment variable, you can avoid "
7094
"using -d option in the above cvs command."
7095
msgstr ""
7096
7097
#: serverguide/C/vcs.xml:527(para)
7098
msgid ""
7099
"When you add a new project, the CVS user you use must have write access to "
7100
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7101
"the <application>src</application> group has write access to the CVS "
7102
"repository. So, you can add the user to this group, and he can then add and "
7103
"manage projects in the CVS repository."
7104
msgstr ""
7105
7106
#: serverguide/C/vcs.xml:504(para)
7107
msgid ""
7108
"This section explains how to add new project to the CVS repository. Create "
7109
"the directory and add necessary document and source files to the directory. "
7110
"Now, run the following command to add this project to CVS repository: "
7111
"<screen>\n"
7112
"<command>cd your/project</command>\n"
7113
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7114
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7115
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7116
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7117
"purpose in this context, but since CVS requires them, they must be present. "
7118
"<placeholder-2/>"
7119
msgstr ""
7120
7121
#: serverguide/C/vcs.xml:540(ulink)
7122
msgid "Bazaar Home Page"
7123
msgstr ""
7124
7125
#: serverguide/C/vcs.xml:541(ulink)
7126
msgid "Launchpad"
7127
msgstr "Launchpad"
7128
7129
#: serverguide/C/vcs.xml:542(ulink)
7130
msgid "Subversion Home Page"
7131
msgstr ""
7132
7133
#: serverguide/C/vcs.xml:543(ulink)
7134
msgid "Subversion Book"
7135
msgstr ""
7136
7137
#: serverguide/C/vcs.xml:545(ulink)
7138
msgid "CVS Manual"
7139
msgstr ""
7140
7141
#: serverguide/C/vcs.xml:546(ulink)
7142
msgid "Easy Bazaar Ubuntu Wiki page"
7143
msgstr ""
7144
7145
#: serverguide/C/vcs.xml:547(ulink)
7146
msgid "Ubuntu Wiki Subversion page"
7147
msgstr ""
7148
7149
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7150
msgid "Credits and License"
7151
msgstr "Bidragydere og licens"
7152
7153
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7154
msgid ""
7155
"This document is maintained by the Ubuntu documentation team "
7156
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7157
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7158
msgstr ""
7159
"Dette dokument vedligeholdes af Ubuntu-dokumentationsholdet "
7160
"(https://wiki.ubuntu.com/DocumentationTeam). For en liste over bidragydere, "
7161
"se <ulink url=\"../../libs/C/contributors.xml\">siden over "
7162
"bidragydere</ulink>"
7163
7164
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7165
msgid ""
7166
"This document is made available under the Creative Commons ShareAlike 2.5 "
7167
"License (CC-BY-SA)."
7168
msgstr ""
7169
"Dette dokument er udgivet under Creative Commons \"Del på samme vilkår\" 2.5 "
7170
"Licensen (CC-BY-SA)."
7171
7172
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7173
msgid ""
7174
"You are free to modify, extend, and improve the Ubuntu documentation source "
7175
"code under the terms of this license. All derivative works must be released "
7176
"under this license."
7177
msgstr ""
7178
"Du kan frit ændre, udvide og forbedre Ubuntu-dokumentationen, under "
7179
"betingelserne i denne licens. Alle afledte værker skal udgives under denne "
7180
"licens."
7181
7182
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7183
msgid ""
7184
"This documentation is distributed in the hope that it will be useful, but "
7185
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7186
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7187
msgstr ""
7188
"Denne dokumentation distribueres i håb om, at den vil være nyttig, men UDEN "
7189
"NOGEN GARANTI, selv uden den underforståede garanti omkring SALGBARHED eller "
7190
"EGNETHED TIL ET BESTEMT FORMÅL SOM BESKREVET I ANSVARSFRASKRIVELSEN."
7191
7192
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7193
msgid ""
7194
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7195
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7196
msgstr ""
7197
"En kopi af licensen er tilgængelig her: <ulink url=\"/usr/share/ubuntu-"
7198
"docs/libs/C/ccbysa.xml\">Creative Commons \"Del på samme vilkår\"</ulink>."
7199
7200
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7201
msgid "2010"
7202
msgstr ""
7203
7204
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7205
msgid "Ubuntu Documentation Project"
7206
msgstr "Dokumentationsprojekt for Ubuntu"
7207
7208
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7209
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7210
msgstr "Canonical Ltd. og medlemmer af <placeholder-1/>"
7211
7212
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7213
msgid "The Ubuntu Documentation Project"
7214
msgstr "Dokumentationsprojektet for Ubuntu"
7215
7216
#: serverguide/C/serverguide.xml:17(para)
7217
msgid ""
7218
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7219
"information on how to install and configure various server applications on "
7220
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7221
"guide for configuring and customizing your system."
7222
msgstr ""
7223
7224
#: serverguide/C/security.xml:13(title)
7225
msgid "Security"
7226
msgstr "Sikkerhed"
7227
7228
#: serverguide/C/security.xml:14(para)
7229
msgid ""
7230
"Security should always be considered when installing, deploying, and using "
7231
"any type of computer system. Although a fresh installation of Ubuntu is "
7232
"relatively safe for immediate use on the Internet, it is important to have a "
7233
"balanced understanding of your systems security posture based on how it will "
7234
"be used after deployment."
7235
msgstr ""
7236
7237
#: serverguide/C/security.xml:17(para)
7238
msgid ""
7239
"This chapter provides an overview of security related topics as they pertain "
7240
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7241
"protect your server and network from any number of potential security "
7242
"threats."
7243
msgstr ""
7244
7245
#: serverguide/C/security.xml:21(title)
7246
msgid "User Management"
7247
msgstr ""
7248
7249
#: serverguide/C/security.xml:22(para)
7250
msgid ""
7251
"User management is a critical part of maintaining a secure system. "
7252
"Ineffective user and privilege management often lead many systems into being "
7253
"compromised. Therefore, it is important that you understand how you can "
7254
"protect your server through simple and effective user account management "
7255
"techniques."
7256
msgstr ""
7257
7258
#: serverguide/C/security.xml:26(title)
7259
msgid "Where is root?"
7260
msgstr ""
7261
7262
#: serverguide/C/security.xml:27(para)
7263
msgid ""
7264
"Ubuntu developers made a conscientious decision to disable the "
7265
"administrative root account by default in all Ubuntu installations. This "
7266
"does not mean that the root account has been deleted or that it may not be "
7267
"accessed. It merely has been given a password which matches no possible "
7268
"encrypted value, therefore may not log in directly by itself."
7269
msgstr ""
7270
7271
#: serverguide/C/security.xml:30(para)
7272
msgid ""
7273
"Instead, users are encouraged to make use of a tool by the name of "
7274
"<application>sudo</application> to carry out system administrative duties. "
7275
"<application>Sudo</application> allows an authorized user to temporarily "
7276
"elevate their privileges using their own password instead of having to know "
7277
"the password belonging to the root account. This simple yet effective "
7278
"methodology provides accountability for all user actions, and gives the "
7279
"administrator granular control over which actions a user can perform with "
7280
"said privileges."
7281
msgstr ""
7282
7283
#: serverguide/C/security.xml:35(para)
7284
msgid ""
7285
"If for some reason you wish to enable the root account, simply give it a "
7286
"password:"
7287
msgstr ""
7288
7289
#: serverguide/C/security.xml:39(command)
7290
msgid "sudo passwd"
7291
msgstr "sudo passwd"
7292
7293
#: serverguide/C/security.xml:41(para)
7294
msgid ""
7295
"Sudo will prompt you for your password, and then ask you to supply a new "
7296
"password for root as shown below:"
7297
msgstr ""
7298
7299
#: serverguide/C/security.xml:44(userinput)
7300
#, no-wrap
7301
msgid "(enter your own password)"
7302
msgstr ""
7303
7304
#: serverguide/C/security.xml:45(userinput)
7305
#, no-wrap
7306
msgid "(enter a new password for root)"
7307
msgstr ""
7308
7309
#: serverguide/C/security.xml:46(userinput)
7310
#, no-wrap
7311
msgid "(repeat new password for root)"
7312
msgstr ""
7313
7314
#: serverguide/C/security.xml:44(computeroutput)
7315
#, no-wrap
7316
msgid ""
7317
"[sudo] password for username: <placeholder-1/>\n"
7318
"Enter new UNIX password: <placeholder-2/>\n"
7319
"Retype new UNIX password: <placeholder-3/>\n"
7320
"passwd: password updated successfully"
7321
msgstr ""
7322
7323
#: serverguide/C/security.xml:51(para)
7324
msgid "To disable the root account, use the following passwd syntax:"
7325
msgstr ""
7326
7327
#: serverguide/C/security.xml:55(command)
7328
msgid "sudo passwd -l root"
7329
msgstr "sudo passwd -l root"
7330
7331
#: serverguide/C/security.xml:59(para)
7332
msgid ""
7333
"You should read more on <application>Sudo</application> by checking out it's "
7334
"man page:"
7335
msgstr ""
7336
7337
#: serverguide/C/security.xml:63(command)
7338
msgid "man sudo"
7339
msgstr "man sudo"
7340
7341
#: serverguide/C/security.xml:67(para)
7342
msgid ""
7343
"By default, the initial user created by the Ubuntu installer is a member of "
7344
"the group \"admin\" which is added to the file "
7345
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7346
"give any other account full root access through "
7347
"<application>sudo</application>, simply add them to the admin group."
7348
msgstr ""
7349
7350
#: serverguide/C/security.xml:73(title)
7351
msgid "Adding and Deleting Users"
7352
msgstr ""
7353
7354
#: serverguide/C/security.xml:74(para)
7355
msgid ""
7356
"The process for managing local users and groups is straight forward and "
7357
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7358
"other Debian based distributions, encourage the use of the \"adduser\" "
7359
"package for account management."
7360
msgstr ""
7361
7362
#: serverguide/C/security.xml:79(para)
7363
msgid ""
7364
"To add a user account, use the following syntax, and follow the prompts to "
7365
"give the account a password and identifiable characteristics such as a full "
7366
"name, phone number, etc."
7367
msgstr ""
7368
7369
#: serverguide/C/security.xml:83(command)
7370
msgid "sudo adduser username"
7371
msgstr "sudo adduser username"
7372
7373
#: serverguide/C/security.xml:87(para)
7374
msgid ""
7375
"To delete a user account and its primary group, use the following syntax:"
7376
msgstr ""
7377
7378
#: serverguide/C/security.xml:91(command)
7379
msgid "sudo deluser username"
7380
msgstr ""
7381
7382
#: serverguide/C/security.xml:93(para)
7383
msgid ""
7384
"Deleting an account does not remove their respective home folder. It is up "
7385
"to you whether or not you wish to delete the folder manually or keep it "
7386
"according to your desired retention policies."
7387
msgstr ""
7388
7389
#: serverguide/C/security.xml:96(para)
7390
msgid ""
7391
"Remember, any user added later on with the same UID/GID as the previous "
7392
"owner will now have access to this folder if you have not taken the "
7393
"necessary precautions."
7394
msgstr ""
7395
7396
#: serverguide/C/security.xml:99(para)
7397
msgid ""
7398
"You may want to change these UID/GID values to something more appropriate, "
7399
"such as the root account, and perhaps even relocate the folder to avoid "
7400
"future conflicts:"
7401
msgstr ""
7402
7403
#: serverguide/C/security.xml:103(command)
7404
msgid "sudo chown -R root:root /home/username/"
7405
msgstr ""
7406
7407
#: serverguide/C/security.xml:104(command)
7408
msgid "sudo mkdir /home/archived_users/"
7409
msgstr ""
7410
7411
#: serverguide/C/security.xml:105(command)
7412
msgid "sudo mv /home/username /home/archived_users/"
7413
msgstr ""
7414
7415
#: serverguide/C/security.xml:109(para)
7416
msgid ""
7417
"To temporarily lock or unlock a user account, use the following syntax, "
7418
"respectively:"
7419
msgstr ""
7420
7421
#: serverguide/C/security.xml:113(command)
7422
msgid "sudo passwd -l username"
7423
msgstr ""
7424
7425
#: serverguide/C/security.xml:114(command)
7426
msgid "sudo passwd -u username"
7427
msgstr ""
7428
7429
#: serverguide/C/security.xml:118(para)
7430
msgid ""
7431
"To add or delete a personalized group, use the following syntax, "
7432
"respectively:"
7433
msgstr ""
7434
7435
#: serverguide/C/security.xml:122(command)
7436
msgid "sudo addgroup groupname"
7437
msgstr ""
7438
7439
#: serverguide/C/security.xml:123(command)
7440
msgid "sudo delgroup groupname"
7441
msgstr ""
7442
7443
#: serverguide/C/security.xml:127(para)
7444
msgid "To add a user to a group, use the following syntax:"
7445
msgstr ""
7446
7447
#: serverguide/C/security.xml:131(command)
7448
msgid "sudo adduser username groupname"
7449
msgstr ""
7450
7451
#: serverguide/C/security.xml:138(title)
7452
msgid "User Profile Security"
7453
msgstr ""
7454
7455
#: serverguide/C/security.xml:139(para)
7456
msgid ""
7457
"When a new user is created, the adduser utility creates a brand new home "
7458
"directory named <filename class=\"directory\">/home/username</filename>, "
7459
"respectively. The default profile is modeled after the contents found in the "
7460
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7461
"includes all profile basics."
7462
msgstr ""
7463
7464
#: serverguide/C/security.xml:142(para)
7465
msgid ""
7466
"If your server will be home to multiple users, you should pay close "
7467
"attention to the user home directory permissions to ensure confidentiality. "
7468
"By default, user home directories in Ubuntu are created with world "
7469
"read/execute permissions. This means that all users can browse and access "
7470
"the contents of other users home directories. This may not be suitable for "
7471
"your environment."
7472
msgstr ""
7473
7474
#: serverguide/C/security.xml:147(para)
7475
msgid ""
7476
"To verify your current users home directory permissions, use the following "
7477
"syntax:"
7478
msgstr ""
7479
7480
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7481
msgid "ls -ld /home/username"
7482
msgstr ""
7483
7484
#: serverguide/C/security.xml:153(para)
7485
msgid ""
7486
"The following output shows that the directory <filename "
7487
"class=\"directory\">/home/username</filename> has world readable permissions:"
7488
msgstr ""
7489
7490
#: serverguide/C/security.xml:156(computeroutput)
7491
#, no-wrap
7492
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7493
msgstr ""
7494
7495
#: serverguide/C/security.xml:160(para)
7496
msgid ""
7497
"You can remove the world readable permissions using the following syntax:"
7498
msgstr ""
7499
7500
#: serverguide/C/security.xml:164(command)
7501
msgid "sudo chmod 0750 /home/username"
7502
msgstr ""
7503
7504
#: serverguide/C/security.xml:167(para)
7505
msgid ""
7506
"Some people tend to use the recursive option (-R) indiscriminately which "
7507
"modifies all child folders and files, but this is not necessary, and may "
7508
"yield other undesirable results. The parent directory alone is sufficient "
7509
"for preventing unauthorized access to anything below the parent."
7510
msgstr ""
7511
7512
#: serverguide/C/security.xml:171(para)
7513
msgid ""
7514
"A much more efficient approach to the matter would be to modify the "
7515
"<application>adduser</application> global default permissions when creating "
7516
"user home folders. Simply edit the file "
7517
"<filename>/etc/adduser.conf</filename> and modify the "
7518
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7519
"new home directories will receive the correct permissions."
7520
msgstr ""
7521
7522
#: serverguide/C/security.xml:174(programlisting)
7523
#, no-wrap
7524
msgid ""
7525
"\n"
7526
"DIR_MODE=0750\n"
7527
msgstr ""
7528
7529
#: serverguide/C/security.xml:179(para)
7530
msgid ""
7531
"After correcting the directory permissions using any of the previously "
7532
"mentioned techniques, verify the results using the following syntax:"
7533
msgstr ""
7534
7535
#: serverguide/C/security.xml:185(para)
7536
msgid ""
7537
"The results below show that world readable permissions have been removed:"
7538
msgstr ""
7539
7540
#: serverguide/C/security.xml:188(computeroutput)
7541
#, no-wrap
7542
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7543
msgstr ""
7544
7545
#: serverguide/C/security.xml:195(title)
7546
msgid "Password Policy"
7547
msgstr ""
7548
7549
#: serverguide/C/security.xml:196(para)
7550
msgid ""
7551
"A strong password policy is one of the most important aspects of your "
7552
"security posture. Many successful security breaches involve simple brute "
7553
"force and dictionary attacks against weak passwords. If you intend to offer "
7554
"any form of remote access involving your local password system, make sure "
7555
"you adequately address minimum password complexity requirements, maximum "
7556
"password lifetimes, and frequent audits of your authentication systems."
7557
msgstr ""
7558
7559
#: serverguide/C/security.xml:200(title)
7560
msgid "Minimum Password Length"
7561
msgstr ""
7562
7563
#: serverguide/C/security.xml:201(para)
7564
msgid ""
7565
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7566
"well as some basic entropy checks. These values are controlled in the file "
7567
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7568
msgstr ""
7569
7570
#: serverguide/C/security.xml:204(programlisting)
7571
#, no-wrap
7572
msgid ""
7573
"\n"
7574
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7575
msgstr ""
7576
7577
#: serverguide/C/security.xml:207(para)
7578
msgid ""
7579
"If you would like to adjust the minimum length to 8 characters, change the "
7580
"appropriate variable to min=8. The modification is outlined below."
7581
msgstr ""
7582
7583
#: serverguide/C/security.xml:210(programlisting)
7584
#, no-wrap
7585
msgid ""
7586
"\n"
7587
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7588
"min=8\n"
7589
msgstr ""
7590
7591
#: serverguide/C/security.xml:215(title)
7592
msgid "Password Expiration"
7593
msgstr ""
7594
7595
#: serverguide/C/security.xml:216(para)
7596
msgid ""
7597
"When creating user accounts, you should make it a policy to have a minimum "
7598
"and maximum password age forcing users to change their passwords when they "
7599
"expire."
7600
msgstr ""
7601
7602
#: serverguide/C/security.xml:221(para)
7603
msgid ""
7604
"To easily view the current status of a user account, use the following "
7605
"syntax:"
7606
msgstr ""
7607
7608
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7609
msgid "sudo chage -l username"
7610
msgstr ""
7611
7612
#: serverguide/C/security.xml:227(para)
7613
msgid ""
7614
"The output below shows interesting facts about the user account, namely that "
7615
"there are no policies applied:"
7616
msgstr ""
7617
7618
#: serverguide/C/security.xml:230(computeroutput)
7619
#, no-wrap
7620
msgid ""
7621
"Last password change : Jan 20, 2008\n"
7622
"Password expires : never\n"
7623
"Password inactive : never\n"
7624
"Account expires : never\n"
7625
"Minimum number of days between password change : 0\n"
7626
"Maximum number of days between password change : 99999\n"
7627
"Number of days of warning before password expires : 7"
7628
msgstr ""
7629
7630
#: serverguide/C/security.xml:240(para)
7631
msgid ""
7632
"To set any of these values, simply use the following syntax, and follow the "
7633
"interactive prompts:"
7634
msgstr ""
7635
7636
#: serverguide/C/security.xml:244(command)
7637
msgid "sudo chage username"
7638
msgstr ""
7639
7640
#: serverguide/C/security.xml:246(para)
7641
msgid ""
7642
"The following is also an example of how you can manually change the explicit "
7643
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7644
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7645
"password expiration, and a warning time period (-W) of 14 days before "
7646
"password expiration."
7647
msgstr ""
7648
7649
#: serverguide/C/security.xml:250(command)
7650
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7651
msgstr ""
7652
7653
#: serverguide/C/security.xml:254(para)
7654
msgid "To verify changes, use the same syntax as mentioned previously:"
7655
msgstr ""
7656
7657
#: serverguide/C/security.xml:260(para)
7658
msgid ""
7659
"The output below shows the new policies that have been established for the "
7660
"account:"
7661
msgstr ""
7662
7663
#: serverguide/C/security.xml:263(computeroutput)
7664
#, no-wrap
7665
msgid ""
7666
"Last password change : Jan 20, 2008\n"
7667
"Password expires : Apr 19, 2008\n"
7668
"Password inactive : May 19, 2008\n"
7669
"Account expires : Jan 31, 2008\n"
7670
"Minimum number of days between password change : 5\n"
7671
"Maximum number of days between password change : 90\n"
7672
"Number of days of warning before password expires : 14"
7673
msgstr ""
7674
7675
#: serverguide/C/security.xml:279(title)
7676
msgid "Other Security Considerations"
7677
msgstr ""
7678
7679
#: serverguide/C/security.xml:280(para)
7680
msgid ""
7681
"Many applications use alternate authentication mechanisms that can be easily "
7682
"overlooked by even experienced system administrators. Therefore, it is "
7683
"important to understand and control how users authenticate and gain access "
7684
"to services and applications on your server."
7685
msgstr ""
7686
7687
#: serverguide/C/security.xml:285(title)
7688
msgid "SSH Access by Disabled Users"
7689
msgstr ""
7690
7691
#: serverguide/C/security.xml:286(para)
7692
msgid ""
7693
"Simply disabling/locking a user account will not prevent a user from logging "
7694
"into your server remotely if they have previously set up RSA public key "
7695
"authentication. They will still be able to gain shell access to the server, "
7696
"without the need for any password. Remember to check the users home "
7697
"directory for files that will allow for this type of authenticated SSH "
7698
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7699
msgstr ""
7700
7701
#: serverguide/C/security.xml:289(para)
7702
msgid ""
7703
"Remove or rename the directory <filename "
7704
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7705
"further SSH authentication capabilities."
7706
msgstr ""
7707
7708
#: serverguide/C/security.xml:292(para)
7709
msgid ""
7710
"Be sure to check for any established SSH connections by the disabled user, "
7711
"as it is possible they may have existing inbound or outbound connections. "
7712
"Kill any that are found."
7713
msgstr ""
7714
7715
#: serverguide/C/security.xml:295(para)
7716
msgid ""
7717
"Restrict SSH access to only user accounts that should have it. For example, "
7718
"you may create a group called \"sshlogin\" and add the group name as the "
7719
"value associated with the <varname>AllowGroups</varname> variable located in "
7720
"the file <filename>/etc/ssh/sshd_config</filename>."
7721
msgstr ""
7722
7723
#: serverguide/C/security.xml:298(programlisting)
7724
#, no-wrap
7725
msgid ""
7726
"\n"
7727
"AllowGroups sshlogin\n"
7728
msgstr ""
7729
7730
#: serverguide/C/security.xml:301(para)
7731
msgid ""
7732
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7733
"SSH service."
7734
msgstr ""
7735
7736
#: serverguide/C/security.xml:305(command)
7737
msgid "sudo adduser username sshlogin"
7738
msgstr ""
7739
7740
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7741
msgid "sudo /etc/init.d/ssh restart"
7742
msgstr "sudo /etc/init.d/ssh restart"
7743
7744
#: serverguide/C/security.xml:310(title)
7745
msgid "External User Database Authentication"
7746
msgstr ""
7747
7748
#: serverguide/C/security.xml:311(para)
7749
msgid ""
7750
"Most enterprise networks require centralized authentication and access "
7751
"controls for all system resources. If you have configured your server to "
7752
"authenticate users against external databases, be sure to disable the user "
7753
"accounts both externally and locally, this way you ensure that local "
7754
"fallback authentication is not possible."
7755
msgstr ""
7756
7757
#: serverguide/C/security.xml:320(title)
7758
msgid "Console Security"
7759
msgstr ""
7760
7761
#: serverguide/C/security.xml:321(para)
7762
msgid ""
7763
"As with any other security barrier you put in place to protect your server, "
7764
"it is pretty tough to defend against untold damage caused by someone with "
7765
"physical access to your environment, for example, theft of hard drives, "
7766
"power or service disruption and so on. Therefore, console security should be "
7767
"addressed merely as one component of your overall physical security "
7768
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7769
"very least slow down a determined one, so it is still advisable to perform "
7770
"basic precautions with regard to console security."
7771
msgstr ""
7772
7773
#: serverguide/C/security.xml:324(para)
7774
msgid ""
7775
"The following instructions will help defend your server against issues that "
7776
"could otherwise yield very serious consequences."
7777
msgstr ""
7778
7779
#: serverguide/C/security.xml:329(title)
7780
msgid "Disable Ctrl+Alt+Delete"
7781
msgstr ""
7782
7783
#: serverguide/C/security.xml:330(para)
7784
msgid ""
7785
"First and foremost, anyone that has physical access to the keyboard can "
7786
"simply use the "
7787
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7788
"eycombo> key combination to reboot the server without having to log on. "
7789
"Sure, someone could simply unplug the power source, but you should still "
7790
"prevent the use of this key combination on a production server. This forces "
7791
"an attacker to take more drastic measures to reboot the server, and will "
7792
"prevent accidental reboots at the same time."
7793
msgstr ""
7794
7795
#: serverguide/C/security.xml:335(para)
7796
msgid ""
7797
"To disable the reboot action taken by pressing the "
7798
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7799
"eycombo> key combination, comment out the following line in the file "
7800
"<filename>/etc/init/control-alt-delete.conf</filename>."
7801
msgstr ""
7802
7803
#: serverguide/C/security.xml:338(programlisting)
7804
#, no-wrap
7805
msgid ""
7806
"\n"
7807
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7808
msgstr ""
7809
7810
#: serverguide/C/security.xml:347(title)
7811
msgid "Firewall"
7812
msgstr "Firewall"
7813
7814
#: serverguide/C/security.xml:350(para)
7815
msgid ""
7816
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7817
"which is used to manipulate or decide the fate of network traffic headed "
7818
"into or through your server. All modern Linux firewall solutions use this "
7819
"system for packet filtering."
7820
msgstr ""
7821
7822
#: serverguide/C/security.xml:355(para)
7823
msgid ""
7824
"The kernel's packet filtering system would be of little use to "
7825
"administrators without a userspace interface to manage it. This is the "
7826
"purpose of iptables. When a packet reaches your server, it will be handed "
7827
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7828
"based on the rules supplied to it from userspace via iptables. Thus, "
7829
"iptables is all you need to manage your firewall if you're familiar with it, "
7830
"but many frontends are available to simplify the task."
7831
msgstr ""
7832
7833
#: serverguide/C/security.xml:365(title)
7834
msgid "ufw - Uncomplicated Firewall"
7835
msgstr ""
7836
7837
#: serverguide/C/security.xml:366(para)
7838
msgid ""
7839
"The default firewall configuration tool for Ubuntu is "
7840
"<application>ufw</application>. Developed to ease iptables firewall "
7841
"configuration, <application>ufw</application> provides a user friendly way "
7842
"to create an IPv4 or IPv6 host-based firewall."
7843
msgstr ""
7844
7845
#: serverguide/C/security.xml:370(para)
7846
msgid ""
7847
"<application>ufw</application> by default is initially disabled. From the "
7848
"<application>ufw</application> man page:"
7849
msgstr ""
7850
7851
#: serverguide/C/security.xml:374(quote)
7852
msgid ""
7853
"ufw is not intended to provide complete firewall functionality via its "
7854
"command interface, but instead provides an easy way to add or remove simple "
7855
"rules. It is currently mainly used for host-based firewalls."
7856
msgstr ""
7857
7858
#: serverguide/C/security.xml:378(para)
7859
msgid ""
7860
"The following are some examples of how to use <application>ufw</application>:"
7861
msgstr ""
7862
7863
#: serverguide/C/security.xml:383(para)
7864
msgid ""
7865
"First, <application>ufw</application> needs to be enabled. From a terminal "
7866
"prompt enter:"
7867
msgstr ""
7868
7869
#: serverguide/C/security.xml:387(command)
7870
msgid "sudo ufw enable"
7871
msgstr "sudo ufw enable"
7872
7873
#: serverguide/C/security.xml:391(para)
7874
msgid "To open a port (ssh in this example):"
7875
msgstr ""
7876
7877
#: serverguide/C/security.xml:395(command)
7878
msgid "sudo ufw allow 22"
7879
msgstr "sudo ufw allow 22"
7880
7881
#: serverguide/C/security.xml:399(para)
7882
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7883
msgstr ""
7884
7885
#: serverguide/C/security.xml:403(command)
7886
msgid "sudo ufw insert 1 allow 80"
7887
msgstr "sudo ufw insert 1 allow 80"
7888
7889
#: serverguide/C/security.xml:407(para)
7890
msgid "Similarly, to close an opened port:"
7891
msgstr ""
7892
7893
#: serverguide/C/security.xml:411(command)
7894
msgid "sudo ufw deny 22"
7895
msgstr "sudo ufw deny 22"
7896
7897
#: serverguide/C/security.xml:415(para)
7898
msgid "To remove a rule, use delete followed by the rule:"
7899
msgstr ""
7900
7901
#: serverguide/C/security.xml:419(command)
7902
msgid "sudo ufw delete deny 22"
7903
msgstr "sudo ufw delete deny 22"
7904
7905
#: serverguide/C/security.xml:423(para)
7906
msgid ""
7907
"It is also possible to allow access from specific hosts or networks to a "
7908
"port. The following example allows ssh access from host 192.168.0.2 to any "
7909
"ip address on this host:"
7910
msgstr ""
7911
7912
#: serverguide/C/security.xml:428(command)
7913
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7914
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7915
7916
#: serverguide/C/security.xml:430(para)
7917
msgid ""
7918
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7919
"subnet."
7920
msgstr ""
7921
7922
#: serverguide/C/security.xml:436(para)
7923
msgid ""
7924
"Adding the <emphasis>--dry-run</emphasis> option to a "
7925
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7926
"apply them. For example, the following is what would be applied if opening "
7927
"the HTTP port:"
7928
msgstr ""
7929
7930
#: serverguide/C/security.xml:442(command)
7931
msgid "sudo ufw --dry-run allow http"
7932
msgstr "sudo ufw --dry-run allow http"
7933
7934
#: serverguide/C/security.xml:446(computeroutput)
7935
#, no-wrap
7936
msgid ""
7937
"*filter\n"
7938
":ufw-user-input - [0:0]\n"
7939
":ufw-user-output - [0:0]\n"
7940
":ufw-user-forward - [0:0]\n"
7941
":ufw-user-limit - [0:0]\n"
7942
":ufw-user-limit-accept - [0:0]\n"
7943
"### RULES ###\n"
7944
"\n"
7945
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7946
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7947
"\n"
7948
"### END RULES ###\n"
7949
"-A ufw-user-input -j RETURN\n"
7950
"-A ufw-user-output -j RETURN\n"
7951
"-A ufw-user-forward -j RETURN\n"
7952
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7953
"LIMIT]: \"\n"
7954
"-A ufw-user-limit -j REJECT\n"
7955
"-A ufw-user-limit-accept -j ACCEPT\n"
7956
"COMMIT\n"
7957
"Rules updated"
7958
msgstr ""
7959
7960
#: serverguide/C/security.xml:470(para)
7961
msgid "<application>ufw</application> can be disabled by:"
7962
msgstr ""
7963
7964
#: serverguide/C/security.xml:474(command)
7965
msgid "sudo ufw disable"
7966
msgstr "sudo ufw disable"
7967
7968
#: serverguide/C/security.xml:478(para)
7969
msgid "To see the firewall status, enter:"
7970
msgstr ""
7971
7972
#: serverguide/C/security.xml:482(command)
7973
msgid "sudo ufw status"
7974
msgstr "sudo ufw status"
7975
7976
#: serverguide/C/security.xml:486(para)
7977
msgid "And for more verbose status information use:"
7978
msgstr ""
7979
7980
#: serverguide/C/security.xml:490(command)
7981
msgid "sudo ufw status verbose"
7982
msgstr "sudo ufw status verbose"
7983
7984
#: serverguide/C/security.xml:494(para)
7985
msgid "To view the <emphasis>numbered</emphasis> format:"
7986
msgstr ""
7987
7988
#: serverguide/C/security.xml:498(command)
7989
msgid "sudo ufw status numbered"
7990
msgstr "sudo ufw status numbered"
7991
7992
#: serverguide/C/security.xml:503(para)
7993
msgid ""
7994
"If the port you want to open or close is defined in "
7995
"<filename>/etc/services</filename>, you can use the port name instead of the "
7996
"number. In the above examples, replace <emphasis>22</emphasis> with "
7997
"<emphasis>ssh</emphasis>."
7998
msgstr ""
7999
8000
#: serverguide/C/security.xml:509(para)
8001
msgid ""
8002
"This is a quick introduction to using <application>ufw</application>. Please "
8003
"refer to the <application>ufw</application> man page for more information."
8004
msgstr ""
8005
8006
#: serverguide/C/security.xml:515(title)
8007
msgid "ufw Application Integration"
8008
msgstr ""
8009
8010
#: serverguide/C/security.xml:517(para)
8011
msgid ""
8012
"Applications that open ports can include an <application>ufw</application> "
8013
"profile, which details the ports needed for the application to function "
8014
"properly. The profiles are kept in <filename "
8015
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8016
"the default ports have been changed."
8017
msgstr ""
8018
8019
#: serverguide/C/security.xml:526(para)
8020
msgid ""
8021
"To view which applications have installed a profile, enter the following in "
8022
"a terminal:"
8023
msgstr ""
8024
8025
#: serverguide/C/security.xml:531(command)
8026
msgid "sudo ufw app list"
8027
msgstr "sudo ufw app list"
8028
8029
#: serverguide/C/security.xml:537(para)
8030
msgid ""
8031
"Similar to allowing traffic to a port, using an application profile is "
8032
"accomplished by entering:"
8033
msgstr ""
8034
8035
#: serverguide/C/security.xml:542(command)
8036
msgid "sudo ufw allow Samba"
8037
msgstr "sudo ufw allow Samba"
8038
8039
#: serverguide/C/security.xml:548(para)
8040
msgid "An extended syntax is available as well:"
8041
msgstr ""
8042
8043
#: serverguide/C/security.xml:553(command)
8044
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8045
msgstr ""
8046
8047
#: serverguide/C/security.xml:556(para)
8048
msgid ""
8049
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8050
"with the application profile you are using and the IP range for your network."
8051
msgstr ""
8052
8053
#: serverguide/C/security.xml:562(para)
8054
msgid ""
8055
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8056
"application, because that information is detailed in the profile. Also, note "
8057
"that the <emphasis>app</emphasis> name replaces the "
8058
"<emphasis>port</emphasis> number."
8059
msgstr ""
8060
8061
#: serverguide/C/security.xml:571(para)
8062
msgid ""
8063
"To view details about which ports, protocols, etc are defined for an "
8064
"application, enter:"
8065
msgstr ""
8066
8067
#: serverguide/C/security.xml:576(command)
8068
msgid "sudo ufw app info Samba"
8069
msgstr "sudo ufw app info Samba"
8070
8071
#: serverguide/C/security.xml:582(para)
8072
msgid ""
8073
"Not all applications that require opening a network port come with "
8074
"<application>ufw</application> profiles, but if you have profiled an "
8075
"application and want the file to be included with the package, please file a "
8076
"bug against the package in <ulink "
8077
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8078
msgstr ""
8079
8080
#: serverguide/C/security.xml:591(title)
8081
msgid "IP Masquerading"
8082
msgstr ""
8083
8084
#: serverguide/C/security.xml:592(para)
8085
msgid ""
8086
"The purpose of IP Masquerading is to allow machines with private, non-"
8087
"routable IP addresses on your network to access the Internet through the "
8088
"machine doing the masquerading. Traffic from your private network destined "
8089
"for the Internet must be manipulated for replies to be routable back to the "
8090
"machine that made the request. To do this, the kernel must modify the "
8091
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8092
"be routed back to it, rather than to the private IP address that made the "
8093
"request, which is impossible over the Internet. Linux uses "
8094
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8095
"connections belong to which machines and reroute each return packet "
8096
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8097
"having originated from your Ubuntu gateway machine. This process is referred "
8098
"to in Microsoft documentation as Internet Connection Sharing."
8099
msgstr ""
8100
8101
#: serverguide/C/security.xml:608(title)
8102
msgid "ufw Masquerading"
8103
msgstr ""
8104
8105
#: serverguide/C/security.xml:609(para)
8106
msgid ""
8107
"IP Masquerading can be achieved using custom <application>ufw</application> "
8108
"rules. This is possible because the current back-end for "
8109
"<application>ufw</application> is <application>iptables-"
8110
"restore</application> with the rules files located in "
8111
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8112
"legacy iptables rules used without <application>ufw</application>, and rules "
8113
"that are more network gateway or bridge related."
8114
msgstr ""
8115
8116
#: serverguide/C/security.xml:615(para)
8117
msgid ""
8118
"The rules are split into two different files, rules that should be executed "
8119
"before <application>ufw</application> command line rules, and rules that are "
8120
"executed after <application>ufw</application> command line rules."
8121
msgstr ""
8122
8123
#: serverguide/C/security.xml:621(para)
8124
msgid ""
8125
"First, packet forwarding needs to be enabled in "
8126
"<application>ufw</application>. Two configuration files will need to be "
8127
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8128
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8129
msgstr ""
8130
8131
#: serverguide/C/security.xml:625(programlisting)
8132
#, no-wrap
8133
msgid ""
8134
"\n"
8135
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8136
msgstr ""
8137
"\n"
8138
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8139
8140
#: serverguide/C/security.xml:628(para)
8141
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8142
msgstr ""
8143
8144
#: serverguide/C/security.xml:631(programlisting)
8145
#, no-wrap
8146
msgid ""
8147
"\n"
8148
"net/ipv4/ip_forward=1\n"
8149
msgstr ""
8150
8151
#: serverguide/C/security.xml:634(para)
8152
msgid "Similarly, for IPv6 forwarding uncomment:"
8153
msgstr ""
8154
8155
#: serverguide/C/security.xml:637(programlisting)
8156
#, no-wrap
8157
msgid ""
8158
"\n"
8159
"net/ipv6/conf/default/forwarding=1\n"
8160
msgstr ""
8161
8162
#: serverguide/C/security.xml:642(para)
8163
msgid ""
8164
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8165
"file. The default rules only configure the <emphasis>filter</emphasis> "
8166
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8167
"need to be configured. Add the following to the top of the file just after "
8168
"the header comments:"
8169
msgstr ""
8170
8171
#: serverguide/C/security.xml:647(programlisting)
8172
#, no-wrap
8173
msgid ""
8174
"\n"
8175
"# nat Table rules\n"
8176
"*nat\n"
8177
":POSTROUTING ACCEPT [0:0]\n"
8178
"\n"
8179
"# Forward traffic from eth1 through eth0.\n"
8180
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8181
"\n"
8182
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8183
"processed\n"
8184
"COMMIT\n"
8185
msgstr ""
8186
8187
#: serverguide/C/security.xml:658(para)
8188
msgid ""
8189
"The comments are not strictly necessary, but it is considered good practice "
8190
"to document your configuration. Also, when modifying any of the "
8191
"<emphasis>rules</emphasis> files in <filename "
8192
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8193
"line for each table modified:"
8194
msgstr ""
8195
8196
#: serverguide/C/security.xml:664(programlisting)
8197
#, no-wrap
8198
msgid ""
8199
"\n"
8200
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8201
"COMMIT\n"
8202
msgstr ""
8203
8204
#: serverguide/C/security.xml:669(para)
8205
msgid ""
8206
"For each <emphasis>Table</emphasis> a corresponding "
8207
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8208
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8209
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8210
"<emphasis>mangle</emphasis> tables."
8211
msgstr ""
8212
8213
#: serverguide/C/security.xml:676(para)
8214
msgid ""
8215
"In the above example replace <emphasis>eth0</emphasis>, "
8216
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8217
"appropriate interfaces and IP range for your network."
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:684(para)
8221
msgid ""
8222
"Finally, disable and re-enable <application>ufw</application> to apply the "
8223
"changes:"
8224
msgstr ""
8225
8226
#: serverguide/C/security.xml:688(command)
8227
msgid "sudo ufw disable && sudo ufw enable"
8228
msgstr "sudo ufw disable && sudo ufw enable"
8229
8230
#: serverguide/C/security.xml:692(para)
8231
msgid ""
8232
"IP Masquerading should now be enabled. You can also add any additional "
8233
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8234
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8235
"forward</emphasis> chain."
8236
msgstr ""
8237
8238
#: serverguide/C/security.xml:699(title)
8239
msgid "iptables Masquerading"
8240
msgstr ""
8241
8242
#: serverguide/C/security.xml:700(para)
8243
msgid ""
8244
"<application>iptables</application> can also be used to enable masquerading."
8245
msgstr ""
8246
8247
#: serverguide/C/security.xml:705(para)
8248
msgid ""
8249
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8250
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8251
"uncomment the following line"
8252
msgstr ""
8253
8254
#: serverguide/C/security.xml:709(programlisting)
8255
#, no-wrap
8256
msgid ""
8257
"\n"
8258
"net.ipv4.ip_forward=1\n"
8259
msgstr ""
8260
"\n"
8261
"net.ipv4.ip_forward=1\n"
8262
8263
#: serverguide/C/security.xml:712(para)
8264
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8265
msgstr ""
8266
8267
#: serverguide/C/security.xml:715(programlisting)
8268
#, no-wrap
8269
msgid ""
8270
"\n"
8271
"net.ipv6.conf.default.forwarding=1\n"
8272
msgstr ""
8273
"\n"
8274
"net.ipv6.conf.default.forwarding=1\n"
8275
8276
#: serverguide/C/security.xml:720(para)
8277
msgid ""
8278
"Next, execute the <application>sysctl</application> command to enable the "
8279
"new settings in the configuration file:"
8280
msgstr ""
8281
8282
#: serverguide/C/security.xml:724(command)
8283
msgid "sudo sysctl -p"
8284
msgstr "sudo sysctl -p"
8285
8286
#: serverguide/C/security.xml:728(para)
8287
msgid ""
8288
"IP Masquerading can now be accomplished with a single iptables rule, which "
8289
"may differ slightly based on your network configuration:"
8290
msgstr ""
8291
8292
#: serverguide/C/security.xml:731(screen)
8293
#, no-wrap
8294
msgid ""
8295
"\n"
8296
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8297
msgstr ""
8298
"\n"
8299
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8300
8301
#: serverguide/C/security.xml:734(para)
8302
msgid ""
8303
"The above command assumes that your private address space is 192.168.0.0/16 "
8304
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8305
"follows:"
8306
msgstr ""
8307
8308
#: serverguide/C/security.xml:739(para)
8309
msgid "-t nat -- the rule is to go into the nat table"
8310
msgstr ""
8311
8312
#: serverguide/C/security.xml:740(para)
8313
msgid ""
8314
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8315
msgstr ""
8316
8317
#: serverguide/C/security.xml:741(para)
8318
msgid ""
8319
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8320
"specified address space"
8321
msgstr ""
8322
8323
#: serverguide/C/security.xml:742(para)
8324
msgid ""
8325
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8326
"specified network device"
8327
msgstr ""
8328
8329
#: serverguide/C/security.xml:744(para)
8330
msgid ""
8331
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8332
"MASQUERADE target to be manipulated as described above"
8333
msgstr ""
8334
8335
#: serverguide/C/security.xml:752(para)
8336
msgid ""
8337
"Also, each chain in the filter table (the default table, and where most or "
8338
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8339
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8340
"you may have set the policies to DROP or REJECT, in which case your "
8341
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8342
"above rule to work:"
8343
msgstr ""
8344
8345
#: serverguide/C/security.xml:759(screen)
8346
#, no-wrap
8347
msgid ""
8348
"\n"
8349
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8350
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8351
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8352
msgstr ""
8353
"\n"
8354
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8355
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8356
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8357
8358
#: serverguide/C/security.xml:763(para)
8359
msgid ""
8360
"The above commands will allow all connections from your local network to the "
8361
"Internet and all traffic related to those connections to return to the "
8362
"machine that initiated them."
8363
msgstr ""
8364
8365
#: serverguide/C/security.xml:770(para)
8366
msgid ""
8367
"If you want masquerading to be enabled on reboot, which you probably do, "
8368
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8369
"example add the first command with no filtering:"
8370
msgstr ""
8371
8372
#: serverguide/C/security.xml:774(screen)
8373
#, no-wrap
8374
msgid ""
8375
"\n"
8376
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8377
msgstr ""
8378
8379
#: serverguide/C/security.xml:782(title)
8380
msgid "Logs"
8381
msgstr "Logfiler"
8382
8383
#: serverguide/C/security.xml:783(para)
8384
msgid ""
8385
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8386
"firewall rules, and noticing unusual activity on your network. You must "
8387
"include logging rules in your firewall for them to be generated, though, and "
8388
"logging rules must come before any applicable terminating rule (a rule with "
8389
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8390
"REJECT)."
8391
msgstr ""
8392
8393
#: serverguide/C/security.xml:790(para)
8394
msgid ""
8395
"If you are using <application>ufw</application>, you can turn on logging by "
8396
"entering the following in a terminal:"
8397
msgstr ""
8398
8399
#: serverguide/C/security.xml:794(command)
8400
msgid "sudo ufw logging on"
8401
msgstr "sudo ufw logging on"
8402
8403
#: serverguide/C/security.xml:796(para)
8404
msgid ""
8405
"To turn logging off in <application>ufw</application>, simply replace "
8406
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8407
"role=\"italic\">off</emphasis> in the above command."
8408
msgstr ""
8409
8410
#: serverguide/C/security.xml:799(para)
8411
msgid ""
8412
"If using <application>iptables</application> instead of "
8413
"<application>ufw</application>, enter:"
8414
msgstr ""
8415
8416
#: serverguide/C/security.xml:802(screen)
8417
#, no-wrap
8418
msgid ""
8419
"\n"
8420
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8421
"prefix \"NEW_HTTP_CONN: \"\n"
8422
msgstr ""
8423
"\n"
8424
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8425
"prefix \"NEW_HTTP_CONN: \"\n"
8426
8427
#: serverguide/C/security.xml:805(para)
8428
msgid ""
8429
"A request on port 80 from the local machine, then, would generate a log in "
8430
"dmesg that looks like this:"
8431
msgstr ""
8432
8433
#: serverguide/C/security.xml:810(programlisting)
8434
#, no-wrap
8435
msgid ""
8436
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8437
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8438
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8439
"WINDOW=32767 RES=0x00 SYN URGP=0"
8440
msgstr ""
8441
8442
#: serverguide/C/security.xml:812(para)
8443
msgid ""
8444
"The above log will also appear in <filename>/var/log/messages</filename>, "
8445
"<filename>/var/log/syslog</filename>, and "
8446
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8447
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8448
"and configuring <application>ulogd</application> and using the ULOG target "
8449
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8450
"server that listens for logging instructions from the kernel specifically "
8451
"for firewalls, and can log to any file you like, or even to a "
8452
"<application>PostgreSQL</application> or <application>MySQL</application> "
8453
"database. Making sense of your firewall logs can be simplified by using a "
8454
"log analyzing tool such as <application>fwanalog</application>, "
8455
"<application> fwlogwatch</application>, or <application>lire</application>."
8456
msgstr ""
8457
8458
#: serverguide/C/security.xml:827(title)
8459
msgid "Other Tools"
8460
msgstr ""
8461
8462
#: serverguide/C/security.xml:828(para)
8463
msgid ""
8464
"There are many tools available to help you construct a complete firewall "
8465
"without intimate knowledge of iptables. For the GUI-inclined:"
8466
msgstr ""
8467
8468
#: serverguide/C/security.xml:834(para)
8469
msgid ""
8470
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8471
"popular and easy to use."
8472
msgstr ""
8473
8474
#: serverguide/C/security.xml:839(para)
8475
msgid ""
8476
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8477
"and will look familiar to an administrator who has used a commercial "
8478
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8479
msgstr ""
8480
8481
#: serverguide/C/security.xml:845(para)
8482
msgid ""
8483
"If you prefer a command-line tool with plain-text configuration files:"
8484
msgstr ""
8485
8486
#: serverguide/C/security.xml:850(para)
8487
msgid ""
8488
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8489
"powerful solution to help you configure an advanced firewall for any network."
8490
msgstr ""
8491
8492
#: serverguide/C/security.xml:856(para)
8493
msgid ""
8494
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8495
"a working firewall \"out of the box\" with zero configuration, and will "
8496
"allow you to easily set up a more advanced firewall by editing simple, well-"
8497
"documented configuration files."
8498
msgstr ""
8499
8500
#: serverguide/C/security.xml:863(para)
8501
msgid ""
8502
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8503
"designed to be a desktop firewall application. It is made up of a server "
8504
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8505
"like many popular interactive firewall applications for Windows."
8506
msgstr ""
8507
8508
#: serverguide/C/security.xml:875(para)
8509
msgid ""
8510
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8511
"Firewall</ulink> wiki page contains information on the development of "
8512
"<application>ufw</application>."
8513
msgstr ""
8514
8515
#: serverguide/C/security.xml:881(para)
8516
msgid ""
8517
"Also, the <application>ufw</application> manual page contains some very "
8518
"useful information: <command>man ufw</command>."
8519
msgstr ""
8520
8521
#: serverguide/C/security.xml:886(para)
8522
msgid ""
8523
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8524
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8525
"on using <application>iptables</application>."
8526
msgstr ""
8527
8528
#: serverguide/C/security.xml:892(para)
8529
msgid ""
8530
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8531
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8532
msgstr ""
8533
8534
#: serverguide/C/security.xml:898(para)
8535
msgid ""
8536
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8537
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8538
msgstr ""
8539
8540
#: serverguide/C/security.xml:906(title)
8541
msgid "AppArmor"
8542
msgstr ""
8543
8544
#: serverguide/C/security.xml:907(para)
8545
msgid ""
8546
"<application>AppArmor</application> is a Linux Security Module "
8547
"implementation of name-based mandatory access controls. AppArmor confines "
8548
"individual programs to a set of listed files and posix 1003.1e draft "
8549
"capabilities."
8550
msgstr ""
8551
8552
#: serverguide/C/security.xml:911(para)
8553
msgid ""
8554
"<application>AppArmor</application> is installed and loaded by default. It "
8555
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8556
"and permissions the application requires. Some packages will install their "
8557
"own profiles, and additional profiles can be found in the "
8558
"<application>apparmor-profiles</application> package."
8559
msgstr ""
8560
8561
#: serverguide/C/security.xml:916(para)
8562
msgid ""
8563
"To install the <application>apparmor-profiles</application> package from a "
8564
"terminal prompt:"
8565
msgstr ""
8566
8567
#: serverguide/C/security.xml:922(para)
8568
msgid "AppArmor profiles have two modes of execution:"
8569
msgstr ""
8570
8571
#: serverguide/C/security.xml:927(para)
8572
msgid ""
8573
"Complaining/Learning: profile violations are permitted and logged. Useful "
8574
"for testing and developing new profiles."
8575
msgstr ""
8576
8577
#: serverguide/C/security.xml:932(para)
8578
msgid ""
8579
"Enforced/Confined: enforces profile policy as well as logging the violation."
8580
msgstr ""
8581
8582
#: serverguide/C/security.xml:938(title)
8583
msgid "Using AppArmor"
8584
msgstr ""
8585
8586
#: serverguide/C/security.xml:939(para)
8587
msgid ""
8588
"The <application>apparmor-utils</application> package contains command line "
8589
"utilities that you can use to change the <application>AppArmor</application> "
8590
"execution mode, find the status of a profile, create new profiles, etc."
8591
msgstr ""
8592
8593
#: serverguide/C/security.xml:945(para)
8594
msgid ""
8595
"<application>apparmor_status</application> is used to view the current "
8596
"status of AppArmor profiles."
8597
msgstr ""
8598
8599
#: serverguide/C/security.xml:949(command)
8600
msgid "sudo apparmor_status"
8601
msgstr "sudo apparmor_status"
8602
8603
#: serverguide/C/security.xml:953(para)
8604
msgid ""
8605
"<application>aa-complain</application> places a profile into "
8606
"<emphasis>complain</emphasis> mode."
8607
msgstr ""
8608
8609
#: serverguide/C/security.xml:957(command)
8610
msgid "sudo aa-complain /path/to/bin"
8611
msgstr ""
8612
8613
#: serverguide/C/security.xml:961(para)
8614
msgid ""
8615
"<application>aa-enforce</application> places a profile into "
8616
"<emphasis>enforce</emphasis> mode."
8617
msgstr ""
8618
8619
#: serverguide/C/security.xml:965(command)
8620
msgid "sudo aa-enforce /path/to/bin"
8621
msgstr ""
8622
8623
#: serverguide/C/security.xml:969(para)
8624
msgid ""
8625
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8626
"profiles are located. It can be used to manipulate the "
8627
"<emphasis>mode</emphasis> of all profiles."
8628
msgstr ""
8629
8630
#: serverguide/C/security.xml:973(para)
8631
msgid "Enter the following to place all profiles into complain mode:"
8632
msgstr ""
8633
8634
#: serverguide/C/security.xml:977(command)
8635
msgid "sudo aa-complain /etc/apparmor.d/*"
8636
msgstr "sudo aa-complain /etc/apparmor.d/*"
8637
8638
#: serverguide/C/security.xml:979(para)
8639
msgid "To place all profiles in enforce mode:"
8640
msgstr ""
8641
8642
#: serverguide/C/security.xml:983(command)
8643
msgid "sudo aa-enforce /etc/apparmor.d/*"
8644
msgstr "sudo aa-enforce /etc/apparmor.d/*"
8645
8646
#: serverguide/C/security.xml:987(para)
8647
msgid ""
8648
"<application>apparmor_parser</application> is used to load a profile into "
8649
"the kernel. It can also be used to reload a currently loaded profile using "
8650
"the <emphasis>-r</emphasis> option. To load a profile:"
8651
msgstr ""
8652
8653
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8654
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8655
msgstr ""
8656
8657
#: serverguide/C/security.xml:994(para)
8658
msgid "To reload a profile:"
8659
msgstr ""
8660
8661
#: serverguide/C/security.xml:998(command)
8662
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8663
msgstr ""
8664
8665
#: serverguide/C/security.xml:1002(para)
8666
msgid ""
8667
"<filename>/etc/init.d/apparmor</filename> can be used to "
8668
"<emphasis>reload</emphasis> all profiles:"
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8672
msgid "sudo /etc/init.d/apparmor reload"
8673
msgstr "sudo /etc/init.d/apparmor reload"
8674
8675
#: serverguide/C/security.xml:1010(para)
8676
msgid ""
8677
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8678
"with the <application>apparmor_parser -R</application> option to "
8679
"<emphasis>disable</emphasis> a profile."
8680
msgstr ""
8681
8682
#: serverguide/C/security.xml:1015(command)
8683
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8684
msgstr ""
8685
8686
#: serverguide/C/security.xml:1016(command)
8687
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8688
msgstr ""
8689
8690
#: serverguide/C/security.xml:1018(para)
8691
msgid ""
8692
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8693
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8694
"load the profile using the <emphasis>-a</emphasis> option."
8695
msgstr ""
8696
8697
#: serverguide/C/security.xml:1023(command)
8698
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8699
msgstr ""
8700
8701
#: serverguide/C/security.xml:1028(para)
8702
msgid ""
8703
"<application>AppArmor</application> can be disabled, and the kernel module "
8704
"unloaded by entering the following:"
8705
msgstr ""
8706
8707
#: serverguide/C/security.xml:1032(command)
8708
msgid "sudo /etc/init.d/apparmor stop"
8709
msgstr "sudo /etc/init.d/apparmor stop"
8710
8711
#: serverguide/C/security.xml:1033(command)
8712
msgid "sudo update-rc.d -f apparmor remove"
8713
msgstr "sudo update-rc.d -f apparmor remove"
8714
8715
#: serverguide/C/security.xml:1037(para)
8716
msgid "To re-enable <application>AppArmor</application> enter:"
8717
msgstr ""
8718
8719
#: serverguide/C/security.xml:1041(command)
8720
msgid "sudo /etc/init.d/apparmor start"
8721
msgstr "sudo /etc/init.d/apparmor start"
8722
8723
#: serverguide/C/security.xml:1042(command)
8724
msgid "sudo update-rc.d apparmor defaults"
8725
msgstr "sudo update-rc.d apparmor defaults"
8726
8727
#: serverguide/C/security.xml:1047(para)
8728
msgid ""
8729
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8730
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8731
"the actual executable file path. For example for the "
8732
"<application>ping</application> command use <filename>/bin/ping</filename>"
8733
msgstr ""
8734
8735
#: serverguide/C/security.xml:1055(title)
8736
msgid "Profiles"
8737
msgstr "Profiler"
8738
8739
#: serverguide/C/security.xml:1056(para)
8740
msgid ""
8741
"<application>AppArmor</application> profiles are simple text files located "
8742
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8743
"path to the executable they profile replacing the \"/\" with \".\". For "
8744
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8745
"profile for the <filename>/bin/ping</filename> command."
8746
msgstr ""
8747
8748
#: serverguide/C/security.xml:1062(para)
8749
msgid "There are two main type of rules used in profiles:"
8750
msgstr ""
8751
8752
#: serverguide/C/security.xml:1067(para)
8753
msgid ""
8754
"<emphasis>Path entries:</emphasis> which detail which files an application "
8755
"can access in the file system."
8756
msgstr ""
8757
8758
#: serverguide/C/security.xml:1072(para)
8759
msgid ""
8760
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8761
"confined process is allowed to use."
8762
msgstr ""
8763
8764
#: serverguide/C/security.xml:1077(para)
8765
msgid ""
8766
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8767
msgstr ""
8768
8769
#: serverguide/C/security.xml:1080(programlisting)
8770
#, no-wrap
8771
msgid ""
8772
"\n"
8773
"#include <tunables/global>\n"
8774
"/bin/ping flags=(complain) {\n"
8775
" #include <abstractions/base>\n"
8776
" #include <abstractions/consoles>\n"
8777
" #include <abstractions/nameservice>\n"
8778
"\n"
8779
" capability net_raw,\n"
8780
" capability setuid,\n"
8781
" network inet raw,\n"
8782
" \n"
8783
" /bin/ping mixr,\n"
8784
" /etc/modules.conf r,\n"
8785
"}\n"
8786
msgstr ""
8787
8788
#: serverguide/C/security.xml:1097(para)
8789
msgid ""
8790
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8791
"from other files. This allows statements pertaining to multiple applications "
8792
"to be placed in a common file."
8793
msgstr ""
8794
8795
#: serverguide/C/security.xml:1103(para)
8796
msgid ""
8797
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8798
"program, also setting the mode to <emphasis>complain</emphasis>."
8799
msgstr ""
8800
8801
#: serverguide/C/security.xml:1109(para)
8802
msgid ""
8803
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8804
"the CAP_NET_RAW Posix.1e capability."
8805
msgstr ""
8806
8807
#: serverguide/C/security.xml:1114(para)
8808
msgid ""
8809
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8810
"execute access to the file."
8811
msgstr ""
8812
8813
#: serverguide/C/security.xml:1120(para)
8814
msgid ""
8815
"After editing a profile file the profile must be reloaded. See <xref "
8816
"linkend=\"apparmor-usage\"/> for details."
8817
msgstr ""
8818
8819
#: serverguide/C/security.xml:1125(title)
8820
msgid "Creating a Profile"
8821
msgstr ""
8822
8823
#: serverguide/C/security.xml:1128(para)
8824
msgid ""
8825
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8826
"application should be exercised. The test plan should be divided into small "
8827
"test cases. Each test case should have a small description and list the "
8828
"steps to follow."
8829
msgstr ""
8830
8831
#: serverguide/C/security.xml:1132(para)
8832
msgid "Some standard test cases are:"
8833
msgstr ""
8834
8835
#: serverguide/C/security.xml:1137(para)
8836
msgid "Starting the program."
8837
msgstr ""
8838
8839
#: serverguide/C/security.xml:1142(para)
8840
msgid "Stopping the program."
8841
msgstr ""
8842
8843
#: serverguide/C/security.xml:1147(para)
8844
msgid "Reloading the program."
8845
msgstr ""
8846
8847
#: serverguide/C/security.xml:1152(para)
8848
msgid "Testing all the commands supported by the init script."
8849
msgstr ""
8850
8851
#: serverguide/C/security.xml:1159(para)
8852
msgid ""
8853
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8854
"genprof</application> to generate a new profile. From a terminal:"
8855
msgstr ""
8856
8857
#: serverguide/C/security.xml:1164(command)
8858
msgid "sudo aa-genprof executable"
8859
msgstr ""
8860
8861
#: serverguide/C/security.xml:1166(para)
8862
msgid "For example:"
8863
msgstr "For eksempel:"
8864
8865
#: serverguide/C/security.xml:1170(command)
8866
msgid "sudo aa-genprof slapd"
8867
msgstr "sudo aa-genprof slapd"
8868
8869
#: serverguide/C/security.xml:1174(para)
8870
msgid ""
8871
"To get your new profile included in the <application>apparmor-"
8872
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8873
"against the <ulink "
8874
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8875
"/ulink> package:"
8876
msgstr ""
8877
8878
#: serverguide/C/security.xml:1181(para)
8879
msgid "Include your test plan and test cases."
8880
msgstr ""
8881
8882
#: serverguide/C/security.xml:1186(para)
8883
msgid "Attach your new profile to the bug."
8884
msgstr ""
8885
8886
#: serverguide/C/security.xml:1195(title)
8887
msgid "Updating Profiles"
8888
msgstr ""
8889
8890
#: serverguide/C/security.xml:1196(para)
8891
msgid ""
8892
"When the program is misbehaving, audit messages are sent to the log files. "
8893
"The program <application>aa-logprof</application> can be used to scan log "
8894
"files for <application>AppArmor</application> audit messages, review them "
8895
"and update the profiles. From a terminal:"
8896
msgstr ""
8897
8898
#: serverguide/C/security.xml:1201(command)
8899
msgid "sudo aa-logprof"
8900
msgstr "sudo aa-logprof"
8901
8902
#: serverguide/C/security.xml:1209(para)
8903
msgid ""
8904
"See the <ulink "
8905
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8906
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8907
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8908
"configuration options."
8909
msgstr ""
8910
8911
#: serverguide/C/security.xml:1216(para)
8912
msgid ""
8913
"For details using AppArmor with other Ubuntu releases see the <ulink "
8914
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8915
"Wiki</ulink> page."
8916
msgstr ""
8917
8918
#: serverguide/C/security.xml:1224(para)
8919
msgid ""
8920
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8921
"page is another introduction to AppArmor."
8922
msgstr ""
8923
8924
#: serverguide/C/security.xml:1231(para)
8925
msgid ""
8926
"A great place to ask for <application>AppArmor</application> assistance, and "
8927
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8928
"server</emphasis> IRC channel on <ulink "
8929
"url=\"http://freenode.net\">freenode</ulink>."
8930
msgstr ""
8931
8932
#: serverguide/C/security.xml:1241(title)
8933
msgid "Certificates"
8934
msgstr "Certifikater"
8935
8936
#: serverguide/C/security.xml:1242(para)
8937
msgid ""
8938
"One of the most common forms of cryptography today is <emphasis>public-"
8939
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8940
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8941
"system works by <emphasis>encrypting</emphasis> information using the public "
8942
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8943
"the private key."
8944
msgstr ""
8945
8946
#: serverguide/C/security.xml:1248(para)
8947
msgid ""
8948
"A common use for public-key cryptography is encrypting application traffic "
8949
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8950
"connection. For example, configuring Apache to provide "
8951
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8952
"encrypt traffic using a protocol that does not itself provide encryption."
8953
msgstr ""
8954
8955
#: serverguide/C/security.xml:1253(para)
8956
msgid ""
8957
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8958
"<emphasis>public key</emphasis> and other information about a server and the "
8959
"organization who is responsible for it. Certificates can be digitally signed "
8960
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8961
"third party that has confirmed that the information contained in the "
8962
"certificate is accurate."
8963
msgstr ""
8964
8965
#: serverguide/C/security.xml:1260(title)
8966
msgid "Types of Certificates"
8967
msgstr ""
8968
8969
#: serverguide/C/security.xml:1261(para)
8970
msgid ""
8971
"To set up a secure server using public-key cryptography, in most cases, you "
8972
"send your certificate request (including your public key), proof of your "
8973
"company's identity, and payment to a CA. The CA verifies the certificate "
8974
"request and your identity, and then sends back a certificate for your secure "
8975
"server. Alternatively, you can create your own <emphasis>self-"
8976
"signed</emphasis> certificate."
8977
msgstr ""
8978
8979
#: serverguide/C/security.xml:1271(para)
8980
msgid ""
8981
"Note, that self-signed certificates should not be used in most production "
8982
"environments."
8983
msgstr ""
8984
8985
#: serverguide/C/security.xml:1275(para)
8986
msgid ""
8987
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8988
"capabilities that a self-signed certificate does not:"
8989
msgstr ""
8990
8991
#: serverguide/C/security.xml:1282(para)
8992
msgid ""
8993
"Browsers (usually) automatically recognize the certificate and allow a "
8994
"secure connection to be made without prompting the user."
8995
msgstr ""
8996
8997
#: serverguide/C/security.xml:1289(para)
8998
msgid ""
8999
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9000
"the organization that is providing the web pages to the browser."
9001
msgstr ""
9002
9003
#: serverguide/C/security.xml:1297(para)
9004
msgid ""
9005
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9006
"certificates they automatically accept. If a browser encounters a "
9007
"certificate whose authorizing CA is not in the list, the browser asks the "
9008
"user to either accept or decline the connection. Also, other applications "
9009
"may generate an error message when using a self-singed certificate."
9010
msgstr ""
9011
9012
#: serverguide/C/security.xml:1305(para)
9013
msgid ""
9014
"The process of getting a certificate from a CA is fairly easy. A quick "
9015
"overview is as follows:"
9016
msgstr ""
9017
9018
#: serverguide/C/security.xml:1312(para)
9019
msgid "Create a private and public encryption key pair."
9020
msgstr ""
9021
9022
#: serverguide/C/security.xml:1315(para)
9023
msgid ""
9024
"Create a certificate request based on the public key. The certificate "
9025
"request contains information about your server and the company hosting it."
9026
msgstr ""
9027
9028
#: serverguide/C/security.xml:1320(para)
9029
msgid ""
9030
"Send the certificate request, along with documents proving your identity, to "
9031
"a CA. We cannot tell you which certificate authority to choose. Your "
9032
"decision may be based on your past experiences, or on the experiences of "
9033
"your friends or colleagues, or purely on monetary factors."
9034
msgstr ""
9035
9036
#: serverguide/C/security.xml:1326(para)
9037
msgid ""
9038
"Once you have decided upon a CA, you need to follow the instructions they "
9039
"provide on how to obtain a certificate from them."
9040
msgstr ""
9041
9042
#: serverguide/C/security.xml:1331(para)
9043
msgid ""
9044
"When the CA is satisfied that you are indeed who you claim to be, they send "
9045
"you a digital certificate."
9046
msgstr ""
9047
9048
#: serverguide/C/security.xml:1335(para)
9049
msgid ""
9050
"Install this certificate on your secure server, and configure the "
9051
"appropriate applications to use the certificate."
9052
msgstr ""
9053
9054
#: serverguide/C/security.xml:1344(title)
9055
msgid "Generating a Certificate Signing Request (CSR)"
9056
msgstr ""
9057
9058
#: serverguide/C/security.xml:1346(para)
9059
msgid ""
9060
"Whether you are getting a certificate from a CA or generating your own self-"
9061
"signed certificate, the first step is to generate a key."
9062
msgstr ""
9063
9064
#: serverguide/C/security.xml:1351(para)
9065
msgid ""
9066
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9067
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9068
"passphrase allows the services to start without manual intervention, usually "
9069
"the preferred way to start a daemon."
9070
msgstr ""
9071
9072
#: serverguide/C/security.xml:1357(para)
9073
msgid ""
9074
"This section will cover generating a key with a passphrase, and one without. "
9075
"The non-passphrase key will then be used to generate a certificate that can "
9076
"be used with various service daemons."
9077
msgstr ""
9078
9079
#: serverguide/C/security.xml:1363(para)
9080
msgid ""
9081
"Running your secure service without a passphrase is convenient because you "
9082
"will not need to enter the passphrase every time you start your secure "
9083
"service. But it is insecure and a compromise of the key means a compromise "
9084
"of the server as well."
9085
msgstr ""
9086
9087
#: serverguide/C/security.xml:1370(para)
9088
msgid ""
9089
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9090
"Request (CSR) run the following command from a terminal prompt:"
9091
msgstr ""
9092
9093
#: serverguide/C/security.xml:1376(command)
9094
msgid "openssl genrsa -des3 -out server.key 1024"
9095
msgstr ""
9096
9097
#: serverguide/C/security.xml:1379(programlisting)
9098
#, no-wrap
9099
msgid ""
9100
"\n"
9101
"Generating RSA private key, 1024 bit long modulus\n"
9102
".....................++++++\n"
9103
".................++++++\n"
9104
"unable to write 'random state'\n"
9105
"e is 65537 (0x10001)\n"
9106
"Enter pass phrase for server.key:\n"
9107
msgstr ""
9108
9109
#: serverguide/C/security.xml:1388(para)
9110
msgid ""
9111
"You can now enter your passphrase. For best security, it should at least "
9112
"contain eight characters. The minimum length when specifying -des3 is four "
9113
"characters. It should include numbers and/or punctuation and not be a word "
9114
"in a dictionary. Also remember that your passphrase is case-sensitive."
9115
msgstr ""
9116
9117
#: serverguide/C/security.xml:1396(para)
9118
msgid ""
9119
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9120
"server key is generated and stored in the <filename>server.key</filename> "
9121
"file."
9122
msgstr ""
9123
9124
#: serverguide/C/security.xml:1402(para)
9125
msgid ""
9126
"Now create the insecure key, the one without a passphrase, and shuffle the "
9127
"key names:"
9128
msgstr ""
9129
9130
#: serverguide/C/security.xml:1408(command)
9131
msgid "openssl rsa -in server.key -out server.key.insecure"
9132
msgstr ""
9133
9134
#: serverguide/C/security.xml:1409(command)
9135
msgid "mv server.key server.key.secure"
9136
msgstr ""
9137
9138
#: serverguide/C/security.xml:1410(command)
9139
msgid "mv server.key.insecure server.key"
9140
msgstr ""
9141
9142
#: serverguide/C/security.xml:1413(para)
9143
msgid ""
9144
"The insecure key is now named <filename>server.key</filename>, and you can "
9145
"use this file to generate the CSR without passphrase."
9146
msgstr ""
9147
9148
#: serverguide/C/security.xml:1418(para)
9149
msgid "To create the CSR, run the following command at a terminal prompt:"
9150
msgstr ""
9151
9152
#: serverguide/C/security.xml:1423(command)
9153
msgid "openssl req -new -key server.key -out server.csr"
9154
msgstr ""
9155
9156
#: serverguide/C/security.xml:1426(para)
9157
msgid ""
9158
"It will prompt you enter the passphrase. If you enter the correct "
9159
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9160
"etc. Once you enter all these details, your CSR will be created and it will "
9161
"be stored in the <filename>server.csr</filename> file."
9162
msgstr ""
9163
9164
#: serverguide/C/security.xml:1434(para)
9165
msgid ""
9166
"You can now submit this CSR file to a CA for processing. The CA will use "
9167
"this CSR file and issue the certificate. On the other hand, you can create "
9168
"self-signed certificate using this CSR."
9169
msgstr ""
9170
9171
#: serverguide/C/security.xml:1442(title)
9172
msgid "Creating a Self-Signed Certificate"
9173
msgstr ""
9174
9175
#: serverguide/C/security.xml:1443(para)
9176
msgid ""
9177
"To create the self-signed certificate, run the following command at a "
9178
"terminal prompt:"
9179
msgstr ""
9180
9181
#: serverguide/C/security.xml:1448(command)
9182
msgid ""
9183
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9184
"server.crt"
9185
msgstr ""
9186
9187
#: serverguide/C/security.xml:1451(para)
9188
msgid ""
9189
"The above command will prompt you to enter the passphrase. Once you enter "
9190
"the correct passphrase, your certificate will be created and it will be "
9191
"stored in the <filename>server.crt</filename> file."
9192
msgstr ""
9193
9194
#: serverguide/C/security.xml:1456(para)
9195
msgid ""
9196
"If your secure server is to be used in a production environment, you "
9197
"probably need a CA-signed certificate. It is not recommended to use self-"
9198
"signed certificate."
9199
msgstr ""
9200
9201
#: serverguide/C/security.xml:1464(title)
9202
msgid "Installing the Certificate"
9203
msgstr ""
9204
9205
#: serverguide/C/security.xml:1466(para)
9206
msgid ""
9207
"You can install the key file <filename>server.key</filename> and certificate "
9208
"file <filename>server.crt</filename>, or the certificate file issued by your "
9209
"CA, by running following commands at a terminal prompt:"
9210
msgstr ""
9211
9212
#: serverguide/C/security.xml:1472(command)
9213
msgid "sudo cp server.crt /etc/ssl/certs"
9214
msgstr "sudo cp server.crt /etc/ssl/certs"
9215
9216
#: serverguide/C/security.xml:1473(command)
9217
msgid "sudo cp server.key /etc/ssl/private"
9218
msgstr "sudo cp server.key /etc/ssl/private"
9219
9220
#: serverguide/C/security.xml:1475(para)
9221
msgid ""
9222
"Now simply configure any applications, with the ability to use public-key "
9223
"cryptography, to use the <emphasis>certificate</emphasis> and "
9224
"<emphasis>key</emphasis> files. For example, "
9225
"<application>Apache</application> can provide HTTPS, "
9226
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9227
msgstr ""
9228
9229
#: serverguide/C/security.xml:1482(title)
9230
msgid "Certification Authority"
9231
msgstr ""
9232
9233
#: serverguide/C/security.xml:1484(para)
9234
msgid ""
9235
"If the services on your network require more than a few self-signed "
9236
"certificates it may be worth the additional effort to setup your own "
9237
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9238
"certificates signed by your own CA, allows the various services using the "
9239
"certificates to easily trust other services using certificates issued from "
9240
"the same CA."
9241
msgstr ""
9242
9243
#: serverguide/C/security.xml:1494(para)
9244
msgid ""
9245
"First, create the directories to hold the CA certificate and related files:"
9246
msgstr ""
9247
9248
#: serverguide/C/security.xml:1499(command)
9249
msgid "sudo mkdir /etc/ssl/CA"
9250
msgstr "sudo mkdir /etc/ssl/CA"
9251
9252
#: serverguide/C/security.xml:1500(command)
9253
msgid "sudo mkdir /etc/ssl/newcerts"
9254
msgstr ""
9255
9256
#: serverguide/C/security.xml:1506(para)
9257
msgid ""
9258
"The CA needs a few additional files to operate, one to keep track of the "
9259
"last serial number used by the CA, each certificate must have a unique "
9260
"serial number, and another file to record which certificates have been "
9261
"issued:"
9262
msgstr ""
9263
9264
#: serverguide/C/security.xml:1513(command)
9265
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9266
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9267
9268
#: serverguide/C/security.xml:1514(command)
9269
msgid "sudo touch /etc/ssl/CA/index.txt"
9270
msgstr ""
9271
9272
#: serverguide/C/security.xml:1520(para)
9273
msgid ""
9274
"The third file is a CA configuration file. Though not strictly necessary, it "
9275
"is very convenient when issuing multiple certificates. Edit "
9276
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9277
"]</emphasis> change:"
9278
msgstr ""
9279
9280
#: serverguide/C/security.xml:1526(programlisting)
9281
#, no-wrap
9282
msgid ""
9283
"\n"
9284
"dir = /etc/ssl/ # Where everything is kept\n"
9285
"database = $dir/CA/index.txt # database index file.\n"
9286
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9287
"serial = $dir/CA/serial # The current serial number\n"
9288
"private_key = $dir/private/cakey.pem# The private key\n"
9289
msgstr ""
9290
9291
#: serverguide/C/security.xml:1537(para)
9292
msgid "Next, create the self-singed root certificate:"
9293
msgstr ""
9294
9295
#: serverguide/C/security.xml:1542(command)
9296
msgid ""
9297
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9298
"days 3650"
9299
msgstr ""
9300
9301
#: serverguide/C/security.xml:1545(para)
9302
msgid "You will then be asked to enter the details about the certificate."
9303
msgstr ""
9304
9305
#: serverguide/C/security.xml:1552(para)
9306
msgid "Now install the root certificate and key:"
9307
msgstr ""
9308
9309
#: serverguide/C/security.xml:1557(command)
9310
msgid "sudo mv cakey.pem /etc/ssl/private/"
9311
msgstr ""
9312
9313
#: serverguide/C/security.xml:1558(command)
9314
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9315
msgstr ""
9316
9317
#: serverguide/C/security.xml:1564(para)
9318
msgid ""
9319
"You are now ready to start signing certificates. The first item needed is a "
9320
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9321
"for details. Once you have a CSR, enter the following to generate a "
9322
"certificate signed by the CA:"
9323
msgstr ""
9324
9325
#: serverguide/C/security.xml:1571(command)
9326
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9327
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9328
9329
#: serverguide/C/security.xml:1574(para)
9330
msgid ""
9331
"After entering the password for the CA key, you will be prompted to sign the "
9332
"certificate, and again to commit the new certificate. You should then see a "
9333
"somewhat large amount of output related to the certificate creation."
9334
msgstr ""
9335
9336
#: serverguide/C/security.xml:1583(para)
9337
msgid ""
9338
"There should now be a new file, "
9339
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9340
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9341
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9342
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9343
"the server where the certificate will be installed. For example "
9344
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9345
msgstr ""
9346
9347
#: serverguide/C/security.xml:1591(para)
9348
msgid ""
9349
"Subsequent certificates will be named <filename>02.pem</filename>, "
9350
"<filename>03.pem</filename>, etc."
9351
msgstr ""
9352
9353
#: serverguide/C/security.xml:1596(para)
9354
msgid ""
9355
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9356
"name."
9357
msgstr ""
9358
9359
#: serverguide/C/security.xml:1604(para)
9360
msgid ""
9361
"Finally, copy the new certificate to the host that needs it, and configure "
9362
"the appropriate applications to use it. The default location to install "
9363
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9364
"enables multiple services to use the same certificate without overly "
9365
"complicated file permissions."
9366
msgstr ""
9367
9368
#: serverguide/C/security.xml:1610(para)
9369
msgid ""
9370
"For applications that can be configured to use a CA certificate, you should "
9371
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9372
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9373
"server."
9374
msgstr ""
9375
9376
#: serverguide/C/security.xml:1624(para)
9377
msgid ""
9378
"For more detailed instructions on using cryptography see the <ulink "
9379
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9380
"Certificates HOWTO</ulink> by tlpd.org"
9381
msgstr ""
9382
9383
#: serverguide/C/security.xml:1630(para)
9384
msgid ""
9385
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9386
"of Certificate Authorities."
9387
msgstr ""
9388
9389
#: serverguide/C/security.xml:1635(para)
9390
msgid ""
9391
"The Wikipedia <ulink "
9392
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9393
"information regarding HTTPS."
9394
msgstr ""
9395
9396
#: serverguide/C/security.xml:1640(para)
9397
msgid ""
9398
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9399
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9400
msgstr ""
9401
9402
#: serverguide/C/security.xml:1645(para)
9403
msgid ""
9404
"Also, O'Reilly's <ulink "
9405
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9406
"OpenSSL</ulink> is a good in depth reference."
9407
msgstr ""
9408
9409
#: serverguide/C/security.xml:1654(title)
9410
msgid "eCryptfs"
9411
msgstr ""
9412
9413
#: serverguide/C/security.xml:1656(para)
9414
msgid ""
9415
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9416
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9417
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9418
"filesystem, partition type, etc."
9419
msgstr ""
9420
9421
#: serverguide/C/security.xml:1662(para)
9422
msgid ""
9423
"During installation there is an option to encrypt the <filename "
9424
"role=\"directory\">/home</filename> partition. This will automatically "
9425
"configure everything needed to encrypt and mount the partition."
9426
msgstr ""
9427
9428
#: serverguide/C/security.xml:1667(para)
9429
msgid ""
9430
"As an example, this section will cover configuring <filename "
9431
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9432
msgstr ""
9433
9434
#: serverguide/C/security.xml:1672(title)
9435
msgid "Using eCryptfs"
9436
msgstr ""
9437
9438
#: serverguide/C/security.xml:1674(para)
9439
msgid "First, install the necessary packages. From a terminal prompt enter:"
9440
msgstr ""
9441
9442
#: serverguide/C/security.xml:1679(command)
9443
msgid "sudo apt-get install ecryptfs-utils"
9444
msgstr "sudo apt-get install ecryptfs-utils"
9445
9446
#: serverguide/C/security.xml:1682(para)
9447
msgid "Now mount the partition to be encrypted:"
9448
msgstr ""
9449
9450
#: serverguide/C/security.xml:1687(command)
9451
msgid "sudo mount -t ecryptfs /srv /srv"
9452
msgstr "sudo mount -t ecryptfs /srv /srv"
9453
9454
#: serverguide/C/security.xml:1690(para)
9455
msgid ""
9456
"You will then be prompted for some details on how "
9457
"<application>ecryptfs</application> should encrypt the data."
9458
msgstr ""
9459
9460
#: serverguide/C/security.xml:1694(para)
9461
msgid ""
9462
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9463
"copy the <filename>/etc/default</filename> folder to "
9464
"<filename>/srv</filename>:"
9465
msgstr ""
9466
9467
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9468
msgid "sudo cp -r /etc/default /srv"
9469
msgstr "sudo cp -r /etc/default /srv"
9470
9471
#: serverguide/C/security.xml:1703(para)
9472
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9473
msgstr ""
9474
9475
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9476
msgid "sudo umount /srv"
9477
msgstr "sudo umount /srv"
9478
9479
#: serverguide/C/security.xml:1709(command)
9480
msgid "cat /srv/default/cron"
9481
msgstr ""
9482
9483
#: serverguide/C/security.xml:1712(para)
9484
msgid ""
9485
"Remounting <filename>/srv</filename> using "
9486
"<application>ecryptfs</application> will make the data viewable once again."
9487
msgstr ""
9488
9489
#: serverguide/C/security.xml:1718(title)
9490
msgid "Automatically Mounting Encrypted Partitions"
9491
msgstr ""
9492
9493
#: serverguide/C/security.xml:1720(para)
9494
msgid ""
9495
"There are a couple of ways to automatically mount an "
9496
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9497
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9498
"mount options, along with a passphrase file residing on a USB key."
9499
msgstr ""
9500
9501
#: serverguide/C/security.xml:1726(para)
9502
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9503
msgstr ""
9504
9505
#: serverguide/C/security.xml:1730(programlisting)
9506
#, no-wrap
9507
msgid ""
9508
"\n"
9509
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9510
"ecryptfs_sig=5826dd62cf81c615\n"
9511
"ecryptfs_cipher=aes\n"
9512
"ecryptfs_key_bytes=16\n"
9513
"ecryptfs_passthrough=n\n"
9514
"ecryptfs_enable_filename_crypto=n\n"
9515
msgstr ""
9516
9517
#: serverguide/C/security.xml:1740(para)
9518
msgid ""
9519
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9520
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9521
msgstr ""
9522
9523
#: serverguide/C/security.xml:1745(para)
9524
msgid ""
9525
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9526
"file:"
9527
msgstr ""
9528
9529
#: serverguide/C/security.xml:1749(programlisting)
9530
#, no-wrap
9531
msgid ""
9532
"\n"
9533
"passphrase_passwd=[secrets]\n"
9534
msgstr ""
9535
9536
#: serverguide/C/security.xml:1753(para)
9537
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9538
msgstr ""
9539
9540
#: serverguide/C/security.xml:1757(programlisting)
9541
#, no-wrap
9542
msgid ""
9543
"\n"
9544
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9545
"/srv /srv ecryptfs defaults 0 0\n"
9546
msgstr ""
9547
9548
#: serverguide/C/security.xml:1762(para)
9549
msgid "Make sure the USB drive is mounted before the encrypted partition."
9550
msgstr ""
9551
9552
#: serverguide/C/security.xml:1766(para)
9553
msgid ""
9554
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9555
"ecryptfs."
9556
msgstr ""
9557
9558
#: serverguide/C/security.xml:1774(para)
9559
msgid ""
9560
"The <application>ecryptfs-utils</application> package includes several other "
9561
"useful utilities:"
9562
msgstr ""
9563
9564
#: serverguide/C/security.xml:1780(para)
9565
msgid ""
9566
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9567
"<filename>~/Private</filename> directory to contain encrypted information. "
9568
"This utility can be run by unprivileged users to keep data private from "
9569
"other users on the system."
9570
msgstr ""
9571
9572
#: serverguide/C/security.xml:1787(para)
9573
msgid ""
9574
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9575
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9576
"directory."
9577
msgstr ""
9578
9579
#: serverguide/C/security.xml:1793(para)
9580
msgid ""
9581
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9582
"kernel keyring."
9583
msgstr ""
9584
9585
#: serverguide/C/security.xml:1798(para)
9586
msgid ""
9587
"<emphasis>ecryptfs-manager:</emphasis> manages "
9588
"<application>eCryptfs</application> objects such as keys."
9589
msgstr ""
9590
9591
#: serverguide/C/security.xml:1803(para)
9592
msgid ""
9593
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9594
"<application>ecryptfs</application> meta information for a file."
9595
msgstr ""
9596
9597
#: serverguide/C/security.xml:1816(para)
9598
msgid ""
9599
"For more information on eCryptfs see the <ulink "
9600
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9601
msgstr ""
9602
9603
#: serverguide/C/security.xml:1821(para)
9604
msgid ""
9605
"There is also a <ulink "
9606
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9607
"article covering eCryptfs."
9608
msgstr ""
9609
9610
#: serverguide/C/security.xml:1826(para)
9611
msgid ""
9612
"Also, for more <application>ecryptfs</application> options see the <ulink "
9613
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9614
"ecryptfs man page</ulink>."
9615
msgstr ""
9616
9617
#: serverguide/C/security.xml:1832(para)
9618
msgid ""
9619
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9620
"Ubuntu Wiki</ulink> page also has more details."
9621
msgstr ""
9622
9623
#: serverguide/C/reporting-bugs.xml:13(title)
9624
msgid "Appendix"
9625
msgstr ""
9626
9627
#: serverguide/C/reporting-bugs.xml:16(title)
9628
msgid "Reporting Bugs in Ubuntu Server Edition"
9629
msgstr ""
9630
9631
#: serverguide/C/reporting-bugs.xml:18(para)
9632
msgid ""
9633
"While the Ubuntu Project attempts to release software with as few bugs as "
9634
"possible, they do occur. You can help fix these bugs by reporting ones that "
9635
"you find to the project. The Ubuntu Project uses <ulink "
9636
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9637
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9638
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9639
"account</ulink>."
9640
msgstr ""
9641
9642
#: serverguide/C/reporting-bugs.xml:30(title)
9643
msgid "Reporting Bugs With ubuntu-bug"
9644
msgstr ""
9645
9646
#: serverguide/C/reporting-bugs.xml:32(para)
9647
msgid ""
9648
"The preferred way to report a bug is with the <application>ubuntu-"
9649
"bug</application> command. The ubuntu-bug tool gathers information about the "
9650
"system useful to developers in diagnosing the reported problem that will "
9651
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9652
"need to be filed against a specific software package, thus the name of the "
9653
"package that the bug occurs in needs to be given to ubuntu-bug:"
9654
msgstr ""
9655
9656
#: serverguide/C/reporting-bugs.xml:43(command)
9657
msgid "ubuntu-bug PACKAGENAME"
9658
msgstr ""
9659
9660
#: serverguide/C/reporting-bugs.xml:46(para)
9661
msgid ""
9662
"For example, to file a bug against the openssh-server package, you would do:"
9663
msgstr ""
9664
9665
#: serverguide/C/reporting-bugs.xml:51(command)
9666
msgid "ubuntu-bug openssh-server"
9667
msgstr ""
9668
9669
#: serverguide/C/reporting-bugs.xml:54(para)
9670
msgid ""
9671
"You can specify either a binary package or the source package for ubuntu-"
9672
"bug. Again using openssh-server as an example, you could also generate the "
9673
"report against the source package for openssh-server, openssh:"
9674
msgstr ""
9675
9676
#: serverguide/C/reporting-bugs.xml:62(command)
9677
msgid "ubuntu-bug openssh"
9678
msgstr ""
9679
9680
#: serverguide/C/reporting-bugs.xml:66(para)
9681
msgid ""
9682
"See <xref linkend=\"package-management\"/> for more information about "
9683
"packages in Ubuntu."
9684
msgstr ""
9685
9686
#: serverguide/C/reporting-bugs.xml:72(para)
9687
msgid ""
9688
"The ubuntu-bug command will gather information about the system in question, "
9689
"possibly including information specific to the specified package, and then "
9690
"ask you what you would like to do with collected information:"
9691
msgstr ""
9692
9693
#: serverguide/C/reporting-bugs.xml:80(command)
9694
msgid "ubuntu-bug postgresql"
9695
msgstr ""
9696
9697
#: serverguide/C/reporting-bugs.xml:79(screen)
9698
#, no-wrap
9699
msgid ""
9700
"\n"
9701
"<placeholder-1/>\n"
9702
"\n"
9703
"*** Collecting problem information\n"
9704
"\n"
9705
"The collected information can be sent to the developers to improve the\n"
9706
"application. This might take a few minutes.\n"
9707
"..........\n"
9708
"\n"
9709
"*** Send problem report to the developers?\n"
9710
"\n"
9711
"After the problem report has been sent, please fill out the form in the\n"
9712
"automatically opened web browser.\n"
9713
"\n"
9714
"What would you like to do? Your options are:\n"
9715
" S: Send report (1.7 KiB)\n"
9716
" V: View report\n"
9717
" K: Keep report file for sending later or copying to somewhere else\n"
9718
" C: Cancel\n"
9719
"Please choose (S/V/K/C):\n"
9720
msgstr ""
9721
9722
#: serverguide/C/reporting-bugs.xml:101(para)
9723
msgid "The options available are:"
9724
msgstr ""
9725
9726
#: serverguide/C/reporting-bugs.xml:108(para)
9727
msgid ""
9728
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9729
"the collected information to Launchpad as part of the the process of filing "
9730
"a bug report. You will be given the opportunity to describe the situation "
9731
"that led up to the occurrence of the bug."
9732
msgstr ""
9733
9734
#: serverguide/C/reporting-bugs.xml:115(screen)
9735
#, no-wrap
9736
msgid ""
9737
"\n"
9738
"*** Uploading problem information\n"
9739
"\n"
9740
"The collected information is being sent to the bug tracking system.\n"
9741
"This might take a few minutes.\n"
9742
"91%\n"
9743
"\n"
9744
"*** To continue, you must visit the following URL:\n"
9745
"\n"
9746
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9747
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9748
"\n"
9749
"You can launch a browser now, or copy this URL into a browser on another\n"
9750
"computer.\n"
9751
"\n"
9752
"Choices:\n"
9753
" 1: Launch a browser now\n"
9754
" C: Cancel\n"
9755
"Please choose (1/C):\n"
9756
msgstr ""
9757
9758
#: serverguide/C/reporting-bugs.xml:135(para)
9759
msgid ""
9760
"If you choose to start a browser, by default the text based web browser "
9761
"<application>w3m</application> will be used to finish filing the bug report. "
9762
"Alternately, you can copy the given URL to a currently running web browser."
9763
msgstr ""
9764
9765
#: serverguide/C/reporting-bugs.xml:144(para)
9766
msgid ""
9767
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9768
"the collected information to be displayed to the terminal for review."
9769
msgstr ""
9770
9771
#: serverguide/C/reporting-bugs.xml:150(screen)
9772
#, no-wrap
9773
msgid ""
9774
"\n"
9775
"Package: postgresql 8.4.2-2\n"
9776
"PackageArchitecture: all\n"
9777
"Tags: lucid\n"
9778
"ProblemType: Bug\n"
9779
"ProcEnviron:\n"
9780
" LANG=en_US.UTF-8\n"
9781
" SHELL=/bin/bash\n"
9782
"Uname: Linux 2.6.32-16-server x86_64\n"
9783
"Dependencies:\n"
9784
" adduser 3.112ubuntu1\n"
9785
" base-files 5.0.0ubuntu10\n"
9786
" base-passwd 3.5.22\n"
9787
" coreutils 7.4-2ubuntu2\n"
9788
"...\n"
9789
msgstr ""
9790
9791
#: serverguide/C/reporting-bugs.xml:167(para)
9792
msgid ""
9793
"After viewing the report, you will be brought back to the same menu asking "
9794
"what you would like to do with the report."
9795
msgstr ""
9796
9797
#: serverguide/C/reporting-bugs.xml:174(para)
9798
msgid ""
9799
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9800
"File causes the gathered information to be written to a file. This file can "
9801
"then be used to later file a bug report or transferred to a different Ubuntu "
9802
"system for reporting. To submit the report file, simply give it as an "
9803
"argument to the ubuntu-bug command:"
9804
msgstr ""
9805
9806
#: serverguide/C/reporting-bugs.xml:189(userinput)
9807
#, no-wrap
9808
msgid "k"
9809
msgstr ""
9810
9811
#: serverguide/C/reporting-bugs.xml:192(command)
9812
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9813
msgstr ""
9814
9815
#: serverguide/C/reporting-bugs.xml:183(screen)
9816
#, no-wrap
9817
msgid ""
9818
"\n"
9819
"What would you like to do? Your options are:\n"
9820
" S: Send report (1.7 KiB)\n"
9821
" V: View report\n"
9822
" K: Keep report file for sending later or copying to somewhere else\n"
9823
" C: Cancel\n"
9824
"Please choose (S/V/K/C): <placeholder-1/>\n"
9825
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9826
"\n"
9827
"<placeholder-2/>\n"
9828
"\n"
9829
"*** Send problem report to the developers?\n"
9830
"...\n"
9831
msgstr ""
9832
9833
#: serverguide/C/reporting-bugs.xml:200(para)
9834
msgid ""
9835
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9836
"collected information to be discarded."
9837
msgstr ""
9838
9839
#: serverguide/C/reporting-bugs.xml:210(title)
9840
msgid "Reporting Application Crashes"
9841
msgstr ""
9842
9843
#: serverguide/C/reporting-bugs.xml:212(para)
9844
msgid ""
9845
"The software package that provides the ubuntu-bug utility, "
9846
"<application>apport</application>, can be configured to trigger when "
9847
"applications crash. This is disabled by default, as capturing a crash can be "
9848
"resource intensive depending on how much memory the application that crashed "
9849
"was using as apport captures and processes the core dump."
9850
msgstr ""
9851
9852
#: serverguide/C/reporting-bugs.xml:221(para)
9853
msgid ""
9854
"Configuring apport to capture information about crashing applications "
9855
"requires a couple of steps. First, <application>gdb</application> needs to "
9856
"be installed; it is not installed by default in Ubuntu Server Edition."
9857
msgstr ""
9858
9859
#: serverguide/C/reporting-bugs.xml:229(command)
9860
msgid "sudo apt-get install gdb"
9861
msgstr ""
9862
9863
#: serverguide/C/reporting-bugs.xml:232(para)
9864
msgid ""
9865
"See <xref linkend=\"package-management\"/> for more information about "
9866
"managing packages in Ubuntu."
9867
msgstr ""
9868
9869
#: serverguide/C/reporting-bugs.xml:237(para)
9870
msgid ""
9871
"Once you have ensured that gdb is installed, open the file "
9872
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9873
"<emphasis>enabled</emphasis> setting to be <emphasis "
9874
"role=\"bold\">1</emphasis> like so:"
9875
msgstr ""
9876
9877
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9878
#, no-wrap
9879
msgid ""
9880
"\n"
9881
"# set this to 0 to disable apport, or to 1 to enable it\n"
9882
"# you can temporarily override this with\n"
9883
"# sudo service apport start force_start=1\n"
9884
"enabled=<userinput>1</userinput>\n"
9885
"\n"
9886
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9887
"maxsize=209715200\n"
9888
msgstr ""
9889
9890
#: serverguide/C/reporting-bugs.xml:254(para)
9891
msgid ""
9892
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9893
"start the apport service:"
9894
msgstr ""
9895
9896
#: serverguide/C/reporting-bugs.xml:261(command)
9897
msgid "sudo start apport"
9898
msgstr ""
9899
9900
#: serverguide/C/reporting-bugs.xml:264(para)
9901
msgid ""
9902
"After an application crashes, use the <application>apport-cli</application> "
9903
"command to search for the existing saved crash report information:"
9904
msgstr ""
9905
9906
#: serverguide/C/reporting-bugs.xml:271(command)
9907
msgid "apport-cli"
9908
msgstr ""
9909
9910
#: serverguide/C/reporting-bugs.xml:270(screen)
9911
#, no-wrap
9912
msgid ""
9913
"\n"
9914
"<placeholder-1/>\n"
9915
"\n"
9916
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9917
"\n"
9918
"If you were not doing anything confidential (entering passwords or other\n"
9919
"private information), you can help to improve the application by\n"
9920
"reporting\n"
9921
"the problem.\n"
9922
"\n"
9923
"What would you like to do? Your options are:\n"
9924
" R: Report Problem...\n"
9925
" I: Cancel and ignore future crashes of this program version\n"
9926
" C: Cancel\n"
9927
"Please choose (R/I/C):\n"
9928
msgstr ""
9929
9930
#: serverguide/C/reporting-bugs.xml:287(para)
9931
msgid ""
9932
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9933
"steps as when using ubuntu-bug. One important difference is that a crash "
9934
"report will be marked as private when filed on Launchpad, meaning that it "
9935
"will be visible to only a limited set of bug triagers. These triagers will "
9936
"review the gathered data for private information before making the bug "
9937
"report publicly visible."
9938
msgstr ""
9939
9940
#: serverguide/C/reporting-bugs.xml:307(para)
9941
msgid ""
9942
"See the <ulink "
9943
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9944
"Bugs</ulink> Ubuntu wiki page."
9945
msgstr ""
9946
9947
#: serverguide/C/reporting-bugs.xml:313(para)
9948
msgid ""
9949
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9950
"has some useful information. Though some of it pertains to using a GUI."
9951
msgstr ""
9952
9953
#: serverguide/C/remote-administration.xml:13(title)
9954
msgid "Remote Administration"
9955
msgstr ""
9956
9957
#: serverguide/C/remote-administration.xml:14(para)
9958
msgid ""
9959
"There are many ways to remotely administer a Linux server. This chapter will "
9960
"cover one of the most popular <application>OpenSSH</application>."
9961
msgstr ""
9962
9963
#: serverguide/C/remote-administration.xml:22(para)
9964
msgid ""
9965
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9966
"tools for the remote control of networked computers and transfer of data "
9967
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9968
"also learn about some of the configuration settings possible with the "
9969
"OpenSSH server application and how to change them on your Ubuntu system."
9970
msgstr ""
9971
9972
#: serverguide/C/remote-administration.xml:29(para)
9973
msgid ""
9974
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9975
"family of tools for remotely controlling a computer or transferring files "
9976
"between computers. Traditional tools used to accomplish these functions, "
9977
"such as <application>telnet</application> or <application>rcp</application>, "
9978
"are insecure and transmit the user's password in cleartext when used. "
9979
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9980
"encrypted remote control and file transfer operations, effectively replacing "
9981
"the legacy tools."
9982
msgstr ""
9983
9984
#: serverguide/C/remote-administration.xml:38(para)
9985
msgid ""
9986
"The OpenSSH server component, <application>sshd</application>, listens "
9987
"continuously for client connections from any of the client tools. When a "
9988
"connection request occurs, <application>sshd</application> sets up the "
9989
"correct connection depending on the type of client tool connecting. For "
9990
"example, if the remote computer is connecting with the "
9991
"<application>ssh</application> client application, the OpenSSH server sets "
9992
"up a remote control session after authentication. If a remote user connects "
9993
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9994
"daemon initiates a secure copy of files between the server and client after "
9995
"authentication. OpenSSH can use many authentication methods, including plain "
9996
"password, public key, and <application>Kerberos</application> tickets."
9997
msgstr ""
9998
9999
#: serverguide/C/remote-administration.xml:52(para)
10000
msgid ""
10001
"Installation of the OpenSSH client and server applications is simple. To "
10002
"install the OpenSSH client applications on your Ubuntu system, use this "
10003
"command at a terminal prompt:"
10004
msgstr ""
10005
10006
#: serverguide/C/remote-administration.xml:58(command)
10007
msgid "sudo apt-get install openssh-client"
10008
msgstr "sudo apt-get install openssh-client"
10009
10010
#: serverguide/C/remote-administration.xml:60(para)
10011
msgid ""
10012
"To install the OpenSSH server application, and related support files, use "
10013
"this command at a terminal prompt:"
10014
msgstr ""
10015
10016
#: serverguide/C/remote-administration.xml:65(command)
10017
msgid "sudo apt-get install openssh-server"
10018
msgstr "sudo apt-get install openssh-server"
10019
10020
#: serverguide/C/remote-administration.xml:67(para)
10021
msgid ""
10022
"The <application>openssh-server</application> package can also be selected "
10023
"to install during the Server Edition installation process."
10024
msgstr ""
10025
10026
#: serverguide/C/remote-administration.xml:74(para)
10027
msgid ""
10028
"You may configure the default behavior of the OpenSSH server application, "
10029
"<application>sshd</application>, by editing the file "
10030
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10031
"configuration directives used in this file, you may view the appropriate "
10032
"manual page with the following command, issued at a terminal prompt:"
10033
msgstr ""
10034
10035
#: serverguide/C/remote-administration.xml:82(command)
10036
msgid "man sshd_config"
10037
msgstr ""
10038
10039
#: serverguide/C/remote-administration.xml:84(para)
10040
msgid ""
10041
"There are many directives in the <application>sshd</application> "
10042
"configuration file controlling such things as communication settings and "
10043
"authentication modes. The following are examples of configuration directives "
10044
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10045
"file."
10046
msgstr ""
10047
10048
#: serverguide/C/remote-administration.xml:91(para)
10049
msgid ""
10050
"Prior to editing the configuration file, you should make a copy of the "
10051
"original file and protect it from writing so you will have the original "
10052
"settings as a reference and to reuse as necessary."
10053
msgstr ""
10054
10055
#: serverguide/C/remote-administration.xml:95(para)
10056
msgid ""
10057
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10058
"writing with the following commands, issued at a terminal prompt:"
10059
msgstr ""
10060
10061
#: serverguide/C/remote-administration.xml:100(command)
10062
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10063
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10064
10065
#: serverguide/C/remote-administration.xml:101(command)
10066
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10067
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
10068
10069
#: serverguide/C/remote-administration.xml:103(para)
10070
msgid ""
10071
"The following are examples of configuration directives you may change:"
10072
msgstr ""
10073
10074
#: serverguide/C/remote-administration.xml:108(para)
10075
msgid ""
10076
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10077
"port 22, change the Port directive as such:"
10078
msgstr ""
10079
10080
#: serverguide/C/remote-administration.xml:112(para)
10081
msgid "Port 2222"
10082
msgstr ""
10083
10084
#: serverguide/C/remote-administration.xml:117(para)
10085
msgid ""
10086
"To have <application>sshd</application> allow public key-based login "
10087
"credentials, simply add or modify the line:"
10088
msgstr ""
10089
10090
#: serverguide/C/remote-administration.xml:121(para)
10091
msgid "PubkeyAuthentication yes"
10092
msgstr ""
10093
10094
#: serverguide/C/remote-administration.xml:124(para)
10095
msgid ""
10096
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10097
"present, ensure the line is not commented out."
10098
msgstr ""
10099
10100
#: serverguide/C/remote-administration.xml:130(para)
10101
msgid ""
10102
"To make your OpenSSH server display the contents of the "
10103
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10104
"or modify the line:"
10105
msgstr ""
10106
10107
#: serverguide/C/remote-administration.xml:135(para)
10108
msgid "Banner /etc/issue.net"
10109
msgstr ""
10110
10111
#: serverguide/C/remote-administration.xml:138(para)
10112
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10113
msgstr ""
10114
10115
#: serverguide/C/remote-administration.xml:143(para)
10116
msgid ""
10117
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10118
"save the file, and restart the <application>sshd</application> server "
10119
"application to effect the changes using the following command at a terminal "
10120
"prompt:"
10121
msgstr ""
10122
10123
#: serverguide/C/remote-administration.xml:152(para)
10124
msgid ""
10125
"Many other configuration directives for <application>sshd</application> are "
10126
"available for changing the server application's behavior to fit your needs. "
10127
"Be advised, however, if your only method of access to a server is "
10128
"<application>ssh</application>, and you make a mistake in configuring "
10129
"<application>sshd</application> via the "
10130
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10131
"out of the server upon restarting it, or that the "
10132
"<application>sshd</application> server refuses to start due to an incorrect "
10133
"configuration directive, so be extra careful when editing this file on a "
10134
"remote server."
10135
msgstr ""
10136
10137
#: serverguide/C/remote-administration.xml:167(title)
10138
msgid "SSH Keys"
10139
msgstr "SSH-nøgler"
10140
10141
#: serverguide/C/remote-administration.xml:168(para)
10142
msgid ""
10143
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10144
"the need of a password. SSH key authentication uses two keys a "
10145
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10146
msgstr ""
10147
10148
#: serverguide/C/remote-administration.xml:172(para)
10149
msgid "To generate the keys, from a terminal prompt enter:"
10150
msgstr ""
10151
10152
#: serverguide/C/remote-administration.xml:176(command)
10153
msgid "ssh-keygen -t dsa"
10154
msgstr ""
10155
10156
#: serverguide/C/remote-administration.xml:178(para)
10157
msgid ""
10158
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10159
"identity of the user. During the process you will be prompted for a "
10160
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10161
"key."
10162
msgstr ""
10163
10164
#: serverguide/C/remote-administration.xml:182(para)
10165
msgid ""
10166
"By default the <emphasis>public</emphasis> key is saved in the file "
10167
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10168
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10169
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10170
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10171
msgstr ""
10172
10173
#: serverguide/C/remote-administration.xml:188(command)
10174
msgid "ssh-copy-id username@remotehost"
10175
msgstr ""
10176
10177
#: serverguide/C/remote-administration.xml:190(para)
10178
msgid ""
10179
"Finally, double check the permissions on the "
10180
"<filename>authorized_keys</filename> file, only the authenticated user "
10181
"should have read and write permissions. If the permissions are not correct "
10182
"change them by:"
10183
msgstr ""
10184
10185
#: serverguide/C/remote-administration.xml:195(command)
10186
msgid "chmod 600 .ssh/authorized_keys"
10187
msgstr ""
10188
10189
#: serverguide/C/remote-administration.xml:197(para)
10190
msgid ""
10191
"You should now be able to SSH to the host without being prompted for a "
10192
"password."
10193
msgstr ""
10194
10195
#: serverguide/C/remote-administration.xml:206(para)
10196
msgid ""
10197
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10198
"page."
10199
msgstr ""
10200
10201
#: serverguide/C/remote-administration.xml:212(ulink)
10202
msgid "OpenSSH Website"
10203
msgstr ""
10204
10205
#: serverguide/C/remote-administration.xml:217(ulink)
10206
msgid "Advanced OpenSSH Wiki Page"
10207
msgstr ""
10208
10209
#: serverguide/C/package-management.xml:13(title)
10210
msgid "Package Management"
10211
msgstr "Pakkehåndtering"
10212
10213
#: serverguide/C/package-management.xml:14(para)
10214
msgid ""
10215
"Ubuntu features a comprehensive package management system for the "
10216
"installation, upgrade, configuration, and removal of software. In addition "
10217
"to providing access to an organized base of over 24,000 software packages "
10218
"for your Ubuntu computer, the package management facilities also feature "
10219
"dependency resolution capabilities and software update checking."
10220
msgstr ""
10221
10222
#: serverguide/C/package-management.xml:16(para)
10223
msgid ""
10224
"Several tools are available for interacting with Ubuntu's package management "
10225
"system, from simple command-line utilities which may be easily automated by "
10226
"system administrators, to a simple graphical interface which is easy to use "
10227
"by those new to Ubuntu."
10228
msgstr ""
10229
10230
#: serverguide/C/package-management.xml:21(para)
10231
msgid ""
10232
"Ubuntu's package management system is derived from the same system used by "
10233
"the Debian GNU/Linux distribution. The package files contain all of the "
10234
"necessary files, meta-data, and instructions to implement a particular "
10235
"functionality or software application on your Ubuntu computer."
10236
msgstr ""
10237
10238
#: serverguide/C/package-management.xml:24(para)
10239
msgid ""
10240
"Debian package files typically have the extension '.deb', and typically "
10241
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10242
"collections of packages found on various media, such as CD-ROM discs, or "
10243
"online. Packages are normally of the pre-compiled binary format; thus "
10244
"installation is quick and requires no compiling of software."
10245
msgstr ""
10246
10247
#: serverguide/C/package-management.xml:27(para)
10248
msgid ""
10249
"Many complex packages use the concept of <emphasis "
10250
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10251
"packages required by the principal package in order to function properly. "
10252
"For example, the speech synthesis package "
10253
"<application>Festival</application> depends upon the package "
10254
"<application>libasound2</application>, which is a package supplying the "
10255
"<application>ALSA</application> sound library needed for audio playback. In "
10256
"order for <application>Festival</application> to function, it and all of its "
10257
"dependencies must be installed. The software management tools in Ubuntu will "
10258
"do this automatically."
10259
msgstr ""
10260
10261
#: serverguide/C/package-management.xml:32(title)
10262
msgid "dpkg"
10263
msgstr ""
10264
10265
#: serverguide/C/package-management.xml:34(para)
10266
msgid ""
10267
"<application>dpkg</application> is a package manager for "
10268
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10269
"packages, but unlike other package management system's it can not "
10270
"automatically download and install packages and their dependencies. This "
10271
"section covers using <application>dpkg</application> to manage locally "
10272
"installed packages:"
10273
msgstr ""
10274
10275
#: serverguide/C/package-management.xml:43(para)
10276
msgid ""
10277
"To list all packages installed on the system, from a terminal prompt enter:"
10278
msgstr ""
10279
10280
#: serverguide/C/package-management.xml:48(command)
10281
msgid "dpkg -l"
10282
msgstr ""
10283
10284
#: serverguide/C/package-management.xml:54(para)
10285
msgid ""
10286
"Depending on the amount of packages on your system, this can generate a "
10287
"large amount of output. Pipe the output through "
10288
"<application>grep</application> to see if a specific package is installed:"
10289
msgstr ""
10290
10291
#: serverguide/C/package-management.xml:60(command)
10292
msgid "dpkg -l | grep apache2"
10293
msgstr ""
10294
10295
#: serverguide/C/package-management.xml:63(para)
10296
msgid ""
10297
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10298
"package name, or other regular expression."
10299
msgstr ""
10300
10301
#: serverguide/C/package-management.xml:70(para)
10302
msgid ""
10303
"To list the files installed by a package, in this case the "
10304
"<application>ufw</application> package, enter:"
10305
msgstr ""
10306
10307
#: serverguide/C/package-management.xml:75(command)
10308
msgid "dpkg -L ufw"
10309
msgstr ""
10310
10311
#: serverguide/C/package-management.xml:81(para)
10312
msgid ""
10313
"If you are not sure which package installed a file, <application>dpkg -"
10314
"S</application> may be able to tell you. For example:"
10315
msgstr ""
10316
10317
#: serverguide/C/package-management.xml:87(command)
10318
msgid "dpkg -S /etc/host.conf"
10319
msgstr ""
10320
10321
#: serverguide/C/package-management.xml:88(computeroutput)
10322
#, no-wrap
10323
msgid "base-files: /etc/host.conf"
10324
msgstr ""
10325
10326
#: serverguide/C/package-management.xml:91(para)
10327
msgid ""
10328
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10329
"<application>base-files</application> package."
10330
msgstr ""
10331
10332
#: serverguide/C/package-management.xml:96(para)
10333
msgid ""
10334
"Many files are automatically generated during the package install process, "
10335
"and even though they are on the filesystem <command>dpkg -S</command> may "
10336
"not know which package they belong to."
10337
msgstr ""
10338
10339
#: serverguide/C/package-management.xml:105(para)
10340
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10341
msgstr ""
10342
10343
#: serverguide/C/package-management.xml:110(command)
10344
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10345
msgstr "sudo dpkg -i zip_2.32-1_i386.deb"
10346
10347
#: serverguide/C/package-management.xml:113(para)
10348
msgid ""
10349
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10350
"the local .deb file."
10351
msgstr ""
10352
10353
#: serverguide/C/package-management.xml:120(para)
10354
msgid "Uninstalling a package can be accomplished by:"
10355
msgstr ""
10356
10357
#: serverguide/C/package-management.xml:125(command)
10358
msgid "sudo dpkg -r zip"
10359
msgstr "sudo dpkg -r zip"
10360
10361
#: serverguide/C/package-management.xml:129(para)
10362
msgid ""
10363
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10364
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10365
"manager that handles dependencies, to ensure that the system is in a "
10366
"consistent state. For example using <command>dpkg -r</command> you can "
10367
"remove the <application>zip</application> package, but any packages that "
10368
"depend on it will still be installed and may no longer function correctly."
10369
msgstr ""
10370
10371
#: serverguide/C/package-management.xml:140(para)
10372
msgid ""
10373
"For more <application>dpkg</application> options see the man page: "
10374
"<command>man dpkg</command>."
10375
msgstr ""
10376
10377
#: serverguide/C/package-management.xml:146(title)
10378
msgid "Apt-Get"
10379
msgstr ""
10380
10381
#: serverguide/C/package-management.xml:147(para)
10382
msgid ""
10383
"The <application>apt-get</application> command is a powerful command-line "
10384
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10385
"(APT) performing such functions as installation of new software packages, "
10386
"upgrade of existing software packages, updating of the package list index, "
10387
"and even upgrading the entire Ubuntu system."
10388
msgstr ""
10389
10390
#: serverguide/C/package-management.xml:150(para)
10391
msgid ""
10392
"Being a simple command-line tool, <application>apt-get</application> has "
10393
"numerous advantages over other package management tools available in Ubuntu "
10394
"for server administrators. Some of these advantages include ease of use over "
10395
"simple terminal connections (SSH) and the ability to be used in system "
10396
"administration scripts, which can in turn be automated by the "
10397
"<application>cron</application> scheduling utility."
10398
msgstr ""
10399
10400
#: serverguide/C/package-management.xml:157(para)
10401
msgid ""
10402
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10403
"packages using the <application>apt-get</application> tool is quite simple. "
10404
"For example, to install the network scanner <emphasis "
10405
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10406
"<command>sudo apt-get install nmap</command>\n"
10407
"</screen>"
10408
msgstr ""
10409
10410
#: serverguide/C/package-management.xml:165(para)
10411
msgid ""
10412
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10413
"packages is also a straightforward and simple process. To remove the nmap "
10414
"package installed in the previous example, type the following: <screen>\n"
10415
"<command>sudo apt-get remove nmap</command>\n"
10416
"</screen>"
10417
msgstr ""
10418
10419
#: serverguide/C/package-management.xml:172(para)
10420
msgid ""
10421
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10422
"multiple packages to be installed or removed, separated by spaces."
10423
msgstr ""
10424
10425
#: serverguide/C/package-management.xml:175(para)
10426
msgid ""
10427
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10428
"remove</command> will remove the package configuration files as well. This "
10429
"may or may not be the desired effect so use with caution."
10430
msgstr ""
10431
10432
#: serverguide/C/package-management.xml:181(para)
10433
msgid ""
10434
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10435
"index is essentially a database of available packages from the repositories "
10436
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10437
"the local package index with the latest changes made in repositories, type "
10438
"the following: <screen>\n"
10439
"<command>sudo apt-get update</command>\n"
10440
"</screen>"
10441
msgstr ""
10442
10443
#: serverguide/C/package-management.xml:189(para)
10444
msgid ""
10445
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10446
"versions of packages currently installed on your computer may become "
10447
"available from the package repositories (for example security updates). To "
10448
"upgrade your system, first update your package index as outlined above, and "
10449
"then type: <screen>\n"
10450
"<command>sudo apt-get upgrade</command>\n"
10451
"</screen>"
10452
msgstr ""
10453
10454
#: serverguide/C/package-management.xml:195(para)
10455
msgid ""
10456
"For information on upgrading to a new Ubuntu release see <xref "
10457
"linkend=\"installing-upgrading\"/>."
10458
msgstr ""
10459
10460
#: serverguide/C/package-management.xml:153(para)
10461
msgid ""
10462
"Some examples of popular uses for the <application>apt-get</application> "
10463
"utility: <placeholder-1/>"
10464
msgstr ""
10465
10466
#: serverguide/C/package-management.xml:201(para)
10467
msgid ""
10468
"Actions of the <application>apt-get</application> command, such as "
10469
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10470
"log file."
10471
msgstr ""
10472
10473
#: serverguide/C/package-management.xml:204(para)
10474
msgid ""
10475
"For further information about the use of <application>APT</application>, "
10476
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10477
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10478
"help</screen>"
10479
msgstr ""
10480
10481
#: serverguide/C/package-management.xml:208(title)
10482
msgid "Aptitude"
10483
msgstr "Aptitude"
10484
10485
#: serverguide/C/package-management.xml:209(para)
10486
msgid ""
10487
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10488
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10489
"the common package management functions, such as installation, removal, and "
10490
"upgrade, are performed in <application>Aptitude</application> with single-"
10491
"key commands, which are typically lowercase letters."
10492
msgstr ""
10493
10494
#: serverguide/C/package-management.xml:212(para)
10495
msgid ""
10496
"<application>Aptitude</application> is best suited for use in a non-"
10497
"graphical terminal environment to ensure proper functioning of the command "
10498
"keys. You may start <application>Aptitude</application> as a normal user "
10499
"with the following command at a terminal prompt: <screen>\n"
10500
"<command>sudo aptitude</command>\n"
10501
"</screen>"
10502
msgstr ""
10503
10504
#: serverguide/C/package-management.xml:219(para)
10505
msgid ""
10506
"When <application>Aptitude</application> starts, you will see a menu bar at "
10507
"the top of the screen and two panes below the menu bar. The top pane "
10508
"contains package categories, such as <emphasis role=\"italics\">New "
10509
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10510
"Packages</emphasis>. The bottom pane contains information related to the "
10511
"packages and package categories."
10512
msgstr ""
10513
10514
#: serverguide/C/package-management.xml:222(para)
10515
msgid ""
10516
"Using <application>Aptitude</application> for package management is "
10517
"relatively straightforward, and the user interface makes common tasks simple "
10518
"to perform. The following are examples of common package management "
10519
"functions as performed in <application>Aptitude</application>:"
10520
msgstr ""
10521
10522
#: serverguide/C/package-management.xml:226(para)
10523
msgid ""
10524
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10525
"locate the package via the Not Installed Packages package category, for "
10526
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10527
"key, and highlight the package you wish to install. After highlighting the "
10528
"package you wish to install, press the <keycap>+</keycap> key, and the "
10529
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10530
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10531
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10532
"again, and you will be prompted to become root to complete the installation. "
10533
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10534
"your user password to become root. Finally, press <keycap>g</keycap> once "
10535
"more and you'll be prompted to download the package. Press "
10536
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10537
"prompt, and downloading and installation of the package will commence."
10538
msgstr ""
10539
10540
#: serverguide/C/package-management.xml:230(para)
10541
msgid ""
10542
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10543
"locate the package via the Installed Packages package category, for example, "
10544
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10545
"highlight the package you wish to remove. After highlighting the package you "
10546
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10547
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10548
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10549
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10550
"prompted to become root to complete the installation. Press "
10551
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10552
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10553
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10554
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10555
"the package will commence."
10556
msgstr ""
10557
10558
#: serverguide/C/package-management.xml:234(para)
10559
msgid ""
10560
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10561
"package index, simply press the <keycap>u</keycap> key and you will be "
10562
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10563
"which will result in a Password: prompt. Enter your user password to become "
10564
"root. Updating of the package index will commence. Press "
10565
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10566
"presented to complete the process."
10567
msgstr ""
10568
10569
#: serverguide/C/package-management.xml:238(para)
10570
msgid ""
10571
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10572
"perform the update of the package index as detailed above, and then press "
10573
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10574
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10575
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10576
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10577
"result in a Password: prompt. Enter your user password to become root. "
10578
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10579
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10580
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10581
"will commence."
10582
msgstr ""
10583
10584
#: serverguide/C/package-management.xml:245(para)
10585
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10586
msgstr ""
10587
10588
#: serverguide/C/package-management.xml:250(para)
10589
msgid ""
10590
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10591
"configuration remains on system"
10592
msgstr ""
10593
10594
#: serverguide/C/package-management.xml:254(para)
10595
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10596
msgstr ""
10597
10598
#: serverguide/C/package-management.xml:258(para)
10599
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10600
msgstr ""
10601
10602
#: serverguide/C/package-management.xml:262(para)
10603
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10604
msgstr ""
10605
10606
#: serverguide/C/package-management.xml:266(para)
10607
msgid ""
10608
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10609
"configured"
10610
msgstr ""
10611
10612
#: serverguide/C/package-management.xml:270(para)
10613
msgid ""
10614
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10615
"and requires fix"
10616
msgstr ""
10617
10618
#: serverguide/C/package-management.xml:274(para)
10619
msgid ""
10620
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10621
"requires fix"
10622
msgstr ""
10623
10624
#: serverguide/C/package-management.xml:242(para)
10625
msgid ""
10626
"The first column of information displayed in the package list in the top "
10627
"pane, when actually viewing packages lists the current state of the package, "
10628
"and uses the following key to describe the state of the package: "
10629
"<placeholder-1/>"
10630
msgstr ""
10631
10632
#: serverguide/C/package-management.xml:280(para)
10633
msgid ""
10634
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10635
"wish to exit. Many other functions are available from the Aptitude menu by "
10636
"pressing the <keycap>F10</keycap> key."
10637
msgstr ""
10638
10639
#: serverguide/C/package-management.xml:285(title)
10640
msgid "Automatic Updates"
10641
msgstr ""
10642
10643
#: serverguide/C/package-management.xml:287(para)
10644
msgid ""
10645
"The <application>unattended-upgrades</application> package can be used to "
10646
"automatically install updated packages, and can be configured to update all "
10647
"packages or just install security updates. First, install the package by "
10648
"entering the following in a terminal:"
10649
msgstr ""
10650
10651
#: serverguide/C/package-management.xml:293(command)
10652
msgid "sudo apt-get install unattended-upgrades"
10653
msgstr "sudo apt-get install unattended-upgrades"
10654
10655
#: serverguide/C/package-management.xml:296(para)
10656
msgid ""
10657
"To configure <application>unattended-upgrades</application>, edit "
10658
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10659
"the following to fit your needs:"
10660
msgstr ""
10661
10662
#: serverguide/C/package-management.xml:301(programlisting)
10663
#, no-wrap
10664
msgid ""
10665
"\n"
10666
"Unattended-Upgrade::Allowed-Origins {\n"
10667
" \"Ubuntu maverick-security\";\n"
10668
"// \"Ubuntu maverick-updates\";\n"
10669
"};\n"
10670
msgstr ""
10671
10672
#: serverguide/C/package-management.xml:308(para)
10673
msgid ""
10674
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10675
"will not be automatically updated. To blacklist a package, add it to the "
10676
"list:"
10677
msgstr ""
10678
10679
#: serverguide/C/package-management.xml:313(programlisting)
10680
#, no-wrap
10681
msgid ""
10682
"\n"
10683
"Unattended-Upgrade::Package-Blacklist {\n"
10684
"// \"vim\";\n"
10685
"// \"libc6\";\n"
10686
"// \"libc6-dev\";\n"
10687
"// \"libc6-i686\";\n"
10688
"};\n"
10689
msgstr ""
10690
"\n"
10691
"Unattended-Upgrade::Package-Blacklist {\n"
10692
"// \"vim\";\n"
10693
"// \"libc6\";\n"
10694
"// \"libc6-dev\";\n"
10695
"// \"libc6-i686\";\n"
10696
"};\n"
10697
10698
#: serverguide/C/package-management.xml:323(para)
10699
msgid ""
10700
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10701
"whatever follows \"//\" will not be evaluated."
10702
msgstr ""
10703
10704
#: serverguide/C/package-management.xml:328(para)
10705
msgid ""
10706
"To enable automatic updates, edit "
10707
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10708
"<application>apt</application> configuration options:"
10709
msgstr ""
10710
10711
#: serverguide/C/package-management.xml:332(programlisting)
10712
#, no-wrap
10713
msgid ""
10714
"\n"
10715
"APT::Periodic::Update-Package-Lists \"1\";\n"
10716
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10717
"APT::Periodic::AutocleanInterval \"7\";\n"
10718
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10719
msgstr ""
10720
10721
#: serverguide/C/package-management.xml:339(para)
10722
msgid ""
10723
"The above configuration updates the package list, downloads, and installs "
10724
"available upgrades every day. The local download archive is cleaned every "
10725
"week."
10726
msgstr ""
10727
10728
#: serverguide/C/package-management.xml:345(para)
10729
msgid ""
10730
"You can read more about <application>apt</application> Periodic "
10731
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10732
"header."
10733
msgstr ""
10734
10735
#: serverguide/C/package-management.xml:350(para)
10736
msgid ""
10737
"The results of <application>unattended-upgrades</application> will be logged "
10738
"to <filename>/var/log/unattended-upgrades</filename>."
10739
msgstr ""
10740
10741
#: serverguide/C/package-management.xml:355(title)
10742
msgid "Notifications"
10743
msgstr ""
10744
10745
#: serverguide/C/package-management.xml:357(para)
10746
msgid ""
10747
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10748
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10749
"<application>unattended-upgrades</application> to email an administrator "
10750
"detailing any packages that need upgrading or have problems."
10751
msgstr ""
10752
10753
#: serverguide/C/package-management.xml:362(para)
10754
msgid ""
10755
"Another useful package is <application>apticron</application>. "
10756
"<application>apticron</application> will configure a "
10757
"<application>cron</application> job to email an administrator information "
10758
"about any packages on the system that have updates available, as well as a "
10759
"summary of changes in each package."
10760
msgstr ""
10761
10762
#: serverguide/C/package-management.xml:368(para)
10763
msgid ""
10764
"To install the <application>apticron</application> package, in a terminal "
10765
"enter:"
10766
msgstr ""
10767
10768
#: serverguide/C/package-management.xml:373(command)
10769
msgid "sudo apt-get install apticron"
10770
msgstr "sudo apt-get install apticron"
10771
10772
#: serverguide/C/package-management.xml:376(para)
10773
msgid ""
10774
"Once the package is installed edit "
10775
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10776
"and other options:"
10777
msgstr ""
10778
10779
#: serverguide/C/package-management.xml:380(programlisting)
10780
#, no-wrap
10781
msgid ""
10782
"\n"
10783
"EMAIL=\"root@example.com\"\n"
10784
msgstr ""
10785
10786
#: serverguide/C/package-management.xml:389(para)
10787
msgid ""
10788
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10789
"system repositories is stored in the /etc/apt/sources.list configuration "
10790
"file. An example of this file is referenced here, along with information on "
10791
"adding or removing repository references from the file."
10792
msgstr ""
10793
10794
#: serverguide/C/package-management.xml:395(para)
10795
msgid ""
10796
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10797
"typical <filename>/etc/apt/sources.list</filename> file."
10798
msgstr ""
10799
10800
#: serverguide/C/package-management.xml:399(para)
10801
msgid ""
10802
"You may edit the file to enable repositories or disable them. For example, "
10803
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10804
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10805
"which appears at the top of the file:"
10806
msgstr ""
10807
10808
#: serverguide/C/package-management.xml:404(screen)
10809
#, no-wrap
10810
msgid ""
10811
"\n"
10812
"# no more prompting for CD-ROM please\n"
10813
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10814
"main restricted\n"
10815
msgstr ""
10816
10817
#: serverguide/C/package-management.xml:410(title)
10818
msgid "Extra Repositories"
10819
msgstr ""
10820
10821
#: serverguide/C/package-management.xml:411(para)
10822
msgid ""
10823
"In addition to the officially supported package repositories available for "
10824
"Ubuntu, there exist additional community-maintained repositories which add "
10825
"thousands more potential packages for installation. Two of the most popular "
10826
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10827
"repositories. These repositories are not officially supported by Ubuntu, but "
10828
"because they are maintained by the community they generally provide packages "
10829
"which are safe for use with your Ubuntu computer."
10830
msgstr ""
10831
10832
#: serverguide/C/package-management.xml:414(para)
10833
msgid ""
10834
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10835
"licensing issues that prevent them from being distributed with a free "
10836
"operating system, and they may be illegal in your locality."
10837
msgstr ""
10838
10839
#: serverguide/C/package-management.xml:416(para)
10840
msgid ""
10841
"Be advised that neither the <emphasis>Universe</emphasis> or "
10842
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10843
"packages. In particular, there may not be security updates for these "
10844
"packages."
10845
msgstr ""
10846
10847
#: serverguide/C/package-management.xml:420(para)
10848
msgid ""
10849
"Many other package sources are available, sometimes even offering only one "
10850
"package, as in the case of package sources provided by the developer of a "
10851
"single application. You should always be very careful and cautious when "
10852
"using non-standard package sources, however. Research the source and "
10853
"packages carefully before performing any installation, as some package "
10854
"sources and their packages could render your system unstable or non-"
10855
"functional in some respects."
10856
msgstr ""
10857
10858
#: serverguide/C/package-management.xml:423(para)
10859
msgid ""
10860
"By default, the <emphasis>Universe</emphasis> and "
10861
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10862
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10863
"comment the following lines:"
10864
msgstr ""
10865
10866
#: serverguide/C/package-management.xml:430(programlisting)
10867
#, no-wrap
10868
msgid ""
10869
"\n"
10870
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10871
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10872
"\n"
10873
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10874
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10875
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10876
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10877
"\n"
10878
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10879
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10880
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10881
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10882
"\n"
10883
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10884
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10885
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10886
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10887
msgstr ""
10888
10889
#: serverguide/C/package-management.xml:456(para)
10890
msgid ""
10891
"Most of the material covered in this chapter is available in "
10892
"<application>man</application> pages, many of which are available online."
10893
msgstr ""
10894
10895
#: serverguide/C/package-management.xml:463(para)
10896
msgid ""
10897
"The <ulink "
10898
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10899
"re</ulink> Ubuntu wiki page has more information."
10900
msgstr ""
10901
10902
#: serverguide/C/package-management.xml:468(para)
10903
msgid ""
10904
"For more <application>dpkg</application> details see the <ulink "
10905
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10906
" man page</ulink>."
10907
msgstr ""
10908
10909
#: serverguide/C/package-management.xml:474(para)
10910
msgid ""
10911
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10912
"HOWTO</ulink> and <ulink "
10913
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
10914
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10915
"<application>apt-get</application> usage."
10916
msgstr ""
10917
10918
#: serverguide/C/package-management.xml:481(para)
10919
msgid ""
10920
"See the <ulink "
10921
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10922
"itude man page</ulink> for more <application>aptitude</application> options."
10923
msgstr ""
10924
10925
#: serverguide/C/package-management.xml:487(para)
10926
msgid ""
10927
"The <ulink "
10928
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10929
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
10930
"adding repositories."
10931
msgstr ""
10932
10933
#: serverguide/C/other-apps.xml:13(title)
10934
msgid "Other Useful Applications"
10935
msgstr ""
10936
10937
#: serverguide/C/other-apps.xml:15(para)
10938
msgid ""
10939
"There are many very useful applications developed by the Ubuntu Server Team, "
10940
"and others that are well integrated with Ubuntu Server Edition, that might "
10941
"not be well known. This chapter will showcase some useful applications that "
10942
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
10943
"easier."
10944
msgstr ""
10945
10946
#: serverguide/C/other-apps.xml:23(title)
10947
msgid "pam_motd"
10948
msgstr ""
10949
10950
#: serverguide/C/other-apps.xml:25(para)
10951
msgid ""
10952
"When logging into an Ubuntu server you may have noticed the informative "
10953
"Message Of The Day (MOTD). This information is obtained and displayed using "
10954
"a couple of packages:"
10955
msgstr ""
10956
10957
#: serverguide/C/other-apps.xml:32(para)
10958
msgid ""
10959
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
10960
"<application>landscape-client</application>, which can be used to manage "
10961
"systems using the web based <emphasis>Landscape</emphasis> application. The "
10962
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
10963
"utility which is used to gather the information displayed in the MOTD."
10964
msgstr ""
10965
10966
#: serverguide/C/other-apps.xml:40(para)
10967
msgid ""
10968
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
10969
"the MOTD via <application>pam_motd</application> module."
10970
msgstr ""
10971
10972
#: serverguide/C/other-apps.xml:46(para)
10973
msgid ""
10974
"<application>pam_motd</application> executes the scripts in "
10975
"<filename>/etc/update-motd.d</filename> in order based on the number "
10976
"prepended to the script. The output of the scripts is written to "
10977
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
10978
"concatenated with <filename>/etc/motd.tail</filename>."
10979
msgstr ""
10980
10981
#: serverguide/C/other-apps.xml:52(para)
10982
msgid ""
10983
"You can add your own dynamic information to the MOTD. For example, to add "
10984
"local weather information:"
10985
msgstr ""
10986
10987
#: serverguide/C/other-apps.xml:58(para)
10988
msgid "First, install the <application>weather-util</application> package:"
10989
msgstr ""
10990
10991
#: serverguide/C/other-apps.xml:63(command)
10992
msgid "sudo apt-get install weather-util"
10993
msgstr "sudo apt-get install weather-util"
10994
10995
#: serverguide/C/other-apps.xml:68(para)
10996
msgid ""
10997
"The <application>weather</application> utility uses METAR data from the "
10998
"National Oceanic and Atmospheric Administration and forecasts from the "
10999
"National Weather Service. In order to find local information you will need "
11000
"the 4-character ICAO location indicator. This can be determined by browsing "
11001
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11002
"Weather Service</ulink> site."
11003
msgstr ""
11004
11005
#: serverguide/C/other-apps.xml:75(para)
11006
msgid ""
11007
"Although the National Weather Service is a United States government agency "
11008
"there are weather stations available world wide. However, local weather "
11009
"information for all locations outside the U.S. may not be available."
11010
msgstr ""
11011
11012
#: serverguide/C/other-apps.xml:81(para)
11013
msgid ""
11014
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11015
"script to use <application>weather</application> with your local ICAO "
11016
"indicator:"
11017
msgstr ""
11018
11019
#: serverguide/C/other-apps.xml:86(programlisting)
11020
#, no-wrap
11021
msgid ""
11022
"\n"
11023
"#!/bin/sh\n"
11024
"#\n"
11025
"#\n"
11026
"# Prints the local weather information for the MOTD.\n"
11027
"#\n"
11028
"#\n"
11029
"\n"
11030
"# Replace KINT with your local weather station.\n"
11031
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11032
"\n"
11033
"echo\n"
11034
"weather -i KINT\n"
11035
"echo\n"
11036
"\n"
11037
msgstr ""
11038
11039
#: serverguide/C/other-apps.xml:104(para)
11040
msgid "Make the script executable:"
11041
msgstr ""
11042
11043
#: serverguide/C/other-apps.xml:109(command)
11044
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11045
msgstr "sudo chmod 755 /usr/local/bin/local-weather"
11046
11047
#: serverguide/C/other-apps.xml:113(para)
11048
msgid ""
11049
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11050
"weather</filename>:"
11051
msgstr ""
11052
11053
#: serverguide/C/other-apps.xml:118(command)
11054
msgid ""
11055
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11056
msgstr ""
11057
11058
#: serverguide/C/other-apps.xml:122(para)
11059
msgid "Finally, exit the server and re-login to view the new MOTD."
11060
msgstr ""
11061
11062
#: serverguide/C/other-apps.xml:128(para)
11063
msgid ""
11064
"You should now be greeted with some useful information, and some information "
11065
"about the local weather that may not be quite so useful. Hopefully the "
11066
"<application>local-weather</application> example demonstrates the "
11067
"flexibility of <application>pam_motd</application>."
11068
msgstr ""
11069
11070
#: serverguide/C/other-apps.xml:136(title)
11071
msgid "etckeeper"
11072
msgstr ""
11073
11074
#: serverguide/C/other-apps.xml:138(para)
11075
msgid ""
11076
"<application>etckeeper</application> allows the contents of <filename "
11077
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11078
"System (VCS) repository. It hooks into <application>apt</application> to "
11079
"automatically commit changes to <filename>/etc</filename> when packages are "
11080
"installed or upgraded. Placing <filename>/etc</filename> under version "
11081
"control is considered an industry best practice, and the goal of "
11082
"<application>etckeeper</application> is to make this process as painless as "
11083
"possible."
11084
msgstr ""
11085
11086
#: serverguide/C/other-apps.xml:146(para)
11087
msgid ""
11088
"Install <application>etckeeper</application> by entering the following in a "
11089
"terminal:"
11090
msgstr ""
11091
11092
#: serverguide/C/other-apps.xml:151(command)
11093
msgid "sudo apt-get install etckeeper"
11094
msgstr "sudo apt-get install etckeeper"
11095
11096
#: serverguide/C/other-apps.xml:154(para)
11097
msgid ""
11098
"The main configuration file, "
11099
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11100
"main option is which VCS to use. By default "
11101
"<application>etckeeper</application> is configured to use "
11102
"<application>bzr</application> for version control. The repository is "
11103
"automatically initialized (and committed for the first time) during package "
11104
"installation. It is possible to undo this by entering the following command:"
11105
msgstr ""
11106
11107
#: serverguide/C/other-apps.xml:164(command)
11108
msgid "sudo etckeeper uninit"
11109
msgstr "sudo etckeeper uninit"
11110
11111
#: serverguide/C/other-apps.xml:167(para)
11112
msgid ""
11113
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11114
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11115
"It will also automatically commit changes before and after package "
11116
"installation. For a more precise tracking of changes, it is recommended to "
11117
"commit your changes manually, together with a commit message, using:"
11118
msgstr ""
11119
11120
#: serverguide/C/other-apps.xml:176(command)
11121
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11122
msgstr ""
11123
11124
#: serverguide/C/other-apps.xml:179(para)
11125
msgid ""
11126
"Using the VCS commands you can view log information about files in "
11127
"<filename>/etc</filename>:"
11128
msgstr ""
11129
11130
#: serverguide/C/other-apps.xml:184(command)
11131
msgid "sudo bzr log /etc/passwd"
11132
msgstr "sudo bzr log /etc/passwd"
11133
11134
#: serverguide/C/other-apps.xml:187(para)
11135
msgid ""
11136
"To demonstrate the integration with the package management system, install "
11137
"<application>postfix</application>:"
11138
msgstr ""
11139
11140
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11141
msgid "sudo apt-get install postfix"
11142
msgstr "sudo apt-get install postfix"
11143
11144
#: serverguide/C/other-apps.xml:195(para)
11145
msgid ""
11146
"When the installation is finished, all the "
11147
"<application>postfix</application> configuration files should be committed "
11148
"to the repository:"
11149
msgstr ""
11150
11151
#: serverguide/C/other-apps.xml:201(computeroutput)
11152
#, no-wrap
11153
msgid ""
11154
"Committing to: /etc/\n"
11155
"added aliases.db\n"
11156
"modified group\n"
11157
"modified group-\n"
11158
"modified gshadow\n"
11159
"modified gshadow-\n"
11160
"modified passwd\n"
11161
"modified passwd-\n"
11162
"added postfix\n"
11163
"added resolvconf\n"
11164
"added rsyslog.d\n"
11165
"modified shadow\n"
11166
"modified shadow-\n"
11167
"added init.d/postfix\n"
11168
"added network/if-down.d/postfix\n"
11169
"added network/if-up.d/postfix\n"
11170
"added postfix/dynamicmaps.cf\n"
11171
"added postfix/main.cf\n"
11172
"added postfix/master.cf\n"
11173
"added postfix/post-install\n"
11174
"added postfix/postfix-files\n"
11175
"added postfix/postfix-script\n"
11176
"added postfix/sasl\n"
11177
"added ppp/ip-down.d\n"
11178
"added ppp/ip-down.d/postfix\n"
11179
"added ppp/ip-up.d/postfix\n"
11180
"added rc0.d/K20postfix\n"
11181
"added rc1.d/K20postfix\n"
11182
"added rc2.d/S20postfix\n"
11183
"added rc3.d/S20postfix\n"
11184
"added rc4.d/S20postfix\n"
11185
"added rc5.d/S20postfix\n"
11186
"added rc6.d/K20postfix\n"
11187
"added resolvconf/update-libc.d\n"
11188
"added resolvconf/update-libc.d/postfix\n"
11189
"added rsyslog.d/postfix.conf\n"
11190
"added ufw/applications.d/postfix\n"
11191
"Committed revision 2."
11192
msgstr ""
11193
11194
#: serverguide/C/other-apps.xml:241(para)
11195
msgid ""
11196
"For an example of how <application>etckeeper</application> tracks manual "
11197
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11198
"<application>bzr</application> you can see which files have been modified:"
11199
msgstr ""
11200
11201
#: serverguide/C/other-apps.xml:247(command)
11202
msgid "sudo bzr status /etc/"
11203
msgstr "sudo bzr status /etc/"
11204
11205
#: serverguide/C/other-apps.xml:248(computeroutput)
11206
#, no-wrap
11207
msgid ""
11208
"modified:\n"
11209
" hosts"
11210
msgstr ""
11211
11212
#: serverguide/C/other-apps.xml:252(para)
11213
msgid "Now commit the changes:"
11214
msgstr ""
11215
11216
#: serverguide/C/other-apps.xml:257(command)
11217
msgid "sudo etckeeper commit \"new host\""
11218
msgstr ""
11219
11220
#: serverguide/C/other-apps.xml:260(para)
11221
msgid ""
11222
"For more information on <application>bzr</application> see <xref "
11223
"linkend=\"bazaar\"/>."
11224
msgstr ""
11225
11226
#: serverguide/C/other-apps.xml:266(title)
11227
msgid "Byobu"
11228
msgstr ""
11229
11230
#: serverguide/C/other-apps.xml:268(para)
11231
msgid ""
11232
"One of the most useful applications for any system administrator is "
11233
"<application>screen</application>. It allows the execution of multiple "
11234
"shells in one terminal. To make some of the advanced "
11235
"<application>screen</application> features more user friendly, and provide "
11236
"some useful information about the system, the "
11237
"<application>byobu</application> package was created."
11238
msgstr ""
11239
11240
#: serverguide/C/other-apps.xml:275(para)
11241
msgid ""
11242
"When executing <application>byobu</application> pressing the "
11243
"<emphasis>F9</emphasis> key will bring up the "
11244
"<application>Configuration</application> menu. This menu will allow you to:"
11245
msgstr ""
11246
11247
#: serverguide/C/other-apps.xml:281(para)
11248
msgid "View the Help menu"
11249
msgstr ""
11250
11251
#: serverguide/C/other-apps.xml:282(para)
11252
msgid "Change Byobu's background color"
11253
msgstr ""
11254
11255
#: serverguide/C/other-apps.xml:283(para)
11256
msgid "Change Byobu's foreground color"
11257
msgstr ""
11258
11259
#: serverguide/C/other-apps.xml:284(para)
11260
msgid "Toggle status notifications"
11261
msgstr ""
11262
11263
#: serverguide/C/other-apps.xml:285(para)
11264
msgid "Change the key binding set"
11265
msgstr ""
11266
11267
#: serverguide/C/other-apps.xml:286(para)
11268
msgid "Change the escape sequence"
11269
msgstr ""
11270
11271
#: serverguide/C/other-apps.xml:287(para)
11272
msgid "Create new windows"
11273
msgstr ""
11274
11275
#: serverguide/C/other-apps.xml:288(para)
11276
msgid "Manage the default windows"
11277
msgstr ""
11278
11279
#: serverguide/C/other-apps.xml:289(para)
11280
msgid "Byobu currently does not launch at login (toggle on)"
11281
msgstr ""
11282
11283
#: serverguide/C/other-apps.xml:292(para)
11284
msgid ""
11285
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11286
"sequence, new window, change window, etc. There are two key binding sets to "
11287
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11288
"keys</emphasis>. If you wish to use the original key bindings choose the "
11289
"<emphasis>none</emphasis> set."
11290
msgstr ""
11291
11292
#: serverguide/C/other-apps.xml:298(para)
11293
msgid ""
11294
"<application>byobu</application> provides a menu which displays the Ubuntu "
11295
"release, processor information, memory information, and the time and date. "
11296
"The effect is similar to a desktop menu."
11297
msgstr ""
11298
11299
#: serverguide/C/other-apps.xml:303(para)
11300
msgid ""
11301
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11302
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11303
"executed any time a terminal is opened. Changes made to "
11304
"<application>byobu</application> are on a per user basis, and will not "
11305
"affect other users on the system."
11306
msgstr ""
11307
11308
#: serverguide/C/other-apps.xml:309(para)
11309
msgid ""
11310
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11311
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11312
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11313
"commands. Here is a quick list of movement commands:"
11314
msgstr ""
11315
11316
#: serverguide/C/other-apps.xml:316(para)
11317
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11318
msgstr ""
11319
11320
#: serverguide/C/other-apps.xml:317(para)
11321
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11322
msgstr ""
11323
11324
#: serverguide/C/other-apps.xml:318(para)
11325
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11326
msgstr ""
11327
11328
#: serverguide/C/other-apps.xml:319(para)
11329
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11330
msgstr ""
11331
11332
#: serverguide/C/other-apps.xml:320(para)
11333
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11334
msgstr ""
11335
11336
#: serverguide/C/other-apps.xml:321(para)
11337
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11338
msgstr ""
11339
11340
#: serverguide/C/other-apps.xml:322(para)
11341
msgid ""
11342
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11343
"the buffer)"
11344
msgstr ""
11345
11346
#: serverguide/C/other-apps.xml:323(para)
11347
msgid "<emphasis>/</emphasis> - Search forward"
11348
msgstr ""
11349
11350
#: serverguide/C/other-apps.xml:324(para)
11351
msgid "<emphasis>?</emphasis> - Search backward"
11352
msgstr ""
11353
11354
#: serverguide/C/other-apps.xml:325(para)
11355
msgid ""
11356
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11357
msgstr ""
11358
11359
#: serverguide/C/other-apps.xml:334(para)
11360
msgid ""
11361
"See the <ulink "
11362
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11363
"motd.1.html\">update-motd man page</ulink> for more options available to "
11364
"<application>update-motd</application>."
11365
msgstr ""
11366
11367
#: serverguide/C/other-apps.xml:340(para)
11368
msgid ""
11369
"The Debian Package of the Day <ulink "
11370
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11371
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11372
"details about using the <application>weather</application>utility."
11373
msgstr ""
11374
11375
#: serverguide/C/other-apps.xml:347(para)
11376
msgid ""
11377
"See the <ulink "
11378
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11379
"more details on using <application>etckeeper</application>."
11380
msgstr ""
11381
11382
#: serverguide/C/other-apps.xml:353(para)
11383
msgid ""
11384
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11385
"Ubuntu Wiki</ulink> page."
11386
msgstr ""
11387
11388
#: serverguide/C/other-apps.xml:358(para)
11389
msgid ""
11390
"For the latest news and information about <application>bzr</application> see "
11391
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11392
msgstr ""
11393
11394
#: serverguide/C/other-apps.xml:363(para)
11395
msgid ""
11396
"For more information on <application>screen</application> see the <ulink "
11397
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11398
msgstr ""
11399
11400
#: serverguide/C/other-apps.xml:368(para)
11401
msgid ""
11402
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11403
"screen</ulink> page."
11404
msgstr ""
11405
11406
#: serverguide/C/other-apps.xml:373(para)
11407
msgid ""
11408
"Also, see the <application>byobu</application><ulink "
11409
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11410
"information."
11411
msgstr ""
11412
11413
#: serverguide/C/network-config.xml:14(para)
11414
msgid ""
11415
"Networks consist of two or more devices, such as computer systems, printers, "
11416
"and related equipment which are connected by either physical cabling or "
11417
"wireless links for the purpose of sharing and distributing information among "
11418
"the connected devices."
11419
msgstr ""
11420
11421
#: serverguide/C/network-config.xml:20(para)
11422
msgid ""
11423
"This section provides general and specific information pertaining to "
11424
"networking, including an overview of network concepts and detailed "
11425
"discussion of popular network protocols."
11426
msgstr ""
11427
11428
#: serverguide/C/network-config.xml:27(title)
11429
msgid "Network Configuration"
11430
msgstr "Netværkskonfiguration"
11431
11432
#: serverguide/C/network-config.xml:28(para)
11433
msgid ""
11434
"Ubuntu ships with a number of graphical utilities to configure your network "
11435
"devices. This document is geared toward server administrators and will focus "
11436
"on managing your network on the command line."
11437
msgstr ""
11438
11439
#: serverguide/C/network-config.xml:35(title)
11440
msgid "Ethernet Interfaces"
11441
msgstr ""
11442
11443
#: serverguide/C/network-config.xml:36(para)
11444
msgid ""
11445
"Ethernet interfaces are identified by the system using the naming convention "
11446
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11447
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11448
"interface is typically identified as <emphasis "
11449
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11450
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11451
"order."
11452
msgstr ""
11453
11454
#: serverguide/C/network-config.xml:46(title)
11455
msgid "Identify Ethernet Interfaces"
11456
msgstr ""
11457
11458
#: serverguide/C/network-config.xml:47(para)
11459
msgid ""
11460
"To quickly identify all available Ethernet interfaces, you can use the "
11461
"<application>ifconfig</application> command as shown below."
11462
msgstr ""
11463
11464
#: serverguide/C/network-config.xml:52(userinput)
11465
#, no-wrap
11466
msgid "ifconfig -a | grep eth"
11467
msgstr ""
11468
11469
#: serverguide/C/network-config.xml:51(screen)
11470
#, no-wrap
11471
msgid ""
11472
"\n"
11473
"<placeholder-1/>\n"
11474
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11475
msgstr ""
11476
11477
#: serverguide/C/network-config.xml:55(para)
11478
msgid ""
11479
"Another application that can help identify all network interfaces available "
11480
"to your system is the <application>lshw</application> command. In the "
11481
"example below, <application>lshw</application> shows a single Ethernet "
11482
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11483
"along with bus information, driver details and all supported capabilities."
11484
msgstr ""
11485
11486
#: serverguide/C/network-config.xml:62(userinput)
11487
#, no-wrap
11488
msgid "sudo lshw -class network"
11489
msgstr ""
11490
11491
#: serverguide/C/network-config.xml:61(screen)
11492
#, no-wrap
11493
msgid ""
11494
"\n"
11495
"<placeholder-1/>\n"
11496
" *-network\n"
11497
" description: Ethernet interface\n"
11498
" product: BCM4401-B0 100Base-TX\n"
11499
" vendor: Broadcom Corporation\n"
11500
" physical id: 0\n"
11501
" bus info: pci@0000:03:00.0\n"
11502
" logical name: eth0\n"
11503
" version: 02\n"
11504
" serial: 00:15:c5:4a:16:5a\n"
11505
" size: 10MB/s\n"
11506
" capacity: 100MB/s\n"
11507
" width: 32 bits\n"
11508
" clock: 33MHz\n"
11509
" capabilities: (snipped for brevity)\n"
11510
" configuration: (snipped for brevity)\n"
11511
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11512
msgstr ""
11513
11514
#: serverguide/C/network-config.xml:83(title)
11515
msgid "Ethernet Interface Logical Names"
11516
msgstr ""
11517
11518
#: serverguide/C/network-config.xml:84(para)
11519
msgid ""
11520
"Interface logical names are configured in the file "
11521
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11522
"like control which interface receives a particular logical name, find the "
11523
"line matching the interfaces physical MAC address and modify the value of "
11524
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11525
"Reboot the system to commit your changes."
11526
msgstr ""
11527
11528
#: serverguide/C/network-config.xml:92(programlisting)
11529
#, no-wrap
11530
msgid ""
11531
"\n"
11532
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11533
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11534
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11535
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11536
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11537
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11538
msgstr ""
11539
11540
#: serverguide/C/network-config.xml:99(title)
11541
msgid "Ethernet Interface Settings"
11542
msgstr ""
11543
11544
#: serverguide/C/network-config.xml:100(para)
11545
msgid ""
11546
"<application>ethtool</application> is a program that displays and changes "
11547
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11548
"and Wake-on-LAN. It is not installed by default, but is available for "
11549
"installation in the repositories."
11550
msgstr ""
11551
11552
#: serverguide/C/network-config.xml:106(userinput)
11553
#, no-wrap
11554
msgid "sudo apt-get install ethtool"
11555
msgstr ""
11556
11557
#: serverguide/C/network-config.xml:108(para)
11558
msgid ""
11559
"The following is an example of how to view supported features and configured "
11560
"settings of an Ethernet interface."
11561
msgstr ""
11562
11563
#: serverguide/C/network-config.xml:113(userinput)
11564
#, no-wrap
11565
msgid "sudo ethtool eth0"
11566
msgstr ""
11567
11568
#: serverguide/C/network-config.xml:112(screen)
11569
#, no-wrap
11570
msgid ""
11571
"\n"
11572
"<placeholder-1/>\n"
11573
"Settings for eth0:\n"
11574
" Supported ports: [ TP ]\n"
11575
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11576
" 100baseT/Half 100baseT/Full \n"
11577
" 1000baseT/Half 1000baseT/Full \n"
11578
" Supports auto-negotiation: Yes\n"
11579
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11580
" 100baseT/Half 100baseT/Full \n"
11581
" 1000baseT/Half 1000baseT/Full \n"
11582
" Advertised auto-negotiation: Yes\n"
11583
" Speed: 1000Mb/s\n"
11584
" Duplex: Full\n"
11585
" Port: Twisted Pair\n"
11586
" PHYAD: 1\n"
11587
" Transceiver: internal\n"
11588
" Auto-negotiation: on\n"
11589
" Supports Wake-on: g\n"
11590
" Wake-on: d\n"
11591
" Current message level: 0x000000ff (255)\n"
11592
" Link detected: yes\n"
11593
msgstr ""
11594
11595
#: serverguide/C/network-config.xml:135(para)
11596
msgid ""
11597
"Changes made with the <application>ethtool</application> command are "
11598
"temporary and will be lost after a reboot. If you would like to retain "
11599
"settings, simply add the desired <application>ethtool</application> command "
11600
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11601
"configuration file <filename>/etc/network/interfaces</filename>."
11602
msgstr ""
11603
11604
#: serverguide/C/network-config.xml:141(para)
11605
msgid ""
11606
"The following is an example of how the interface identified as <emphasis "
11607
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11608
"speed of 1000Mb/s running in full duplex mode."
11609
msgstr ""
11610
11611
#: serverguide/C/network-config.xml:145(programlisting)
11612
#, no-wrap
11613
msgid ""
11614
"\n"
11615
"auto eth0\n"
11616
"iface eth0 inet static\n"
11617
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11618
msgstr ""
11619
11620
#: serverguide/C/network-config.xml:151(para)
11621
msgid ""
11622
"Although the example above shows the interface configured to use the "
11623
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11624
"other methods as well, such as DHCP. The example is meant to demonstrate "
11625
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11626
"statement in relation to the rest of the interface configuration."
11627
msgstr ""
11628
11629
#: serverguide/C/network-config.xml:163(title)
11630
msgid "IP Addressing"
11631
msgstr ""
11632
11633
#: serverguide/C/network-config.xml:164(para)
11634
msgid ""
11635
"The following section describes the process of configuring your systems IP "
11636
"address and default gateway needed for communicating on a local area network "
11637
"and the Internet."
11638
msgstr ""
11639
11640
#: serverguide/C/network-config.xml:171(title)
11641
msgid "Temporary IP Address Assignment"
11642
msgstr ""
11643
11644
#: serverguide/C/network-config.xml:172(para)
11645
msgid ""
11646
"For temporary network configurations, you can use standard commands such as "
11647
"<application>ip</application>, <application>ifconfig</application> and "
11648
"<application>route</application>, which are also found on most other "
11649
"GNU/Linux operating systems. These commands allow you to configure settings "
11650
"which take effect immediately, however they are not persistent and will be "
11651
"lost after a reboot."
11652
msgstr ""
11653
11654
#: serverguide/C/network-config.xml:180(para)
11655
msgid ""
11656
"To temporarily configure an IP address, you can use the "
11657
"<application>ifconfig</application> command in the following manner. Just "
11658
"modify the IP address and subnet mask to match your network requirements."
11659
msgstr ""
11660
11661
#: serverguide/C/network-config.xml:186(userinput)
11662
#, no-wrap
11663
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11664
msgstr ""
11665
11666
#: serverguide/C/network-config.xml:188(para)
11667
msgid ""
11668
"To verify the IP address configuration of <application>eth0</application>, "
11669
"you can use the <application>ifconfig</application> command in the following "
11670
"manner."
11671
msgstr ""
11672
11673
#: serverguide/C/network-config.xml:193(userinput)
11674
#, no-wrap
11675
msgid "ifconfig eth0"
11676
msgstr ""
11677
11678
#: serverguide/C/network-config.xml:192(screen)
11679
#, no-wrap
11680
msgid ""
11681
"\n"
11682
"<placeholder-1/>\n"
11683
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11684
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11685
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11686
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11687
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11688
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11689
" collisions:0 txqueuelen:1000 \n"
11690
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11691
" Interrupt:16 \n"
11692
msgstr ""
11693
11694
#: serverguide/C/network-config.xml:204(para)
11695
msgid ""
11696
"To configure a default gateway, you can use the "
11697
"<application>route</application> command in the following manner. Modify the "
11698
"default gateway address to match your network requirements."
11699
msgstr ""
11700
11701
#: serverguide/C/network-config.xml:210(userinput)
11702
#, no-wrap
11703
msgid "sudo route add default gw 10.0.0.1 eth0"
11704
msgstr ""
11705
11706
#: serverguide/C/network-config.xml:212(para)
11707
msgid ""
11708
"To verify your default gateway configuration, you can use the "
11709
"<application>route</application> command in the following manner."
11710
msgstr ""
11711
11712
#: serverguide/C/network-config.xml:217(userinput)
11713
#, no-wrap
11714
msgid "route -n"
11715
msgstr ""
11716
11717
#: serverguide/C/network-config.xml:216(screen)
11718
#, no-wrap
11719
msgid ""
11720
"\n"
11721
"<placeholder-1/>\n"
11722
"Kernel IP routing table\n"
11723
"Destination Gateway Genmask Flags Metric Ref Use "
11724
"Iface\n"
11725
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11726
"eth0\n"
11727
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11728
"eth0\n"
11729
msgstr ""
11730
11731
#: serverguide/C/network-config.xml:223(para)
11732
msgid ""
11733
"If you require DNS for your temporary network configuration, you can add DNS "
11734
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11735
"example below shows how to enter two DNS servers to "
11736
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11737
"appropriate for your network. A more lengthy description of DNS client "
11738
"configuration is in a following section."
11739
msgstr ""
11740
11741
#: serverguide/C/network-config.xml:230(programlisting)
11742
#, no-wrap
11743
msgid ""
11744
"\n"
11745
"nameserver 8.8.8.8\n"
11746
"nameserver 8.8.4.4\n"
11747
msgstr ""
11748
11749
#: serverguide/C/network-config.xml:234(para)
11750
msgid ""
11751
"If you no longer need this configuration and wish to purge all IP "
11752
"configuration from an interface, you can use the "
11753
"<application>ip</application> command with the flush option as shown below."
11754
msgstr ""
11755
11756
#: serverguide/C/network-config.xml:240(userinput)
11757
#, no-wrap
11758
msgid "ip addr flush eth0"
11759
msgstr ""
11760
11761
#: serverguide/C/network-config.xml:243(para)
11762
msgid ""
11763
"Flushing the IP configuration using the <application>ip</application> "
11764
"command does not clear the contents of "
11765
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11766
"entries manually."
11767
msgstr ""
11768
11769
#: serverguide/C/network-config.xml:251(title)
11770
msgid "Dynamic IP Address Assignment (DHCP Client)"
11771
msgstr ""
11772
11773
#: serverguide/C/network-config.xml:252(para)
11774
msgid ""
11775
"To configure your server to use DHCP for dynamic address assignment, add the "
11776
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11777
"statement for the appropriate interface in the file "
11778
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11779
"are configuring your first Ethernet interface identified as <emphasis "
11780
"role=\"italic\">eth0</emphasis>."
11781
msgstr ""
11782
11783
#: serverguide/C/network-config.xml:259(programlisting)
11784
#, no-wrap
11785
msgid ""
11786
"\n"
11787
"auto eth0\n"
11788
"iface eth0 inet dhcp\n"
11789
msgstr ""
11790
11791
#: serverguide/C/network-config.xml:263(para)
11792
msgid ""
11793
"By adding an interface configuration as shown above, you can manually enable "
11794
"the interface through the <application>ifup</application> command which "
11795
"initiates the DHCP process via <application>dhclient</application>."
11796
msgstr ""
11797
11798
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11799
#, no-wrap
11800
msgid "sudo ifup eth0"
11801
msgstr ""
11802
11803
#: serverguide/C/network-config.xml:271(para)
11804
msgid ""
11805
"To manually disable the interface, you can use the "
11806
"<application>ifdown</application> command, which in turn will initiate the "
11807
"DHCP release process and shut down the interface."
11808
msgstr ""
11809
11810
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11811
#, no-wrap
11812
msgid "sudo ifdown eth0"
11813
msgstr ""
11814
11815
#: serverguide/C/network-config.xml:282(title)
11816
msgid "Static IP Address Assignment"
11817
msgstr ""
11818
11819
#: serverguide/C/network-config.xml:283(para)
11820
msgid ""
11821
"To configure your system to use a static IP address assignment, add the "
11822
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11823
"family statement for the appropriate interface in the file "
11824
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11825
"are configuring your first Ethernet interface identified as <emphasis "
11826
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11827
"role=\"italic\">address</emphasis>, <emphasis "
11828
"role=\"italic\">netmask</emphasis>, and <emphasis "
11829
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11830
"network."
11831
msgstr ""
11832
11833
#: serverguide/C/network-config.xml:292(programlisting)
11834
#, no-wrap
11835
msgid ""
11836
"\n"
11837
"auto eth0\n"
11838
"iface eth0 inet static\n"
11839
"address 10.0.0.100\n"
11840
"netmask 255.255.255.0\n"
11841
"gateway 10.0.0.1\n"
11842
msgstr ""
11843
11844
#: serverguide/C/network-config.xml:299(para)
11845
msgid ""
11846
"By adding an interface configuration as shown above, you can manually enable "
11847
"the interface through the <application>ifup</application> command."
11848
msgstr ""
11849
11850
#: serverguide/C/network-config.xml:306(para)
11851
msgid ""
11852
"To manually disable the interface, you can use the "
11853
"<application>ifdown</application> command."
11854
msgstr ""
11855
11856
#: serverguide/C/network-config.xml:316(title)
11857
msgid "Loopback Interface"
11858
msgstr ""
11859
11860
#: serverguide/C/network-config.xml:317(para)
11861
msgid ""
11862
"The loopback interface is identified by the system as <emphasis "
11863
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11864
"can be viewed using the ifconfig command."
11865
msgstr ""
11866
11867
#: serverguide/C/network-config.xml:322(userinput)
11868
#, no-wrap
11869
msgid "ifconfig lo"
11870
msgstr ""
11871
11872
#: serverguide/C/network-config.xml:321(screen)
11873
#, no-wrap
11874
msgid ""
11875
"\n"
11876
"<placeholder-1/>\n"
11877
"lo Link encap:Local Loopback \n"
11878
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11879
" inet6 addr: ::1/128 Scope:Host\n"
11880
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11881
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11882
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11883
" collisions:0 txqueuelen:0 \n"
11884
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11885
msgstr ""
11886
11887
#: serverguide/C/network-config.xml:332(para)
11888
msgid ""
11889
"By default, there should be two lines in "
11890
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11891
"configuring your loopback interface. It is recommended that you keep the "
11892
"default settings unless you have a specific purpose for changing them. An "
11893
"example of the two default lines are shown below."
11894
msgstr ""
11895
11896
#: serverguide/C/network-config.xml:338(programlisting)
11897
#, no-wrap
11898
msgid ""
11899
"\n"
11900
"auto lo\n"
11901
"iface lo inet loopback\n"
11902
msgstr ""
11903
11904
#: serverguide/C/network-config.xml:347(title)
11905
msgid "Name Resolution"
11906
msgstr ""
11907
11908
#: serverguide/C/network-config.xml:348(para)
11909
msgid ""
11910
"Name resolution as it relates to IP networking is the process of mapping IP "
11911
"addresses to hostnames, making it easier to identify resources on a network. "
11912
"The following section will explain how to properly configure your system for "
11913
"name resolution using DNS and static hostname records."
11914
msgstr ""
11915
11916
#: serverguide/C/network-config.xml:356(title)
11917
msgid "DNS Client Configuration"
11918
msgstr ""
11919
11920
#: serverguide/C/network-config.xml:357(para)
11921
msgid ""
11922
"To configure your system to use DNS for name resolution, add the IP "
11923
"addresses of the DNS servers that are appropriate for your network in the "
11924
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11925
"suffix search-lists to match your network domain names."
11926
msgstr ""
11927
11928
#: serverguide/C/network-config.xml:362(para)
11929
msgid ""
11930
"Below is an example of a typical configuration of "
11931
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11932
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11933
msgstr ""
11934
11935
#: serverguide/C/network-config.xml:367(programlisting)
11936
#, no-wrap
11937
msgid ""
11938
"\n"
11939
"search example.com\n"
11940
"nameserver 8.8.8.8\n"
11941
"nameserver 8.8.4.4\n"
11942
msgstr ""
11943
11944
#: serverguide/C/network-config.xml:372(para)
11945
msgid ""
11946
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
11947
"multiple domain names so that DNS queries will be appended in the order in "
11948
"which they are entered. For example, your network may have multiple sub-"
11949
"domains to search; a parent domain of <emphasis "
11950
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
11951
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
11952
"role=\"italic\">dev.example.com</emphasis>."
11953
msgstr ""
11954
11955
#: serverguide/C/network-config.xml:380(para)
11956
msgid ""
11957
"If you have multiple domains you wish to search, your configuration might "
11958
"look like the following."
11959
msgstr ""
11960
11961
#: serverguide/C/network-config.xml:383(programlisting)
11962
#, no-wrap
11963
msgid ""
11964
"\n"
11965
"search example.com sales.example.com dev.example.com\n"
11966
"nameserver 8.8.8.8\n"
11967
"nameserver 8.8.4.4\n"
11968
msgstr ""
11969
11970
#: serverguide/C/network-config.xml:388(para)
11971
msgid ""
11972
"If you try to ping a host with the name of <emphasis "
11973
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
11974
"for its Fully Qualified Domain Name (FQDN) in the following order:"
11975
msgstr ""
11976
11977
#: serverguide/C/network-config.xml:394(para)
11978
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
11979
msgstr ""
11980
11981
#: serverguide/C/network-config.xml:399(para)
11982
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
11983
msgstr ""
11984
11985
#: serverguide/C/network-config.xml:404(para)
11986
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
11987
msgstr ""
11988
11989
#: serverguide/C/network-config.xml:409(para)
11990
msgid ""
11991
"If no matches are found, the DNS server will provide a result of <emphasis "
11992
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
11993
msgstr ""
11994
11995
#: serverguide/C/network-config.xml:416(title)
11996
msgid "Static Hostnames"
11997
msgstr ""
11998
11999
#: serverguide/C/network-config.xml:417(para)
12000
msgid ""
12001
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12002
"file <filename>/etc/hosts</filename>. Entries in the "
12003
"<filename>hosts</filename> file will have precedence over DNS by default. "
12004
"This means that if your system tries to resolve a hostname and it matches an "
12005
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12006
"some configurations, especially when Internet access is not required, "
12007
"servers that communicate with a limited number of resources can be "
12008
"conveniently set to use static hostnames instead of DNS."
12009
msgstr ""
12010
12011
#: serverguide/C/network-config.xml:424(para)
12012
msgid ""
12013
"The following is an example of a <filename>hosts</filename> file where a "
12014
"number of local servers have been identified by simple hostnames, aliases "
12015
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12016
msgstr ""
12017
12018
#: serverguide/C/network-config.xml:428(programlisting)
12019
#, no-wrap
12020
msgid ""
12021
"\n"
12022
"127.0.0.1\tlocalhost\n"
12023
"127.0.1.1\tubuntu-server\n"
12024
"10.0.0.11\tserver1 vpn server1.example.com\n"
12025
"10.0.0.12\tserver2 mail server2.example.com\n"
12026
"10.0.0.13\tserver3 www server3.example.com\n"
12027
"10.0.0.14\tserver4 file server4.example.com\n"
12028
msgstr ""
12029
12030
#: serverguide/C/network-config.xml:437(para)
12031
msgid ""
12032
"In the above example, notice that each of the servers have been given "
12033
"aliases in addition to their proper names and FQDN's. <emphasis "
12034
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12035
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12036
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12037
"role=\"italic\">server3</emphasis> as <emphasis "
12038
"role=\"italic\">www</emphasis>, and <emphasis "
12039
"role=\"italic\">server4</emphasis> as <emphasis "
12040
"role=\"italic\">file</emphasis>."
12041
msgstr ""
12042
12043
#: serverguide/C/network-config.xml:449(title)
12044
msgid "Name Service Switch Configuration"
12045
msgstr ""
12046
12047
#: serverguide/C/network-config.xml:450(para)
12048
msgid ""
12049
"The order in which your system selects a method of resolving hostnames to IP "
12050
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12051
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12052
"section, typically static hostnames defined in the systems "
12053
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12054
"from DNS. The following is an example of the line responsible for this order "
12055
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12056
msgstr ""
12057
12058
#: serverguide/C/network-config.xml:458(programlisting)
12059
#, no-wrap
12060
msgid ""
12061
"\n"
12062
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12063
msgstr ""
12064
12065
#: serverguide/C/network-config.xml:464(para)
12066
msgid ""
12067
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12068
"hostnames located in <filename>/etc/hosts</filename>."
12069
msgstr ""
12070
12071
#: serverguide/C/network-config.xml:470(para)
12072
msgid ""
12073
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12074
"name using Multicast DNS."
12075
msgstr ""
12076
12077
#: serverguide/C/network-config.xml:475(para)
12078
msgid ""
12079
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12080
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12081
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12082
"authoritative and that the system should not try to continue hunting for an "
12083
"answer."
12084
msgstr ""
12085
12086
#: serverguide/C/network-config.xml:483(para)
12087
msgid ""
12088
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12089
msgstr ""
12090
12091
#: serverguide/C/network-config.xml:488(para)
12092
msgid ""
12093
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12094
msgstr ""
12095
12096
#: serverguide/C/network-config.xml:494(para)
12097
msgid ""
12098
"To modify the order of the above mentioned name resolution methods, you can "
12099
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12100
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12101
"versus Multicast DNS, you can change the string in "
12102
"<filename>/etc/nsswitch.conf</filename> as shown below."
12103
msgstr ""
12104
12105
#: serverguide/C/network-config.xml:501(programlisting)
12106
#, no-wrap
12107
msgid ""
12108
"\n"
12109
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12110
msgstr ""
12111
12112
#: serverguide/C/network-config.xml:508(title)
12113
msgid "Bridging"
12114
msgstr ""
12115
12116
#: serverguide/C/network-config.xml:510(para)
12117
msgid ""
12118
"Bridging multiple interfaces is a more advanced configuration, but is very "
12119
"useful in multiple scenarios. One scenario is setting up a bridge with "
12120
"multiple network interfaces, then using a firewall to filter traffic between "
12121
"two network segments. Another scenario is using bridge on a system with one "
12122
"interface to allow virtual machines direct access to the outside network. "
12123
"The following example covers the latter scenario."
12124
msgstr ""
12125
12126
#: serverguide/C/network-config.xml:517(para)
12127
msgid ""
12128
"Before configuring a bridge you will need to install the <application>bridge-"
12129
"utils</application> package. To install the package, in a terminal enter:"
12130
msgstr ""
12131
12132
#: serverguide/C/network-config.xml:523(command)
12133
msgid "sudo apt-get install bridge-utils"
12134
msgstr "sudo apt-get install bridge-utils"
12135
12136
#: serverguide/C/network-config.xml:526(para)
12137
msgid ""
12138
"Next, configure the bridge by editing "
12139
"<filename>/etc/network/interfaces</filename>:"
12140
msgstr ""
12141
12142
#: serverguide/C/network-config.xml:530(programlisting)
12143
#, no-wrap
12144
msgid ""
12145
"\n"
12146
"auto lo\n"
12147
"iface lo inet loopback\n"
12148
"\n"
12149
"auto br0\n"
12150
"iface br0 inet static\n"
12151
" address 192.168.0.10\n"
12152
" network 192.168.0.0\n"
12153
" netmask 255.255.255.0\n"
12154
" broadcast 192.168.0.255\n"
12155
" gateway 192.168.0.1\n"
12156
" bridge_ports eth0\n"
12157
" bridge_fd 9\n"
12158
" bridge_hello 2\n"
12159
" bridge_maxage 12\n"
12160
" bridge_stp off\n"
12161
msgstr ""
12162
12163
#: serverguide/C/network-config.xml:549(para)
12164
msgid "Enter the appropriate values for your physical interface and network."
12165
msgstr ""
12166
12167
#: serverguide/C/network-config.xml:554(para)
12168
msgid "Now restart networking to enable the bridge interface:"
12169
msgstr ""
12170
12171
#: serverguide/C/network-config.xml:561(para)
12172
msgid ""
12173
"The new bridge interface should now be up and running. The "
12174
"<application>brctl</application> provides useful information about the state "
12175
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12176
"<command>man brctl</command> for more information."
12177
msgstr ""
12178
12179
#: serverguide/C/network-config.xml:577(para)
12180
msgid ""
12181
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12182
"Network page</ulink> has links to articles covering more advanced network "
12183
"configuration."
12184
msgstr ""
12185
12186
#: serverguide/C/network-config.xml:583(para)
12187
msgid ""
12188
"The <ulink "
12189
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12190
"\">interfaces man page</ulink> has details on more options for "
12191
"<filename>/etc/network/interfaces</filename>."
12192
msgstr ""
12193
12194
#: serverguide/C/network-config.xml:589(para)
12195
msgid ""
12196
"The <ulink "
12197
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12198
"dhclient man page</ulink> has details on more options for configuring DHCP "
12199
"client settings."
12200
msgstr ""
12201
12202
#: serverguide/C/network-config.xml:595(para)
12203
msgid ""
12204
"For more information on DNS client configuration see the <ulink "
12205
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12206
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12207
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12208
"Administrator's Guide</ulink> is a good source of resolver and name service "
12209
"configuration information."
12210
msgstr ""
12211
12212
#: serverguide/C/network-config.xml:603(para)
12213
msgid ""
12214
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12215
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12216
"tl man page</ulink> and the Linux Foundation's <ulink "
12217
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12218
msgstr ""
12219
12220
#: serverguide/C/network-config.xml:614(title)
12221
msgid "TCP/IP"
12222
msgstr "TCP/IP"
12223
12224
#: serverguide/C/network-config.xml:615(para)
12225
msgid ""
12226
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12227
"standard set of protocols developed in the late 1970s by the Defense "
12228
"Advanced Research Projects Agency (DARPA) as a means of communication "
12229
"between different types of computers and computer networks. TCP/IP is the "
12230
"driving force of the Internet, and thus it is the most popular set of "
12231
"network protocols on Earth."
12232
msgstr ""
12233
12234
#: serverguide/C/network-config.xml:623(title)
12235
msgid "TCP/IP Introduction"
12236
msgstr ""
12237
12238
#: serverguide/C/network-config.xml:624(para)
12239
msgid ""
12240
"The two protocol components of TCP/IP deal with different aspects of "
12241
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12242
"TCP/IP is a connectionless protocol which deals only with network packet "
12243
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12244
"basic unit of networking information. The IP Datagram consists of a header "
12245
"followed by a message. The <emphasis> Transmission Control "
12246
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12247
"establish connections which may be used to exchange data streams. TCP also "
12248
"guarantees that the data between connections is delivered and that it "
12249
"arrives at one network host in the same order as sent from another network "
12250
"host."
12251
msgstr ""
12252
12253
#: serverguide/C/network-config.xml:637(title)
12254
msgid "TCP/IP Configuration"
12255
msgstr ""
12256
12257
#: serverguide/C/network-config.xml:638(para)
12258
msgid ""
12259
"The TCP/IP protocol configuration consists of several elements which must be "
12260
"set by editing the appropriate configuration files, or deploying solutions "
12261
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12262
"can be configured to provide the proper TCP/IP configuration settings to "
12263
"network clients automatically. These configuration values must be set "
12264
"correctly in order to facilitate the proper network operation of your Ubuntu "
12265
"system."
12266
msgstr ""
12267
12268
#: serverguide/C/network-config.xml:650(para)
12269
msgid ""
12270
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12271
"identifying string expressed as four decimal numbers ranging from zero (0) "
12272
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12273
"four numbers representing eight (8) bits of the address for a total length "
12274
"of thirty-two (32) bits for the whole address. This format is called "
12275
"<emphasis>dotted quad notation</emphasis>."
12276
msgstr ""
12277
12278
#: serverguide/C/network-config.xml:660(para)
12279
msgid ""
12280
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12281
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12282
"separate the portions of an IP address significant to the network from the "
12283
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12284
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12285
"three bytes of the IP address and allows the last byte of the IP address to "
12286
"remain available for specifying hosts on the subnetwork."
12287
msgstr ""
12288
12289
#: serverguide/C/network-config.xml:671(para)
12290
msgid ""
12291
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12292
"represents the bytes comprising the network portion of an IP address. For "
12293
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12294
"network address, where twelve (12) represents the first byte of the IP "
12295
"address, (the network part) and zeroes (0) in all of the remaining three "
12296
"bytes to represent the potential host values. A network host using the "
12297
"private IP address 192.168.1.100 would in turn use a Network Address of "
12298
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12299
"network and a zero (0) for all the possible hosts on the network."
12300
msgstr ""
12301
12302
#: serverguide/C/network-config.xml:684(para)
12303
msgid ""
12304
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12305
"is an IP address which allows network data to be sent simultaneously to all "
12306
"hosts on a given subnetwork rather than specifying a particular host. The "
12307
"standard general broadcast address for IP networks is 255.255.255.255, but "
12308
"this broadcast address cannot be used to send a broadcast message to every "
12309
"host on the Internet because routers block it. A more appropriate broadcast "
12310
"address is set to match a specific subnetwork. For example, on the private "
12311
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12312
"Broadcast messages are typically produced by network protocols such as the "
12313
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12314
msgstr ""
12315
12316
#: serverguide/C/network-config.xml:697(para)
12317
msgid ""
12318
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12319
"IP address through which a particular network, or host on a network, may be "
12320
"reached. If one network host wishes to communicate with another network "
12321
"host, and that host is not located on the same network, then a "
12322
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12323
"Address will be that of a router on the same network, which will in turn "
12324
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12325
"value of the Gateway Address setting must be correct, or your system will "
12326
"not be able to reach any hosts beyond those on the same network."
12327
msgstr ""
12328
12329
#: serverguide/C/network-config.xml:708(para)
12330
msgid ""
12331
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12332
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12333
"resolve network hostnames into IP addresses. There are three levels of "
12334
"Nameserver Addresses, which may be specified in order of precedence: The "
12335
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12336
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12337
"your system to be able to resolve network hostnames into their corresponding "
12338
"IP addresses, you must specify valid Nameserver Addresses which you are "
12339
"authorized to use in your system's TCP/IP configuration. In many cases these "
12340
"addresses can and will be provided by your network service provider, but "
12341
"many free and publicly accessible nameservers are available for use, such as "
12342
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12343
msgstr ""
12344
12345
#: serverguide/C/network-config.xml:722(para)
12346
msgid ""
12347
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12348
"Address are typically specified via the appropriate directives in the file "
12349
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12350
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12351
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12352
"system manual page for <filename>interfaces</filename> or "
12353
"<filename>resolv.conf</filename> respectively, with the following commands "
12354
"typed at a terminal prompt:"
12355
msgstr ""
12356
12357
#: serverguide/C/network-config.xml:729(para)
12358
msgid ""
12359
"Access the system manual page for <filename>interfaces</filename> with the "
12360
"following command:"
12361
msgstr ""
12362
12363
#: serverguide/C/network-config.xml:734(command)
12364
msgid "man interfaces"
12365
msgstr ""
12366
12367
#: serverguide/C/network-config.xml:737(para)
12368
msgid ""
12369
"Access the system manual page for <filename>resolv.conf</filename> with the "
12370
"following command:"
12371
msgstr ""
12372
12373
#: serverguide/C/network-config.xml:741(command)
12374
msgid "man resolv.conf"
12375
msgstr ""
12376
12377
#: serverguide/C/network-config.xml:646(para)
12378
msgid ""
12379
"The common configuration elements of TCP/IP and their purposes are as "
12380
"follows: <placeholder-1/>"
12381
msgstr ""
12382
12383
#: serverguide/C/network-config.xml:748(title)
12384
msgid "IP Routing"
12385
msgstr ""
12386
12387
#: serverguide/C/network-config.xml:749(para)
12388
msgid ""
12389
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12390
"network along which network data may be sent. Routing uses a set of "
12391
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12392
"packets from their source to the destination, often via many intermediary "
12393
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12394
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12395
"<emphasis>Dynamic Routing.</emphasis>"
12396
msgstr ""
12397
12398
#: serverguide/C/network-config.xml:758(para)
12399
msgid ""
12400
"Static routing involves manually adding IP routes to the system's routing "
12401
"table, and this is usually done by manipulating the routing table with the "
12402
"<application>route</application> command. Static routing enjoys many "
12403
"advantages over dynamic routing, such as simplicity of implementation on "
12404
"smaller networks, predictability (the routing table is always computed in "
12405
"advance, and thus the route is precisely the same each time it is used), and "
12406
"low overhead on other routers and network links due to the lack of a dynamic "
12407
"routing protocol. However, static routing does present some disadvantages as "
12408
"well. For example, static routing is limited to small networks and does not "
12409
"scale well. Static routing also fails completely to adapt to network outages "
12410
"and failures along the route due to the fixed nature of the route."
12411
msgstr ""
12412
12413
#: serverguide/C/network-config.xml:768(para)
12414
msgid ""
12415
"Dynamic routing depends on large networks with multiple possible IP routes "
12416
"from a source to a destination and makes use of special routing protocols, "
12417
"such as the Router Information Protocol (RIP), which handle the automatic "
12418
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12419
"routing has several advantages over static routing, such as superior "
12420
"scalability and the ability to adapt to failures and outages along network "
12421
"routes. Additionally, there is less manual configuration of the routing "
12422
"tables, since routers learn from one another about their existence and "
12423
"available routes. This trait also eliminates the possibility of introducing "
12424
"mistakes in the routing tables via human error. Dynamic routing is not "
12425
"perfect, however, and presents disadvantages such as heightened complexity "
12426
"and additional network overhead from router communications, which does not "
12427
"immediately benefit the end users, but still consumes network bandwidth."
12428
msgstr ""
12429
12430
#: serverguide/C/network-config.xml:782(title)
12431
msgid "TCP and UDP"
12432
msgstr "TCP og UDP"
12433
12434
#: serverguide/C/network-config.xml:783(para)
12435
msgid ""
12436
"TCP is a connection-based protocol, offering error correction and guaranteed "
12437
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12438
"Flow control determines when the flow of a data stream needs to be stopped, "
12439
"and previously sent data packets should to be re-sent due to problems such "
12440
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12441
"accurate delivery of the data. TCP is typically used in the exchange of "
12442
"important information such as database transactions."
12443
msgstr ""
12444
12445
#: serverguide/C/network-config.xml:791(para)
12446
msgid ""
12447
"The User Datagram Protocol (UDP), on the other hand, is a "
12448
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12449
"transmission of important data because it lacks flow control or any other "
12450
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12451
"applications as audio and video streaming, where it is considerably faster "
12452
"than TCP due to the lack of error correction and flow control, and where the "
12453
"loss of a few packets is not generally catastrophic."
12454
msgstr ""
12455
12456
#: serverguide/C/network-config.xml:801(title)
12457
msgid "ICMP"
12458
msgstr "ICMP"
12459
12460
#: serverguide/C/network-config.xml:802(para)
12461
msgid ""
12462
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12463
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12464
"supports network packets containing control, error, and informational "
12465
"messages. ICMP is used by such network applications as the "
12466
"<application>ping</application> utility, which can determine the "
12467
"availability of a network host or device. Examples of some error messages "
12468
"returned by ICMP which are useful to both network hosts and devices such as "
12469
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12470
"<emphasis>Time Exceeded</emphasis>."
12471
msgstr ""
12472
12473
#: serverguide/C/network-config.xml:812(title)
12474
msgid "Daemons"
12475
msgstr ""
12476
12477
#: serverguide/C/network-config.xml:813(para)
12478
msgid ""
12479
"Daemons are special system applications which typically execute continuously "
12480
"in the background and await requests for the functions they provide from "
12481
"other applications. Many daemons are network-centric; that is, a large "
12482
"number of daemons executing in the background on an Ubuntu system may "
12483
"provide network-related functionality. Some examples of such network daemons "
12484
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12485
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12486
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12487
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12488
"Daemon</emphasis> (imapd), which provides E-Mail services."
12489
msgstr ""
12490
12491
#: serverguide/C/network-config.xml:828(para)
12492
msgid ""
12493
"There are man pages for <ulink "
12494
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12495
"ulink> and <ulink "
12496
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12497
"> that contain more useful information."
12498
msgstr ""
12499
12500
#: serverguide/C/network-config.xml:834(para)
12501
msgid ""
12502
"Also, see the <ulink "
12503
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12504
"and Technical Overview</ulink> IBM Redbook."
12505
msgstr ""
12506
12507
#: serverguide/C/network-config.xml:840(para)
12508
msgid ""
12509
"Another resource is O'Reilly's <ulink "
12510
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12511
"Administration</ulink>."
12512
msgstr ""
12513
12514
#: serverguide/C/network-config.xml:849(title)
12515
msgid "Dynamic Host Configuration Protocol (DHCP)"
12516
msgstr ""
12517
12518
#: serverguide/C/network-config.xml:850(para)
12519
msgid ""
12520
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12521
"enables host computers to be automatically assigned settings from a server "
12522
"as opposed to manually configuring each network host. Computers configured "
12523
"to be DHCP clients have no control over the settings they receive from the "
12524
"DHCP server, and the configuration is transparent to the computer's user."
12525
msgstr ""
12526
12527
#: serverguide/C/network-config.xml:857(para)
12528
msgid ""
12529
"The most common settings provided by a DHCP server to DHCP clients include:"
12530
msgstr ""
12531
12532
#: serverguide/C/network-config.xml:862(para)
12533
msgid "IP-Address and Netmask"
12534
msgstr ""
12535
12536
#: serverguide/C/network-config.xml:865(para)
12537
msgid "DNS"
12538
msgstr "DNS"
12539
12540
#: serverguide/C/network-config.xml:868(para)
12541
msgid "WINS"
12542
msgstr "WINS"
12543
12544
#: serverguide/C/network-config.xml:871(para)
12545
msgid ""
12546
"However, a DHCP server can also supply configuration properties such as:"
12547
msgstr ""
12548
12549
#: serverguide/C/network-config.xml:876(para)
12550
msgid "Host Name"
12551
msgstr "Værtsnavn"
12552
12553
#: serverguide/C/network-config.xml:879(para)
12554
msgid "Domain Name"
12555
msgstr ""
12556
12557
#: serverguide/C/network-config.xml:882(para)
12558
msgid "Default Gateway"
12559
msgstr "Standard-gateway"
12560
12561
#: serverguide/C/network-config.xml:885(para)
12562
msgid "Time Server"
12563
msgstr ""
12564
12565
#: serverguide/C/network-config.xml:888(para)
12566
msgid "Print Server"
12567
msgstr "Printserver"
12568
12569
#: serverguide/C/network-config.xml:891(para)
12570
msgid ""
12571
"The advantage of using DHCP is that changes to the network, for example a "
12572
"change in the address of the DNS server, need only be changed at the DHCP "
12573
"server, and all network hosts will be reconfigured the next time their DHCP "
12574
"clients poll the DHCP server. As an added advantage, it is also easier to "
12575
"integrate new computers into the network, as there is no need to check for "
12576
"the availability of an IP address. Conflicts in IP address allocation are "
12577
"also reduced."
12578
msgstr ""
12579
12580
#: serverguide/C/network-config.xml:899(para)
12581
msgid "A DHCP server can provide configuration settings using two methods:"
12582
msgstr ""
12583
12584
#: serverguide/C/network-config.xml:904(term)
12585
msgid "MAC Address"
12586
msgstr "MAC-adresse"
12587
12588
#: serverguide/C/network-config.xml:906(para)
12589
msgid ""
12590
"This method entails using DHCP to identify the unique hardware address of "
12591
"each network card connected to the network and then continually supplying a "
12592
"constant configuration each time the DHCP client makes a request to the DHCP "
12593
"server using that network device."
12594
msgstr ""
12595
12596
#: serverguide/C/network-config.xml:915(term)
12597
msgid "Address Pool"
12598
msgstr ""
12599
12600
#: serverguide/C/network-config.xml:917(para)
12601
msgid ""
12602
"This method entails defining a pool (sometimes also called a range or scope) "
12603
"of IP addresses from which DHCP clients are supplied their configuration "
12604
"properties dynamically and on a \"first come, first served\" basis. When a "
12605
"DHCP client is no longer on the network for a specified period, the "
12606
"configuration is expired and released back to the address pool for use by "
12607
"other DHCP Clients."
12608
msgstr ""
12609
12610
#: serverguide/C/network-config.xml:928(para)
12611
msgid ""
12612
"Ubuntu is shipped with both DHCP server and client. The server is "
12613
"<application>dhcpd</application> (dynamic host configuration protocol "
12614
"daemon). The client provided with Ubuntu is "
12615
"<application>dhclient</application> and should be installed on all computers "
12616
"required to be automatically configured. Both programs are easy to install "
12617
"and configure and will be automatically started at system boot."
12618
msgstr ""
12619
12620
#: serverguide/C/network-config.xml:938(para)
12621
msgid ""
12622
"At a terminal prompt, enter the following command to install "
12623
"<application>dhcpd</application>:"
12624
msgstr ""
12625
12626
#: serverguide/C/network-config.xml:943(command)
12627
msgid "sudo apt-get install dhcp3-server"
12628
msgstr "sudo apt-get install dhcp3-server"
12629
12630
#: serverguide/C/network-config.xml:945(para)
12631
msgid ""
12632
"You will probably need to change the default configuration by editing "
12633
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12634
msgstr ""
12635
12636
#: serverguide/C/network-config.xml:949(para)
12637
msgid ""
12638
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12639
"dhcpd should listen to. By default it listens to eth0."
12640
msgstr ""
12641
12642
#: serverguide/C/network-config.xml:953(para)
12643
msgid ""
12644
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12645
"messages."
12646
msgstr ""
12647
12648
#: serverguide/C/network-config.xml:960(para)
12649
msgid ""
12650
"The error message the installation ends with might be a little confusing, "
12651
"but the following steps will help you configure the service:"
12652
msgstr ""
12653
12654
#: serverguide/C/network-config.xml:964(para)
12655
msgid ""
12656
"Most commonly, what you want to do is assign an IP address randomly. This "
12657
"can be done with settings as follows:"
12658
msgstr ""
12659
12660
#: serverguide/C/network-config.xml:968(programlisting)
12661
#, no-wrap
12662
msgid ""
12663
"\n"
12664
"# Sample /etc/dhcpd.conf\n"
12665
"# (add your comments here) \n"
12666
"default-lease-time 600;\n"
12667
"max-lease-time 7200;\n"
12668
"option subnet-mask 255.255.255.0;\n"
12669
"option broadcast-address 192.168.1.255;\n"
12670
"option routers 192.168.1.254;\n"
12671
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12672
"option domain-name \"mydomain.example\";\n"
12673
"\n"
12674
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12675
"range 192.168.1.10 192.168.1.100;\n"
12676
"range 192.168.1.150 192.168.1.200;\n"
12677
"} \n"
12678
msgstr ""
12679
12680
#: serverguide/C/network-config.xml:984(para)
12681
msgid ""
12682
"This will result in the DHCP server giving a client an IP address from the "
12683
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12684
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12685
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12686
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12687
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12688
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12689
msgstr ""
12690
12691
#: serverguide/C/network-config.xml:993(para)
12692
msgid ""
12693
"If you need to specify a WINS server for your Windows clients, you will need "
12694
"to include the netbios-name-servers option, e.g."
12695
msgstr ""
12696
12697
#: serverguide/C/network-config.xml:997(programlisting)
12698
#, no-wrap
12699
msgid ""
12700
"\n"
12701
"option netbios-name-servers 192.168.1.1; \n"
12702
msgstr ""
12703
12704
#: serverguide/C/network-config.xml:1000(para)
12705
msgid ""
12706
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12707
"be found <ulink "
12708
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12709
msgstr ""
12710
12711
#: serverguide/C/network-config.xml:1010(para)
12712
msgid ""
12713
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12714
"server Ubuntu Wiki</ulink> page has more information."
12715
msgstr ""
12716
12717
#: serverguide/C/network-config.xml:1015(para)
12718
msgid ""
12719
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12720
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12721
"\">dhcpd.conf man page</ulink>."
12722
msgstr ""
12723
12724
#: serverguide/C/network-config.xml:1021(para)
12725
msgid ""
12726
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12727
"FAQ</ulink>"
12728
msgstr ""
12729
12730
#: serverguide/C/network-config.xml:1031(title)
12731
msgid "Time Synchronisation with NTP"
12732
msgstr ""
12733
12734
#: serverguide/C/network-config.xml:1032(para)
12735
msgid ""
12736
"This page describes methods for keeping your computer's time accurate. This "
12737
"is useful for servers, but is not necessary (or desirable) for desktop "
12738
"machines."
12739
msgstr ""
12740
12741
#: serverguide/C/network-config.xml:1035(para)
12742
msgid ""
12743
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12744
"client requests the current time from a server, and uses it to set its own "
12745
"clock."
12746
msgstr ""
12747
12748
#: serverguide/C/network-config.xml:1038(para)
12749
msgid ""
12750
"Behind this simple description, there is a lot of complexity - there are "
12751
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12752
"clocks (often via GPS), and tier two and three servers spreading the load of "
12753
"actually handling requests across the Internet. Also the client software is "
12754
"a lot more complex than you might think - it has to factor out communication "
12755
"delays, and adjust the time in a way that does not upset all the other "
12756
"processes that run on the server. But luckily all that complexity is hidden "
12757
"from you!"
12758
msgstr ""
12759
12760
#: serverguide/C/network-config.xml:1041(para)
12761
msgid ""
12762
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12763
msgstr ""
12764
12765
#: serverguide/C/network-config.xml:1046(title)
12766
msgid "ntpdate"
12767
msgstr ""
12768
12769
#: serverguide/C/network-config.xml:1047(para)
12770
msgid ""
12771
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12772
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12773
"is likely to drift considerably between reboots, so it makes sense to "
12774
"correct the time occasionally. The easiest way to do this is to get cron to "
12775
"run ntpdate every day. With your favorite editor, as root, create a file "
12776
"<code>/etc/cron.daily/ntpdate</code> containing:"
12777
msgstr ""
12778
12779
#: serverguide/C/network-config.xml:1052(screen)
12780
#, no-wrap
12781
msgid "ntpdate ntp.ubuntu.com\n"
12782
msgstr ""
12783
12784
#: serverguide/C/network-config.xml:1054(para)
12785
msgid ""
12786
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12787
msgstr ""
12788
12789
#: serverguide/C/network-config.xml:1057(screen)
12790
#, no-wrap
12791
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12792
msgstr "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12793
12794
#: serverguide/C/network-config.xml:1061(title)
12795
msgid "ntpd"
12796
msgstr ""
12797
12798
#: serverguide/C/network-config.xml:1062(para)
12799
msgid ""
12800
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12801
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12802
"calculates the drift of your system clock and continuously adjusts it, so "
12803
"there are no large corrections that could lead to inconsistent logs for "
12804
"instance. The cost is a little processing power and memory, but for a modern "
12805
"server this is negligible."
12806
msgstr ""
12807
12808
#: serverguide/C/network-config.xml:1065(para)
12809
msgid "To set up ntpd:"
12810
msgstr ""
12811
12812
#: serverguide/C/network-config.xml:1066(screen)
12813
#, no-wrap
12814
msgid "sudo apt-get install ntp\n"
12815
msgstr "sudo apt-get install ntp\n"
12816
12817
#: serverguide/C/network-config.xml:1071(title)
12818
msgid "Changing Time Servers"
12819
msgstr ""
12820
12821
#: serverguide/C/network-config.xml:1072(para)
12822
msgid ""
12823
"In both cases above, your system will use Ubuntu's NTP server at "
12824
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12825
"use several servers to increase accuracy and resilience, and you may want to "
12826
"use time servers that are geographically closer to you. to do this for "
12827
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12828
msgstr ""
12829
12830
#: serverguide/C/network-config.xml:1079(screen)
12831
#, no-wrap
12832
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12833
msgstr ""
12834
12835
#: serverguide/C/network-config.xml:1081(para)
12836
msgid ""
12837
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12838
"lines:"
12839
msgstr ""
12840
12841
#: serverguide/C/network-config.xml:1086(screen)
12842
#, no-wrap
12843
msgid ""
12844
"server ntp.ubuntu.com\n"
12845
"server pool.ntp.org\n"
12846
msgstr ""
12847
12848
#: serverguide/C/network-config.xml:1089(para)
12849
msgid ""
12850
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12851
"really good idea which uses round-robin DNS to return an NTP server from a "
12852
"pool, spreading the load between several different servers. Even better, "
12853
"they have pools for different regions - for instance, if you are in New "
12854
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12855
"<code>pool.ntp.org</code> . Look at <ulink "
12856
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12857
"details."
12858
msgstr ""
12859
12860
#: serverguide/C/network-config.xml:1100(para)
12861
msgid ""
12862
"You can also Google for NTP servers in your region, and add these to your "
12863
"configuration. To test that a server works, just type <code>sudo ntpdate "
12864
"ntp.server.name</code> and see what happens."
12865
msgstr ""
12866
12867
#: serverguide/C/network-config.xml:1111(para)
12868
msgid ""
12869
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12870
"Time</ulink> wiki page for more information."
12871
msgstr ""
12872
12873
#: serverguide/C/network-config.xml:1117(ulink)
12874
msgid "NTP Support"
12875
msgstr ""
12876
12877
#: serverguide/C/network-config.xml:1122(ulink)
12878
msgid "The NTP FAQ and HOWTO"
12879
msgstr ""
12880
12881
#: serverguide/C/network-auth.xml:13(title)
12882
msgid "Network Authentication"
12883
msgstr ""
12884
12885
#: serverguide/C/network-auth.xml:15(para)
12886
msgid "This section explains various Network Authentication protocols."
12887
msgstr ""
12888
12889
#: serverguide/C/network-auth.xml:19(title)
12890
msgid "OpenLDAP Server"
12891
msgstr ""
12892
12893
#: serverguide/C/network-auth.xml:20(para)
12894
msgid ""
12895
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12896
"simplified version of the X.500 protocol. The directory setup in this "
12897
"section will be used for authentication. Nevertheless, LDAP can be used in "
12898
"numerous ways: authentication, shared directory (for mail clients), address "
12899
"book, etc."
12900
msgstr ""
12901
12902
#: serverguide/C/network-auth.xml:28(para)
12903
msgid ""
12904
"To describe LDAP quickly, all information is stored in a tree structure. "
12905
"With <application>OpenLDAP</application> you have freedom to determine the "
12906
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12907
"We will begin with a basic tree containing two nodes below the root:"
12908
msgstr ""
12909
12910
#: serverguide/C/network-auth.xml:37(para)
12911
msgid "\"People\" node where your users will be stored"
12912
msgstr ""
12913
12914
#: serverguide/C/network-auth.xml:40(para)
12915
msgid "\"Groups\" node where your groups will be stored"
12916
msgstr ""
12917
12918
#: serverguide/C/network-auth.xml:44(para)
12919
msgid ""
12920
"Before beginning, you should determine what the root of your LDAP directory "
12921
"will be. By default, your tree will be determined by your Fully Qualified "
12922
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12923
"example), your root node will be dc=example,dc=com."
12924
msgstr ""
12925
12926
#: serverguide/C/network-auth.xml:54(para)
12927
msgid ""
12928
"First, install the <application>OpenLDAP</application> server daemon "
12929
"<application>slapd</application> and <application>ldap-utils</application>, "
12930
"a package containing LDAP management utilities:"
12931
msgstr ""
12932
12933
#: serverguide/C/network-auth.xml:60(command)
12934
msgid "sudo apt-get install slapd ldap-utils"
12935
msgstr "sudo apt-get install slapd ldap-utils"
12936
12937
#: serverguide/C/network-auth.xml:63(para)
12938
msgid ""
12939
"By default <application>slapd</application> is configured with minimal "
12940
"options needed to run the <application>slapd</application> daemon."
12941
msgstr ""
12942
12943
#: serverguide/C/network-auth.xml:68(para)
12944
msgid ""
12945
"The configuration example in the following sections will match the domain "
12946
"name of the server. For example, if the machine's Fully Qualified Domain "
12947
"Name (FQDN) is ldap.example.com, the default suffix will be "
12948
"<emphasis>dc=example,dc=com</emphasis>."
12949
msgstr ""
12950
12951
#: serverguide/C/network-auth.xml:76(title)
12952
msgid "Populating LDAP"
12953
msgstr ""
12954
12955
#: serverguide/C/network-auth.xml:78(para)
12956
msgid ""
12957
"<application>OpenLDAP</application> uses a separate directory which contains "
12958
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
12959
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
12960
"<application>slapd</application> daemon, allowing the modification of schema "
12961
"definitions, indexes, ACLs, etc without stopping the service."
12962
msgstr ""
12963
12964
#: serverguide/C/network-auth.xml:86(para)
12965
msgid ""
12966
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
12967
"configuration and will need additional configuration options in order to "
12968
"populate the frontend directory. The frontend will be populated with a "
12969
"\"classical\" scheme that will be compatible with address book applications "
12970
"and with Unix Posix accounts. Posix accounts will allow authentication to "
12971
"various applications, such as web applications, email Mail Transfer Agent "
12972
"(MTA) applications, etc."
12973
msgstr ""
12974
12975
#: serverguide/C/network-auth.xml:95(para)
12976
msgid ""
12977
"For external applications to authenticate using LDAP they will each need to "
12978
"be specifically configured to do so. Refer to the individual application "
12979
"documentation for details."
12980
msgstr ""
12981
12982
#: serverguide/C/network-auth.xml:103(para)
12983
msgid ""
12984
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
12985
"examples to match your LDAP configuration."
12986
msgstr ""
12987
12988
#: serverguide/C/network-auth.xml:108(para)
12989
msgid ""
12990
"First, some additional schema files need to be loaded. In a terminal enter:"
12991
msgstr ""
12992
12993
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
12994
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12995
msgstr ""
12996
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12997
12998
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
12999
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13000
msgstr "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13001
13002
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13003
msgid ""
13004
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13005
msgstr ""
13006
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13007
13008
#: serverguide/C/network-auth.xml:118(para)
13009
msgid ""
13010
"Next, copy the following example LDIF file, naming it "
13011
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13012
msgstr ""
13013
13014
#: serverguide/C/network-auth.xml:123(programlisting)
13015
#, no-wrap
13016
msgid ""
13017
"\n"
13018
"# Load dynamic backend modules\n"
13019
"dn: cn=module,cn=config\n"
13020
"objectClass: olcModuleList\n"
13021
"cn: module\n"
13022
"olcModulepath: /usr/lib/ldap\n"
13023
"olcModuleload: back_hdb\n"
13024
"\n"
13025
"# Database settings\n"
13026
"dn: olcDatabase=hdb,cn=config\n"
13027
"objectClass: olcDatabaseConfig\n"
13028
"objectClass: olcHdbConfig\n"
13029
"olcDatabase: {1}hdb\n"
13030
"olcSuffix: dc=example,dc=com\n"
13031
"olcDbDirectory: /var/lib/ldap\n"
13032
"olcRootDN: cn=admin,dc=example,dc=com\n"
13033
"olcRootPW: secret\n"
13034
"olcDbConfig: set_cachesize 0 2097152 0\n"
13035
"olcDbConfig: set_lk_max_objects 1500\n"
13036
"olcDbConfig: set_lk_max_locks 1500\n"
13037
"olcDbConfig: set_lk_max_lockers 1500\n"
13038
"olcDbIndex: objectClass eq\n"
13039
"olcLastMod: TRUE\n"
13040
"olcDbCheckpoint: 512 30\n"
13041
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13042
"by anonymous auth by self write by * none\n"
13043
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13044
"olcAccess: to dn.base=\"\" by * read\n"
13045
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13046
"\n"
13047
msgstr ""
13048
13049
#: serverguide/C/network-auth.xml:155(para)
13050
msgid ""
13051
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13052
msgstr ""
13053
13054
#: serverguide/C/network-auth.xml:160(para)
13055
msgid "Now add the LDIF to the directory:"
13056
msgstr ""
13057
13058
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13059
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13060
msgstr ""
13061
13062
#: serverguide/C/network-auth.xml:168(para)
13063
msgid ""
13064
"The frontend directory is now ready to be populated. Create a "
13065
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13066
msgstr ""
13067
13068
#: serverguide/C/network-auth.xml:173(programlisting)
13069
#, no-wrap
13070
msgid ""
13071
"\n"
13072
"# Create top-level object in domain\n"
13073
"dn: dc=example,dc=com\n"
13074
"objectClass: top\n"
13075
"objectClass: dcObject\n"
13076
"objectclass: organization\n"
13077
"o: Example Organization\n"
13078
"dc: Example\n"
13079
"description: LDAP Example \n"
13080
"\n"
13081
"# Admin user.\n"
13082
"dn: cn=admin,dc=example,dc=com\n"
13083
"objectClass: simpleSecurityObject\n"
13084
"objectClass: organizationalRole\n"
13085
"cn: admin\n"
13086
"description: LDAP administrator\n"
13087
"userPassword: secret\n"
13088
"\n"
13089
"dn: ou=people,dc=example,dc=com\n"
13090
"objectClass: organizationalUnit\n"
13091
"ou: people\n"
13092
"\n"
13093
"dn: ou=groups,dc=example,dc=com\n"
13094
"objectClass: organizationalUnit\n"
13095
"ou: groups\n"
13096
"\n"
13097
"dn: uid=john,ou=people,dc=example,dc=com\n"
13098
"objectClass: inetOrgPerson\n"
13099
"objectClass: posixAccount\n"
13100
"objectClass: shadowAccount\n"
13101
"uid: john\n"
13102
"sn: Doe\n"
13103
"givenName: John\n"
13104
"cn: John Doe\n"
13105
"displayName: John Doe\n"
13106
"uidNumber: 1000\n"
13107
"gidNumber: 10000\n"
13108
"userPassword: password\n"
13109
"gecos: John Doe\n"
13110
"loginShell: /bin/bash\n"
13111
"homeDirectory: /home/john\n"
13112
"shadowExpire: -1\n"
13113
"shadowFlag: 0\n"
13114
"shadowWarning: 7\n"
13115
"shadowMin: 8\n"
13116
"shadowMax: 999999\n"
13117
"shadowLastChange: 10877\n"
13118
"mail: john.doe@example.com\n"
13119
"postalCode: 31000\n"
13120
"l: Toulouse\n"
13121
"o: Example\n"
13122
"mobile: +33 (0)6 xx xx xx xx\n"
13123
"homePhone: +33 (0)5 xx xx xx xx\n"
13124
"title: System Administrator\n"
13125
"postalAddress: \n"
13126
"initials: JD\n"
13127
"\n"
13128
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13129
"objectClass: posixGroup\n"
13130
"cn: example\n"
13131
"gidNumber: 10000\n"
13132
msgstr ""
13133
13134
#: serverguide/C/network-auth.xml:236(para)
13135
msgid ""
13136
"In this example the directory structure, a user, and a group have been "
13137
"setup. In other examples you might see the <emphasis>objectClass: "
13138
"top</emphasis> added in every entry, but that is the default behaviour so "
13139
"you do not have to add it explicitly."
13140
msgstr ""
13141
13142
#: serverguide/C/network-auth.xml:243(para)
13143
msgid "Add the entries to the LDAP directory:"
13144
msgstr ""
13145
13146
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13147
msgid ""
13148
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13149
msgstr ""
13150
13151
#: serverguide/C/network-auth.xml:252(para)
13152
msgid ""
13153
"We can check that the content has been correctly added with the "
13154
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13155
"directory:"
13156
msgstr ""
13157
13158
#: serverguide/C/network-auth.xml:258(command)
13159
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13160
msgstr ""
13161
13162
#: serverguide/C/network-auth.xml:259(computeroutput)
13163
#, no-wrap
13164
msgid ""
13165
"\n"
13166
"dn: uid=john,ou=people,dc=example,dc=com\n"
13167
"cn: John Doe\n"
13168
"sn: Doe\n"
13169
"givenName: John\n"
13170
msgstr ""
13171
13172
#: serverguide/C/network-auth.xml:267(para)
13173
msgid "Just a quick explanation:"
13174
msgstr ""
13175
13176
#: serverguide/C/network-auth.xml:273(para)
13177
msgid ""
13178
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13179
"the default."
13180
msgstr ""
13181
13182
#: serverguide/C/network-auth.xml:279(para)
13183
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13184
msgstr ""
13185
13186
#: serverguide/C/network-auth.xml:287(title)
13187
msgid "Further Configuration"
13188
msgstr ""
13189
13190
#: serverguide/C/network-auth.xml:290(para)
13191
msgid ""
13192
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13193
"utilities in the <application>ldap-utils</application> package. For example:"
13194
msgstr ""
13195
13196
#: serverguide/C/network-auth.xml:298(para)
13197
msgid ""
13198
"Use <application>ldapsearch</application> to view the tree, entering the "
13199
"admin password set during installation or reconfiguration:"
13200
msgstr ""
13201
13202
#: serverguide/C/network-auth.xml:304(command)
13203
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13204
msgstr "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13205
13206
#: serverguide/C/network-auth.xml:308(computeroutput)
13207
#, no-wrap
13208
msgid ""
13209
"\n"
13210
"SASL/EXTERNAL authentication started\n"
13211
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13212
"SASL SSF: 0\n"
13213
"dn: cn=config\n"
13214
"\n"
13215
"dn: cn=module{0},cn=config\n"
13216
"\n"
13217
"dn: cn=schema,cn=config\n"
13218
"\n"
13219
"dn: cn={0}core,cn=schema,cn=config\n"
13220
"\n"
13221
"dn: cn={1}cosine,cn=schema,cn=config\n"
13222
"\n"
13223
"dn: cn={2}nis,cn=schema,cn=config\n"
13224
"\n"
13225
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13226
"\n"
13227
"dn: olcDatabase={-1}frontend,cn=config\n"
13228
"\n"
13229
"dn: olcDatabase={0}config,cn=config\n"
13230
"\n"
13231
"dn: olcDatabase={1}hdb,cn=config\n"
13232
msgstr ""
13233
13234
#: serverguide/C/network-auth.xml:334(para)
13235
msgid ""
13236
"The output above is the current configuration options for the "
13237
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13238
msgstr ""
13239
13240
#: serverguide/C/network-auth.xml:342(para)
13241
msgid ""
13242
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13243
"another attribute to the index list using "
13244
"<application>ldapmodify</application>:"
13245
msgstr ""
13246
13247
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13248
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13249
msgstr "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13250
13251
#: serverguide/C/network-auth.xml:356(userinput)
13252
#, no-wrap
13253
msgid ""
13254
"dn: olcDatabase={1}hdb,cn=config\n"
13255
"add: olcDbIndex\n"
13256
"olcDbIndex: uidNumber eq"
13257
msgstr ""
13258
13259
#: serverguide/C/network-auth.xml:352(computeroutput)
13260
#, no-wrap
13261
msgid ""
13262
"\n"
13263
"SASL/EXTERNAL authentication started\n"
13264
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13265
"SASL SSF: 0\n"
13266
"<placeholder-1/>\n"
13267
"\n"
13268
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13269
msgstr ""
13270
13271
#: serverguide/C/network-auth.xml:364(para)
13272
msgid ""
13273
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13274
"exit the utility."
13275
msgstr ""
13276
13277
#: serverguide/C/network-auth.xml:371(para)
13278
msgid ""
13279
"<application>ldapmodify</application> can also read the changes from a file. "
13280
"Copy and paste the following into a file named "
13281
"<filename>uid_index.ldif</filename>:"
13282
msgstr ""
13283
13284
#: serverguide/C/network-auth.xml:376(programlisting)
13285
#, no-wrap
13286
msgid ""
13287
"\n"
13288
"dn: olcDatabase={1}hdb,cn=config\n"
13289
"add: olcDbIndex\n"
13290
"olcDbIndex: uid eq,pres,sub\n"
13291
msgstr ""
13292
13293
#: serverguide/C/network-auth.xml:382(para)
13294
msgid "Then execute <application>ldapmodify</application>:"
13295
msgstr ""
13296
13297
#: serverguide/C/network-auth.xml:387(command)
13298
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13299
msgstr "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13300
13301
#: serverguide/C/network-auth.xml:391(computeroutput)
13302
#, no-wrap
13303
msgid ""
13304
"\n"
13305
"SASL/EXTERNAL authentication started\n"
13306
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13307
"SASL SSF: 0\n"
13308
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13309
msgstr ""
13310
13311
#: serverguide/C/network-auth.xml:399(para)
13312
msgid "The file method is very useful for large changes."
13313
msgstr ""
13314
13315
#: serverguide/C/network-auth.xml:406(para)
13316
msgid ""
13317
"Adding additional <emphasis>schemas</emphasis> to "
13318
"<application>slapd</application> requires the schema to be converted to LDIF "
13319
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13320
"directory contains some schema files already converted to LDIF format as "
13321
"demonstrated in the previous section. Fortunately, the "
13322
"<application>slapd</application> program can be used to automate the "
13323
"conversion. The following example will add the "
13324
"<emphasis>dyngroup.schema</emphasis>:"
13325
msgstr ""
13326
13327
#: serverguide/C/network-auth.xml:416(para)
13328
msgid ""
13329
"First, create a conversion <filename>schema_convert.conf</filename> file "
13330
"containing the following lines:"
13331
msgstr ""
13332
13333
#: serverguide/C/network-auth.xml:421(programlisting)
13334
#, no-wrap
13335
msgid ""
13336
"\n"
13337
"include /etc/ldap/schema/core.schema\n"
13338
"include /etc/ldap/schema/collective.schema\n"
13339
"include /etc/ldap/schema/corba.schema\n"
13340
"include /etc/ldap/schema/cosine.schema\n"
13341
"include /etc/ldap/schema/duaconf.schema\n"
13342
"include /etc/ldap/schema/dyngroup.schema\n"
13343
"include /etc/ldap/schema/inetorgperson.schema\n"
13344
"include /etc/ldap/schema/java.schema\n"
13345
"include /etc/ldap/schema/misc.schema\n"
13346
"include /etc/ldap/schema/nis.schema\n"
13347
"include /etc/ldap/schema/openldap.schema\n"
13348
"include /etc/ldap/schema/ppolicy.schema\n"
13349
msgstr ""
13350
13351
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13352
msgid "Next, create a temporary directory to hold the output:"
13353
msgstr ""
13354
13355
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13356
msgid "mkdir /tmp/ldif_output"
13357
msgstr ""
13358
13359
#: serverguide/C/network-auth.xml:450(para)
13360
msgid ""
13361
"Now using <application>slapcat</application> convert the schema files to "
13362
"LDIF:"
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:455(command)
13366
msgid ""
13367
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13368
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13369
msgstr ""
13370
13371
#: serverguide/C/network-auth.xml:458(para)
13372
msgid ""
13373
"Adjust the configuration file name and temporary directory names if yours "
13374
"are different. Also, it may be worthwhile to keep the "
13375
"<filename>ldif_output</filename> directory around in case you want to add "
13376
"additional schemas in the future."
13377
msgstr ""
13378
13379
#: serverguide/C/network-auth.xml:467(para)
13380
msgid ""
13381
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13382
"following attributes:"
13383
msgstr ""
13384
13385
#: serverguide/C/network-auth.xml:471(programlisting)
13386
#, no-wrap
13387
msgid ""
13388
"\n"
13389
"dn: cn=dyngroup,cn=schema,cn=config\n"
13390
"...\n"
13391
"cn: dyngroup\n"
13392
msgstr ""
13393
13394
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13395
msgid "And remove the following lines from the bottom of the file:"
13396
msgstr ""
13397
13398
#: serverguide/C/network-auth.xml:481(programlisting)
13399
#, no-wrap
13400
msgid ""
13401
"\n"
13402
"structuralObjectClass: olcSchemaConfig\n"
13403
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13404
"creatorsName: cn=config\n"
13405
"createTimestamp: 20080826021140Z\n"
13406
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13407
"modifiersName: cn=config\n"
13408
"modifyTimestamp: 20080826021140Z\n"
13409
msgstr ""
13410
13411
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13412
msgid ""
13413
"The attribute values will vary, just be sure the attributes are removed."
13414
msgstr ""
13415
13416
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13417
msgid ""
13418
"Finally, using the <application>ldapadd</application> utility, add the new "
13419
"schema to the directory:"
13420
msgstr ""
13421
13422
#: serverguide/C/network-auth.xml:506(command)
13423
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13424
msgstr "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13425
13426
#: serverguide/C/network-auth.xml:512(para)
13427
msgid ""
13428
"There should now be a <emphasis>dn: "
13429
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13430
msgstr ""
13431
13432
#: serverguide/C/network-auth.xml:522(title)
13433
msgid "LDAP Replication"
13434
msgstr ""
13435
13436
#: serverguide/C/network-auth.xml:524(para)
13437
msgid ""
13438
"LDAP often quickly becomes a highly critical service to the network. "
13439
"Multiple systems will come to depend on LDAP for authentication, "
13440
"authorization, configuration, etc. It is a good idea to setup a redundant "
13441
"system through replication."
13442
msgstr ""
13443
13444
#: serverguide/C/network-auth.xml:530(para)
13445
msgid ""
13446
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13447
"Syncrepl allows the changes to be synced using a "
13448
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13449
"provider sends directory changes to consumers."
13450
msgstr ""
13451
13452
#: serverguide/C/network-auth.xml:537(title)
13453
msgid "Provider Configuration"
13454
msgstr ""
13455
13456
#: serverguide/C/network-auth.xml:539(para)
13457
msgid ""
13458
"The following is an example of a <emphasis>Single-Master</emphasis> "
13459
"configuration. In this configuration one OpenLDAP server is configured as a "
13460
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13461
msgstr ""
13462
13463
#: serverguide/C/network-auth.xml:547(para)
13464
msgid ""
13465
"First, configure the provider server. Copy the following to a file named "
13466
"<filename>provider_sync.ldif</filename>:"
13467
msgstr ""
13468
13469
#: serverguide/C/network-auth.xml:552(programlisting)
13470
#, no-wrap
13471
msgid ""
13472
"\n"
13473
"# Add indexes to the frontend db.\n"
13474
"dn: olcDatabase={1}hdb,cn=config\n"
13475
"changetype: modify\n"
13476
"add: olcDbIndex\n"
13477
"olcDbIndex: entryCSN eq\n"
13478
"-\n"
13479
"add: olcDbIndex\n"
13480
"olcDbIndex: entryUUID eq\n"
13481
"\n"
13482
"#Load the syncprov and accesslog modules.\n"
13483
"dn: cn=module{0},cn=config\n"
13484
"changetype: modify\n"
13485
"add: olcModuleLoad\n"
13486
"olcModuleLoad: syncprov\n"
13487
"-\n"
13488
"add: olcModuleLoad\n"
13489
"olcModuleLoad: accesslog\n"
13490
"\n"
13491
"# Accesslog database definitions\n"
13492
"dn: olcDatabase={2}hdb,cn=config\n"
13493
"objectClass: olcDatabaseConfig\n"
13494
"objectClass: olcHdbConfig\n"
13495
"olcDatabase: {2}hdb\n"
13496
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13497
"olcSuffix: cn=accesslog\n"
13498
"olcRootDN: cn=admin,dc=example,dc=com\n"
13499
"olcDbIndex: default eq\n"
13500
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13501
"\n"
13502
"# Accesslog db syncprov.\n"
13503
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13504
"changetype: add\n"
13505
"objectClass: olcOverlayConfig\n"
13506
"objectClass: olcSyncProvConfig\n"
13507
"olcOverlay: syncprov\n"
13508
"olcSpNoPresent: TRUE\n"
13509
"olcSpReloadHint: TRUE\n"
13510
"\n"
13511
"# syncrepl Provider for primary db\n"
13512
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13513
"changetype: add\n"
13514
"objectClass: olcOverlayConfig\n"
13515
"objectClass: olcSyncProvConfig\n"
13516
"olcOverlay: syncprov\n"
13517
"olcSpNoPresent: TRUE\n"
13518
"\n"
13519
"# accesslog overlay definitions for primary db\n"
13520
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13521
"objectClass: olcOverlayConfig\n"
13522
"objectClass: olcAccessLogConfig\n"
13523
"olcOverlay: accesslog\n"
13524
"olcAccessLogDB: cn=accesslog\n"
13525
"olcAccessLogOps: writes\n"
13526
"olcAccessLogSuccess: TRUE\n"
13527
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13528
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13529
msgstr ""
13530
13531
#: serverguide/C/network-auth.xml:614(para)
13532
msgid ""
13533
"The <application>AppArmor</application> profile for "
13534
"<application>slapd</application> will need to be adjusted for the accesslog "
13535
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13536
"adding:"
13537
msgstr ""
13538
13539
#: serverguide/C/network-auth.xml:619(programlisting)
13540
#, no-wrap
13541
msgid ""
13542
"\n"
13543
" /var/lib/ldap/accesslog/ r,\n"
13544
" /var/lib/ldap/accesslog/** rwk,\n"
13545
msgstr ""
13546
13547
#: serverguide/C/network-auth.xml:624(para)
13548
msgid ""
13549
"Then create the directory, reload the <application>apparmor</application> "
13550
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13551
msgstr ""
13552
13553
#: serverguide/C/network-auth.xml:630(command)
13554
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13555
msgstr ""
13556
13557
#: serverguide/C/network-auth.xml:631(command)
13558
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13559
msgstr ""
13560
13561
#: serverguide/C/network-auth.xml:636(para)
13562
msgid ""
13563
"Using the <emphasis>-u openldap</emphasis> option with the "
13564
"<application>sudo</application> commands above removes the need to adjust "
13565
"permissions for the new directory later."
13566
msgstr ""
13567
13568
#: serverguide/C/network-auth.xml:645(para)
13569
msgid ""
13570
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13571
"directory:"
13572
msgstr ""
13573
13574
#: serverguide/C/network-auth.xml:649(programlisting)
13575
#, no-wrap
13576
msgid ""
13577
"\n"
13578
"olcRootDN: cn=admin,dc=example,dc=com\n"
13579
msgstr ""
13580
13581
#: serverguide/C/network-auth.xml:657(para)
13582
msgid ""
13583
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13584
msgstr ""
13585
13586
#: serverguide/C/network-auth.xml:662(command)
13587
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13588
msgstr ""
13589
13590
#: serverguide/C/network-auth.xml:669(para)
13591
msgid "Restart <application>slapd</application>:"
13592
msgstr ""
13593
13594
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13595
msgid "sudo /etc/init.d/slapd restart"
13596
msgstr "sudo /etc/init.d/slapd restart"
13597
13598
#: serverguide/C/network-auth.xml:680(para)
13599
msgid ""
13600
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13601
"to configure a <emphasis>Consumer</emphasis> server."
13602
msgstr ""
13603
13604
#: serverguide/C/network-auth.xml:687(title)
13605
msgid "Consumer Configuration"
13606
msgstr ""
13607
13608
#: serverguide/C/network-auth.xml:692(para)
13609
msgid ""
13610
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13611
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13612
"configuration steps."
13613
msgstr ""
13614
13615
#: serverguide/C/network-auth.xml:697(para)
13616
msgid "Add the additional schema files:"
13617
msgstr ""
13618
13619
#: serverguide/C/network-auth.xml:707(para)
13620
msgid ""
13621
"Also, create, or copy from the provider server, the "
13622
"<filename>backend.example.com.ldif</filename>"
13623
msgstr ""
13624
13625
#: serverguide/C/network-auth.xml:711(programlisting)
13626
#, no-wrap
13627
msgid ""
13628
"\n"
13629
"# Load dynamic backend modules\n"
13630
"dn: cn=module,cn=config\n"
13631
"objectClass: olcModuleList\n"
13632
"cn: module\n"
13633
"olcModulepath: /usr/lib/ldap\n"
13634
"olcModuleload: back_hdb\n"
13635
"\n"
13636
"# Database settings\n"
13637
"dn: olcDatabase=hdb,cn=config\n"
13638
"objectClass: olcDatabaseConfig\n"
13639
"objectClass: olcHdbConfig\n"
13640
"olcDatabase: {1}hdb\n"
13641
"olcSuffix: dc=example,dc=com\n"
13642
"olcDbDirectory: /var/lib/ldap\n"
13643
"olcRootDN: cn=admin,dc=example,dc=com\n"
13644
"olcRootPW: secret\n"
13645
"olcDbConfig: set_cachesize 0 2097152 0\n"
13646
"olcDbConfig: set_lk_max_objects 1500\n"
13647
"olcDbConfig: set_lk_max_locks 1500\n"
13648
"olcDbConfig: set_lk_max_lockers 1500\n"
13649
"olcDbIndex: objectClass eq\n"
13650
"olcLastMod: TRUE\n"
13651
"olcDbCheckpoint: 512 30\n"
13652
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13653
"by anonymous auth by self write by * none\n"
13654
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13655
"olcAccess: to dn.base=\"\" by * read\n"
13656
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13657
msgstr ""
13658
13659
#: serverguide/C/network-auth.xml:741(para)
13660
msgid "And add the LDIF by entering:"
13661
msgstr ""
13662
13663
#: serverguide/C/network-auth.xml:752(para)
13664
msgid ""
13665
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13666
"listed above, and add it:"
13667
msgstr ""
13668
13669
#: serverguide/C/network-auth.xml:760(para)
13670
msgid ""
13671
"The two severs should now have the same configuration except for the "
13672
"<emphasis>Syncrepl</emphasis> options."
13673
msgstr ""
13674
13675
#: serverguide/C/network-auth.xml:768(para)
13676
msgid ""
13677
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13678
msgstr ""
13679
13680
#: serverguide/C/network-auth.xml:772(programlisting)
13681
#, no-wrap
13682
msgid ""
13683
"\n"
13684
"#Load the syncprov module.\n"
13685
"dn: cn=module{0},cn=config\n"
13686
"changetype: modify\n"
13687
"add: olcModuleLoad\n"
13688
"olcModuleLoad: syncprov\n"
13689
"\n"
13690
"# syncrepl specific indices\n"
13691
"dn: olcDatabase={1}hdb,cn=config\n"
13692
"changetype: modify\n"
13693
"add: olcDbIndex\n"
13694
"olcDbIndex: entryUUID eq\n"
13695
"-\n"
13696
"add: olcSyncRepl\n"
13697
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13698
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13699
" credentials=secret searchbase=\"dc=example,dc=com\" "
13700
"logbase=\"cn=accesslog\" \n"
13701
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13702
"schemachecking=on \n"
13703
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13704
"-\n"
13705
"add: olcUpdateRef\n"
13706
"olcUpdateRef: ldap://ldap01.example.com\n"
13707
msgstr ""
13708
13709
#: serverguide/C/network-auth.xml:795(para)
13710
msgid "You will probably want to change the following attributes:"
13711
msgstr ""
13712
13713
#: serverguide/C/network-auth.xml:800(para)
13714
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13715
msgstr ""
13716
13717
#: serverguide/C/network-auth.xml:801(emphasis)
13718
msgid "binddn"
13719
msgstr ""
13720
13721
#: serverguide/C/network-auth.xml:802(emphasis)
13722
msgid "credentials"
13723
msgstr ""
13724
13725
#: serverguide/C/network-auth.xml:803(emphasis)
13726
msgid "searchbase"
13727
msgstr ""
13728
13729
#: serverguide/C/network-auth.xml:804(emphasis)
13730
msgid "olcUpdateRef:"
13731
msgstr ""
13732
13733
#: serverguide/C/network-auth.xml:810(para)
13734
msgid "Add the LDIF file to the configuration tree:"
13735
msgstr ""
13736
13737
#: serverguide/C/network-auth.xml:815(command)
13738
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13739
msgstr ""
13740
13741
#: serverguide/C/network-auth.xml:821(para)
13742
msgid ""
13743
"The frontend database should now sync between servers. You can add "
13744
"additional servers using the steps above as the need arises."
13745
msgstr ""
13746
13747
#: serverguide/C/network-auth.xml:831(programlisting)
13748
#, no-wrap
13749
msgid "127.0.0.1\tldap01.example.com ldap01"
13750
msgstr ""
13751
13752
#: serverguide/C/network-auth.xml:827(para)
13753
msgid ""
13754
"The <application>slapd</application> daemon will send log information to "
13755
"<filename>/var/log/syslog</filename> by default. So if all does "
13756
"<emphasis>not</emphasis> go well check there for errors and other "
13757
"troubleshooting information. Also, be sure that each server knows it's Fully "
13758
"Qualified Domain Name (FQDN). This is configured in "
13759
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13760
msgstr ""
13761
13762
#: serverguide/C/network-auth.xml:839(title)
13763
msgid "Setting up ACL"
13764
msgstr ""
13765
13766
#: serverguide/C/network-auth.xml:841(para)
13767
msgid ""
13768
"Authentication requires access to the password field, that should be not "
13769
"accessible by default. Also, in order for users to change their own "
13770
"password, using <command>passwd</command> or other utilities, "
13771
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13772
"authenticated."
13773
msgstr ""
13774
13775
#: serverguide/C/network-auth.xml:848(para)
13776
msgid ""
13777
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13778
"tree, use the <application>ldapsearch</application> utility:"
13779
msgstr ""
13780
13781
#: serverguide/C/network-auth.xml:854(command)
13782
msgid ""
13783
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13784
"olcDatabase=config olcAccess"
13785
msgstr ""
13786
13787
#: serverguide/C/network-auth.xml:858(computeroutput)
13788
#, no-wrap
13789
msgid ""
13790
"SASL/EXTERNAL authentication started\n"
13791
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13792
"SASL SSF: 0\n"
13793
"dn: olcDatabase={0}config,cn=config\n"
13794
"olcAccess: {0}to * by "
13795
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13796
" ,cn=auth manage by * break\n"
13797
msgstr ""
13798
13799
#: serverguide/C/network-auth.xml:867(para)
13800
msgid "To see the ACL for the frontend tree enter:"
13801
msgstr ""
13802
13803
#: serverguide/C/network-auth.xml:872(command)
13804
msgid ""
13805
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13806
"olcDatabase={1}hdb olcAccess"
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:878(title)
13810
msgid "TLS and SSL"
13811
msgstr ""
13812
13813
#: serverguide/C/network-auth.xml:880(para)
13814
msgid ""
13815
"When authenticating to an OpenLDAP server it is best to do so using an "
13816
"encrypted session. This can be accomplished using Transport Layer Security "
13817
"(TLS) and/or Secure Sockets Layer (SSL)."
13818
msgstr ""
13819
13820
#: serverguide/C/network-auth.xml:885(para)
13821
msgid ""
13822
"The first step in the process is to obtain or create a "
13823
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13824
"is compiled using the <application>gnutls</application> library, the "
13825
"<application>certtool</application> utility will be used to create "
13826
"certificates."
13827
msgstr ""
13828
13829
#: serverguide/C/network-auth.xml:894(para)
13830
msgid ""
13831
"First, install <application>gnutls-bin</application> by entering the "
13832
"following in a terminal:"
13833
msgstr ""
13834
13835
#: serverguide/C/network-auth.xml:899(command)
13836
msgid "sudo apt-get install gnutls-bin"
13837
msgstr ""
13838
13839
#: serverguide/C/network-auth.xml:905(para)
13840
msgid ""
13841
"Next, create a private key for the <emphasis>Certificate "
13842
"Authority</emphasis> (CA):"
13843
msgstr ""
13844
13845
#: serverguide/C/network-auth.xml:910(command)
13846
msgid ""
13847
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13848
msgstr ""
13849
13850
#: serverguide/C/network-auth.xml:916(para)
13851
msgid ""
13852
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13853
"CA certificate containing:"
13854
msgstr ""
13855
13856
#: serverguide/C/network-auth.xml:920(programlisting)
13857
#, no-wrap
13858
msgid ""
13859
"\n"
13860
"cn = Example Company\n"
13861
"ca\n"
13862
"cert_signing_key\n"
13863
msgstr ""
13864
13865
#: serverguide/C/network-auth.xml:929(para)
13866
msgid "Now create the self-signed CA certificate:"
13867
msgstr ""
13868
13869
#: serverguide/C/network-auth.xml:934(command)
13870
msgid ""
13871
"sudo certtool --generate-self-signed --load-privkey "
13872
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13873
"/etc/ssl/certs/cacert.pem"
13874
msgstr ""
13875
13876
#: serverguide/C/network-auth.xml:941(para)
13877
msgid "Make a private key for the server:"
13878
msgstr ""
13879
13880
#: serverguide/C/network-auth.xml:946(command)
13881
msgid ""
13882
"sudo sh -c \"certtool --generate-privkey > "
13883
"/etc/ssl/private/ldap01_slapd_key.pem\""
13884
msgstr ""
13885
13886
#: serverguide/C/network-auth.xml:950(para)
13887
msgid ""
13888
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13889
"hostname. Naming the certificate and key for the host and service that will "
13890
"be using them will help keep filenames and paths straight."
13891
msgstr ""
13892
13893
#: serverguide/C/network-auth.xml:959(para)
13894
msgid ""
13895
"To sign the server's certificate with the CA, create the "
13896
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13897
msgstr ""
13898
13899
#: serverguide/C/network-auth.xml:963(programlisting)
13900
#, no-wrap
13901
msgid ""
13902
"\n"
13903
"organization = Example Company\n"
13904
"cn = ldap01.example.com\n"
13905
"tls_www_server\n"
13906
"encryption_key\n"
13907
"signing_key\n"
13908
msgstr ""
13909
13910
#: serverguide/C/network-auth.xml:974(para)
13911
msgid "Create the server's certificate:"
13912
msgstr ""
13913
13914
#: serverguide/C/network-auth.xml:979(command)
13915
msgid ""
13916
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13917
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13918
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13919
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13920
msgstr ""
13921
13922
#: serverguide/C/network-auth.xml:987(para)
13923
msgid ""
13924
"Once you have a certificate, key, and CA cert installed, use "
13925
"<application>ldapmodify</application> to add the new configuration options:"
13926
msgstr ""
13927
13928
#: serverguide/C/network-auth.xml:998(userinput)
13929
#, no-wrap
13930
msgid ""
13931
"dn: cn=config\n"
13932
"add: olcTLSCACertificateFile\n"
13933
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13934
"-\n"
13935
"add: olcTLSCertificateFile\n"
13936
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13937
"-\n"
13938
"add: olcTLSCertificateKeyFile\n"
13939
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13940
msgstr ""
13941
13942
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
13943
#, no-wrap
13944
msgid ""
13945
"Enter LDAP Password:\n"
13946
"<placeholder-1/>\n"
13947
"\n"
13948
"modifying entry \"cn=config\"\n"
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:1013(para)
13952
msgid ""
13953
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
13954
"<filename>ldap01_slapd_key.pem</filename>, and "
13955
"<filename>cacert.pem</filename> names if yours are different."
13956
msgstr ""
13957
13958
#: serverguide/C/network-auth.xml:1019(para)
13959
msgid ""
13960
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
13961
"<emphasis>SLAPD_SERVICES</emphasis> option:"
13962
msgstr ""
13963
13964
#: serverguide/C/network-auth.xml:1023(programlisting)
13965
#, no-wrap
13966
msgid ""
13967
"\n"
13968
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13969
msgstr ""
13970
"\n"
13971
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13972
13973
#: serverguide/C/network-auth.xml:1027(para)
13974
msgid ""
13975
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
13976
msgstr ""
13977
13978
#: serverguide/C/network-auth.xml:1032(command)
13979
msgid "sudo adduser openldap ssl-cert"
13980
msgstr "sudo adduser openldap ssl-cert"
13981
13982
#: serverguide/C/network-auth.xml:1033(command)
13983
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
13984
msgstr ""
13985
13986
#: serverguide/C/network-auth.xml:1034(command)
13987
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
13988
msgstr ""
13989
13990
#: serverguide/C/network-auth.xml:1038(para)
13991
msgid ""
13992
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
13993
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
13994
"adjust the commands appropriately."
13995
msgstr ""
13996
13997
#: serverguide/C/network-auth.xml:1044(para)
13998
msgid "Finally, restart <application>slapd</application>:"
13999
msgstr ""
14000
14001
#: serverguide/C/network-auth.xml:1052(para)
14002
msgid ""
14003
"The <application>slapd</application> daemon should now be listening for "
14004
"LDAPS connections and be able to use STARTTLS during authentication."
14005
msgstr ""
14006
14007
#: serverguide/C/network-auth.xml:1058(para)
14008
msgid ""
14009
"If you run into troubles with the server not starting, check the "
14010
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14011
"it is likely there is a configuration problem. Check that the certificate is "
14012
"signed by the authority from in the files configured, and that the ssl-cert "
14013
"group has read permissions on the private key."
14014
msgstr ""
14015
14016
#: serverguide/C/network-auth.xml:1070(title)
14017
msgid "TLS Replication"
14018
msgstr ""
14019
14020
#: serverguide/C/network-auth.xml:1072(para)
14021
msgid ""
14022
"If you have setup <application>Syncrepl</application> between servers, it is "
14023
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14024
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14025
"linkend=\"openldap-server-replication\"/>."
14026
msgstr ""
14027
14028
#: serverguide/C/network-auth.xml:1078(para)
14029
msgid ""
14030
"Assuming you have followed the above instructions and created a CA "
14031
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14032
"server. Follow the following instructions to create a certificate and key "
14033
"for the <emphasis>Consumer</emphasis> server."
14034
msgstr ""
14035
14036
#: serverguide/C/network-auth.xml:1087(para)
14037
msgid "Create a new key for the Consumer server:"
14038
msgstr ""
14039
14040
#: serverguide/C/network-auth.xml:1092(command)
14041
msgid "mkdir ldap02-ssl"
14042
msgstr ""
14043
14044
#: serverguide/C/network-auth.xml:1093(command)
14045
msgid "cd ldap02-ssl"
14046
msgstr ""
14047
14048
#: serverguide/C/network-auth.xml:1094(command)
14049
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14050
msgstr ""
14051
14052
#: serverguide/C/network-auth.xml:1098(para)
14053
msgid ""
14054
"Creating a new directory is not strictly necessary, but it will help keep "
14055
"things organized and make it easier to copy the files to the Consumer server."
14056
msgstr ""
14057
14058
#: serverguide/C/network-auth.xml:1107(para)
14059
msgid ""
14060
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14061
"server, changing the attributes to match your locality and server:"
14062
msgstr ""
14063
14064
#: serverguide/C/network-auth.xml:1112(programlisting)
14065
#, no-wrap
14066
msgid ""
14067
"\n"
14068
"country = US\n"
14069
"state = North Carolina\n"
14070
"locality = Winston-Salem\n"
14071
"organization = Example Company\n"
14072
"cn = ldap02.salem.edu\n"
14073
"tls_www_client\n"
14074
"encryption_key\n"
14075
"signing_key\n"
14076
msgstr ""
14077
14078
#: serverguide/C/network-auth.xml:1126(para)
14079
msgid "Create the certificate:"
14080
msgstr ""
14081
14082
#: serverguide/C/network-auth.xml:1131(command)
14083
msgid ""
14084
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14085
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14086
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14087
"ldap02_slapd_cert.pem"
14088
msgstr ""
14089
14090
#: serverguide/C/network-auth.xml:1139(para)
14091
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14092
msgstr ""
14093
14094
#: serverguide/C/network-auth.xml:1144(command)
14095
msgid "cp /etc/ssl/certs/cacert.pem ."
14096
msgstr ""
14097
14098
#: serverguide/C/network-auth.xml:1150(para)
14099
msgid ""
14100
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14101
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14102
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14103
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14104
"<filename>/etc/ssl/private</filename>."
14105
msgstr ""
14106
14107
#: serverguide/C/network-auth.xml:1159(para)
14108
msgid ""
14109
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14110
"by entering:"
14111
msgstr ""
14112
14113
#: serverguide/C/network-auth.xml:1169(userinput)
14114
#, no-wrap
14115
msgid ""
14116
"dn: cn=config\n"
14117
"add: olcTLSCACertificateFile\n"
14118
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14119
"-\n"
14120
"add: olcTLSCertificateFile\n"
14121
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14122
"-\n"
14123
"add: olcTLSCertificateKeyFile\n"
14124
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14125
msgstr ""
14126
14127
#: serverguide/C/network-auth.xml:1186(para)
14128
msgid ""
14129
"As with the Provider you can now edit "
14130
"<filename>/etc/default/slapd</filename> and add the "
14131
"<emphasis>ldaps:///</emphasis> parameter to the "
14132
"<emphasis>SLAPD_SERVICES</emphasis> option."
14133
msgstr ""
14134
14135
#: serverguide/C/network-auth.xml:1194(para)
14136
msgid ""
14137
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14138
"modify the <emphasis>Consumer</emphasis> server's "
14139
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14140
msgstr ""
14141
14142
#: serverguide/C/network-auth.xml:1207(userinput)
14143
#, no-wrap
14144
msgid ""
14145
"\n"
14146
"dn: olcDatabase={1}hdb,cn=config\n"
14147
"replace: olcSyncrepl\n"
14148
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14149
"binddn=\"cn=ad\n"
14150
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14151
"logbas\n"
14152
" e=\"cn=accesslog\" "
14153
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14154
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14155
"starttls=yes"
14156
msgstr ""
14157
14158
#: serverguide/C/network-auth.xml:1204(computeroutput)
14159
#, no-wrap
14160
msgid ""
14161
"SASL/EXTERNAL authentication started\n"
14162
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14163
"SASL SSF: 0\n"
14164
"<placeholder-1/>\n"
14165
"\n"
14166
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14167
msgstr ""
14168
14169
#: serverguide/C/network-auth.xml:1219(para)
14170
msgid ""
14171
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14172
"(FQDN) in the certificate, you may have to edit "
14173
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14174
msgstr ""
14175
14176
#: serverguide/C/network-auth.xml:1224(programlisting)
14177
#, no-wrap
14178
msgid ""
14179
"\n"
14180
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14181
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14182
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14183
msgstr ""
14184
14185
#: serverguide/C/network-auth.xml:1231(para)
14186
msgid ""
14187
"Finally, restart <application>slapd</application> on each of the servers:"
14188
msgstr ""
14189
14190
#: serverguide/C/network-auth.xml:1244(title)
14191
msgid "LDAP Authentication"
14192
msgstr "LDAP-autenticering"
14193
14194
#: serverguide/C/network-auth.xml:1246(para)
14195
msgid ""
14196
"Once you have a working LDAP server, the <application>auth-client-"
14197
"config</application> and <application>libnss-ldap</application> packages "
14198
"take the pain out of configuring an Ubuntu client to authenticate using "
14199
"LDAP. To install the packages from, a terminal prompt enter:"
14200
msgstr ""
14201
14202
#: serverguide/C/network-auth.xml:1253(command)
14203
msgid "sudo apt-get install libnss-ldap"
14204
msgstr "sudo apt-get install libnss-ldap"
14205
14206
#: serverguide/C/network-auth.xml:1256(para)
14207
msgid ""
14208
"During the install a menu dialog will ask you connection details about your "
14209
"LDAP server."
14210
msgstr ""
14211
14212
#: serverguide/C/network-auth.xml:1260(para)
14213
msgid ""
14214
"If you make a mistake when entering your information you can execute the "
14215
"dialog again using:"
14216
msgstr ""
14217
14218
#: serverguide/C/network-auth.xml:1265(command)
14219
msgid "sudo dpkg-reconfigure ldap-auth-config"
14220
msgstr "sudo dpkg-reconfigure ldap-auth-config"
14221
14222
#: serverguide/C/network-auth.xml:1268(para)
14223
msgid ""
14224
"The results of the dialog can be seen in "
14225
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14226
"covered in the menu edit this file accordingly."
14227
msgstr ""
14228
14229
#: serverguide/C/network-auth.xml:1273(para)
14230
msgid ""
14231
"Now that <application>libnss-ldap</application> is configured enable the "
14232
"<application>auth-client-config</application> LDAP profile by entering:"
14233
msgstr ""
14234
14235
#: serverguide/C/network-auth.xml:1279(command)
14236
msgid "sudo auth-client-config -t nss -p lac_ldap"
14237
msgstr "sudo auth-client-config -t nss -p lac_ldap"
14238
14239
#: serverguide/C/network-auth.xml:1284(para)
14240
msgid ""
14241
"<emphasis>-t:</emphasis> only modifies "
14242
"<filename>/etc/nsswitch.conf</filename>."
14243
msgstr ""
14244
14245
#: serverguide/C/network-auth.xml:1289(para)
14246
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14247
msgstr ""
14248
14249
#: serverguide/C/network-auth.xml:1294(para)
14250
msgid ""
14251
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14252
"config</application> profile that is part of the <application>ldap-auth-"
14253
"config</application> package."
14254
msgstr ""
14255
14256
#: serverguide/C/network-auth.xml:1301(para)
14257
msgid ""
14258
"Using the <application>pam-auth-update</application> utility, configure the "
14259
"system to use LDAP for authentication:"
14260
msgstr ""
14261
14262
#: serverguide/C/network-auth.xml:1306(command)
14263
msgid "sudo pam-auth-update"
14264
msgstr "sudo pam-auth-update"
14265
14266
#: serverguide/C/network-auth.xml:1309(para)
14267
msgid ""
14268
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14269
"any other authentication mechanisms you need."
14270
msgstr ""
14271
14272
#: serverguide/C/network-auth.xml:1313(para)
14273
msgid ""
14274
"You should now be able to login using user credentials stored in the LDAP "
14275
"directory."
14276
msgstr ""
14277
14278
#: serverguide/C/network-auth.xml:1318(para)
14279
msgid ""
14280
"If you are going to use LDAP to store Samba users you will need to configure "
14281
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14282
"for details."
14283
msgstr ""
14284
14285
#: serverguide/C/network-auth.xml:1326(title)
14286
msgid "User and Group Management"
14287
msgstr ""
14288
14289
#: serverguide/C/network-auth.xml:1328(para)
14290
msgid ""
14291
"The <application>ldap-utils</application> package comes with multiple "
14292
"utilities to manage the directory, but the long string of options needed, "
14293
"can make them a burden to use. The <application>ldapscripts</application> "
14294
"package contains configurable scripts to easily manage LDAP users and groups."
14295
msgstr ""
14296
14297
#: serverguide/C/network-auth.xml:1334(para)
14298
msgid "To install the package, from a terminal enter:"
14299
msgstr ""
14300
14301
#: serverguide/C/network-auth.xml:1339(command)
14302
msgid "sudo apt-get install ldapscripts"
14303
msgstr "sudo apt-get install ldapscripts"
14304
14305
#: serverguide/C/network-auth.xml:1342(para)
14306
msgid ""
14307
"Next, edit the config file "
14308
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14309
"changing the following to match your environment:"
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:1347(programlisting)
14313
#, no-wrap
14314
msgid ""
14315
"\n"
14316
"SERVER=localhost\n"
14317
"BINDDN='cn=admin,dc=example,dc=com'\n"
14318
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14319
"SUFFIX='dc=example,dc=com'\n"
14320
"GSUFFIX='ou=Groups'\n"
14321
"USUFFIX='ou=People'\n"
14322
"MSUFFIX='ou=Computers'\n"
14323
"GIDSTART=10000\n"
14324
"UIDSTART=10000\n"
14325
"MIDSTART=10000\n"
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:1360(para)
14329
msgid ""
14330
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14331
"authenticated access to the directory:"
14332
msgstr ""
14333
14334
#: serverguide/C/network-auth.xml:1365(command)
14335
msgid ""
14336
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14337
msgstr ""
14338
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14339
14340
#: serverguide/C/network-auth.xml:1366(command)
14341
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14342
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14343
14344
#: serverguide/C/network-auth.xml:1370(para)
14345
msgid ""
14346
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14347
"user."
14348
msgstr ""
14349
14350
#: serverguide/C/network-auth.xml:1375(para)
14351
msgid ""
14352
"The <application>ldapscripts</application> are now ready to help manage your "
14353
"directory. The following are some examples of how to use the scripts:"
14354
msgstr ""
14355
14356
#: serverguide/C/network-auth.xml:1382(para)
14357
msgid "Create a new user:"
14358
msgstr ""
14359
14360
#: serverguide/C/network-auth.xml:1386(command)
14361
msgid "sudo ldapadduser george example"
14362
msgstr ""
14363
14364
#: serverguide/C/network-auth.xml:1388(para)
14365
msgid ""
14366
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14367
"and set the user's primary group (gid) to <emphasis "
14368
"role=\"italic\">example</emphasis>"
14369
msgstr ""
14370
14371
#: serverguide/C/network-auth.xml:1394(para)
14372
msgid "Change a user's password:"
14373
msgstr ""
14374
14375
#: serverguide/C/network-auth.xml:1398(command)
14376
msgid "sudo ldapsetpasswd george"
14377
msgstr ""
14378
14379
#: serverguide/C/network-auth.xml:1399(computeroutput)
14380
#, no-wrap
14381
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14382
msgstr ""
14383
14384
#: serverguide/C/network-auth.xml:1400(userinput)
14385
#, no-wrap
14386
msgid "New Password: "
14387
msgstr "Ny adgangskode: "
14388
14389
#: serverguide/C/network-auth.xml:1401(userinput)
14390
#, no-wrap
14391
msgid "New Password (verify): "
14392
msgstr ""
14393
14394
#: serverguide/C/network-auth.xml:1405(para)
14395
msgid "Delete a user:"
14396
msgstr ""
14397
14398
#: serverguide/C/network-auth.xml:1409(command)
14399
msgid "sudo ldapdeleteuser george"
14400
msgstr ""
14401
14402
#: serverguide/C/network-auth.xml:1414(para)
14403
msgid "Add a group:"
14404
msgstr ""
14405
14406
#: serverguide/C/network-auth.xml:1418(command)
14407
msgid "sudo ldapaddgroup qa"
14408
msgstr "sudo ldapaddgroup qa"
14409
14410
#: serverguide/C/network-auth.xml:1422(para)
14411
msgid "Delete a group:"
14412
msgstr ""
14413
14414
#: serverguide/C/network-auth.xml:1426(command)
14415
msgid "sudo ldapdeletegroup qa"
14416
msgstr "sudo ldapdeletegroup qa"
14417
14418
#: serverguide/C/network-auth.xml:1430(para)
14419
msgid "Add a user to a group:"
14420
msgstr ""
14421
14422
#: serverguide/C/network-auth.xml:1434(command)
14423
msgid "sudo ldapaddusertogroup george qa"
14424
msgstr ""
14425
14426
#: serverguide/C/network-auth.xml:1436(para)
14427
msgid ""
14428
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14429
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14430
"role=\"italic\">george</emphasis>."
14431
msgstr ""
14432
14433
#: serverguide/C/network-auth.xml:1442(para)
14434
msgid "Remove a user from a group:"
14435
msgstr ""
14436
14437
#: serverguide/C/network-auth.xml:1446(command)
14438
msgid "sudo ldapdeleteuserfromgroup george qa"
14439
msgstr ""
14440
14441
#: serverguide/C/network-auth.xml:1448(para)
14442
msgid ""
14443
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14444
"<emphasis role=\"italic\">qa</emphasis> group."
14445
msgstr ""
14446
14447
#: serverguide/C/network-auth.xml:1454(para)
14448
msgid ""
14449
"The <application>ldapmodifyuser</application> script allows you to add, "
14450
"remove, or replace a user's attributes. The script uses the same syntax as "
14451
"the <application>ldapmodify</application> utility. For example:"
14452
msgstr ""
14453
14454
#: serverguide/C/network-auth.xml:1459(command)
14455
msgid "sudo ldapmodifyuser george"
14456
msgstr ""
14457
14458
#: serverguide/C/network-auth.xml:1460(computeroutput)
14459
#, no-wrap
14460
msgid ""
14461
"# About to modify the following entry :\n"
14462
"dn: uid=george,ou=People,dc=example,dc=com\n"
14463
"objectClass: account\n"
14464
"objectClass: posixAccount\n"
14465
"cn: george\n"
14466
"uid: george\n"
14467
"uidNumber: 1001\n"
14468
"gidNumber: 1001\n"
14469
"homeDirectory: /home/george\n"
14470
"loginShell: /bin/bash\n"
14471
"gecos: george\n"
14472
"description: User account\n"
14473
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14474
"\n"
14475
"# Enter your modifications here, end with CTRL-D.\n"
14476
"dn: uid=george,ou=People,dc=example,dc=com"
14477
msgstr ""
14478
14479
#: serverguide/C/network-auth.xml:1476(userinput)
14480
#, no-wrap
14481
msgid ""
14482
"replace: gecos\n"
14483
"gecos: George Carlin"
14484
msgstr ""
14485
14486
#: serverguide/C/network-auth.xml:1479(para)
14487
msgid ""
14488
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14489
"Carlin</quote>."
14490
msgstr ""
14491
14492
#: serverguide/C/network-auth.xml:1484(para)
14493
msgid ""
14494
"Another great feature of <application>ldapscripts</application>, is the "
14495
"template system. Templates allow you to customize the attributes of user, "
14496
"group, and machine objectes. For example, to enable the "
14497
"<emphasis>user</emphasis> template edit "
14498
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14499
msgstr ""
14500
14501
#: serverguide/C/network-auth.xml:1491(programlisting)
14502
#, no-wrap
14503
msgid ""
14504
"\n"
14505
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14506
msgstr ""
14507
14508
#: serverguide/C/network-auth.xml:1495(para)
14509
msgid ""
14510
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14511
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14512
"<filename>ldapadduser.template.sample</filename> file to "
14513
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14514
msgstr ""
14515
14516
#: serverguide/C/network-auth.xml:1502(command)
14517
msgid ""
14518
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14519
"/etc/ldapscripts/ldapadduser.template"
14520
msgstr ""
14521
14522
#: serverguide/C/network-auth.xml:1505(para)
14523
msgid ""
14524
"Edit the new template to add the desired attributes. The following will "
14525
"create new user's as with an <emphasis>objectClass</emphasis> of "
14526
"<emphasis>inetOrgPerson</emphasis>:"
14527
msgstr ""
14528
14529
#: serverguide/C/network-auth.xml:1510(programlisting)
14530
#, no-wrap
14531
msgid ""
14532
"\n"
14533
"dn: uid=<user>,<usuffix>,<suffix>\n"
14534
"objectClass: inetOrgPerson\n"
14535
"objectClass: posixAccount\n"
14536
"cn: <user>\n"
14537
"sn: <ask>\n"
14538
"uid: <user>\n"
14539
"uidNumber: <uid>\n"
14540
"gidNumber: <gid>\n"
14541
"homeDirectory: <home>\n"
14542
"loginShell: <shell>\n"
14543
"gecos: <user>\n"
14544
"description: User account\n"
14545
"title: Employee\n"
14546
msgstr ""
14547
14548
#: serverguide/C/network-auth.xml:1526(para)
14549
msgid ""
14550
"Notice the <emphasis><ask></emphasis> option used for the "
14551
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14552
"<application>ldapadduser</application> to prompt you for the attribute value "
14553
"during user creation."
14554
msgstr ""
14555
14556
#: serverguide/C/network-auth.xml:1534(para)
14557
msgid ""
14558
"There are more useful scripts in the package, to see a full list enter: "
14559
"<command>dpkg -L ldapscripts | grep bin</command>"
14560
msgstr ""
14561
14562
#: serverguide/C/network-auth.xml:1543(para)
14563
msgid ""
14564
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14565
"Ubuntu Wiki</ulink> page has more details."
14566
msgstr ""
14567
14568
#: serverguide/C/network-auth.xml:1548(para)
14569
msgid ""
14570
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14571
"Home Page</ulink>"
14572
msgstr ""
14573
14574
#: serverguide/C/network-auth.xml:1553(para)
14575
msgid ""
14576
"Though starting to show it's age, a great source for in depth LDAP "
14577
"information is O'Reilly's <ulink "
14578
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14579
"Administration</ulink>"
14580
msgstr ""
14581
14582
#: serverguide/C/network-auth.xml:1559(para)
14583
msgid ""
14584
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14585
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14586
"newer versions of OpenLDAP."
14587
msgstr ""
14588
14589
#: serverguide/C/network-auth.xml:1565(para)
14590
msgid ""
14591
"For more information on <application>auth-client-config</application> see "
14592
"the man page: <command>man auth-client-config</command>."
14593
msgstr ""
14594
14595
#: serverguide/C/network-auth.xml:1570(para)
14596
msgid ""
14597
"For more details regarding the <application>ldapscripts</application> "
14598
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14599
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14600
msgstr ""
14601
14602
#: serverguide/C/network-auth.xml:1580(title)
14603
msgid "Samba and LDAP"
14604
msgstr ""
14605
14606
#: serverguide/C/network-auth.xml:1582(para)
14607
msgid ""
14608
"This section covers configuring Samba to use LDAP for user, group, and "
14609
"machine account information and authentication. The assumption is, you "
14610
"already have a working OpenLDAP directory installed and the server is "
14611
"configured to use it for authentication. See <xref linkend=\"openldap-"
14612
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14613
"setting up OpenLDAP. For more information on installing and configuring "
14614
"Samba see <xref linkend=\"windows-networking\"/>."
14615
msgstr ""
14616
14617
#: serverguide/C/network-auth.xml:1592(para)
14618
msgid ""
14619
"There are three packages needed when integrating Samba with LDAP. "
14620
"<application>samba</application>, <application>samba-doc</application>, and "
14621
"<application>smbldap-tools</application> packages . To install the packages, "
14622
"from a terminal enter:"
14623
msgstr ""
14624
14625
#: serverguide/C/network-auth.xml:1598(command)
14626
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14627
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
14628
14629
#: serverguide/C/network-auth.xml:1601(para)
14630
msgid ""
14631
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14632
"needed, but unless you have another package or custom scripts, a method of "
14633
"managing users, groups, and computer accounts is needed."
14634
msgstr ""
14635
14636
#: serverguide/C/network-auth.xml:1608(title)
14637
msgid "OpenLDAP Configuration"
14638
msgstr ""
14639
14640
#: serverguide/C/network-auth.xml:1610(para)
14641
msgid ""
14642
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14643
"the user objects in the directory will need additional attributes. This "
14644
"section assumes you want Samba to be configured as a Windows NT domain "
14645
"controller, and will add the necessary LDAP objects and attributes."
14646
msgstr ""
14647
14648
#: serverguide/C/network-auth.xml:1618(para)
14649
msgid ""
14650
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14651
"file which is part of the <application>samba-doc</application> package. The "
14652
"schema file needs to be unzipped and copied to "
14653
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14654
msgstr ""
14655
14656
#: serverguide/C/network-auth.xml:1625(command)
14657
msgid ""
14658
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14659
"/etc/ldap/schema/"
14660
msgstr ""
14661
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14662
"/etc/ldap/schema/"
14663
14664
#: serverguide/C/network-auth.xml:1626(command)
14665
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14666
msgstr "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14667
14668
#: serverguide/C/network-auth.xml:1632(para)
14669
msgid ""
14670
"The <emphasis>samba</emphasis> schema needs to be added to the "
14671
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14672
"<application>slapd</application> is also detailed in <xref "
14673
"linkend=\"openldap-configuration\"/>."
14674
msgstr ""
14675
14676
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14677
msgid ""
14678
"First, create a configuration file named "
14679
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14680
"containing the following lines:"
14681
msgstr ""
14682
14683
#: serverguide/C/network-auth.xml:1645(programlisting)
14684
#, no-wrap
14685
msgid ""
14686
"\n"
14687
"include /etc/ldap/schema/core.schema\n"
14688
"include /etc/ldap/schema/collective.schema\n"
14689
"include /etc/ldap/schema/corba.schema\n"
14690
"include /etc/ldap/schema/cosine.schema\n"
14691
"include /etc/ldap/schema/duaconf.schema\n"
14692
"include /etc/ldap/schema/dyngroup.schema\n"
14693
"include /etc/ldap/schema/inetorgperson.schema\n"
14694
"include /etc/ldap/schema/java.schema\n"
14695
"include /etc/ldap/schema/misc.schema\n"
14696
"include /etc/ldap/schema/nis.schema\n"
14697
"include /etc/ldap/schema/openldap.schema\n"
14698
"include /etc/ldap/schema/ppolicy.schema\n"
14699
"include /etc/ldap/schema/samba.schema\n"
14700
msgstr ""
14701
14702
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14703
msgid ""
14704
"Now use <application>slapcat</application> to convert the schema files:"
14705
msgstr ""
14706
14707
#: serverguide/C/network-auth.xml:1680(command)
14708
msgid ""
14709
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14710
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14711
msgstr ""
14712
14713
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14714
msgid ""
14715
"Change the above file and path names to match your own if they are different."
14716
msgstr ""
14717
14718
#: serverguide/C/network-auth.xml:1690(para)
14719
msgid ""
14720
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14721
"the following attributes:"
14722
msgstr ""
14723
14724
#: serverguide/C/network-auth.xml:1694(programlisting)
14725
#, no-wrap
14726
msgid ""
14727
"\n"
14728
"dn: cn=samba,cn=schema,cn=config\n"
14729
"...\n"
14730
"cn: samba\n"
14731
msgstr ""
14732
14733
#: serverguide/C/network-auth.xml:1704(programlisting)
14734
#, no-wrap
14735
msgid ""
14736
"\n"
14737
"structuralObjectClass: olcSchemaConfig\n"
14738
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14739
"creatorsName: cn=config\n"
14740
"createTimestamp: 20080827045234Z\n"
14741
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14742
"modifiersName: cn=config\n"
14743
"modifyTimestamp: 20080827045234Z\n"
14744
msgstr ""
14745
14746
#: serverguide/C/network-auth.xml:1729(command)
14747
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14748
msgstr ""
14749
14750
#: serverguide/C/network-auth.xml:1735(para)
14751
msgid ""
14752
"There should now be a <emphasis>dn: "
14753
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14754
"sequential schema, entry in the cn=config tree."
14755
msgstr ""
14756
14757
#: serverguide/C/network-auth.xml:1743(para)
14758
msgid ""
14759
"Copy and paste the following into a file named "
14760
"<filename>samba_indexes.ldif</filename>:"
14761
msgstr ""
14762
14763
#: serverguide/C/network-auth.xml:1747(programlisting)
14764
#, no-wrap
14765
msgid ""
14766
"\n"
14767
"dn: olcDatabase={1}hdb,cn=config\n"
14768
"changetype: modify\n"
14769
"add: olcDbIndex\n"
14770
"olcDbIndex: uidNumber eq\n"
14771
"olcDbIndex: gidNumber eq\n"
14772
"olcDbIndex: loginShell eq\n"
14773
"olcDbIndex: uid eq,pres,sub\n"
14774
"olcDbIndex: memberUid eq,pres,sub\n"
14775
"olcDbIndex: uniqueMember eq,pres\n"
14776
"olcDbIndex: sambaSID eq\n"
14777
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14778
"olcDbIndex: sambaGroupType eq\n"
14779
"olcDbIndex: sambaSIDList eq\n"
14780
"olcDbIndex: sambaDomainName eq\n"
14781
"olcDbIndex: default sub\n"
14782
msgstr ""
14783
14784
#: serverguide/C/network-auth.xml:1765(para)
14785
msgid ""
14786
"Using the <application>ldapmodify</application> utility load the new indexes:"
14787
msgstr ""
14788
14789
#: serverguide/C/network-auth.xml:1770(command)
14790
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14791
msgstr ""
14792
14793
#: serverguide/C/network-auth.xml:1772(para)
14794
msgid ""
14795
"If all went well you should see the new indexes using "
14796
"<application>ldapsearch</application>:"
14797
msgstr ""
14798
14799
#: serverguide/C/network-auth.xml:1777(command)
14800
msgid ""
14801
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14802
msgstr ""
14803
14804
#: serverguide/C/network-auth.xml:1783(para)
14805
msgid ""
14806
"Next, configure the <application>smbldap-tools</application> package to "
14807
"match your environment. The package comes with a configuration script that "
14808
"will ask questions about the needed options. To run the script enter:"
14809
msgstr ""
14810
14811
#: serverguide/C/network-auth.xml:1789(command)
14812
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14813
msgstr "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14814
14815
#: serverguide/C/network-auth.xml:1790(command)
14816
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14817
msgstr "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14818
14819
#: serverguide/C/network-auth.xml:1793(para)
14820
msgid ""
14821
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14822
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14823
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14824
"configure script, so if you made any mistakes while executing the script it "
14825
"may be simpler to edit the file appropriately."
14826
msgstr ""
14827
14828
#: serverguide/C/network-auth.xml:1803(para)
14829
msgid ""
14830
"The <application>smbldap-populate</application> script will add the "
14831
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14832
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14833
"<application>slapcat</application> before executing the command:"
14834
msgstr ""
14835
14836
#: serverguide/C/network-auth.xml:1810(command)
14837
msgid "sudo slapcat -l backup.ldif"
14838
msgstr "sudo slapcat -l backup.ldif"
14839
14840
#: serverguide/C/network-auth.xml:1816(para)
14841
msgid ""
14842
"Once you have a current backup execute <application>smbldap-"
14843
"populate</application> by entering:"
14844
msgstr ""
14845
14846
#: serverguide/C/network-auth.xml:1821(command)
14847
msgid "sudo smbldap-populate"
14848
msgstr "sudo smbldap-populate"
14849
14850
#: serverguide/C/network-auth.xml:1825(para)
14851
msgid ""
14852
"You can create an LDIF file containing the new Samba objects by executing "
14853
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14854
"look over the changes making sure everything is correct."
14855
msgstr ""
14856
14857
#: serverguide/C/network-auth.xml:1833(para)
14858
msgid ""
14859
"Your LDAP directory now has the necessary domain information to authenticate "
14860
"Samba users."
14861
msgstr ""
14862
14863
#: serverguide/C/network-auth.xml:1839(title)
14864
msgid "Samba Configuration"
14865
msgstr ""
14866
14867
#: serverguide/C/network-auth.xml:1841(para)
14868
msgid ""
14869
"There a multiple ways to configure Samba for details on some common "
14870
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14871
"Samba to use LDAP, edit the main Samba configuration file "
14872
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14873
"backend</emphasis> option and adding the following:"
14874
msgstr ""
14875
14876
#: serverguide/C/network-auth.xml:1847(programlisting)
14877
#, no-wrap
14878
msgid ""
14879
"\n"
14880
"# passdb backend = tdbsam\n"
14881
"\n"
14882
"# LDAP Settings\n"
14883
" passdb backend = ldapsam:ldap://hostname\n"
14884
" ldap suffix = dc=example,dc=com\n"
14885
" ldap user suffix = ou=People\n"
14886
" ldap group suffix = ou=Groups\n"
14887
" ldap machine suffix = ou=Computers\n"
14888
" ldap idmap suffix = ou=Idmap\n"
14889
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14890
" ldap ssl = start tls\n"
14891
" ldap passwd sync = yes\n"
14892
"...\n"
14893
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14894
msgstr ""
14895
14896
#: serverguide/C/network-auth.xml:1864(para)
14897
msgid "Restart <application>samba</application> to enable the new settings:"
14898
msgstr ""
14899
14900
#: serverguide/C/network-auth.xml:1873(para)
14901
msgid ""
14902
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14903
"enter:"
14904
msgstr ""
14905
14906
#: serverguide/C/network-auth.xml:1878(command)
14907
msgid "sudo smbpasswd -w secret"
14908
msgstr ""
14909
14910
#: serverguide/C/network-auth.xml:1882(para)
14911
msgid ""
14912
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14913
"password."
14914
msgstr ""
14915
14916
#: serverguide/C/network-auth.xml:1887(para)
14917
msgid ""
14918
"If you currently have users in LDAP, and you want them to authenticate using "
14919
"Samba, they will need some Samba attributes defined in the "
14920
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14921
"users using the <application>smbpasswd</application> utility, replacing "
14922
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14923
msgstr ""
14924
14925
#: serverguide/C/network-auth.xml:1895(command)
14926
msgid "sudo smbpasswd -a username"
14927
msgstr ""
14928
14929
#: serverguide/C/network-auth.xml:1898(para)
14930
msgid "You will then be asked to enter the user's password."
14931
msgstr ""
14932
14933
#: serverguide/C/network-auth.xml:1902(para)
14934
msgid ""
14935
"To add new user, group, and machine accounts use the utilities from the "
14936
"<application>smbldap-tools</application> package. Here are some examples:"
14937
msgstr ""
14938
14939
#: serverguide/C/network-auth.xml:1909(para)
14940
msgid ""
14941
"To add a new user to LDAP with Samba attributes enter the following, "
14942
"replacing username with an actual username:"
14943
msgstr ""
14944
14945
#: serverguide/C/network-auth.xml:1913(command)
14946
msgid "sudo smbldap-useradd -a -P username"
14947
msgstr ""
14948
14949
#: serverguide/C/network-auth.xml:1915(para)
14950
msgid ""
14951
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
14952
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
14953
"passwd</application> utility after the user is created allowing you to enter "
14954
"a password for the user."
14955
msgstr ""
14956
14957
#: serverguide/C/network-auth.xml:1921(para)
14958
msgid "To remove a user from the directory enter:"
14959
msgstr ""
14960
14961
#: serverguide/C/network-auth.xml:1925(command)
14962
msgid "sudo smbldap-userdel username"
14963
msgstr ""
14964
14965
#: serverguide/C/network-auth.xml:1927(para)
14966
msgid ""
14967
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
14968
"r</emphasis> option to remove the user's home directory."
14969
msgstr ""
14970
14971
#: serverguide/C/network-auth.xml:1932(para)
14972
msgid ""
14973
"Use <application>smbldap-groupadd</application> to add a group, replacing "
14974
"groupname with an appropriate group:"
14975
msgstr ""
14976
14977
#: serverguide/C/network-auth.xml:1936(command)
14978
msgid "sudo smbldap-groupadd -a groupname"
14979
msgstr ""
14980
14981
#: serverguide/C/network-auth.xml:1938(para)
14982
msgid ""
14983
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
14984
"a</emphasis> adds the Samba attributes."
14985
msgstr ""
14986
14987
#: serverguide/C/network-auth.xml:1943(para)
14988
msgid ""
14989
"To add a user to a group use <application>smbldap-groupmod</application>:"
14990
msgstr ""
14991
14992
#: serverguide/C/network-auth.xml:1947(command)
14993
msgid "sudo smbldap-groupmod -m username groupname"
14994
msgstr ""
14995
14996
#: serverguide/C/network-auth.xml:1949(para)
14997
msgid ""
14998
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
14999
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15000
"listing them in <emphasis>comma separated</emphasis> format."
15001
msgstr ""
15002
15003
#: serverguide/C/network-auth.xml:1955(para)
15004
msgid ""
15005
"<application>smbldap-groupmod</application> can also be used to remove a "
15006
"user from a group:"
15007
msgstr ""
15008
15009
#: serverguide/C/network-auth.xml:1959(command)
15010
msgid "sudo smbldap-groupmod -x username groupname"
15011
msgstr ""
15012
15013
#: serverguide/C/network-auth.xml:1963(para)
15014
msgid ""
15015
"Additionally, the <application>smbldap-useradd</application> utility can add "
15016
"Samba machine accounts:"
15017
msgstr ""
15018
15019
#: serverguide/C/network-auth.xml:1967(command)
15020
msgid "sudo smbldap-useradd -t 0 -w username"
15021
msgstr ""
15022
15023
#: serverguide/C/network-auth.xml:1969(para)
15024
msgid ""
15025
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15026
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15027
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15028
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15029
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15030
"<application>smbldap-useradd</application>."
15031
msgstr ""
15032
15033
#: serverguide/C/network-auth.xml:1978(para)
15034
msgid ""
15035
"There are more useful utilities and options in the <application>smbldap-"
15036
"tools</application> package. The man page for each utility provides more "
15037
"details."
15038
msgstr ""
15039
15040
#: serverguide/C/network-auth.xml:1989(para)
15041
msgid ""
15042
"There are multiple places where LDAP and Samba is documented in the <ulink "
15043
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15044
"Collection</ulink>."
15045
msgstr ""
15046
15047
#: serverguide/C/network-auth.xml:1995(para)
15048
msgid ""
15049
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15050
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15051
msgstr ""
15052
15053
#: serverguide/C/network-auth.xml:2001(para)
15054
msgid ""
15055
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15056
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15057
msgstr ""
15058
15059
#: serverguide/C/network-auth.xml:2007(para)
15060
msgid ""
15061
"Again, for more information on <application>smbldap-tools</application> see "
15062
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15063
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15064
msgstr ""
15065
15066
#: serverguide/C/network-auth.xml:2014(para)
15067
msgid ""
15068
"Also, there is a list of <ulink "
15069
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15070
"wiki</ulink> articles with more information."
15071
msgstr ""
15072
15073
#: serverguide/C/network-auth.xml:2023(title)
15074
msgid "Kerberos"
15075
msgstr "Kerberos"
15076
15077
#: serverguide/C/network-auth.xml:2025(para)
15078
msgid ""
15079
"<application>Kerberos</application> is a network authentication system based "
15080
"on the principal of a trusted third party. The other two parties being the "
15081
"user and the service the user wishes to authenticate to. Not all services "
15082
"and applications can use Kerberos, but for those that can, it brings the "
15083
"network environment one step closer to being Single Sign On (SSO)."
15084
msgstr ""
15085
15086
#: serverguide/C/network-auth.xml:2031(para)
15087
msgid ""
15088
"This section covers installation and configuration of a Kerberos server, and "
15089
"some example client configurations."
15090
msgstr ""
15091
15092
#: serverguide/C/network-auth.xml:2038(para)
15093
msgid ""
15094
"If you are new to Kerberos there are a few terms that are good to understand "
15095
"before setting up a Kerberos server. Most of the terms will relate to things "
15096
"you may be familiar with in other environments:"
15097
msgstr ""
15098
15099
#: serverguide/C/network-auth.xml:2045(para)
15100
msgid ""
15101
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15102
"by servers need to be defined as Kerberos Principals."
15103
msgstr ""
15104
15105
#: serverguide/C/network-auth.xml:2050(para)
15106
msgid ""
15107
"<emphasis>Instances:</emphasis> are used for service principals and special "
15108
"administrative principals."
15109
msgstr ""
15110
15111
#: serverguide/C/network-auth.xml:2055(para)
15112
msgid ""
15113
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15114
"Kerberos installation. Usually the DNS domain converted to uppercase "
15115
"(EXAMPLE.COM)."
15116
msgstr ""
15117
15118
#: serverguide/C/network-auth.xml:2061(para)
15119
msgid ""
15120
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15121
"a database of all principals, the authentication server, and the ticket "
15122
"granting server. For each realm there must be at least one KDC."
15123
msgstr ""
15124
15125
#: serverguide/C/network-auth.xml:2067(para)
15126
msgid ""
15127
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15128
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15129
"password which is known only to the user and the KDC."
15130
msgstr ""
15131
15132
#: serverguide/C/network-auth.xml:2073(para)
15133
msgid ""
15134
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15135
"clients upon request."
15136
msgstr ""
15137
15138
#: serverguide/C/network-auth.xml:2078(para)
15139
msgid ""
15140
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15141
"One principal being a user and the other a service requested by the user. "
15142
"Tickets establish an encryption key used for secure communication during the "
15143
"authenticated session."
15144
msgstr ""
15145
15146
#: serverguide/C/network-auth.xml:2084(para)
15147
msgid ""
15148
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15149
"principal database and contain the encryption key for a service or host."
15150
msgstr ""
15151
15152
#: serverguide/C/network-auth.xml:2091(para)
15153
msgid ""
15154
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15155
"redundancy, which contains a database of Principals. When a user principal "
15156
"logs into a workstation, configured for Kerberos authentication, the KDC "
15157
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15158
"match, the user is authenticated and can then request tickets for Kerberized "
15159
"services from the Ticket Granting Server (TGS). The service tickets allow "
15160
"the user to authenticate to the service without entering another username "
15161
"and password."
15162
msgstr ""
15163
15164
#: serverguide/C/network-auth.xml:2100(title)
15165
msgid "Kerberos Server"
15166
msgstr ""
15167
15168
#: serverguide/C/network-auth.xml:2104(para)
15169
msgid ""
15170
"Before installing the Kerberos server a properly configured DNS server is "
15171
"needed for your domain. Since the Kerberos Realm by convention matches the "
15172
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15173
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15174
msgstr ""
15175
15176
#: serverguide/C/network-auth.xml:2110(para)
15177
msgid ""
15178
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15179
"between a client machine and the server differs by more than five minutes "
15180
"(by default), the workstation will not be able to authenticate. To correct "
15181
"the problem all hosts should have their time synchronized using the "
15182
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15183
"NTP see <xref linkend=\"NTP\"/>."
15184
msgstr ""
15185
15186
#: serverguide/C/network-auth.xml:2117(para)
15187
msgid ""
15188
"The first step in installing a Kerberos Realm is to install the "
15189
"<application>krb5-kdc</application> and <application>krb5-admin-"
15190
"server</application> packages. From a terminal enter:"
15191
msgstr ""
15192
15193
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15194
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15195
msgstr "sudo apt-get install krb5-kdc krb5-admin-server"
15196
15197
#: serverguide/C/network-auth.xml:2126(para)
15198
msgid ""
15199
"You will be asked at the end of the install to supply a name for the "
15200
"Kerberos and Admin servers, which may or may not be the same server, for the "
15201
"realm."
15202
msgstr ""
15203
15204
#: serverguide/C/network-auth.xml:2131(para)
15205
msgid ""
15206
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15207
"utility:"
15208
msgstr ""
15209
15210
#: serverguide/C/network-auth.xml:2136(command)
15211
msgid "sudo krb5_newrealm"
15212
msgstr "sudo krb5_newrealm"
15213
15214
#: serverguide/C/network-auth.xml:2143(para)
15215
msgid ""
15216
"The questions asked during installation are used to configure the "
15217
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15218
"Distribution Center (KDC) settings simply edit the file and restart the "
15219
"<application>krb5-kdc</application> daemon."
15220
msgstr ""
15221
15222
#: serverguide/C/network-auth.xml:2151(para)
15223
msgid ""
15224
"Now that the KDC running an admin user is needed. It is recommended to use a "
15225
"different username from your everyday username. Using the "
15226
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15227
msgstr ""
15228
15229
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15230
msgid "sudo kadmin.local"
15231
msgstr "sudo kadmin.local"
15232
15233
#: serverguide/C/network-auth.xml:2158(computeroutput)
15234
#, no-wrap
15235
msgid ""
15236
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15237
"kadmin.local:"
15238
msgstr ""
15239
15240
#: serverguide/C/network-auth.xml:2159(userinput)
15241
#, no-wrap
15242
msgid " addprinc steve/admin"
15243
msgstr ""
15244
15245
#: serverguide/C/network-auth.xml:2160(computeroutput)
15246
#, no-wrap
15247
msgid ""
15248
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15249
"policy\n"
15250
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15251
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15252
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15253
"kadmin.local:"
15254
msgstr ""
15255
15256
#: serverguide/C/network-auth.xml:2164(userinput)
15257
#, no-wrap
15258
msgid " quit"
15259
msgstr ""
15260
15261
#: serverguide/C/network-auth.xml:2167(para)
15262
msgid ""
15263
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15264
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15265
"is an <emphasis>Instance</emphasis>, and <emphasis "
15266
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15267
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15268
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15269
"rights."
15270
msgstr ""
15271
15272
#: serverguide/C/network-auth.xml:2175(para)
15273
msgid ""
15274
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15275
"your Realm and admin username."
15276
msgstr ""
15277
15278
#: serverguide/C/network-auth.xml:2183(para)
15279
msgid ""
15280
"Next, the new admin user needs to have the appropriate Access Control List "
15281
"(ACL) permissions. The permissions are configured in the "
15282
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15283
msgstr ""
15284
15285
#: serverguide/C/network-auth.xml:2188(programlisting)
15286
#, no-wrap
15287
msgid ""
15288
"\n"
15289
"steve/admin@EXAMPLE.COM *\n"
15290
msgstr ""
15291
15292
#: serverguide/C/network-auth.xml:2192(para)
15293
msgid ""
15294
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15295
"any operation on all principals in the realm."
15296
msgstr ""
15297
15298
#: serverguide/C/network-auth.xml:2199(para)
15299
msgid ""
15300
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15301
"to take affect:"
15302
msgstr ""
15303
15304
#: serverguide/C/network-auth.xml:2204(command)
15305
msgid "sudo /etc/init.d/krb5-admin-server restart"
15306
msgstr "sudo /etc/init.d/krb5-admin-server restart"
15307
15308
#: serverguide/C/network-auth.xml:2210(para)
15309
msgid ""
15310
"The new user principal can be tested using the <application>kinit "
15311
"utility</application>:"
15312
msgstr ""
15313
15314
#: serverguide/C/network-auth.xml:2215(command)
15315
msgid "kinit steve/admin"
15316
msgstr ""
15317
15318
#: serverguide/C/network-auth.xml:2216(computeroutput)
15319
#, no-wrap
15320
msgid "steve/admin@EXAMPLE.COM's Password:"
15321
msgstr ""
15322
15323
#: serverguide/C/network-auth.xml:2219(para)
15324
msgid ""
15325
"After entering the password, use the <application>klist</application> "
15326
"utility to view information about the Ticket Granting Ticket (TGT):"
15327
msgstr ""
15328
15329
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15330
msgid "klist"
15331
msgstr ""
15332
15333
#: serverguide/C/network-auth.xml:2226(computeroutput)
15334
#, no-wrap
15335
msgid ""
15336
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15337
" Principal: steve/admin@EXAMPLE.COM\n"
15338
"\n"
15339
" Issued Expires Principal\n"
15340
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15341
msgstr ""
15342
15343
#: serverguide/C/network-auth.xml:2233(para)
15344
msgid ""
15345
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15346
"the KDC. For example:"
15347
msgstr ""
15348
15349
#: serverguide/C/network-auth.xml:2237(programlisting)
15350
#, no-wrap
15351
msgid ""
15352
"\n"
15353
"192.168.0.1 kdc01.example.com kdc01\n"
15354
msgstr ""
15355
15356
#: serverguide/C/network-auth.xml:2241(para)
15357
msgid ""
15358
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15359
msgstr ""
15360
15361
#: serverguide/C/network-auth.xml:2248(para)
15362
msgid ""
15363
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15364
"are needed. Add the following to "
15365
"<filename>/etc/named/db.example.com</filename>:"
15366
msgstr ""
15367
15368
#: serverguide/C/network-auth.xml:2253(programlisting)
15369
#, no-wrap
15370
msgid ""
15371
"\n"
15372
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15373
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15374
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15375
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15376
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15377
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15378
msgstr ""
15379
15380
#: serverguide/C/network-auth.xml:2263(para)
15381
msgid ""
15382
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15383
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15384
"KDC."
15385
msgstr ""
15386
15387
#: serverguide/C/network-auth.xml:2269(para)
15388
msgid ""
15389
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15390
msgstr ""
15391
15392
#: serverguide/C/network-auth.xml:2276(para)
15393
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15394
msgstr ""
15395
15396
#: serverguide/C/network-auth.xml:2283(title)
15397
msgid "Secondary KDC"
15398
msgstr ""
15399
15400
#: serverguide/C/network-auth.xml:2285(para)
15401
msgid ""
15402
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15403
"practice to have a Secondary KDC in case the primary becomes unavailable."
15404
msgstr ""
15405
15406
#: serverguide/C/network-auth.xml:2293(para)
15407
msgid ""
15408
"First, install the packages, and when asked for the Kerberos and Admin "
15409
"server names enter the name of the Primary KDC:"
15410
msgstr ""
15411
15412
#: serverguide/C/network-auth.xml:2304(para)
15413
msgid ""
15414
"Once you have the packages installed, create the Secondary KDC's host "
15415
"principal. From a terminal prompt, enter:"
15416
msgstr ""
15417
15418
#: serverguide/C/network-auth.xml:2309(command)
15419
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15420
msgstr ""
15421
15422
#: serverguide/C/network-auth.xml:2313(para)
15423
msgid ""
15424
"After, issuing any <application>kadmin</application> commands you will be "
15425
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15426
"password."
15427
msgstr ""
15428
15429
#: serverguide/C/network-auth.xml:2322(para)
15430
msgid "Extract the <emphasis>keytab</emphasis> file:"
15431
msgstr ""
15432
15433
#: serverguide/C/network-auth.xml:2327(command)
15434
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15435
msgstr ""
15436
15437
#: serverguide/C/network-auth.xml:2333(para)
15438
msgid ""
15439
"There should now be a <filename>keytab.kdc02</filename> in the current "
15440
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15441
msgstr ""
15442
15443
#: serverguide/C/network-auth.xml:2339(command)
15444
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15445
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
15446
15447
#: serverguide/C/network-auth.xml:2343(para)
15448
msgid ""
15449
"If the path to the <filename>keytab.kdc02</filename> file is different "
15450
"adjust accordingly."
15451
msgstr ""
15452
15453
#: serverguide/C/network-auth.xml:2348(para)
15454
msgid ""
15455
"Also, you can list the principals in a Keytab file, which can be useful when "
15456
"troubleshooting, using the <application>klist</application> utility:"
15457
msgstr ""
15458
15459
#: serverguide/C/network-auth.xml:2354(command)
15460
msgid "sudo klist -k /etc/krb5.keytab"
15461
msgstr "sudo klist -k /etc/krb5.keytab"
15462
15463
#: serverguide/C/network-auth.xml:2360(para)
15464
msgid ""
15465
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15466
"that lists all KDCs for the Realm. For example, on both primary and "
15467
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15468
msgstr ""
15469
15470
#: serverguide/C/network-auth.xml:2365(programlisting)
15471
#, no-wrap
15472
msgid ""
15473
"\n"
15474
"host/kdc01.example.com@EXAMPLE.COM\n"
15475
"host/kdc02.example.com@EXAMPLE.COM\n"
15476
msgstr ""
15477
15478
#: serverguide/C/network-auth.xml:2373(para)
15479
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15480
msgstr ""
15481
15482
#: serverguide/C/network-auth.xml:2378(command)
15483
msgid "sudo kdb5_util -s create"
15484
msgstr "sudo kdb5_util -s create"
15485
15486
#: serverguide/C/network-auth.xml:2384(para)
15487
msgid ""
15488
"Now start the <application>kpropd</application> daemon, which listens for "
15489
"connections from the <application>kprop</application> utility. "
15490
"<application>kprop</application> is used to transfer dump files:"
15491
msgstr ""
15492
15493
#: serverguide/C/network-auth.xml:2391(command)
15494
msgid "sudo kpropd -S"
15495
msgstr "sudo kpropd -S"
15496
15497
#: serverguide/C/network-auth.xml:2397(para)
15498
msgid ""
15499
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15500
"of the principal database:"
15501
msgstr ""
15502
15503
#: serverguide/C/network-auth.xml:2402(command)
15504
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15505
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15506
15507
#: serverguide/C/network-auth.xml:2408(para)
15508
msgid ""
15509
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15510
"<filename>/etc/krb5.keytab</filename>:"
15511
msgstr ""
15512
15513
#: serverguide/C/network-auth.xml:2413(command)
15514
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15515
msgstr ""
15516
15517
#: serverguide/C/network-auth.xml:2414(command)
15518
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15519
msgstr ""
15520
15521
#: serverguide/C/network-auth.xml:2418(para)
15522
msgid ""
15523
"Make sure there is a <emphasis>host</emphasis> for "
15524
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15525
msgstr ""
15526
15527
#: serverguide/C/network-auth.xml:2426(para)
15528
msgid ""
15529
"Using the <application>kprop</application> utility push the database to the "
15530
"Secondary KDC:"
15531
msgstr ""
15532
15533
#: serverguide/C/network-auth.xml:2431(command)
15534
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15535
msgstr ""
15536
15537
#: serverguide/C/network-auth.xml:2435(para)
15538
msgid ""
15539
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15540
"worked. If there is an error message check "
15541
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15542
"information."
15543
msgstr ""
15544
15545
#: serverguide/C/network-auth.xml:2441(para)
15546
msgid ""
15547
"You may also want to create a <application>cron</application> job to "
15548
"periodically update the database on the Secondary KDC. For example, the "
15549
"following will push the database every hour:"
15550
msgstr ""
15551
15552
#: serverguide/C/network-auth.xml:2446(programlisting)
15553
#, no-wrap
15554
msgid ""
15555
"\n"
15556
"# m h dom mon dow command\n"
15557
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15558
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15559
msgstr ""
15560
15561
#: serverguide/C/network-auth.xml:2454(para)
15562
msgid ""
15563
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15564
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15565
msgstr ""
15566
15567
#: serverguide/C/network-auth.xml:2460(command)
15568
msgid "sudo kdb5_util stash"
15569
msgstr "sudo kdb5_util stash"
15570
15571
#: serverguide/C/network-auth.xml:2466(para)
15572
msgid ""
15573
"Finally, start the <application>krb5-kdc</application> daemon on the "
15574
"Secondary KDC:"
15575
msgstr ""
15576
15577
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15578
msgid "sudo /etc/init.d/krb5-kdc start"
15579
msgstr "sudo /etc/init.d/krb5-kdc start"
15580
15581
#: serverguide/C/network-auth.xml:2477(para)
15582
msgid ""
15583
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15584
"for the Realm. You can test this by stopping the <application>krb5-"
15585
"kdc</application> daemon on the Primary KDC, then use "
15586
"<application>kinit</application> to request a ticket. If all goes well you "
15587
"should receive a ticket from the Secondary KDC."
15588
msgstr ""
15589
15590
#: serverguide/C/network-auth.xml:2485(title)
15591
msgid "Kerberos Linux Client"
15592
msgstr ""
15593
15594
#: serverguide/C/network-auth.xml:2487(para)
15595
msgid ""
15596
"This section covers configuring a Linux system as a "
15597
"<application>Kerberos</application> client. This will allow access to any "
15598
"kerberized services once a user has successfully logged into the system."
15599
msgstr ""
15600
15601
#: serverguide/C/network-auth.xml:2495(para)
15602
msgid ""
15603
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15604
"user</application> and <application>libpam-krb5</application> packages are "
15605
"needed, along with a few others that are not strictly necessary but make "
15606
"life easier. To install the packages enter the following in a terminal "
15607
"prompt:"
15608
msgstr ""
15609
15610
#: serverguide/C/network-auth.xml:2502(command)
15611
msgid ""
15612
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15613
msgstr ""
15614
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15615
15616
#: serverguide/C/network-auth.xml:2505(para)
15617
msgid ""
15618
"The <application>auth-client-config</application> package allows simple "
15619
"configuration of PAM for authentication from multiple sources, and the "
15620
"<application>libpam-ccreds</application> will cache authentication "
15621
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15622
"is unavailable. This package is also useful for laptops that may "
15623
"authenticate using Kerberos while on the corporate network, but will need to "
15624
"be accessed off the network as well."
15625
msgstr ""
15626
15627
#: serverguide/C/network-auth.xml:2516(para)
15628
msgid "To configure the client in a terminal enter:"
15629
msgstr ""
15630
15631
#: serverguide/C/network-auth.xml:2521(command)
15632
msgid "sudo dpkg-reconfigure krb5-config"
15633
msgstr "sudo dpkg-reconfigure krb5-config"
15634
15635
#: serverguide/C/network-auth.xml:2524(para)
15636
msgid ""
15637
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15638
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15639
"records, the menu will prompt you for the hostname of the Key Distribution "
15640
"Center (KDC) and Realm Administration server."
15641
msgstr ""
15642
15643
#: serverguide/C/network-auth.xml:2530(para)
15644
msgid ""
15645
"The <application>dpkg-reconfigure</application> adds entries to the "
15646
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15647
"entries similar to the following:"
15648
msgstr ""
15649
15650
#: serverguide/C/network-auth.xml:2535(programlisting)
15651
#, no-wrap
15652
msgid ""
15653
"\n"
15654
"[libdefaults]\n"
15655
" default_realm = EXAMPLE.COM\n"
15656
"...\n"
15657
"[realms]\n"
15658
" EXAMPLE.COM = } \n"
15659
" kdc = 192.168.0.1 \n"
15660
" admin_server = 192.168.0.1\n"
15661
" }\n"
15662
msgstr ""
15663
15664
#: serverguide/C/network-auth.xml:2546(para)
15665
msgid ""
15666
"You can test the configuration by requesting a ticket using the "
15667
"<application>kinit</application> utility. For example:"
15668
msgstr ""
15669
15670
#: serverguide/C/network-auth.xml:2551(command)
15671
msgid "kinit steve@EXAMPLE.COM"
15672
msgstr ""
15673
15674
#: serverguide/C/network-auth.xml:2552(computeroutput)
15675
#, no-wrap
15676
msgid "Password for steve@EXAMPLE.COM:"
15677
msgstr ""
15678
15679
#: serverguide/C/network-auth.xml:2555(para)
15680
msgid ""
15681
"When a ticket has been granted, the details can be viewed using "
15682
"<application>klist</application>:"
15683
msgstr ""
15684
15685
#: serverguide/C/network-auth.xml:2561(computeroutput)
15686
#, no-wrap
15687
msgid ""
15688
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15689
"Default principal: steve@EXAMPLE.COM\n"
15690
"\n"
15691
"Valid starting Expires Service principal\n"
15692
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15693
" renew until 07/25/08 05:18:57\n"
15694
"\n"
15695
"\n"
15696
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15697
"klist: You have no tickets cached"
15698
msgstr ""
15699
15700
#: serverguide/C/network-auth.xml:2573(para)
15701
msgid ""
15702
"Next, use the <application>auth-client-config</application> to configure the "
15703
"<application>libpam-krb5</application> module to request a ticket during "
15704
"login:"
15705
msgstr ""
15706
15707
#: serverguide/C/network-auth.xml:2579(command)
15708
msgid "sudo auth-client-config -a -p kerberos_example"
15709
msgstr ""
15710
15711
#: serverguide/C/network-auth.xml:2582(para)
15712
msgid ""
15713
"You will should now receive a ticket upon successful login authentication."
15714
msgstr ""
15715
15716
#: serverguide/C/network-auth.xml:2593(para)
15717
msgid ""
15718
"For more information on Kerberos see the <ulink "
15719
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15720
msgstr ""
15721
15722
#: serverguide/C/network-auth.xml:2598(para)
15723
msgid ""
15724
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15725
"Kerberos</ulink> page has more details."
15726
msgstr ""
15727
15728
#: serverguide/C/network-auth.xml:2603(para)
15729
msgid ""
15730
"O'Reilly's <ulink "
15731
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15732
"Guide</ulink> is a great reference when setting up Kerberos."
15733
msgstr ""
15734
15735
#: serverguide/C/network-auth.xml:2609(para)
15736
msgid ""
15737
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15738
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15739
"Kerberos questions."
15740
msgstr ""
15741
15742
#: serverguide/C/network-auth.xml:2619(title)
15743
msgid "Kerberos and LDAP"
15744
msgstr ""
15745
15746
#: serverguide/C/network-auth.xml:2621(para)
15747
msgid ""
15748
"Replicating a Kerberos principal database between two servers can be "
15749
"complicated, and adds an additional user database to your network. "
15750
"Fortunately, MIT Kerberos can be configured to use an "
15751
"<application>LDAP</application> directory as a principal database. This "
15752
"section covers configuring a primary and secondary kerberos server to use "
15753
"<application>OpenLDAP</application> for the principal database."
15754
msgstr ""
15755
15756
#: serverguide/C/network-auth.xml:2629(title)
15757
msgid "Configuring OpenLDAP"
15758
msgstr ""
15759
15760
#: serverguide/C/network-auth.xml:2631(para)
15761
msgid ""
15762
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15763
"<application>OpenLDAP</application> server that has network connectivity to "
15764
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15765
"also have LDAP replication configured between at least two servers. For "
15766
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15767
msgstr ""
15768
15769
#: serverguide/C/network-auth.xml:2638(para)
15770
msgid ""
15771
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15772
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15773
"linkend=\"openldap-tls\"/> for details."
15774
msgstr ""
15775
15776
#: serverguide/C/network-auth.xml:2645(para)
15777
msgid ""
15778
"To load the schema into LDAP, on the LDAP server install the "
15779
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15780
msgstr ""
15781
15782
#: serverguide/C/network-auth.xml:2651(command)
15783
msgid "sudo apt-get install krb5-kdc-ldap"
15784
msgstr "sudo apt-get install krb5-kdc-ldap"
15785
15786
#: serverguide/C/network-auth.xml:2656(para)
15787
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15788
msgstr ""
15789
15790
#: serverguide/C/network-auth.xml:2661(command)
15791
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15792
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15793
15794
#: serverguide/C/network-auth.xml:2662(command)
15795
msgid ""
15796
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15797
msgstr ""
15798
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15799
15800
#: serverguide/C/network-auth.xml:2668(para)
15801
msgid ""
15802
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15803
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15804
"<application>slapd</application> is also detailed in <xref "
15805
"linkend=\"openldap-configuration\"/>."
15806
msgstr ""
15807
15808
#: serverguide/C/network-auth.xml:2681(programlisting)
15809
#, no-wrap
15810
msgid ""
15811
"\n"
15812
"include /etc/ldap/schema/core.schema\n"
15813
"include /etc/ldap/schema/collective.schema\n"
15814
"include /etc/ldap/schema/corba.schema\n"
15815
"include /etc/ldap/schema/cosine.schema\n"
15816
"include /etc/ldap/schema/duaconf.schema\n"
15817
"include /etc/ldap/schema/dyngroup.schema\n"
15818
"include /etc/ldap/schema/inetorgperson.schema\n"
15819
"include /etc/ldap/schema/java.schema\n"
15820
"include /etc/ldap/schema/misc.schema\n"
15821
"include /etc/ldap/schema/nis.schema\n"
15822
"include /etc/ldap/schema/openldap.schema\n"
15823
"include /etc/ldap/schema/ppolicy.schema\n"
15824
"include /etc/ldap/schema/kerberos.schema\n"
15825
msgstr ""
15826
15827
#: serverguide/C/network-auth.xml:2701(para)
15828
msgid "Create a temporary directory to hold the LDIF files:"
15829
msgstr ""
15830
15831
#: serverguide/C/network-auth.xml:2716(command)
15832
msgid ""
15833
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15834
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15835
msgstr ""
15836
15837
#: serverguide/C/network-auth.xml:2726(para)
15838
msgid ""
15839
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15840
"changing the following attributes:"
15841
msgstr ""
15842
15843
#: serverguide/C/network-auth.xml:2730(programlisting)
15844
#, no-wrap
15845
msgid ""
15846
"\n"
15847
"dn: cn=kerberos,cn=schema,cn=config\n"
15848
"...\n"
15849
"cn: kerberos\n"
15850
msgstr ""
15851
15852
#: serverguide/C/network-auth.xml:2736(para)
15853
msgid "And remove the following lines from the end of the file:"
15854
msgstr ""
15855
15856
#: serverguide/C/network-auth.xml:2740(programlisting)
15857
#, no-wrap
15858
msgid ""
15859
"\n"
15860
"structuralObjectClass: olcSchemaConfig\n"
15861
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15862
"creatorsName: cn=config\n"
15863
"createTimestamp: 20090111203515Z\n"
15864
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15865
"modifiersName: cn=config\n"
15866
"modifyTimestamp: 20090111203515Z\n"
15867
msgstr ""
15868
15869
#: serverguide/C/network-auth.xml:2759(para)
15870
msgid "Load the new schema with <application>ldapadd</application>:"
15871
msgstr ""
15872
15873
#: serverguide/C/network-auth.xml:2764(command)
15874
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15875
msgstr ""
15876
15877
#: serverguide/C/network-auth.xml:2770(para)
15878
msgid ""
15879
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15880
msgstr ""
15881
15882
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
15883
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15884
msgstr ""
15885
15886
#: serverguide/C/network-auth.xml:2777(userinput)
15887
#, no-wrap
15888
msgid ""
15889
"dn: olcDatabase={1}hdb,cn=config\n"
15890
"add: olcDbIndex\n"
15891
"olcDbIndex: krbPrincipalName eq,pres,sub"
15892
msgstr ""
15893
15894
#: serverguide/C/network-auth.xml:2776(computeroutput)
15895
#, no-wrap
15896
msgid ""
15897
"Enter LDAP Password:\n"
15898
"<placeholder-1/>\n"
15899
"\n"
15900
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15901
msgstr ""
15902
15903
#: serverguide/C/network-auth.xml:2787(para)
15904
msgid "Finally, update the Access Control Lists (ACL):"
15905
msgstr ""
15906
15907
#: serverguide/C/network-auth.xml:2794(userinput)
15908
#, no-wrap
15909
msgid ""
15910
"dn: olcDatabase={1}hdb,cn=config\n"
15911
"replace: olcAccess\n"
15912
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15913
"dn=\"cn=admin,dc=exampl\n"
15914
" e,dc=com\" write by anonymous auth by self write by * none\n"
15915
"-\n"
15916
"add: olcAccess\n"
15917
"olcAccess: to dn.base=\"\" by * read\n"
15918
"-\n"
15919
"add: olcAccess\n"
15920
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15921
msgstr ""
15922
15923
#: serverguide/C/network-auth.xml:2793(computeroutput)
15924
#, no-wrap
15925
msgid ""
15926
"Enter LDAP Password: \n"
15927
"<placeholder-1/>\n"
15928
"\n"
15929
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15930
msgstr ""
15931
15932
#: serverguide/C/network-auth.xml:2814(para)
15933
msgid ""
15934
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15935
"database."
15936
msgstr ""
15937
15938
#: serverguide/C/network-auth.xml:2820(title)
15939
msgid "Primary KDC Configuration"
15940
msgstr ""
15941
15942
#: serverguide/C/network-auth.xml:2822(para)
15943
msgid ""
15944
"With <application>OpenLDAP</application> configured it is time to configure "
15945
"the KDC."
15946
msgstr ""
15947
15948
#: serverguide/C/network-auth.xml:2828(para)
15949
msgid "First, install the necessary packages, from a terminal enter:"
15950
msgstr ""
15951
15952
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
15953
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15954
msgstr "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15955
15956
#: serverguide/C/network-auth.xml:2839(para)
15957
msgid ""
15958
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
15959
"under the appropriate sections:"
15960
msgstr ""
15961
15962
#: serverguide/C/network-auth.xml:2843(programlisting)
15963
#, no-wrap
15964
msgid ""
15965
"\n"
15966
"[libdefaults]\n"
15967
" default_realm = EXAMPLE.COM\n"
15968
"\n"
15969
"...\n"
15970
"\n"
15971
"[realms]\n"
15972
" EXAMPLE.COM = {\n"
15973
" kdc = kdc01.example.com\n"
15974
" kdc = kdc02.example.com\n"
15975
" admin_server = kdc01.example.com\n"
15976
" admin_server = kdc02.example.com\n"
15977
" default_domain = example.com\n"
15978
" database_module = openldap_ldapconf\n"
15979
" }\n"
15980
"\n"
15981
"...\n"
15982
"\n"
15983
"[domain_realm]\n"
15984
" .example.com = EXAMPLE.COM\n"
15985
"\n"
15986
"\n"
15987
"...\n"
15988
"\n"
15989
"[dbdefaults]\n"
15990
" ldap_kerberos_container_dn = dc=example,dc=com\n"
15991
"\n"
15992
"[dbmodules]\n"
15993
" openldap_ldapconf = {\n"
15994
" db_library = kldap\n"
15995
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
15996
"\n"
15997
" # this object needs to have read rights on\n"
15998
" # the realm container, principal container and realm sub-"
15999
"trees\n"
16000
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16001
"\n"
16002
" # this object needs to have read and write rights on\n"
16003
" # the realm container, principal container and realm sub-"
16004
"trees\n"
16005
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16006
" ldap_servers = ldaps://ldap01.example.com "
16007
"ldaps://ldap02.example.com\n"
16008
" ldap_conns_per_server = 5\n"
16009
" }\n"
16010
msgstr ""
16011
16012
#: serverguide/C/network-auth.xml:2888(para)
16013
msgid ""
16014
"Change <emphasis>example.com</emphasis>, "
16015
"<emphasis>dc=example,dc=com</emphasis>, "
16016
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16017
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16018
"object, and LDAP server for your network."
16019
msgstr ""
16020
16021
#: serverguide/C/network-auth.xml:2897(para)
16022
msgid ""
16023
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16024
"the realm:"
16025
msgstr ""
16026
16027
#: serverguide/C/network-auth.xml:2902(command)
16028
msgid ""
16029
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16030
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16031
msgstr ""
16032
16033
#: serverguide/C/network-auth.xml:2908(para)
16034
msgid ""
16035
"Create a stash of the password used to bind to the LDAP server. This "
16036
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16037
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16038
"<filename>/etc/krb5.conf</filename>:"
16039
msgstr ""
16040
16041
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
16042
msgid ""
16043
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16044
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16045
msgstr ""
16046
16047
#: serverguide/C/network-auth.xml:2920(para)
16048
msgid "Copy the CA certificate from the LDAP server:"
16049
msgstr ""
16050
16051
#: serverguide/C/network-auth.xml:2925(command)
16052
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16053
msgstr ""
16054
16055
#: serverguide/C/network-auth.xml:2926(command)
16056
msgid "sudo cp cacert.pem /etc/ssl/certs"
16057
msgstr "sudo cp cacert.pem /etc/ssl/certs"
16058
16059
#: serverguide/C/network-auth.xml:2929(para)
16060
msgid ""
16061
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16062
msgstr ""
16063
16064
#: serverguide/C/network-auth.xml:2933(programlisting)
16065
#, no-wrap
16066
msgid ""
16067
"\n"
16068
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16069
msgstr ""
16070
16071
#: serverguide/C/network-auth.xml:2938(para)
16072
msgid ""
16073
"The certificate will also need to be copied to the Secondary KDC, to allow "
16074
"the connection to the LDAP servers using LDAPS."
16075
msgstr ""
16076
16077
#: serverguide/C/network-auth.xml:2947(para)
16078
msgid ""
16079
"You can now add Kerberos principals to the LDAP database, and they will be "
16080
"copied to any other LDAP servers configured for replication. To add a "
16081
"principal using the <application>kadmin.local</application> utility enter:"
16082
msgstr ""
16083
16084
#: serverguide/C/network-auth.xml:2955(userinput)
16085
#, no-wrap
16086
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16087
msgstr ""
16088
16089
#: serverguide/C/network-auth.xml:2954(computeroutput)
16090
#, no-wrap
16091
msgid ""
16092
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16093
"kadmin.local: <placeholder-1/>\n"
16094
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16095
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16096
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16097
"Principal \"steve@EXAMPLE.COM\" created."
16098
msgstr ""
16099
16100
#: serverguide/C/network-auth.xml:2962(para)
16101
msgid ""
16102
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16103
"krbExtraData attributes added to the "
16104
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16105
"the <application>kinit</application> and <application>klist</application> "
16106
"utilities to test that the user is indeed issued a ticket."
16107
msgstr ""
16108
16109
#: serverguide/C/network-auth.xml:2969(para)
16110
msgid ""
16111
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16112
"option is needed to add the Kerberos attributes. Otherwise a new "
16113
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16114
msgstr ""
16115
16116
#: serverguide/C/network-auth.xml:2977(title)
16117
msgid "Secondary KDC Configuration"
16118
msgstr ""
16119
16120
#: serverguide/C/network-auth.xml:2979(para)
16121
msgid ""
16122
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16123
"one using the normal Kerberos database."
16124
msgstr ""
16125
16126
#: serverguide/C/network-auth.xml:2985(para)
16127
msgid "First, install the necessary packages. In a terminal enter:"
16128
msgstr ""
16129
16130
#: serverguide/C/network-auth.xml:2996(para)
16131
msgid ""
16132
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16133
msgstr ""
16134
16135
#: serverguide/C/network-auth.xml:3000(programlisting)
16136
#, no-wrap
16137
msgid ""
16138
"\n"
16139
"[libdefaults]\n"
16140
" default_realm = EXAMPLE.COM\n"
16141
"\n"
16142
"...\n"
16143
"\n"
16144
"[realms]\n"
16145
" EXAMPLE.COM = {\n"
16146
" kdc = kdc01.example.com\n"
16147
" kdc = kdc02.example.com\n"
16148
" admin_server = kdc01.example.com\n"
16149
" admin_server = kdc02.example.com\n"
16150
" default_domain = example.com\n"
16151
" database_module = openldap_ldapconf\n"
16152
" }\n"
16153
"\n"
16154
"...\n"
16155
"\n"
16156
"[domain_realm]\n"
16157
" .example.com = EXAMPLE.COM\n"
16158
"\n"
16159
"...\n"
16160
"\n"
16161
"[dbdefaults]\n"
16162
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16163
"\n"
16164
"[dbmodules]\n"
16165
" openldap_ldapconf = {\n"
16166
" db_library = kldap\n"
16167
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16168
"\n"
16169
" # this object needs to have read rights on\n"
16170
" # the realm container, principal container and realm sub-"
16171
"trees\n"
16172
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16173
"\n"
16174
" # this object needs to have read and write rights on\n"
16175
" # the realm container, principal container and realm sub-"
16176
"trees\n"
16177
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16178
" ldap_servers = ldaps://ldap01.example.com "
16179
"ldaps://ldap02.example.com\n"
16180
" ldap_conns_per_server = 5\n"
16181
" }\n"
16182
msgstr ""
16183
16184
#: serverguide/C/network-auth.xml:3047(para)
16185
msgid "Create the stash for the LDAP bind password:"
16186
msgstr ""
16187
16188
#: serverguide/C/network-auth.xml:3058(para)
16189
msgid ""
16190
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16191
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16192
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16193
"encrypted connection such as <application>scp</application>, or on physical "
16194
"media."
16195
msgstr ""
16196
16197
#: serverguide/C/network-auth.xml:3065(command)
16198
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16199
msgstr ""
16200
16201
#: serverguide/C/network-auth.xml:3066(command)
16202
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16203
msgstr ""
16204
16205
#: serverguide/C/network-auth.xml:3070(para)
16206
msgid ""
16207
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16208
msgstr ""
16209
16210
#: serverguide/C/network-auth.xml:3078(para)
16211
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16212
msgstr ""
16213
16214
#: serverguide/C/network-auth.xml:3089(para)
16215
msgid ""
16216
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16217
"you should be able to continue to authenticate users if one LDAP server, one "
16218
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16219
msgstr ""
16220
16221
#: serverguide/C/network-auth.xml:3101(para)
16222
msgid ""
16223
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16224
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16225
"Guide</ulink> has some additional details."
16226
msgstr ""
16227
16228
#: serverguide/C/network-auth.xml:3107(para)
16229
msgid ""
16230
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16231
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16232
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16233
"5.6</ulink> and the <ulink "
16234
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16235
"tml\">kdb5_ldap_util man page</ulink>."
16236
msgstr ""
16237
16238
#: serverguide/C/network-auth.xml:3115(para)
16239
msgid ""
16240
"Another useful link is the <ulink "
16241
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16242
">krb5.conf man page</ulink>."
16243
msgstr ""
16244
16245
#: serverguide/C/network-auth.xml:3120(para)
16246
msgid ""
16247
"Also, see the <ulink "
16248
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16249
"and LDAP</ulink> Ubuntu wiki page."
16250
msgstr ""
16251
16252
#: serverguide/C/monitoring.xml:13(title)
16253
msgid "Monitoring"
16254
msgstr "Overvågning"
16255
16256
#: serverguide/C/monitoring.xml:17(para)
16257
msgid ""
16258
"The monitoring of essential servers and services is an important part of "
16259
"system administration. Most network services are monitored for performance, "
16260
"availability, or both. This section will cover installation and "
16261
"configuration of <application>Nagios</application> for availability "
16262
"monitoring, and <application>Munin</application> for performance monitoring."
16263
msgstr ""
16264
16265
#: serverguide/C/monitoring.xml:24(para)
16266
msgid ""
16267
"The examples in this section will use two servers with hostnames "
16268
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16269
"<emphasis>Server01</emphasis> will be configured with "
16270
"<application>Nagios</application> to monitor services on itself and "
16271
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16272
"<application>munin</application> package to gather information from the "
16273
"network. Using the <application>munin-node</application> package, "
16274
"<emphasis>server02</emphasis> will be configured to send information to "
16275
"<emphasis>server01</emphasis>."
16276
msgstr ""
16277
16278
#: serverguide/C/monitoring.xml:33(para)
16279
msgid ""
16280
"Hopefully these simple examples will allow you to monitor additional servers "
16281
"and services on your network."
16282
msgstr ""
16283
16284
#: serverguide/C/monitoring.xml:39(title)
16285
msgid "Nagios"
16286
msgstr ""
16287
16288
#: serverguide/C/monitoring.xml:44(para)
16289
msgid ""
16290
"First, on <emphasis>server01</emphasis> install the "
16291
"<application>nagios</application> package. In a terminal enter:"
16292
msgstr ""
16293
16294
#: serverguide/C/monitoring.xml:50(command)
16295
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16296
msgstr "sudo apt-get install nagios3 nagios-nrpe-plugin"
16297
16298
#: serverguide/C/monitoring.xml:53(para)
16299
msgid ""
16300
"You will be asked to enter a password for the "
16301
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16302
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16303
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16304
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16305
"of the <application>apache2-utils</application> package."
16306
msgstr ""
16307
16308
#: serverguide/C/monitoring.xml:60(para)
16309
msgid ""
16310
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16311
"user enter:"
16312
msgstr ""
16313
16314
#: serverguide/C/monitoring.xml:65(command)
16315
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16316
msgstr ""
16317
16318
#: serverguide/C/monitoring.xml:68(para)
16319
msgid "To add a user:"
16320
msgstr ""
16321
16322
#: serverguide/C/monitoring.xml:73(command)
16323
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16324
msgstr ""
16325
16326
#: serverguide/C/monitoring.xml:76(para)
16327
msgid ""
16328
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16329
"server</application> package. From a terminal on server02 enter:"
16330
msgstr ""
16331
16332
#: serverguide/C/monitoring.xml:82(command)
16333
msgid "sudo apt-get install nagios-nrpe-server"
16334
msgstr "sudo apt-get install nagios-nrpe-server"
16335
16336
#: serverguide/C/monitoring.xml:86(para)
16337
msgid ""
16338
"<application>NRPE</application> allows you to execute local checks on remote "
16339
"hosts. There are other ways of accomplishing this through other Nagios "
16340
"plugins as well as other checks."
16341
msgstr ""
16342
16343
#: serverguide/C/monitoring.xml:94(title)
16344
msgid "Configuration Overview"
16345
msgstr ""
16346
16347
#: serverguide/C/monitoring.xml:96(para)
16348
msgid ""
16349
"There are a couple of directories containing "
16350
"<application>Nagios</application> configuration and check files."
16351
msgstr ""
16352
16353
#: serverguide/C/monitoring.xml:102(para)
16354
msgid ""
16355
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16356
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16357
"etc."
16358
msgstr ""
16359
16360
#: serverguide/C/monitoring.xml:108(para)
16361
msgid ""
16362
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16363
"service checks."
16364
msgstr ""
16365
16366
#: serverguide/C/monitoring.xml:113(para)
16367
msgid ""
16368
"<filename>/etc/nagios</filename>: on the remote host contains the "
16369
"<application>nagios-nrpe-server</application> configuration files."
16370
msgstr ""
16371
16372
#: serverguide/C/monitoring.xml:118(para)
16373
msgid ""
16374
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16375
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16376
msgstr ""
16377
16378
#: serverguide/C/monitoring.xml:123(para)
16379
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16380
msgstr ""
16381
16382
#: serverguide/C/monitoring.xml:129(para)
16383
msgid ""
16384
"There are a plethora of checks <application>Nagios</application> can be "
16385
"configured to execute for any given host. For this example Nagios will be "
16386
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16387
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16388
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16389
msgstr ""
16390
16391
#: serverguide/C/monitoring.xml:136(para)
16392
msgid ""
16393
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16394
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16395
msgstr ""
16396
16397
#: serverguide/C/monitoring.xml:141(para)
16398
msgid ""
16399
"Additionally, there are some terms that once explained will hopefully make "
16400
"understanding Nagios configuration easier:"
16401
msgstr ""
16402
16403
#: serverguide/C/monitoring.xml:147(para)
16404
msgid ""
16405
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16406
"is being monitored."
16407
msgstr ""
16408
16409
#: serverguide/C/monitoring.xml:152(para)
16410
msgid ""
16411
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16412
"could group all web servers, file server, etc."
16413
msgstr ""
16414
16415
#: serverguide/C/monitoring.xml:157(para)
16416
msgid ""
16417
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16418
"as HTTP, DNS, NFS, etc."
16419
msgstr ""
16420
16421
#: serverguide/C/monitoring.xml:162(para)
16422
msgid ""
16423
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16424
"together. This is useful for grouping multiple HTTP for example."
16425
msgstr ""
16426
16427
#: serverguide/C/monitoring.xml:168(para)
16428
msgid ""
16429
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16430
"place. Nagios can be configured to send emails, SMS messages, etc."
16431
msgstr ""
16432
16433
#: serverguide/C/monitoring.xml:174(para)
16434
msgid ""
16435
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16436
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16437
"will also <application>ping</application> check the "
16438
"<emphasis>gateway</emphasis>."
16439
msgstr ""
16440
16441
#: serverguide/C/monitoring.xml:179(para)
16442
msgid ""
16443
"Large Nagios installations can be quite complex to configure. It is usually "
16444
"best to start small, one or two hosts, get things configured the way you "
16445
"like then expand."
16446
msgstr ""
16447
16448
#: serverguide/C/monitoring.xml:194(para)
16449
msgid ""
16450
"First, create a <emphasis>host</emphasis> configuration file for "
16451
"<emphasis>server02</emphasis>. In a terminal enter:"
16452
msgstr ""
16453
16454
#: serverguide/C/monitoring.xml:199(command)
16455
msgid ""
16456
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16457
"/etc/nagios3/conf.d/server02.cfg"
16458
msgstr ""
16459
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16460
"/etc/nagios3/conf.d/server02.cfg"
16461
16462
#: serverguide/C/monitoring.xml:203(para)
16463
msgid ""
16464
"In the above and following command examples, replace "
16465
"<emphasis>\"server01\"</emphasis>, "
16466
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16467
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16468
"your servers."
16469
msgstr ""
16470
16471
#: serverguide/C/monitoring.xml:212(para)
16472
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16473
msgstr ""
16474
16475
#: serverguide/C/monitoring.xml:216(programlisting)
16476
#, no-wrap
16477
msgid ""
16478
"\n"
16479
"define host{\n"
16480
" use generic-host ; Name of host "
16481
"template to use\n"
16482
" host_name server02\n"
16483
" alias Server 02\n"
16484
" address 172.18.100.101\n"
16485
"}\n"
16486
"\n"
16487
"# check DNS service.\n"
16488
"define service {\n"
16489
" use generic-service\n"
16490
" host_name server02\n"
16491
" service_description DNS\n"
16492
" check_command check_dns!172.18.100.101\n"
16493
"}\n"
16494
msgstr ""
16495
16496
#: serverguide/C/monitoring.xml:236(para)
16497
msgid ""
16498
"Restart the <application>nagios</application> daemon to enable the new "
16499
"configuration:"
16500
msgstr ""
16501
16502
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16503
msgid "sudo /etc/init.d/nagios3 restart"
16504
msgstr "sudo /etc/init.d/nagios3 restart"
16505
16506
#: serverguide/C/monitoring.xml:251(para)
16507
msgid ""
16508
"Now add a service definition for the MySQL check by adding the following to "
16509
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16510
msgstr ""
16511
16512
#: serverguide/C/monitoring.xml:255(programlisting)
16513
#, no-wrap
16514
msgid ""
16515
"\n"
16516
"# check MySQL servers.\n"
16517
"define service {\n"
16518
" hostgroup_name mysql-servers\n"
16519
" service_description MySQL\n"
16520
" check_command "
16521
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16522
" use generic-service\n"
16523
" notification_interval 0 ; set > 0 if you want to be "
16524
"renotified\n"
16525
"}\n"
16526
msgstr ""
16527
16528
#: serverguide/C/monitoring.xml:269(para)
16529
msgid ""
16530
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16531
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16532
msgstr ""
16533
16534
#: serverguide/C/monitoring.xml:274(programlisting)
16535
#, no-wrap
16536
msgid ""
16537
"\n"
16538
"# MySQL hostgroup.\n"
16539
"define hostgroup {\n"
16540
" hostgroup_name mysql-servers\n"
16541
" alias MySQL servers\n"
16542
" members localhost, server02\n"
16543
" }\n"
16544
msgstr ""
16545
16546
#: serverguide/C/monitoring.xml:286(para)
16547
msgid ""
16548
"The Nagios check needs to authenticate to MySQL. To add a "
16549
"<emphasis>nagios</emphasis> user to MySQL enter:"
16550
msgstr ""
16551
16552
#: serverguide/C/monitoring.xml:291(command)
16553
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16554
msgstr ""
16555
16556
#: serverguide/C/monitoring.xml:295(para)
16557
msgid ""
16558
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16559
"<emphasis>mysql-servers</emphasis> hostgroup."
16560
msgstr ""
16561
16562
#: serverguide/C/monitoring.xml:303(para)
16563
msgid ""
16564
"Restart <application>nagios</application> to start checking the MySQL "
16565
"servers."
16566
msgstr ""
16567
16568
#: serverguide/C/monitoring.xml:318(para)
16569
msgid ""
16570
"Lastly configure NRPE to check the disk space on "
16571
"<emphasis>server02</emphasis>."
16572
msgstr ""
16573
16574
#: serverguide/C/monitoring.xml:322(para)
16575
msgid ""
16576
"On <emphasis>server01</emphasis> add the service check to "
16577
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16578
msgstr ""
16579
16580
#: serverguide/C/monitoring.xml:327(programlisting)
16581
#, no-wrap
16582
msgid ""
16583
"\n"
16584
"# NRPE disk check.\n"
16585
"define service {\n"
16586
" use generic-service\n"
16587
" host_name server02\n"
16588
" service_description nrpe-disk\n"
16589
" check_command "
16590
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16591
"}\n"
16592
msgstr ""
16593
16594
#: serverguide/C/monitoring.xml:340(para)
16595
msgid ""
16596
"Now on <emphasis>server02</emphasis> edit "
16597
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16598
msgstr ""
16599
16600
#: serverguide/C/monitoring.xml:344(programlisting)
16601
#, no-wrap
16602
msgid ""
16603
"\n"
16604
"allowed_hosts=172.18.100.100\n"
16605
msgstr ""
16606
16607
#: serverguide/C/monitoring.xml:348(para)
16608
msgid "And below in the command definition area add:"
16609
msgstr ""
16610
16611
#: serverguide/C/monitoring.xml:352(programlisting)
16612
#, no-wrap
16613
msgid ""
16614
"\n"
16615
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16616
"e\n"
16617
msgstr ""
16618
16619
#: serverguide/C/monitoring.xml:359(para)
16620
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16621
msgstr ""
16622
16623
#: serverguide/C/monitoring.xml:364(command)
16624
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16625
msgstr "sudo /etc/init.d/nagios-nrpe-server restart"
16626
16627
#: serverguide/C/monitoring.xml:370(para)
16628
msgid ""
16629
"Also, on <emphasis>server01</emphasis> restart "
16630
"<application>nagios</application>:"
16631
msgstr ""
16632
16633
#: serverguide/C/monitoring.xml:383(para)
16634
msgid ""
16635
"You should now be able to see the host and service checks in the Nagios CGI "
16636
"files. To access them point a browser to http://server01/nagios3. You will "
16637
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16638
"password."
16639
msgstr ""
16640
16641
#: serverguide/C/monitoring.xml:393(para)
16642
msgid ""
16643
"This section has just scratched the surface of Nagios' features. The "
16644
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16645
"plugins</application> contain many more service checks."
16646
msgstr ""
16647
16648
#: serverguide/C/monitoring.xml:400(para)
16649
msgid ""
16650
"For more information see <ulink "
16651
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16652
msgstr ""
16653
16654
#: serverguide/C/monitoring.xml:405(para)
16655
msgid ""
16656
"Specifically the <ulink "
16657
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16658
"site."
16659
msgstr ""
16660
16661
#: serverguide/C/monitoring.xml:410(para)
16662
msgid ""
16663
"There is also a list of <ulink "
16664
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16665
"Nagios and network monitoring:"
16666
msgstr ""
16667
16668
#: serverguide/C/monitoring.xml:416(para)
16669
msgid ""
16670
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16671
"Wiki</ulink> page also has more details."
16672
msgstr ""
16673
16674
#: serverguide/C/monitoring.xml:425(title)
16675
msgid "Munin"
16676
msgstr ""
16677
16678
#: serverguide/C/monitoring.xml:430(para)
16679
msgid ""
16680
"Before installing <application>Munin</application> on "
16681
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16682
"be installed. The default configuration is fine for running a "
16683
"<application>munin</application> server. For more information see <xref "
16684
"linkend=\"httpd\"/>."
16685
msgstr ""
16686
16687
#: serverguide/C/monitoring.xml:436(para)
16688
msgid ""
16689
"First, on <emphasis>server01</emphasis> install "
16690
"<application>munin</application>. In a terminal enter:"
16691
msgstr ""
16692
16693
#: serverguide/C/monitoring.xml:441(command)
16694
msgid "sudo apt-get install munin"
16695
msgstr "sudo apt-get install munin"
16696
16697
#: serverguide/C/monitoring.xml:444(para)
16698
msgid ""
16699
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16700
"node</application> package:"
16701
msgstr ""
16702
16703
#: serverguide/C/monitoring.xml:449(command)
16704
msgid "sudo apt-get install munin-node"
16705
msgstr "sudo apt-get install munin-node"
16706
16707
#: serverguide/C/monitoring.xml:456(para)
16708
msgid ""
16709
"On <emphasis>server01</emphasis> edit the "
16710
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16711
"<emphasis>server02</emphasis>:"
16712
msgstr ""
16713
16714
#: serverguide/C/monitoring.xml:461(programlisting)
16715
#, no-wrap
16716
msgid ""
16717
"\n"
16718
"## First our \"normal\" host.\n"
16719
"[server02]\n"
16720
" address 172.18.100.101\n"
16721
msgstr ""
16722
16723
#: serverguide/C/monitoring.xml:468(para)
16724
msgid ""
16725
"Replace <emphasis>server02</emphasis> and "
16726
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16727
"for your server."
16728
msgstr ""
16729
16730
#: serverguide/C/monitoring.xml:474(para)
16731
msgid ""
16732
"Next, configure <application>munin-node</application> on "
16733
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16734
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16735
msgstr ""
16736
16737
#: serverguide/C/monitoring.xml:479(programlisting)
16738
#, no-wrap
16739
msgid ""
16740
"\n"
16741
"allow ^172\\.18\\.100\\.100$\n"
16742
msgstr ""
16743
16744
#: serverguide/C/monitoring.xml:484(para)
16745
msgid ""
16746
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16747
"<application>munin</application> server."
16748
msgstr ""
16749
16750
#: serverguide/C/monitoring.xml:489(para)
16751
msgid ""
16752
"Now restart <application>munin-node</application> on "
16753
"<emphasis>server02</emphasis> for the changes to take effect:"
16754
msgstr ""
16755
16756
#: serverguide/C/monitoring.xml:494(command)
16757
msgid "sudo /etc/init.d/munin-node restart"
16758
msgstr "sudo /etc/init.d/munin-node restart"
16759
16760
#: serverguide/C/monitoring.xml:497(para)
16761
msgid ""
16762
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16763
"you should see links to nice graphs displaying information from the standard "
16764
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16765
msgstr ""
16766
16767
#: serverguide/C/monitoring.xml:503(para)
16768
msgid ""
16769
"Since this is a new install it may take some time for the graphs to display "
16770
"anything useful."
16771
msgstr ""
16772
16773
#: serverguide/C/monitoring.xml:510(title)
16774
msgid "Additional Plugins"
16775
msgstr ""
16776
16777
#: serverguide/C/monitoring.xml:512(para)
16778
msgid ""
16779
"The <application>munin-plugins-extra</application> package contains "
16780
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16781
"install the package, from a terminal enter:"
16782
msgstr ""
16783
16784
#: serverguide/C/monitoring.xml:518(command)
16785
msgid "sudo apt-get install munin-plugins-extra"
16786
msgstr "sudo apt-get install munin-plugins-extra"
16787
16788
#: serverguide/C/monitoring.xml:521(para)
16789
msgid "Be sure to install the package on both the server and node machines."
16790
msgstr ""
16791
16792
#: serverguide/C/monitoring.xml:531(para)
16793
msgid ""
16794
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16795
"website for more details."
16796
msgstr ""
16797
16798
#: serverguide/C/monitoring.xml:536(para)
16799
msgid ""
16800
"Specifically the <ulink "
16801
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16802
"Documentation</ulink> page includes information on additional plugins, "
16803
"writing plugins, etc."
16804
msgstr ""
16805
16806
#: serverguide/C/monitoring.xml:542(para)
16807
msgid ""
16808
"Also, there is a book in German by Open Source Press: <ulink "
16809
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16810
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16811
msgstr ""
16812
16813
#: serverguide/C/monitoring.xml:548(para)
16814
msgid ""
16815
"Another resource is the <ulink "
16816
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16817
"page."
16818
msgstr ""
16819
16820
#: serverguide/C/mail.xml:13(title)
16821
msgid "Email Services"
16822
msgstr ""
16823
16824
#: serverguide/C/mail.xml:14(para)
16825
msgid ""
16826
"The process of getting an email from one person to another over a network or "
16827
"the Internet involves many systems working together. Each of these systems "
16828
"must be correctly configured for the process to work. The sender uses a "
16829
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16830
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16831
"the last of which will hand it off to a <emphasis>Mail Delivery "
16832
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16833
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16834
"IMAP server."
16835
msgstr ""
16836
16837
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16838
msgid "Postfix"
16839
msgstr "Postfix"
16840
16841
#: serverguide/C/mail.xml:25(para)
16842
msgid ""
16843
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16844
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16845
"compatible with the MTA <application>sendmail</application>. This section "
16846
"explains how to install and configure <application>postfix</application>. It "
16847
"also explains how to set it up as an SMTP server using a secure connection "
16848
"(for sending emails securely)."
16849
msgstr ""
16850
16851
#: serverguide/C/mail.xml:34(para)
16852
msgid ""
16853
"This guide does not cover setting up Postfix <emphasis>Virtual "
16854
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16855
"configurations see <xref linkend=\"postfix-references\"/>."
16856
msgstr ""
16857
16858
#: serverguide/C/mail.xml:41(para)
16859
msgid ""
16860
"To install <application>postfix</application> run the following command:"
16861
msgstr ""
16862
16863
#: serverguide/C/mail.xml:47(para)
16864
msgid ""
16865
"Simply press return when the installation process asks questions, the "
16866
"configuration will be done in greater detail in the next stage."
16867
msgstr ""
16868
16869
#: serverguide/C/mail.xml:52(title)
16870
msgid "Basic Configuration"
16871
msgstr "Grundlæggende konfiguration"
16872
16873
#: serverguide/C/mail.xml:53(para)
16874
msgid ""
16875
"To configure <application>postfix</application>, run the following command:"
16876
msgstr ""
16877
16878
#: serverguide/C/mail.xml:57(command)
16879
msgid "sudo dpkg-reconfigure postfix"
16880
msgstr "sudo dpkg-reconfigure postfix"
16881
16882
#: serverguide/C/mail.xml:63(para)
16883
msgid "Internet Site"
16884
msgstr ""
16885
16886
#: serverguide/C/mail.xml:64(para)
16887
msgid "mail.example.com"
16888
msgstr ""
16889
16890
#: serverguide/C/mail.xml:65(para)
16891
msgid "steve"
16892
msgstr ""
16893
16894
#: serverguide/C/mail.xml:66(para)
16895
msgid "mail.example.com, localhost.localdomain, localhost"
16896
msgstr ""
16897
16898
#: serverguide/C/mail.xml:67(para)
16899
msgid "No"
16900
msgstr "Nej"
16901
16902
#: serverguide/C/mail.xml:68(para)
16903
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16904
msgstr "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16905
16906
#: serverguide/C/mail.xml:69(para)
16907
msgid "0"
16908
msgstr "0"
16909
16910
#: serverguide/C/mail.xml:70(para)
16911
msgid "+"
16912
msgstr "+"
16913
16914
#: serverguide/C/mail.xml:71(para)
16915
msgid "all"
16916
msgstr "alle"
16917
16918
#: serverguide/C/mail.xml:59(para)
16919
msgid ""
16920
"The user interface will be displayed. On each screen, select the following "
16921
"values: <placeholder-1/>"
16922
msgstr ""
16923
16924
#: serverguide/C/mail.xml:75(para)
16925
msgid ""
16926
"Replace mail.example.com with the domain for which you'll accept email, "
16927
"192.168.0.0/24 with the actual network and class range of your mail server, "
16928
"and steve with the appropriate username."
16929
msgstr ""
16930
16931
#: serverguide/C/mail.xml:81(para)
16932
msgid ""
16933
"Now is a good time to decide which mailbox format you want to use. By "
16934
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16935
"mailbox format. Rather than editing the configuration file directly, you can "
16936
"use the <command>postconf</command> command to configure all "
16937
"<application>postfix</application> parameters. The configuration parameters "
16938
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16939
"you wish to re-configure a particular parameter, you can either run the "
16940
"command or change it manually in the file."
16941
msgstr ""
16942
16943
#: serverguide/C/mail.xml:92(para)
16944
msgid ""
16945
"To configure the mailbox format for <emphasis "
16946
"role=\"strong\">Maildir:</emphasis>"
16947
msgstr ""
16948
16949
#: serverguide/C/mail.xml:97(command)
16950
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
16951
msgstr ""
16952
16953
#: serverguide/C/mail.xml:100(para)
16954
msgid ""
16955
"This will place new mail in /home/<emphasis "
16956
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
16957
"your Mail Delivery Agent (MDA) to use the same path."
16958
msgstr ""
16959
16960
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
16961
msgid "SMTP Authentication"
16962
msgstr "SMTP-autenticering"
16963
16964
#: serverguide/C/mail.xml:110(para)
16965
msgid ""
16966
"SMTP-AUTH allows a client to identify itself through an authentication "
16967
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
16968
"the authentication process. Once authenticated the SMTP server will allow "
16969
"the client to relay mail."
16970
msgstr ""
16971
16972
#: serverguide/C/mail.xml:117(para)
16973
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
16974
msgstr ""
16975
16976
#: serverguide/C/mail.xml:120(screen)
16977
#, no-wrap
16978
msgid ""
16979
"\n"
16980
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16981
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16982
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16983
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16984
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16985
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16986
"sudo postconf -e 'smtpd_recipient_restrictions = "
16987
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16988
"sudo postconf -e 'inet_interfaces = all'\n"
16989
msgstr ""
16990
"\n"
16991
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16992
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16993
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16994
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16995
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16996
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16997
"sudo postconf -e 'smtpd_recipient_restrictions = "
16998
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16999
"sudo postconf -e 'inet_interfaces = all'\n"
17000
17001
#: serverguide/C/mail.xml:131(para)
17002
msgid ""
17003
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17004
"the Postfix queue directory."
17005
msgstr ""
17006
17007
#: serverguide/C/mail.xml:137(para)
17008
msgid ""
17009
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17010
"and-security\"/> for details. This example also uses a Certificate Authority "
17011
"(CA). For information on generating a CA certificate see <xref "
17012
"linkend=\"certificate-authority\"/>."
17013
msgstr ""
17014
17015
#: serverguide/C/mail.xml:143(para)
17016
msgid ""
17017
"You can get the digital certificate from a certificate authority. But unlike "
17018
"web clients, SMTP clients rarely complain about \"self-signed "
17019
"certificates\", so alternatively, you can create the certificate yourself. "
17020
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17021
"details."
17022
msgstr ""
17023
17024
#: serverguide/C/mail.xml:155(para)
17025
msgid ""
17026
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17027
"both incoming and outgoing mail:"
17028
msgstr ""
17029
17030
#: serverguide/C/mail.xml:158(screen)
17031
#, no-wrap
17032
msgid ""
17033
"\n"
17034
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17035
"sudo postconf -e 'smtp_use_tls = yes'\n"
17036
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17037
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17038
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17039
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17040
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17041
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17042
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17043
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17044
"sudo postconf -e 'myhostname = mail.example.com'\n"
17045
msgstr ""
17046
17047
#: serverguide/C/mail.xml:173(para)
17048
msgid ""
17049
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17050
"the certificate enter:"
17051
msgstr ""
17052
17053
#: serverguide/C/mail.xml:177(command)
17054
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17055
msgstr ""
17056
17057
#: serverguide/C/mail.xml:180(para)
17058
msgid ""
17059
"Again, for more details about certificates see <xref linkend=\"certificates-"
17060
"and-security\"/>."
17061
msgstr ""
17062
17063
#: serverguide/C/mail.xml:186(para)
17064
msgid ""
17065
"After running all the commands, <application>Postfix</application> is "
17066
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17067
"TLS encryption."
17068
msgstr ""
17069
17070
#: serverguide/C/mail.xml:191(para)
17071
msgid ""
17072
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17073
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17074
msgstr ""
17075
17076
#: serverguide/C/mail.xml:195(para)
17077
msgid ""
17078
"The postfix initial configuration is complete. Run the following command to "
17079
"restart the postfix daemon:"
17080
msgstr ""
17081
17082
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17083
msgid "sudo /etc/init.d/postfix restart"
17084
msgstr "sudo /etc/init.d/postfix restart"
17085
17086
#: serverguide/C/mail.xml:204(para)
17087
msgid ""
17088
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17089
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17090
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17091
"However it is still necessary to set up SASL authentication before you can "
17092
"use SMTP-AUTH."
17093
msgstr ""
17094
17095
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17096
msgid "Configuring SASL"
17097
msgstr ""
17098
17099
#: serverguide/C/mail.xml:215(para)
17100
msgid ""
17101
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17102
"enable Dovecot SASL the <application>dovecot-common</application> package "
17103
"will need to be installed. From a terminal prompt enter the following:"
17104
msgstr ""
17105
17106
#: serverguide/C/mail.xml:221(command)
17107
msgid "sudo apt-get install dovecot-common"
17108
msgstr "sudo apt-get install dovecot-common"
17109
17110
#: serverguide/C/mail.xml:223(para)
17111
msgid ""
17112
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17113
"In the <emphasis>auth default</emphasis> section uncomment the "
17114
"<emphasis>socket listen</emphasis> option and change the following:"
17115
msgstr ""
17116
17117
#: serverguide/C/mail.xml:227(programlisting)
17118
#, no-wrap
17119
msgid ""
17120
"\n"
17121
" socket listen {\n"
17122
" #master {\n"
17123
" # Master socket provides access to userdb information. It's typically\n"
17124
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17125
" # can find mailbox locations.\n"
17126
" #path = /var/run/dovecot/auth-master\n"
17127
" #mode = 0600\n"
17128
" # Default user/group is the one who started dovecot-auth (root)\n"
17129
" #user = \n"
17130
" #group = \n"
17131
" #}\n"
17132
" client {\n"
17133
" # The client socket is generally safe to export to everyone. Typical "
17134
"use\n"
17135
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17136
" # using it.\n"
17137
" path = /var/spool/postfix/private/auth-client\n"
17138
" mode = 0660\n"
17139
" user = postfix\n"
17140
" group = postfix\n"
17141
" }\n"
17142
" }\n"
17143
msgstr ""
17144
17145
#: serverguide/C/mail.xml:251(para)
17146
msgid ""
17147
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17148
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17149
"add <emphasis>\"login\"</emphasis>:"
17150
msgstr ""
17151
17152
#: serverguide/C/mail.xml:256(programlisting)
17153
#, no-wrap
17154
msgid ""
17155
"\n"
17156
" mechanisms = plain login\n"
17157
msgstr ""
17158
17159
#: serverguide/C/mail.xml:260(para)
17160
msgid ""
17161
"Once you have <application>Dovecot</application> configured restart it with:"
17162
msgstr ""
17163
17164
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17165
msgid "sudo /etc/init.d/dovecot restart"
17166
msgstr "sudo /etc/init.d/dovecot restart"
17167
17168
#: serverguide/C/mail.xml:269(title)
17169
msgid "Postfix-Dovecot"
17170
msgstr ""
17171
17172
#: serverguide/C/mail.xml:271(para)
17173
msgid ""
17174
"Another option for configuring <application>Postfix</application> for SMTP-"
17175
"AUTH is using the <application>dovecot-postfix</application> package. This "
17176
"package will install <application>Dovecot</application> and configure "
17177
"<application>Postfix</application> to use it for both SASL authentication "
17178
"and as a Mail Delivery Agent (MDA). The package also configures "
17179
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17180
msgstr ""
17181
17182
#: serverguide/C/mail.xml:280(para)
17183
msgid ""
17184
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17185
"server. For example, if you are configuring your server to be a mail "
17186
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17187
"the above commands to configure Postfix for SMTPAUTH."
17188
msgstr ""
17189
17190
#: serverguide/C/mail.xml:287(para)
17191
msgid "To install the package, from a terminal prompt enter:"
17192
msgstr ""
17193
17194
#: serverguide/C/mail.xml:292(command)
17195
msgid "sudo apt-get install dovecot-postfix"
17196
msgstr "sudo apt-get install dovecot-postfix"
17197
17198
#: serverguide/C/mail.xml:295(para)
17199
msgid ""
17200
"You should now have a working mail server, but there are a few options that "
17201
"you may wish to further customize. For example, the package uses the "
17202
"certificate and key from the <application>ssl-cert</application> package, "
17203
"and in a production environment you should use a certificate and key "
17204
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17205
"for more details."
17206
msgstr ""
17207
17208
#: serverguide/C/mail.xml:301(para)
17209
msgid ""
17210
"Once you have a customized certificate and key for the host, change the "
17211
"following options in <filename>/etc/postfix/main.cf</filename>:"
17212
msgstr ""
17213
17214
#: serverguide/C/mail.xml:305(programlisting)
17215
#, no-wrap
17216
msgid ""
17217
"\n"
17218
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17219
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17220
msgstr ""
17221
17222
#: serverguide/C/mail.xml:310(para)
17223
msgid "Then restart Postfix:"
17224
msgstr ""
17225
17226
#: serverguide/C/mail.xml:321(para)
17227
msgid ""
17228
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17229
msgstr ""
17230
17231
#: serverguide/C/mail.xml:324(para)
17232
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17233
msgstr ""
17234
17235
#: serverguide/C/mail.xml:329(command)
17236
msgid "telnet mail.example.com 25"
17237
msgstr ""
17238
17239
#: serverguide/C/mail.xml:331(para)
17240
msgid ""
17241
"After you have established the connection to the postfix mail server, type:"
17242
msgstr ""
17243
17244
#: serverguide/C/mail.xml:335(screen)
17245
#, no-wrap
17246
msgid ""
17247
"\n"
17248
"ehlo mail.example.com\n"
17249
msgstr ""
17250
17251
#: serverguide/C/mail.xml:338(para)
17252
msgid ""
17253
"If you see the following lines among others, then everything is working "
17254
"perfectly. Type <command>quit</command> to exit."
17255
msgstr ""
17256
17257
#: serverguide/C/mail.xml:342(programlisting)
17258
#, no-wrap
17259
msgid ""
17260
"\n"
17261
"250-STARTTLS\n"
17262
"250-AUTH LOGIN PLAIN\n"
17263
"250-AUTH=LOGIN PLAIN\n"
17264
"250 8BITMIME\n"
17265
msgstr ""
17266
17267
#: serverguide/C/mail.xml:352(para)
17268
msgid ""
17269
"This section introduces some common ways to determine the cause if problems "
17270
"arise."
17271
msgstr ""
17272
17273
#: serverguide/C/mail.xml:356(title)
17274
msgid "Escaping chroot"
17275
msgstr ""
17276
17277
#: serverguide/C/mail.xml:357(para)
17278
msgid ""
17279
"The Ubuntu <application>postfix</application> package will by default "
17280
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17281
"This can add greater complexity when troubleshooting problems."
17282
msgstr ""
17283
17284
#: serverguide/C/mail.xml:361(para)
17285
msgid ""
17286
"To turn off the chroot operation locate for the following line in the "
17287
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17288
msgstr ""
17289
17290
#: serverguide/C/mail.xml:365(screen)
17291
#, no-wrap
17292
msgid ""
17293
"\n"
17294
"smtp inet n - - - - smtpd\n"
17295
msgstr ""
17296
17297
#: serverguide/C/mail.xml:368(para)
17298
msgid "and modify it as follows:"
17299
msgstr ""
17300
17301
#: serverguide/C/mail.xml:371(screen)
17302
#, no-wrap
17303
msgid ""
17304
"\n"
17305
"smtp inet n - n - - smtpd\n"
17306
msgstr ""
17307
17308
#: serverguide/C/mail.xml:374(para)
17309
msgid ""
17310
"You will then need to restart Postfix to use the new configuration. From a "
17311
"terminal prompt enter:"
17312
msgstr ""
17313
17314
#: serverguide/C/mail.xml:382(title)
17315
msgid "Log Files"
17316
msgstr "Logfiler"
17317
17318
#: serverguide/C/mail.xml:383(para)
17319
msgid ""
17320
"<application>Postfix</application> sends all log messages to "
17321
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17322
"can sometimes get lost in the normal log output so they are also logged to "
17323
"<filename>/var/log/mail.err</filename> and "
17324
"<filename>/var/log/mail.warn</filename> respectively."
17325
msgstr ""
17326
17327
#: serverguide/C/mail.xml:388(para)
17328
msgid ""
17329
"To see messages entered into the logs in real time you can use the "
17330
"<application>tail -f</application> command:"
17331
msgstr ""
17332
17333
#: serverguide/C/mail.xml:393(command)
17334
msgid "tail -f /var/log/mail.err"
17335
msgstr ""
17336
17337
#: serverguide/C/mail.xml:395(para)
17338
msgid ""
17339
"The amount of detail that is recorded in the logs can be increased. Below "
17340
"are some configuration options for increasing the log level for some of the "
17341
"areas covered above."
17342
msgstr ""
17343
17344
#: serverguide/C/mail.xml:401(para)
17345
msgid ""
17346
"To increase <emphasis>TLS</emphasis> activity logging set the "
17347
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17348
msgstr ""
17349
17350
#: serverguide/C/mail.xml:405(command)
17351
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17352
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17353
17354
#: serverguide/C/mail.xml:409(para)
17355
msgid ""
17356
"If you are having trouble sending or receiving mail from a specific domain "
17357
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17358
msgstr ""
17359
17360
#: serverguide/C/mail.xml:414(command)
17361
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17362
msgstr ""
17363
17364
#: serverguide/C/mail.xml:418(para)
17365
msgid ""
17366
"You can increase the verbosity of any <application>Postfix</application> "
17367
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17368
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17369
"<emphasis>smtp</emphasis> entry:"
17370
msgstr ""
17371
17372
#: serverguide/C/mail.xml:422(programlisting)
17373
#, no-wrap
17374
msgid ""
17375
"\n"
17376
"smtp unix - - - - - smtp -v\n"
17377
msgstr ""
17378
17379
#: serverguide/C/mail.xml:428(para)
17380
msgid ""
17381
"It is important to note that after making one of the logging changes above "
17382
"the <application>Postfix</application> process will need to be reloaded in "
17383
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17384
"reload</command>"
17385
msgstr ""
17386
17387
#: serverguide/C/mail.xml:435(para)
17388
msgid ""
17389
"To increase the amount of information logged when troubleshooting "
17390
"<emphasis>SASL</emphasis> issues you can set the following options in "
17391
"<filename>/etc/dovecot/dovecot.conf</filename>"
17392
msgstr ""
17393
17394
#: serverguide/C/mail.xml:439(programlisting)
17395
#, no-wrap
17396
msgid ""
17397
"\n"
17398
"auth_debug=yes\n"
17399
"auth_debug_passwords=yes\n"
17400
msgstr ""
17401
"\n"
17402
"auth_debug=yes\n"
17403
"auth_debug_passwords=yes\n"
17404
17405
#: serverguide/C/mail.xml:446(para)
17406
msgid ""
17407
"Just like <application>Postfix</application> if you change a "
17408
"<application>Dovecot</application> configuration the process will need to be "
17409
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17410
msgstr ""
17411
17412
#: serverguide/C/mail.xml:452(para)
17413
msgid ""
17414
"Some of the options above can drastically increase the amount of information "
17415
"sent to the log files. Remember to return the log level back to normal after "
17416
"you have corrected the problem. Then reload the appropriate daemon for the "
17417
"new configuration to take affect."
17418
msgstr ""
17419
17420
#: serverguide/C/mail.xml:460(para)
17421
msgid ""
17422
"Administering a <application>Postfix</application> server can be a very "
17423
"complicated task. At some point you may need to turn to the Ubuntu community "
17424
"for more experienced help."
17425
msgstr ""
17426
17427
#: serverguide/C/mail.xml:464(para)
17428
msgid ""
17429
"A great place to ask for <application>Postfix</application> assistance, and "
17430
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17431
"server</emphasis> IRC channel on <ulink "
17432
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17433
"one of the <ulink "
17434
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17435
msgstr ""
17436
17437
#: serverguide/C/mail.xml:469(para)
17438
msgid ""
17439
"For in depth <application>Postfix</application> information Ubuntu "
17440
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17441
"Book of Postfix</ulink>."
17442
msgstr ""
17443
17444
#: serverguide/C/mail.xml:473(para)
17445
msgid ""
17446
"Finally, the <ulink "
17447
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17448
"also has great documentation on all the different configuration options "
17449
"available."
17450
msgstr ""
17451
17452
#: serverguide/C/mail.xml:477(para)
17453
msgid ""
17454
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17455
"Wiki Postifx</ulink> page has more information."
17456
msgstr ""
17457
17458
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17459
msgid "Exim4"
17460
msgstr ""
17461
17462
#: serverguide/C/mail.xml:486(para)
17463
msgid ""
17464
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17465
"developed at the University of Cambridge for use on Unix systems connected "
17466
"to the Internet. Exim can be installed in place of "
17467
"<application>sendmail</application>, although the configuration of "
17468
"<application>exim</application> is quite different to that of "
17469
"<application>sendmail</application>."
17470
msgstr ""
17471
17472
#: serverguide/C/mail.xml:497(para)
17473
msgid ""
17474
"To install <application>exim4</application>, run the following command: "
17475
"<screen>\n"
17476
"<command>sudo apt-get install exim4</command>\n"
17477
"</screen>"
17478
msgstr ""
17479
17480
#: serverguide/C/mail.xml:506(para)
17481
msgid ""
17482
"To configure <application>Exim4</application>, run the following command:"
17483
msgstr ""
17484
17485
#: serverguide/C/mail.xml:510(command)
17486
msgid "sudo dpkg-reconfigure exim4-config"
17487
msgstr "sudo dpkg-reconfigure exim4-config"
17488
17489
#: serverguide/C/mail.xml:512(para)
17490
msgid ""
17491
"The user interface will be displayed. The user interface lets you configure "
17492
"many parameters. For example, In <application>Exim4</application> the "
17493
"configuration files are split among multiple files. If you wish to have them "
17494
"in one file you can configure accordingly in this user interface."
17495
msgstr ""
17496
17497
#: serverguide/C/mail.xml:520(para)
17498
msgid ""
17499
"All the parameters you configure in the user interface are stored in "
17500
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17501
"re-configure, either you re-run the configuration wizard or manually edit "
17502
"this file using your favorite editor. Once you configure, you can run the "
17503
"following command to generate the master configuration file:"
17504
msgstr ""
17505
17506
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17507
msgid "sudo update-exim4.conf"
17508
msgstr "sudo update-exim4.conf"
17509
17510
#: serverguide/C/mail.xml:533(para)
17511
msgid ""
17512
"The master configuration file, is generated and it is stored in "
17513
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17514
msgstr ""
17515
17516
#: serverguide/C/mail.xml:539(para)
17517
msgid ""
17518
"At any time, you should not edit the master configuration file, "
17519
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17520
"updated automatically every time you run <command>update-exim4.conf</command>"
17521
msgstr ""
17522
17523
#: serverguide/C/mail.xml:547(para)
17524
msgid ""
17525
"You can run the following command to start <application>Exim4</application> "
17526
"daemon."
17527
msgstr ""
17528
17529
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17530
msgid "sudo /etc/init.d/exim4 start"
17531
msgstr "sudo /etc/init.d/exim4 start"
17532
17533
#: serverguide/C/mail.xml:557(para)
17534
msgid ""
17535
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17536
msgstr ""
17537
17538
#: serverguide/C/mail.xml:560(para)
17539
msgid ""
17540
"The first step is to create a certificate for use with TLS. Enter the "
17541
"following into a terminal prompt:"
17542
msgstr ""
17543
17544
#: serverguide/C/mail.xml:564(command)
17545
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17546
msgstr ""
17547
17548
#: serverguide/C/mail.xml:566(para)
17549
msgid ""
17550
"Now Exim4 needs to be configured for TLS by editing "
17551
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17552
"the following:"
17553
msgstr ""
17554
17555
#: serverguide/C/mail.xml:570(programlisting)
17556
#, no-wrap
17557
msgid ""
17558
"\n"
17559
"MAIN_TLS_ENABLE = yes\n"
17560
msgstr ""
17561
17562
#: serverguide/C/mail.xml:573(para)
17563
msgid ""
17564
"Next you need to configure <application>Exim4</application> to use the "
17565
"<application>saslauthd</application> for authentication. Edit "
17566
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17567
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17568
"<emphasis>login_saslauthd_server</emphasis> sections:"
17569
msgstr ""
17570
17571
#: serverguide/C/mail.xml:578(programlisting)
17572
#, no-wrap
17573
msgid ""
17574
"\n"
17575
" plain_saslauthd_server:\n"
17576
" driver = plaintext\n"
17577
" public_name = PLAIN\n"
17578
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17579
" server_set_id = $auth2\n"
17580
" server_prompts = :\n"
17581
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17582
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17583
" .endif\n"
17584
"#\n"
17585
" login_saslauthd_server:\n"
17586
" driver = plaintext\n"
17587
" public_name = LOGIN\n"
17588
" server_prompts = \"Username:: : Password::\"\n"
17589
" # don't send system passwords over unencrypted connections\n"
17590
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17591
" server_set_id = $auth1\n"
17592
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17593
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17594
" .endif\n"
17595
msgstr ""
17596
17597
#: serverguide/C/mail.xml:600(para)
17598
msgid "Finally, update the Exim4 configuration and restart the service:"
17599
msgstr ""
17600
17601
#: serverguide/C/mail.xml:605(command)
17602
msgid "sudo /etc/init.d/exim4 restart"
17603
msgstr "sudo /etc/init.d/exim4 restart"
17604
17605
#: serverguide/C/mail.xml:610(para)
17606
msgid ""
17607
"This section provides details on configuring the saslauthd to provide "
17608
"authentication for <application>Exim4</application>."
17609
msgstr ""
17610
17611
#: serverguide/C/mail.xml:613(para)
17612
msgid ""
17613
"The first step is to install the sasl2-bin package. From a terminal prompt "
17614
"enter the following:"
17615
msgstr ""
17616
17617
#: serverguide/C/mail.xml:617(command)
17618
msgid "sudo apt-get install sasl2-bin"
17619
msgstr "sudo apt-get install sasl2-bin"
17620
17621
#: serverguide/C/mail.xml:619(para)
17622
msgid ""
17623
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17624
"and set START=no to:"
17625
msgstr ""
17626
17627
#: serverguide/C/mail.xml:622(programlisting)
17628
#, no-wrap
17629
msgid ""
17630
"\n"
17631
"START=yes\n"
17632
msgstr ""
17633
17634
#: serverguide/C/mail.xml:625(para)
17635
msgid ""
17636
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17637
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17638
"service:"
17639
msgstr ""
17640
17641
#: serverguide/C/mail.xml:630(command)
17642
msgid "sudo adduser Debian-exim sasl"
17643
msgstr "sudo adduser Debian-exim sasl"
17644
17645
#: serverguide/C/mail.xml:632(para)
17646
msgid "Now start the <application>saslauthd</application> service:"
17647
msgstr ""
17648
17649
#: serverguide/C/mail.xml:636(command)
17650
msgid "sudo /etc/init.d/saslauthd start"
17651
msgstr "sudo /etc/init.d/saslauthd start"
17652
17653
#: serverguide/C/mail.xml:638(para)
17654
msgid ""
17655
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17656
"and SASL authentication."
17657
msgstr ""
17658
17659
#: serverguide/C/mail.xml:647(para)
17660
msgid ""
17661
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17662
"information."
17663
msgstr ""
17664
17665
#: serverguide/C/mail.xml:652(para)
17666
msgid ""
17667
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17668
"server\">Exim4 Book</ulink> available."
17669
msgstr ""
17670
17671
#: serverguide/C/mail.xml:657(para)
17672
msgid ""
17673
"Another resource is the <ulink "
17674
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17675
"page."
17676
msgstr ""
17677
17678
#: serverguide/C/mail.xml:666(title)
17679
msgid "Dovecot Server"
17680
msgstr ""
17681
17682
#: serverguide/C/mail.xml:667(para)
17683
msgid ""
17684
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17685
"security primarily in mind. It supports the major mailbox formats: mbox or "
17686
"Maildir. This section explain how to set it up as an imap or pop3 server."
17687
msgstr ""
17688
17689
#: serverguide/C/mail.xml:675(para)
17690
msgid ""
17691
"To install <application>dovecot</application>, run the following command in "
17692
"the command prompt:"
17693
msgstr ""
17694
17695
#: serverguide/C/mail.xml:680(command)
17696
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17697
msgstr "sudo apt-get install dovecot-imapd dovecot-pop3d"
17698
17699
#: serverguide/C/mail.xml:685(para)
17700
msgid ""
17701
"To configure <application>dovecot</application>, you can edit the file "
17702
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17703
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17704
"secure). A description of these protocols is beyond the scope of this guide. "
17705
"For further information, refer to the Wikipedia articles on <ulink "
17706
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17707
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17708
"link>."
17709
msgstr ""
17710
17711
#: serverguide/C/mail.xml:695(para)
17712
msgid ""
17713
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17714
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17715
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17716
msgstr ""
17717
17718
#: serverguide/C/mail.xml:701(programlisting)
17719
#, no-wrap
17720
msgid ""
17721
"\n"
17722
"protocols = pop3 pop3s imap imaps\n"
17723
msgstr ""
17724
17725
#: serverguide/C/mail.xml:704(para)
17726
msgid ""
17727
"Next, choose the mailbox you would like to use. "
17728
"<application>Dovecot</application> supports <emphasis "
17729
"role=\"strong\">maildir</emphasis> and <emphasis "
17730
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17731
"mailbox formats. They both have their own benefits and are discussed on "
17732
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17733
"site</ulink>."
17734
msgstr ""
17735
17736
#: serverguide/C/mail.xml:712(para)
17737
msgid ""
17738
"Once you have chosen your mailbox type, edit the file "
17739
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17740
msgstr ""
17741
17742
#: serverguide/C/mail.xml:717(programlisting)
17743
#, no-wrap
17744
msgid ""
17745
"\n"
17746
"mail_location = maildir:~/Maildir # (for maildir)\n"
17747
"or\n"
17748
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17749
msgstr ""
17750
17751
#: serverguide/C/mail.xml:723(para)
17752
msgid ""
17753
"You should configure your Mail Transport Agent (MTA) to transfer the "
17754
"incoming mail to this type of mailbox if it is different from the one you "
17755
"have configured."
17756
msgstr ""
17757
17758
#: serverguide/C/mail.xml:729(para)
17759
msgid ""
17760
"Once you have configured dovecot, restart the "
17761
"<application>dovecot</application> daemon in order to test your setup:"
17762
msgstr ""
17763
17764
#: serverguide/C/mail.xml:738(para)
17765
msgid ""
17766
"If you have enabled imap, or pop3, you can also try to log in with the "
17767
"commands <command>telnet localhost pop3</command> or <command>telnet "
17768
"localhost imap2</command>. If you see something like the following, the "
17769
"installation has been successful:"
17770
msgstr ""
17771
17772
#: serverguide/C/mail.xml:745(programlisting)
17773
#, no-wrap
17774
msgid ""
17775
"\n"
17776
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17777
"Trying 127.0.0.1...\n"
17778
"Connected to localhost.localdomain.\n"
17779
"Escape character is '^]'.\n"
17780
"+OK Dovecot ready.\n"
17781
msgstr ""
17782
17783
#: serverguide/C/mail.xml:754(title)
17784
msgid "Dovecot SSL Configuration"
17785
msgstr ""
17786
17787
#: serverguide/C/mail.xml:755(para)
17788
msgid ""
17789
"To configure <application>dovecot</application> to use SSL, you can edit the "
17790
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17791
"lines:"
17792
msgstr ""
17793
17794
#: serverguide/C/mail.xml:760(programlisting)
17795
#, no-wrap
17796
msgid ""
17797
"\n"
17798
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17799
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17800
"ssl_disable = no\n"
17801
"disable_plaintext_auth = no\n"
17802
msgstr ""
17803
17804
#: serverguide/C/mail.xml:766(para)
17805
msgid ""
17806
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17807
"can create self signed SSL certificate. The latter is a good option for "
17808
"email, because SMTP clients rarely complain about \"self-signed "
17809
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17810
"security\"/> for details about how to create self signed SSL certificate. "
17811
"Once you create the certificate, you will have a key file and a certificate "
17812
"file. Please copy them to the location pointed in the "
17813
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17814
msgstr ""
17815
17816
#: serverguide/C/mail.xml:781(title)
17817
msgid "Firewall Configuration for an Email Server"
17818
msgstr ""
17819
17820
#: serverguide/C/mail.xml:787(para)
17821
msgid "IMAP - 143"
17822
msgstr ""
17823
17824
#: serverguide/C/mail.xml:788(para)
17825
msgid "IMAPS - 993"
17826
msgstr ""
17827
17828
#: serverguide/C/mail.xml:789(para)
17829
msgid "POP3 - 110"
17830
msgstr ""
17831
17832
#: serverguide/C/mail.xml:790(para)
17833
msgid "POP3S - 995"
17834
msgstr ""
17835
17836
#: serverguide/C/mail.xml:782(para)
17837
msgid ""
17838
"To access your mail server from another computer, you must configure your "
17839
"firewall to allow connections to the server on the necessary ports. "
17840
"<placeholder-1/>"
17841
msgstr ""
17842
17843
#: serverguide/C/mail.xml:799(para)
17844
msgid ""
17845
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17846
"more information."
17847
msgstr ""
17848
17849
#: serverguide/C/mail.xml:804(para)
17850
msgid ""
17851
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17852
"Ubuntu Wiki</ulink> page has more details."
17853
msgstr ""
17854
17855
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17856
msgid "Mailman"
17857
msgstr "Mailman"
17858
17859
#: serverguide/C/mail.xml:814(para)
17860
msgid ""
17861
"Mailman is an open source program for managing electronic mail discussions "
17862
"and e-newsletter lists. Many open source mailing lists (including all the "
17863
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17864
"Mailman as their mailing list software. It is powerful and easy to install "
17865
"and maintain."
17866
msgstr ""
17867
17868
#: serverguide/C/mail.xml:824(para)
17869
msgid ""
17870
"Mailman provides a web interface for the administrators and users, using an "
17871
"external mail server to send and receive emails. It works perfectly with the "
17872
"following mail servers:"
17873
msgstr ""
17874
17875
#: serverguide/C/mail.xml:835(application)
17876
msgid "Exim"
17877
msgstr ""
17878
17879
#: serverguide/C/mail.xml:838(application)
17880
msgid "Sendmail"
17881
msgstr "Sendmail"
17882
17883
#: serverguide/C/mail.xml:841(application)
17884
msgid "Qmail"
17885
msgstr "Qmail"
17886
17887
#: serverguide/C/mail.xml:846(para)
17888
msgid ""
17889
"We will see how to install and configure Mailman with, the Apache web "
17890
"server, and either the Postfix or Exim mail server. If you wish to install "
17891
"Mailman with a different mail server, please refer to the references section."
17892
msgstr ""
17893
17894
#: serverguide/C/mail.xml:853(para)
17895
msgid ""
17896
"You only need to install one mail server and "
17897
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17898
msgstr ""
17899
17900
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17901
msgid "Apache2"
17902
msgstr "Apache2"
17903
17904
#: serverguide/C/mail.xml:859(para)
17905
msgid ""
17906
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17907
"installation\">HTTPD Installation</ulink> section for details."
17908
msgstr ""
17909
17910
#: serverguide/C/mail.xml:867(para)
17911
msgid ""
17912
"For instructions on installing and configuring Postfix refer to <xref "
17913
"linkend=\"postfix\"/>"
17914
msgstr ""
17915
17916
#: serverguide/C/mail.xml:873(para)
17917
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17918
msgstr ""
17919
17920
#: serverguide/C/mail.xml:884(application)
17921
msgid "dc_use_split_config='true'"
17922
msgstr ""
17923
17924
#: serverguide/C/mail.xml:876(para)
17925
msgid ""
17926
"Once exim4 is installed, the configuration files are stored in the "
17927
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17928
"configuration files are split across different files. You can change this "
17929
"behavior by changing the following variable in the "
17930
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17931
msgstr ""
17932
17933
#: serverguide/C/mail.xml:891(para)
17934
msgid ""
17935
"To install <application>Mailman</application>, run following command at a "
17936
"terminal prompt:"
17937
msgstr ""
17938
17939
#: serverguide/C/mail.xml:895(command)
17940
msgid "sudo apt-get install mailman"
17941
msgstr "sudo apt-get install mailman"
17942
17943
#: serverguide/C/mail.xml:897(para)
17944
msgid ""
17945
"It copies the installation files in "
17946
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17947
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17948
"creates <emphasis>list</emphasis> linux user. It creates the "
17949
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17950
"this user."
17951
msgstr ""
17952
17953
#: serverguide/C/mail.xml:909(para)
17954
msgid ""
17955
"This section assumes you have successfully installed "
17956
"<application>mailman</application>, <application>apache2</application>, and "
17957
"<application>postfix</application> or <application>exim4</application>. Now "
17958
"you just need to configure them."
17959
msgstr ""
17960
17961
#: serverguide/C/mail.xml:918(para)
17962
msgid ""
17963
"An example Apache configuration file comes with "
17964
"<application>Mailman</application> and is placed in "
17965
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
17966
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
17967
"available</filename>:"
17968
msgstr ""
17969
17970
#: serverguide/C/mail.xml:924(command)
17971
msgid ""
17972
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17973
msgstr ""
17974
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17975
17976
#: serverguide/C/mail.xml:926(para)
17977
msgid ""
17978
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
17979
"Mailman administration site. Now enable the new configuration and restart "
17980
"Apache:"
17981
msgstr ""
17982
17983
#: serverguide/C/mail.xml:931(command)
17984
msgid "sudo a2ensite mailman.conf"
17985
msgstr "sudo a2ensite mailman.conf"
17986
17987
#: serverguide/C/mail.xml:934(para)
17988
msgid ""
17989
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
17990
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
17991
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
17992
"can make changes to the <filename>/etc/apache2/sites-"
17993
"available/mailman.conf</filename> file if you wish to change this behavior."
17994
msgstr ""
17995
17996
#: serverguide/C/mail.xml:945(para)
17997
msgid ""
17998
"For <application>Postfix</application> integration, we will associate the "
17999
"domain lists.example.com with the mailing lists. Please replace "
18000
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18001
msgstr ""
18002
18003
#: serverguide/C/mail.xml:949(para)
18004
msgid ""
18005
"You can use the postconf command to add the necessary configuration to "
18006
"<filename>/etc/postfix/main.cf</filename>:"
18007
msgstr ""
18008
18009
#: serverguide/C/mail.xml:953(command)
18010
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18011
msgstr ""
18012
18013
#: serverguide/C/mail.xml:954(command)
18014
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18015
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18016
18017
#: serverguide/C/mail.xml:955(command)
18018
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18019
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18020
18021
#: serverguide/C/mail.xml:957(para)
18022
msgid ""
18023
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18024
"the following transport:"
18025
msgstr ""
18026
18027
#: serverguide/C/mail.xml:960(programlisting)
18028
#, no-wrap
18029
msgid ""
18030
"\n"
18031
"mailman unix - n n - - pipe\n"
18032
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18033
" ${nexthop} ${user}\n"
18034
msgstr ""
18035
18036
#: serverguide/C/mail.xml:965(para)
18037
msgid ""
18038
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18039
"is delivered to a list."
18040
msgstr ""
18041
18042
#: serverguide/C/mail.xml:968(para)
18043
msgid ""
18044
"Associate the domain lists.example.com to the Mailman transport with the "
18045
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18046
msgstr ""
18047
18048
#: serverguide/C/mail.xml:971(programlisting)
18049
#, no-wrap
18050
msgid ""
18051
"\n"
18052
"lists.example.com mailman:\n"
18053
msgstr ""
18054
18055
#: serverguide/C/mail.xml:974(para)
18056
msgid ""
18057
"Now have <application>Postfix</application> build the transport map by "
18058
"entering the following from a terminal prompt:"
18059
msgstr ""
18060
18061
#: serverguide/C/mail.xml:978(command)
18062
msgid "sudo postmap -v /etc/postfix/transport"
18063
msgstr "sudo postmap -v /etc/postfix/transport"
18064
18065
#: serverguide/C/mail.xml:980(para)
18066
msgid "Then restart Postfix to enable the new configurations:"
18067
msgstr ""
18068
18069
#: serverguide/C/mail.xml:989(para)
18070
msgid ""
18071
"Once Exim4 is installed, you can start the Exim server using the following "
18072
"command from a terminal prompt:"
18073
msgstr ""
18074
18075
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18076
msgid "Main"
18077
msgstr ""
18078
18079
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18080
msgid "Transport"
18081
msgstr "Overførsel"
18082
18083
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18084
msgid "Router"
18085
msgstr "Router"
18086
18087
#: serverguide/C/mail.xml:996(para)
18088
msgid ""
18089
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18090
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18091
"different types. For details, please refer to the <ulink "
18092
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18093
"add new a configuration file to the following configuration types: "
18094
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18095
"these mini configuration files. So, the order of these configuration files "
18096
"is very important."
18097
msgstr ""
18098
18099
#: serverguide/C/mail.xml:1027(programlisting)
18100
#, no-wrap
18101
msgid ""
18102
"\n"
18103
"# start\n"
18104
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18105
"# directory.\n"
18106
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18107
"# This is normally the same as ~mailman\n"
18108
"MM_HOME=/var/lib/mailman\n"
18109
"#\n"
18110
"# User and group for Mailman, should match your --with-mail-gid\n"
18111
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18112
"MM_UID=list\n"
18113
"MM_GID=list\n"
18114
"#\n"
18115
"# Domains that your lists are in - colon separated list\n"
18116
"# you may wish to add these into local_domains as well\n"
18117
"domainlist mm_domains=hostname.com\n"
18118
"#\n"
18119
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18120
"#\n"
18121
"# These values are derived from the ones above and should not need\n"
18122
"# editing unless you have munged your mailman installation\n"
18123
"#\n"
18124
"# The path of the Mailman mail wrapper script\n"
18125
"MM_WRAP=MM_HOME/mail/mailman\n"
18126
"#\n"
18127
"# The path of the list config file (used as a required file when\n"
18128
"# verifying list addresses)\n"
18129
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18130
"# end\n"
18131
msgstr ""
18132
18133
#: serverguide/C/mail.xml:1021(para)
18134
msgid ""
18135
"All the configuration files belonging to the main type are stored in the "
18136
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18137
"following content to a new file, named <filename>04_exim4-"
18138
"config_mailman</filename>: <placeholder-1/>"
18139
msgstr ""
18140
18141
#: serverguide/C/mail.xml:1067(programlisting)
18142
#, no-wrap
18143
msgid ""
18144
"\n"
18145
" mailman_transport:\n"
18146
" driver = pipe\n"
18147
" command = MM_WRAP \\\n"
18148
" '${if def:local_part_suffix \\\n"
18149
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18150
"\\\n"
18151
" {post}}' \\\n"
18152
" $local_part\n"
18153
" current_directory = MM_HOME\n"
18154
" home_directory = MM_HOME\n"
18155
" user = MM_UID\n"
18156
" group = MM_GID\n"
18157
msgstr ""
18158
18159
#: serverguide/C/mail.xml:1061(para)
18160
msgid ""
18161
"All the configuration files belonging to transport type are stored in the "
18162
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18163
"following content to a new file named <filename> 40_exim4-"
18164
"config_mailman</filename>: <placeholder-1/>"
18165
msgstr ""
18166
18167
#: serverguide/C/mail.xml:1088(programlisting)
18168
#, no-wrap
18169
msgid ""
18170
"\n"
18171
" mailman_router:\n"
18172
" driver = accept\n"
18173
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18174
" local_part_suffix_optional\n"
18175
" local_part_suffix = -bounces : -bounces+* : \\\n"
18176
" -confirm+* : -join : -leave : \\\n"
18177
" -owner : -request : -admin\n"
18178
" transport = mailman_transport\n"
18179
msgstr ""
18180
18181
#: serverguide/C/mail.xml:1084(para)
18182
msgid ""
18183
"All the configuration files belonging to router type are stored in the "
18184
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18185
"following content in to a new file named <filename>101_exim4-"
18186
"config_mailman</filename>: <placeholder-1/>"
18187
msgstr ""
18188
18189
#: serverguide/C/mail.xml:1101(para)
18190
msgid ""
18191
"The order of main and transport configuration files can be in any order. "
18192
"But, the order of router configuration files must be the same. This "
18193
"particular file must appear before the <application>200_exim4-"
18194
"config_primary</application> file. These two configuration files contain "
18195
"same type of information. The first file takes the precedence. For more "
18196
"details, please refer to the references section."
18197
msgstr ""
18198
18199
#: serverguide/C/mail.xml:1114(para)
18200
msgid ""
18201
"Once mailman is installed, you can run it using the following command:"
18202
msgstr ""
18203
18204
#: serverguide/C/mail.xml:1118(command)
18205
msgid "sudo /etc/init.d/mailman start"
18206
msgstr "sudo /etc/init.d/mailman start"
18207
18208
#: serverguide/C/mail.xml:1120(para)
18209
msgid ""
18210
"Once mailman is installed, you should create the default mailing list. Run "
18211
"the following command to create the mailing list:"
18212
msgstr ""
18213
18214
#: serverguide/C/mail.xml:1126(command)
18215
msgid "sudo /usr/sbin/newlist mailman"
18216
msgstr "sudo /usr/sbin/newlist mailman"
18217
18218
#: serverguide/C/mail.xml:1129(programlisting)
18219
#, no-wrap
18220
msgid ""
18221
"\n"
18222
" Enter the email address of the person running the list: bhuvan at "
18223
"ubuntu.com\n"
18224
" Initial mailman password:\n"
18225
" To finish creating your mailing list, you must edit your "
18226
"<filename>/etc/aliases</filename> (or\n"
18227
" equivalent) file by adding the following lines, and possibly running the\n"
18228
" `newaliases' program:\n"
18229
"\n"
18230
" ## mailman mailing list\n"
18231
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18232
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18233
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18234
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18235
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18236
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18237
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18238
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18239
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18240
"mailman\"\n"
18241
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18242
"mailman\"\n"
18243
"\n"
18244
" Hit enter to notify mailman owner...\n"
18245
"\n"
18246
" # \n"
18247
msgstr ""
18248
18249
#: serverguide/C/mail.xml:1152(para)
18250
msgid ""
18251
"We have configured either Postfix or Exim4 to recognize all emails from "
18252
"mailman. So, it is not mandatory to make any new entries in "
18253
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18254
"configuration files, please ensure that you restart those services before "
18255
"continuing to next section."
18256
msgstr ""
18257
18258
#: serverguide/C/mail.xml:1160(para)
18259
msgid ""
18260
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18261
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18262
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18263
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18264
msgstr ""
18265
18266
#: serverguide/C/mail.xml:1171(title)
18267
msgid "Administration"
18268
msgstr "Administration"
18269
18270
#: serverguide/C/mail.xml:1172(para)
18271
msgid ""
18272
"We assume you have a default installation. The mailman cgi scripts are still "
18273
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18274
"Mailman provides a web based administration facility. To access this page, "
18275
"point your browser to the following url:"
18276
msgstr ""
18277
18278
#: serverguide/C/mail.xml:1180(para)
18279
msgid "http://hostname/cgi-bin/mailman/admin"
18280
msgstr ""
18281
18282
#: serverguide/C/mail.xml:1184(para)
18283
msgid ""
18284
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18285
"screen. If you click the mailing list name, it will ask for your "
18286
"authentication password. If you enter the correct password, you will be able "
18287
"to change administrative settings of this mailing list. You can create a new "
18288
"mailing list using the command line utility "
18289
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18290
"mailing list using the web interface."
18291
msgstr ""
18292
18293
#: serverguide/C/mail.xml:1197(title)
18294
msgid "Users"
18295
msgstr "Brugere"
18296
18297
#: serverguide/C/mail.xml:1198(para)
18298
msgid ""
18299
"Mailman provides a web based interface for users. To access this page, point "
18300
"your browser to the following url:"
18301
msgstr ""
18302
18303
#: serverguide/C/mail.xml:1203(para)
18304
msgid "http://hostname/cgi-bin/mailman/listinfo"
18305
msgstr ""
18306
18307
#: serverguide/C/mail.xml:1207(para)
18308
msgid ""
18309
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18310
"screen. If you click the mailing list name, it will display the subscription "
18311
"form. You can enter your email address, name (optional), and password to "
18312
"subscribe. An email invitation will be sent to you. You can follow the "
18313
"instructions in the email to subscribe."
18314
msgstr ""
18315
18316
#: serverguide/C/mail.xml:1219(ulink)
18317
msgid "GNU Mailman - Installation Manual"
18318
msgstr ""
18319
18320
#: serverguide/C/mail.xml:1223(ulink)
18321
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18322
msgstr ""
18323
18324
#: serverguide/C/mail.xml:1226(para)
18325
msgid ""
18326
"Also, see the <ulink "
18327
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18328
"Wiki</ulink> page."
18329
msgstr ""
18330
18331
#: serverguide/C/mail.xml:1232(title)
18332
msgid "Mail Filtering"
18333
msgstr ""
18334
18335
#: serverguide/C/mail.xml:1233(para)
18336
msgid ""
18337
"One of the largest issues with email today is the problem of Unsolicited "
18338
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18339
"and other forms of malware. According to some reports these messages make up "
18340
"the bulk of all email traffic on the Internet."
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:1238(para)
18344
msgid ""
18345
"This section will cover integrating <application>Amavisd-new</application>, "
18346
"<application>Spamassassin</application>, and "
18347
"<application>ClamAV</application> with the "
18348
"<application>Postfix</application> Mail Transport Agent (MTA). "
18349
"<application>Postfix</application> can also check email validity by passing "
18350
"it through external content filters. These filters can sometimes determine "
18351
"if a message is spam without needing to process it with more resource "
18352
"intensive applications. Two common filters are "
18353
"<application>opendkim</application> and <application>python-policyd-"
18354
"spf</application>."
18355
msgstr ""
18356
18357
#: serverguide/C/mail.xml:1248(para)
18358
msgid ""
18359
"<application>Amavisd-new</application> is a wrapper program that can call "
18360
"any number of content filtering programs for spam detection, antivirus, etc."
18361
msgstr ""
18362
18363
#: serverguide/C/mail.xml:1254(para)
18364
msgid ""
18365
"<application>Spamassassin</application> uses a variety of mechanisms to "
18366
"filter email based on the message content."
18367
msgstr ""
18368
18369
#: serverguide/C/mail.xml:1259(para)
18370
msgid ""
18371
"<application>ClamAV</application> is an open source antivirus application."
18372
msgstr ""
18373
18374
#: serverguide/C/mail.xml:1264(para)
18375
msgid ""
18376
"<application>opendkim</application> implements a Sendmail Mail Filter "
18377
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18378
msgstr ""
18379
18380
#: serverguide/C/mail.xml:1270(para)
18381
msgid ""
18382
"<application>python-policyd-spf</application> enables Sender Policy "
18383
"Framework (SPF) checking with <application>Postfix</application>."
18384
msgstr ""
18385
18386
#: serverguide/C/mail.xml:1275(para)
18387
msgid "This is how the pieces fit together:"
18388
msgstr ""
18389
18390
#: serverguide/C/mail.xml:1280(para)
18391
msgid "An email message is accepted by <application>Postfix</application>."
18392
msgstr ""
18393
18394
#: serverguide/C/mail.xml:1285(para)
18395
msgid ""
18396
"The message is passed through any external filters "
18397
"<application>opendkim</application> and <application>python-policyd-"
18398
"spf</application> in this case."
18399
msgstr ""
18400
18401
#: serverguide/C/mail.xml:1291(para)
18402
msgid "<application>Amavisd-new</application> then processes the message."
18403
msgstr ""
18404
18405
#: serverguide/C/mail.xml:1296(para)
18406
msgid ""
18407
"<application>ClamAV</application> is used to scan the message. If the "
18408
"message contains a virus <application>Postfix</application> will reject the "
18409
"message."
18410
msgstr ""
18411
18412
#: serverguide/C/mail.xml:1302(para)
18413
msgid ""
18414
"Clean messages will then be analyzed by "
18415
"<application>Spamassassin</application> to find out if the message is spam. "
18416
"<application>Spamassassin</application> will then add X-Header lines "
18417
"allowing <application>Amavisd-new</application> to further manipulate the "
18418
"message."
18419
msgstr ""
18420
18421
#: serverguide/C/mail.xml:1309(para)
18422
msgid ""
18423
"For example, if a message has a Spam score of over fifty the message could "
18424
"be automatically dropped from the queue without the recipient ever having to "
18425
"be bothered. Another, way to handle flagged messages is to deliver them to "
18426
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18427
"see fit."
18428
msgstr ""
18429
18430
#: serverguide/C/mail.xml:1316(para)
18431
msgid ""
18432
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18433
"configuring Postfix."
18434
msgstr ""
18435
18436
#: serverguide/C/mail.xml:1319(para)
18437
msgid ""
18438
"To install the rest of the applications enter the following from a terminal "
18439
"prompt:"
18440
msgstr ""
18441
18442
#: serverguide/C/mail.xml:1323(command)
18443
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18444
msgstr "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18445
18446
#: serverguide/C/mail.xml:1324(command)
18447
msgid "sudo apt-get install opendkim python-policyd-spf"
18448
msgstr ""
18449
18450
#: serverguide/C/mail.xml:1326(para)
18451
msgid ""
18452
"There are some optional packages that integrate with "
18453
"<application>Spamassassin</application> for better spam detection:"
18454
msgstr ""
18455
18456
#: serverguide/C/mail.xml:1330(command)
18457
msgid "sudo apt-get install pyzor razor"
18458
msgstr "sudo apt-get install pyzor razor"
18459
18460
#: serverguide/C/mail.xml:1332(para)
18461
msgid ""
18462
"Along with the main filtering applications compression utilities are needed "
18463
"to process some email attachments:"
18464
msgstr ""
18465
18466
#: serverguide/C/mail.xml:1336(command)
18467
msgid ""
18468
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18469
msgstr ""
18470
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18471
18472
#: serverguide/C/mail.xml:1339(para)
18473
msgid ""
18474
"If some packages are not found, check that the "
18475
"<emphasis>multiverse</emphasis> repository is enabled in "
18476
"<filename>/etc/apt/sources.list</filename>"
18477
msgstr ""
18478
18479
#: serverguide/C/mail.xml:1340(para)
18480
msgid ""
18481
"If you make changes to the file, be sure to run <command>sudo apt-get "
18482
"update</command> before trying to install again."
18483
msgstr ""
18484
18485
#: serverguide/C/mail.xml:1345(para)
18486
msgid "Now configure everything to work together and filter email."
18487
msgstr ""
18488
18489
#: serverguide/C/mail.xml:1349(title)
18490
msgid "ClamAV"
18491
msgstr ""
18492
18493
#: serverguide/C/mail.xml:1350(para)
18494
msgid ""
18495
"The default behaviour of <application>ClamAV</application> will fit our "
18496
"needs. For more ClamAV configuration options, check the configuration files "
18497
"in <filename>/etc/clamav</filename>."
18498
msgstr ""
18499
18500
#: serverguide/C/mail.xml:1355(para)
18501
msgid ""
18502
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18503
"group in order for <application>Amavisd-new</application> to have the "
18504
"appropriate access to scan files:"
18505
msgstr ""
18506
18507
#: serverguide/C/mail.xml:1360(command)
18508
msgid "sudo adduser clamav amavis"
18509
msgstr "sudo adduser clamav amavis"
18510
18511
#: serverguide/C/mail.xml:1364(title)
18512
msgid "Spamassassin"
18513
msgstr ""
18514
18515
#: serverguide/C/mail.xml:1365(para)
18516
msgid ""
18517
"Spamassassin automatically detects optional components and will use them if "
18518
"they are present. This means that there is no need to configure "
18519
"<application>pyzor</application> and <application>razor</application>."
18520
msgstr ""
18521
18522
#: serverguide/C/mail.xml:1369(para)
18523
msgid ""
18524
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18525
"<application>Spamassassin</application> daemon. Change "
18526
"<emphasis>ENABLED=0</emphasis> to:"
18527
msgstr ""
18528
18529
#: serverguide/C/mail.xml:1373(programlisting)
18530
#, no-wrap
18531
msgid ""
18532
"\n"
18533
"ENABLED=1\n"
18534
msgstr ""
18535
18536
#: serverguide/C/mail.xml:1376(para)
18537
msgid "Now start the daemon:"
18538
msgstr ""
18539
18540
#: serverguide/C/mail.xml:1380(command)
18541
msgid "sudo /etc/init.d/spamassassin start"
18542
msgstr "sudo /etc/init.d/spamassassin start"
18543
18544
#: serverguide/C/mail.xml:1384(title)
18545
msgid "Amavisd-new"
18546
msgstr ""
18547
18548
#: serverguide/C/mail.xml:1385(para)
18549
msgid ""
18550
"First activate spam and antivirus detection in <application>Amavisd-"
18551
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18552
"content_filter_mode</filename>:"
18553
msgstr ""
18554
18555
#: serverguide/C/mail.xml:1389(programlisting)
18556
#, no-wrap
18557
msgid ""
18558
"\n"
18559
"use strict;\n"
18560
"\n"
18561
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18562
"# and to re-enable antivirus checking.\n"
18563
"\n"
18564
"#\n"
18565
"# Default antivirus checking mode\n"
18566
"# Uncomment the two lines below to enable it\n"
18567
"#\n"
18568
"\n"
18569
"@bypass_virus_checks_maps = (\n"
18570
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18571
"$bypass_virus_checks_re);\n"
18572
"\n"
18573
"\n"
18574
"#\n"
18575
"# Default SPAM checking mode\n"
18576
"# Uncomment the two lines below to enable it\n"
18577
"#\n"
18578
"\n"
18579
"@bypass_spam_checks_maps = (\n"
18580
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18581
"$bypass_spam_checks_re);\n"
18582
"\n"
18583
"1; # insure a defined return\n"
18584
msgstr ""
18585
18586
#: serverguide/C/mail.xml:1414(para)
18587
msgid ""
18588
"Bouncing spam can be a bad idea as the return address is often faked. "
18589
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18590
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18591
"D_BOUNCE, as follows:"
18592
msgstr ""
18593
18594
#: serverguide/C/mail.xml:1420(programlisting)
18595
#, no-wrap
18596
msgid ""
18597
"\n"
18598
"$final_spam_destiny = D_DISCARD;\n"
18599
msgstr ""
18600
18601
#: serverguide/C/mail.xml:1424(para)
18602
msgid ""
18603
"Additionally, you may want to adjust the following options to flag more "
18604
"messages as spam:"
18605
msgstr ""
18606
18607
#: serverguide/C/mail.xml:1428(programlisting)
18608
#, no-wrap
18609
msgid ""
18610
"\n"
18611
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18612
"level\n"
18613
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18614
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18615
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18616
msgstr ""
18617
18618
#: serverguide/C/mail.xml:1435(para)
18619
msgid ""
18620
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18621
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18622
"option. Also, if the server receives mail for multiple domains the "
18623
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18624
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18625
msgstr ""
18626
18627
#: serverguide/C/mail.xml:1442(programlisting)
18628
#, no-wrap
18629
msgid ""
18630
"\n"
18631
"$myhostname = 'mail.example.com';\n"
18632
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18633
msgstr ""
18634
18635
#: serverguide/C/mail.xml:1447(para)
18636
msgid ""
18637
"After configuration <application>Amavisd-new</application> needs to be "
18638
"restarted:"
18639
msgstr ""
18640
18641
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18642
msgid "sudo /etc/init.d/amavis restart"
18643
msgstr "sudo /etc/init.d/amavis restart"
18644
18645
#: serverguide/C/mail.xml:1454(title)
18646
msgid "DKIM Whitelist"
18647
msgstr ""
18648
18649
#: serverguide/C/mail.xml:1456(para)
18650
msgid ""
18651
"<application>Amavisd-new</application> can be configured to automatically "
18652
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18653
"Keys. There are some pre-configured domains in the "
18654
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18655
msgstr ""
18656
18657
#: serverguide/C/mail.xml:1462(para)
18658
msgid "There are multiple ways to configure the Whitelist for a domain:"
18659
msgstr ""
18660
18661
#: serverguide/C/mail.xml:1468(para)
18662
msgid ""
18663
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18664
"address from the \"example.com\" domain."
18665
msgstr ""
18666
18667
#: serverguide/C/mail.xml:1473(para)
18668
msgid ""
18669
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18670
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18671
"have a valid signature."
18672
msgstr ""
18673
18674
#: serverguide/C/mail.xml:1479(para)
18675
msgid ""
18676
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18677
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18678
"role=\"italic\">example.com</emphasis> the parent domain."
18679
msgstr ""
18680
18681
#: serverguide/C/mail.xml:1485(para)
18682
msgid ""
18683
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18684
"that have a valid signature from \"example.com\". This is usually used for "
18685
"discussion groups that sign their messages."
18686
msgstr ""
18687
18688
#: serverguide/C/mail.xml:1492(para)
18689
msgid ""
18690
"A domain can also have multiple Whitelist configurations. After, editing the "
18691
"file restart <application>amaisd-new</application>:"
18692
msgstr ""
18693
18694
#: serverguide/C/mail.xml:1501(para)
18695
msgid ""
18696
"In this context, once a domain has been added to the Whitelist the message "
18697
"will not receive any anti-virus or spam filtering. This may or may not be "
18698
"the intended behavior you wish for a domain."
18699
msgstr ""
18700
18701
#: serverguide/C/mail.xml:1511(para)
18702
msgid ""
18703
"For <application>Postfix</application> integration, enter the following from "
18704
"a terminal prompt:"
18705
msgstr ""
18706
18707
#: serverguide/C/mail.xml:1515(command)
18708
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18709
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18710
18711
#: serverguide/C/mail.xml:1517(para)
18712
msgid ""
18713
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18714
"to the end of the file:"
18715
msgstr ""
18716
18717
#: serverguide/C/mail.xml:1520(programlisting)
18718
#, no-wrap
18719
msgid ""
18720
"\n"
18721
"smtp-amavis unix - - - - 2 smtp\n"
18722
" -o smtp_data_done_timeout=1200\n"
18723
" -o smtp_send_xforward_command=yes\n"
18724
" -o disable_dns_lookups=yes\n"
18725
" -o max_use=20\n"
18726
"\n"
18727
"127.0.0.1:10025 inet n - - - - smtpd\n"
18728
" -o content_filter=\n"
18729
" -o local_recipient_maps=\n"
18730
" -o relay_recipient_maps=\n"
18731
" -o smtpd_restriction_classes=\n"
18732
" -o smtpd_delay_reject=no\n"
18733
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18734
" -o smtpd_helo_restrictions=\n"
18735
" -o smtpd_sender_restrictions=\n"
18736
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18737
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18738
" -o smtpd_end_of_data_restrictions=\n"
18739
" -o mynetworks=127.0.0.0/8\n"
18740
" -o smtpd_error_sleep_time=0\n"
18741
" -o smtpd_soft_error_limit=1001\n"
18742
" -o smtpd_hard_error_limit=1000\n"
18743
" -o smtpd_client_connection_count_limit=0\n"
18744
" -o smtpd_client_connection_rate_limit=0\n"
18745
" -o "
18746
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18747
msgstr ""
18748
18749
#: serverguide/C/mail.xml:1547(para)
18750
msgid ""
18751
"Also add the following two lines immediately below the "
18752
"<emphasis>\"pickup\"</emphasis> transport service:"
18753
msgstr ""
18754
18755
#: serverguide/C/mail.xml:1550(programlisting)
18756
#, no-wrap
18757
msgid ""
18758
"\n"
18759
" -o content_filter=\n"
18760
" -o receive_override_options=no_header_body_checks\n"
18761
msgstr ""
18762
18763
#: serverguide/C/mail.xml:1554(para)
18764
msgid ""
18765
"This will prevent messages that are generated to report on spam from being "
18766
"classified as spam."
18767
msgstr ""
18768
18769
#: serverguide/C/mail.xml:1557(para)
18770
msgid "Now restart <application>Postfix</application>:"
18771
msgstr ""
18772
18773
#: serverguide/C/mail.xml:1563(para)
18774
msgid "Content filtering with spam and virus detection is now enabled."
18775
msgstr ""
18776
18777
#: serverguide/C/mail.xml:1569(title)
18778
msgid "Amavisd-new and Spamassassin"
18779
msgstr ""
18780
18781
#: serverguide/C/mail.xml:1571(para)
18782
msgid ""
18783
"When integrating <application>Amavisd-new</application> with "
18784
"<application>Spamassassin</application>, if you choose to disable the bayes "
18785
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
18786
"<application>cron</application> to update the nightly rules, the result can "
18787
"cause a situation where a large amount of error messages are sent to the "
18788
"<emphasis>amavis</emphasis> user via the amavisd-new "
18789
"<application>cron</application> job."
18790
msgstr ""
18791
18792
#: serverguide/C/mail.xml:1578(para)
18793
msgid "There are several ways to handle this situation:"
18794
msgstr ""
18795
18796
#: serverguide/C/mail.xml:1584(para)
18797
msgid "Configure your MDA to filter messages you do not wish to see."
18798
msgstr ""
18799
18800
#: serverguide/C/mail.xml:1589(para)
18801
msgid ""
18802
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18803
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18804
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
18805
"the top before the <emphasis>test</emphasis> statements:"
18806
msgstr ""
18807
18808
#: serverguide/C/mail.xml:1593(programlisting)
18809
#, no-wrap
18810
msgid ""
18811
"\n"
18812
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
18813
"exit 0\n"
18814
msgstr ""
18815
18816
#: serverguide/C/mail.xml:1603(para)
18817
msgid ""
18818
"First, test that the <application>Amavisd-new</application> SMTP is "
18819
"listening:"
18820
msgstr ""
18821
18822
#: serverguide/C/mail.xml:1606(programlisting)
18823
#, no-wrap
18824
msgid ""
18825
"\n"
18826
"telnet localhost 10024\n"
18827
"Trying 127.0.0.1...\n"
18828
"Connected to localhost.\n"
18829
"Escape character is '^]'.\n"
18830
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18831
"^]\n"
18832
msgstr ""
18833
18834
#: serverguide/C/mail.xml:1614(para)
18835
msgid ""
18836
"In the Header of messages that go through the content filter you should see:"
18837
msgstr ""
18838
18839
#: serverguide/C/mail.xml:1617(programlisting)
18840
#, no-wrap
18841
msgid ""
18842
"\n"
18843
"X-Spam-Level: \n"
18844
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18845
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18846
"BAYES_00\n"
18847
"X-Spam-Level: \n"
18848
msgstr ""
18849
18850
#: serverguide/C/mail.xml:1624(para)
18851
msgid ""
18852
"Your output will vary, but the important thing is that there are <emphasis>X-"
18853
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18854
msgstr ""
18855
18856
#: serverguide/C/mail.xml:1632(para)
18857
msgid ""
18858
"The best way to figure out why something is going wrong is to check the log "
18859
"files."
18860
msgstr ""
18861
18862
#: serverguide/C/mail.xml:1637(para)
18863
msgid ""
18864
"For instructions on <application>Postfix</application> logging see the <xref "
18865
"linkend=\"postfix-troubleshooting\"/> section."
18866
msgstr ""
18867
18868
#: serverguide/C/mail.xml:1643(para)
18869
msgid ""
18870
"<application>Amavisd-new</application> uses "
18871
"<application>Syslog</application> to send messages to "
18872
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18873
"increased by adding the <emphasis>$log_level</emphasis> option to "
18874
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18875
"1 to 5."
18876
msgstr ""
18877
18878
#: serverguide/C/mail.xml:1648(programlisting)
18879
#, no-wrap
18880
msgid ""
18881
"\n"
18882
"$log_level = 2;\n"
18883
msgstr ""
18884
18885
#: serverguide/C/mail.xml:1652(para)
18886
msgid ""
18887
"When the <application>Amavisd-new</application> log output is increased "
18888
"<application>Spamassassin</application> log output is also increased."
18889
msgstr ""
18890
18891
#: serverguide/C/mail.xml:1659(para)
18892
msgid ""
18893
"The <application>ClamAV</application> log level can be increased by editing "
18894
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18895
msgstr ""
18896
18897
#: serverguide/C/mail.xml:1663(programlisting)
18898
#, no-wrap
18899
msgid ""
18900
"\n"
18901
"LogVerbose true\n"
18902
msgstr ""
18903
18904
#: serverguide/C/mail.xml:1666(para)
18905
msgid ""
18906
"By default <application>ClamAV</application> will send log messages to "
18907
"<filename>/var/log/clamav/clamav.log</filename>."
18908
msgstr ""
18909
18910
#: serverguide/C/mail.xml:1672(para)
18911
msgid ""
18912
"After changing an applications log settings remember to restart the service "
18913
"for the new settings to take affect. Also, once the issue you are "
18914
"troubleshooting is resolved it is a good idea to change the log settings "
18915
"back to normal."
18916
msgstr ""
18917
18918
#: serverguide/C/mail.xml:1680(para)
18919
msgid "For more information on filtering mail see the following links:"
18920
msgstr ""
18921
18922
#: serverguide/C/mail.xml:1686(ulink)
18923
msgid "Amavisd-new Documentation"
18924
msgstr ""
18925
18926
#: serverguide/C/mail.xml:1690(para)
18927
msgid ""
18928
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18929
"Documentation</ulink> and <ulink "
18930
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18931
msgstr ""
18932
18933
#: serverguide/C/mail.xml:1697(ulink)
18934
msgid "Spamassassin Wiki"
18935
msgstr ""
18936
18937
#: serverguide/C/mail.xml:1702(ulink)
18938
msgid "Pyzor Homepage"
18939
msgstr ""
18940
18941
#: serverguide/C/mail.xml:1707(ulink)
18942
msgid "Razor Homepage"
18943
msgstr ""
18944
18945
#: serverguide/C/mail.xml:1712(ulink)
18946
msgid "DKIM.org"
18947
msgstr ""
18948
18949
#: serverguide/C/mail.xml:1717(ulink)
18950
msgid "Postfix Amavis New"
18951
msgstr ""
18952
18953
#: serverguide/C/mail.xml:1721(para)
18954
msgid ""
18955
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18956
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18957
msgstr ""
18958
18959
#: serverguide/C/lamp-applications.xml:13(title)
18960
msgid "LAMP Applications"
18961
msgstr ""
18962
18963
#: serverguide/C/lamp-applications.xml:19(para)
18964
msgid ""
18965
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18966
"Ubuntu servers. There is a plethora of Open Source applications written "
18967
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18968
"Content Management Systems, and Management Software such as phpMyAdmin."
18969
msgstr ""
18970
18971
#: serverguide/C/lamp-applications.xml:26(para)
18972
msgid ""
18973
"One advantage of LAMP is the substantial flexibility for different database, "
18974
"web server, and scripting languages. Popular substitutes for MySQL include "
18975
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18976
"instead of PHP."
18977
msgstr ""
18978
18979
#: serverguide/C/lamp-applications.xml:32(para)
18980
msgid ""
18981
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18982
"is:"
18983
msgstr ""
18984
18985
#: serverguide/C/lamp-applications.xml:38(para)
18986
msgid "Download an archive containing the application source files."
18987
msgstr ""
18988
18989
#: serverguide/C/lamp-applications.xml:43(para)
18990
msgid ""
18991
"Unpack the archive, usually in a directory accessible to a web server."
18992
msgstr ""
18993
18994
#: serverguide/C/lamp-applications.xml:48(para)
18995
msgid ""
18996
"Depending on where the source was extracted, configure a web server to serve "
18997
"the files."
18998
msgstr ""
18999
19000
#: serverguide/C/lamp-applications.xml:53(para)
19001
msgid "Configure the application to connect to the database."
19002
msgstr ""
19003
19004
#: serverguide/C/lamp-applications.xml:58(para)
19005
msgid ""
19006
"Run a script, or browse to a page of the application, to install the "
19007
"database needed by the application."
19008
msgstr ""
19009
19010
#: serverguide/C/lamp-applications.xml:63(para)
19011
msgid ""
19012
"Once the steps above, or similar steps, are completed you are ready to begin "
19013
"using the application."
19014
msgstr ""
19015
19016
#: serverguide/C/lamp-applications.xml:69(para)
19017
msgid ""
19018
"A disadvantage of using this approach is that the application files are not "
19019
"placed in the file system in a standard way, which can cause confusion as to "
19020
"where the application is installed. Another larger disadvantage is updating "
19021
"the application. When a new version is released, the same process used to "
19022
"install the application is needed to apply updates."
19023
msgstr ""
19024
19025
#: serverguide/C/lamp-applications.xml:76(para)
19026
msgid ""
19027
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19028
"packaged for Ubuntu, and are available for installation in the same way as "
19029
"non-LAMP applications. Depending on the application some extra configuration "
19030
"and setup steps may be needed, however."
19031
msgstr ""
19032
19033
#: serverguide/C/lamp-applications.xml:82(para)
19034
msgid ""
19035
"This section covers howto install and configure the Wiki applications "
19036
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19037
"and the MySQL management application <application>phpMyAdmin</application>."
19038
msgstr ""
19039
19040
#: serverguide/C/lamp-applications.xml:88(para)
19041
msgid ""
19042
"A Wiki is a website that allows the visitors to easily add, remove and "
19043
"modify available content easily. The ease of interaction and operation makes "
19044
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19045
"also referred to the collaborative software."
19046
msgstr ""
19047
19048
#: serverguide/C/lamp-applications.xml:100(title)
19049
msgid "Moin Moin"
19050
msgstr ""
19051
19052
#: serverguide/C/lamp-applications.xml:102(para)
19053
msgid ""
19054
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19055
"engine, and licensed under the GNU GPL."
19056
msgstr ""
19057
19058
#: serverguide/C/lamp-applications.xml:110(para)
19059
msgid ""
19060
"To install <application>MoinMoin</application>, run the following command in "
19061
"the command prompt:"
19062
msgstr ""
19063
19064
#: serverguide/C/lamp-applications.xml:116(command)
19065
msgid "sudo apt-get install python-moinmoin"
19066
msgstr "sudo apt-get install python-moinmoin"
19067
19068
#: serverguide/C/lamp-applications.xml:119(para)
19069
msgid ""
19070
"You should also install <application>apache2</application> web server. For "
19071
"installing <application>apache2</application> web server, please refer to "
19072
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19073
"linkend=\"httpd\"/> section."
19074
msgstr ""
19075
19076
#: serverguide/C/lamp-applications.xml:130(para)
19077
msgid ""
19078
"For configuring your first Wiki application, please run the following set of "
19079
"commands. Let us assume that you are creating a Wiki named "
19080
"<emphasis>mywiki</emphasis>:"
19081
msgstr ""
19082
19083
#: serverguide/C/lamp-applications.xml:137(command)
19084
msgid "cd /usr/share/moin"
19085
msgstr ""
19086
19087
#: serverguide/C/lamp-applications.xml:138(command)
19088
msgid "sudo mkdir mywiki"
19089
msgstr ""
19090
19091
#: serverguide/C/lamp-applications.xml:139(command)
19092
msgid "sudo cp -R data mywiki"
19093
msgstr ""
19094
19095
#: serverguide/C/lamp-applications.xml:140(command)
19096
msgid "sudo cp -R underlay mywiki"
19097
msgstr ""
19098
19099
#: serverguide/C/lamp-applications.xml:141(command)
19100
msgid "sudo cp server/moin.cgi mywiki"
19101
msgstr ""
19102
19103
#: serverguide/C/lamp-applications.xml:142(command)
19104
msgid "sudo chown -R www-data.www-data mywiki"
19105
msgstr ""
19106
19107
#: serverguide/C/lamp-applications.xml:143(command)
19108
msgid "sudo chmod -R ug+rwX mywiki"
19109
msgstr ""
19110
19111
#: serverguide/C/lamp-applications.xml:144(command)
19112
msgid "sudo chmod -R o-rwx mywiki"
19113
msgstr ""
19114
19115
#: serverguide/C/lamp-applications.xml:147(para)
19116
msgid ""
19117
"Now you should configure <application>MoinMoin</application> to find your "
19118
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19119
"<application>MoinMoin</application>, open "
19120
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19121
msgstr ""
19122
19123
#: serverguide/C/lamp-applications.xml:155(programlisting)
19124
#, no-wrap
19125
msgid "data_dir = '/org/mywiki/data'"
19126
msgstr ""
19127
19128
#: serverguide/C/lamp-applications.xml:157(para)
19129
msgid "to"
19130
msgstr "til"
19131
19132
#: serverguide/C/lamp-applications.xml:161(programlisting)
19133
#, no-wrap
19134
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19135
msgstr ""
19136
19137
#: serverguide/C/lamp-applications.xml:163(para)
19138
msgid ""
19139
"Also, below the <emphasis>data_dir</emphasis> option add the "
19140
"<emphasis>data_underlay_dir</emphasis>:"
19141
msgstr ""
19142
19143
#: serverguide/C/lamp-applications.xml:167(programlisting)
19144
#, no-wrap
19145
msgid ""
19146
"\n"
19147
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19148
msgstr ""
19149
19150
#: serverguide/C/lamp-applications.xml:172(para)
19151
msgid ""
19152
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19153
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19154
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19155
"change."
19156
msgstr ""
19157
19158
#: serverguide/C/lamp-applications.xml:181(para)
19159
msgid ""
19160
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19161
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19162
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19163
"<quote>(\"mywiki\", r\".*\")</quote>."
19164
msgstr ""
19165
19166
#: serverguide/C/lamp-applications.xml:189(para)
19167
msgid ""
19168
"Once you have configured <application>MoinMoin</application> to find your "
19169
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19170
"<application>apache2</application> and make it ready for your Wiki "
19171
"application."
19172
msgstr ""
19173
19174
#: serverguide/C/lamp-applications.xml:196(para)
19175
msgid ""
19176
"You should add the following lines in <filename>/etc/apache2/sites-"
19177
"available/default</filename> file inside the <quote><VirtualHost "
19178
"*></quote> tag:"
19179
msgstr ""
19180
19181
#: serverguide/C/lamp-applications.xml:202(programlisting)
19182
#, no-wrap
19183
msgid ""
19184
"\n"
19185
"### moin\n"
19186
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19187
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19188
" <Directory /usr/share/moin/htdocs>\n"
19189
" Order allow,deny\n"
19190
" allow from all\n"
19191
" </Directory>\n"
19192
"### end moin\n"
19193
msgstr ""
19194
19195
#: serverguide/C/lamp-applications.xml:214(para)
19196
msgid ""
19197
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19198
"<emphasis>alias</emphasis> line above, to the "
19199
"<application>moinmoin</application> version installed."
19200
msgstr ""
19201
19202
#: serverguide/C/lamp-applications.xml:220(para)
19203
msgid ""
19204
"Once you configure the <application>apache2</application> web server and "
19205
"make it ready for your Wiki application, you should restart it. You can run "
19206
"the following command to restart the <application>apache2</application> web "
19207
"server:"
19208
msgstr ""
19209
19210
#: serverguide/C/lamp-applications.xml:233(title)
19211
msgid "Verification"
19212
msgstr "Verificering"
19213
19214
#: serverguide/C/lamp-applications.xml:235(para)
19215
msgid ""
19216
"You can verify the Wiki application and see if it works by pointing your web "
19217
"browser to the following URL:"
19218
msgstr ""
19219
19220
#: serverguide/C/lamp-applications.xml:239(programlisting)
19221
#, no-wrap
19222
msgid ""
19223
"\n"
19224
"http://localhost/mywiki\n"
19225
msgstr ""
19226
19227
#: serverguide/C/lamp-applications.xml:243(para)
19228
msgid ""
19229
"You can also run the test command by pointing your web browser to the "
19230
"following URL:"
19231
msgstr ""
19232
19233
#: serverguide/C/lamp-applications.xml:248(programlisting)
19234
#, no-wrap
19235
msgid ""
19236
"\n"
19237
"http://localhost/mywiki?action=test\n"
19238
msgstr ""
19239
19240
#: serverguide/C/lamp-applications.xml:252(para)
19241
msgid ""
19242
"For more details, please refer to the <ulink "
19243
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19244
msgstr ""
19245
19246
#: serverguide/C/lamp-applications.xml:263(para)
19247
msgid ""
19248
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19249
"Wiki</ulink>."
19250
msgstr ""
19251
19252
#: serverguide/C/lamp-applications.xml:268(para)
19253
msgid ""
19254
"Also, see the <ulink "
19255
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19256
"MoinMoin</ulink> page."
19257
msgstr ""
19258
19259
#: serverguide/C/lamp-applications.xml:277(title)
19260
msgid "MediaWiki"
19261
msgstr "MediaWiki"
19262
19263
#: serverguide/C/lamp-applications.xml:279(para)
19264
msgid ""
19265
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19266
"either use <application>MySQL</application> or "
19267
"<application>PostgreSQL</application> Database Management System."
19268
msgstr ""
19269
19270
#: serverguide/C/lamp-applications.xml:289(para)
19271
msgid ""
19272
"Before installing <application>MediaWiki</application> you should also "
19273
"install <application>Apache2</application>, the "
19274
"<application>PHP5</application> scripting language and Database a Management "
19275
"System. <application>MySQL</application> or "
19276
"<application>PostgreSQL</application> are the most common, choose one "
19277
"depending on your need. Please refer to those sections in this manual for "
19278
"installation instructions."
19279
msgstr ""
19280
19281
#: serverguide/C/lamp-applications.xml:297(para)
19282
msgid ""
19283
"To install <application>MediaWiki</application>, run the following command "
19284
"in the command prompt:"
19285
msgstr ""
19286
19287
#: serverguide/C/lamp-applications.xml:303(command)
19288
msgid "sudo apt-get install mediawiki php5-gd"
19289
msgstr "sudo apt-get install mediawiki php5-gd"
19290
19291
#: serverguide/C/lamp-applications.xml:306(para)
19292
msgid ""
19293
"For additional <application>MediaWiki</application> functionality see the "
19294
"<application>mediawiki-extensions</application> package."
19295
msgstr ""
19296
19297
#: serverguide/C/lamp-applications.xml:316(para)
19298
msgid ""
19299
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19300
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19301
"directory. You should uncomment the following line in this file to access "
19302
"MediaWiki application."
19303
msgstr ""
19304
19305
#: serverguide/C/lamp-applications.xml:324(screen)
19306
#, no-wrap
19307
msgid ""
19308
"\n"
19309
"# Alias /mediawiki /var/lib/mediawiki\n"
19310
msgstr ""
19311
19312
#: serverguide/C/lamp-applications.xml:328(para)
19313
msgid ""
19314
"After you uncomment the above line, restart Apache server and access "
19315
"MediaWiki using the following url:"
19316
msgstr ""
19317
19318
#: serverguide/C/lamp-applications.xml:333(programlisting)
19319
#, no-wrap
19320
msgid ""
19321
"\n"
19322
"http://localhost/mediawiki/config/index.php\n"
19323
msgstr ""
19324
19325
#: serverguide/C/lamp-applications.xml:338(para)
19326
msgid ""
19327
"Please read the <quote>Checking environment...</quote> section in this page. "
19328
"You should be able to fix many issues by carefully reading this section."
19329
msgstr ""
19330
19331
#: serverguide/C/lamp-applications.xml:345(para)
19332
msgid ""
19333
"Once the configuration is complete, you should copy the "
19334
"<filename>LocalSettings.php</filename> file to "
19335
"<filename>/etc/mediawiki</filename> directory:"
19336
msgstr ""
19337
19338
#: serverguide/C/lamp-applications.xml:352(command)
19339
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19340
msgstr ""
19341
19342
#: serverguide/C/lamp-applications.xml:355(para)
19343
msgid ""
19344
"You may also want to edit "
19345
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19346
msgstr ""
19347
19348
#: serverguide/C/lamp-applications.xml:360(programlisting)
19349
#, no-wrap
19350
msgid ""
19351
"\n"
19352
"ini_set( 'memory_limit', '64M' );\n"
19353
msgstr ""
19354
19355
#: serverguide/C/lamp-applications.xml:367(title)
19356
msgid "Extensions"
19357
msgstr "Udvidelser"
19358
19359
#: serverguide/C/lamp-applications.xml:368(para)
19360
msgid ""
19361
"The extensions add new features and enhancements for the MediaWiki "
19362
"application. The extensions give wiki administrators and end users the "
19363
"ability to customize MediaWiki to their requirements."
19364
msgstr ""
19365
19366
#: serverguide/C/lamp-applications.xml:374(para)
19367
msgid ""
19368
"You can download MediaWiki extensions as an archive file or checkout from "
19369
"the Subversion repository. You should copy it to "
19370
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19371
"also add the following line at the end of file: "
19372
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19373
msgstr ""
19374
19375
#: serverguide/C/lamp-applications.xml:382(programlisting)
19376
#, no-wrap
19377
msgid ""
19378
"\n"
19379
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19380
msgstr ""
19381
19382
#: serverguide/C/lamp-applications.xml:392(para)
19383
msgid ""
19384
"For more details, please refer to the <ulink "
19385
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19386
msgstr ""
19387
19388
#: serverguide/C/lamp-applications.xml:398(para)
19389
msgid ""
19390
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19391
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19392
"new MediaWiki administrators."
19393
msgstr ""
19394
19395
#: serverguide/C/lamp-applications.xml:404(para)
19396
msgid ""
19397
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19398
"Wiki MediaWiki</ulink> page is a good resource."
19399
msgstr ""
19400
19401
#: serverguide/C/lamp-applications.xml:414(title)
19402
msgid "phpMyAdmin"
19403
msgstr ""
19404
19405
#: serverguide/C/lamp-applications.xml:416(para)
19406
msgid ""
19407
"<application>phpMyAdmin</application> is a LAMP application specifically "
19408
"written for administering <application>MySQL</application> servers. Written "
19409
"in <application>PHP</application>, and accessed through a web browser, "
19410
"phpMyAdmin provides a graphical interface for database administration tasks."
19411
msgstr ""
19412
19413
#: serverguide/C/lamp-applications.xml:425(para)
19414
msgid ""
19415
"Before installing <application>phpMyAdmin</application> you will need access "
19416
"to a <application>MySQL</application> database either on the same host as "
19417
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19418
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19419
"enter:"
19420
msgstr ""
19421
19422
#: serverguide/C/lamp-applications.xml:432(command)
19423
msgid "sudo apt-get install phpmyadmin"
19424
msgstr "sudo apt-get install phpmyadmin"
19425
19426
#: serverguide/C/lamp-applications.xml:435(para)
19427
msgid ""
19428
"At the prompt choose which web server to be configured for "
19429
"<application>phpMyAdmin</application>. The rest of this section will use "
19430
"<application>Apache2</application> for the web server."
19431
msgstr ""
19432
19433
#: serverguide/C/lamp-applications.xml:440(para)
19434
msgid ""
19435
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19436
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19437
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19438
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19439
"user if you any setup, and enter the <application>MySQL</application> user's "
19440
"password."
19441
msgstr ""
19442
19443
#: serverguide/C/lamp-applications.xml:447(para)
19444
msgid ""
19445
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19446
"needed, create users, create/destroy databases and tables, etc."
19447
msgstr ""
19448
19449
#: serverguide/C/lamp-applications.xml:455(para)
19450
msgid ""
19451
"The configuration files for <application>phpMyAdmin</application> are "
19452
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19453
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19454
"configuration options that apply globally to "
19455
"<application>phpMyAdmin</application>."
19456
msgstr ""
19457
19458
#: serverguide/C/lamp-applications.xml:461(para)
19459
msgid ""
19460
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19461
"hosted on another server, adjust the following in "
19462
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19463
msgstr ""
19464
19465
#: serverguide/C/lamp-applications.xml:466(programlisting)
19466
#, no-wrap
19467
msgid ""
19468
"\n"
19469
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19470
msgstr ""
19471
19472
#: serverguide/C/lamp-applications.xml:471(para)
19473
msgid ""
19474
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19475
"remote database server name or IP address. Also, be sure that the "
19476
"<application>phpMyAdmin</application> host has permissions to access the "
19477
"remote database."
19478
msgstr ""
19479
19480
#: serverguide/C/lamp-applications.xml:477(para)
19481
msgid ""
19482
"Once configured, log out of <application>phpMyAdmin</application> and back "
19483
"in, and you should be accessing the new server."
19484
msgstr ""
19485
19486
#: serverguide/C/lamp-applications.xml:481(para)
19487
msgid ""
19488
"The <filename>config.header.inc.php</filename> and "
19489
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19490
"header and footer to <application>phpMyAdmin</application>."
19491
msgstr ""
19492
19493
#: serverguide/C/lamp-applications.xml:486(para)
19494
msgid ""
19495
"Another important configuration file is "
19496
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19497
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19498
"configure <application>Apache2</application> to serve the "
19499
"<application>phpMyAdmin</application> site. The file contains directives for "
19500
"loading <application>PHP</application>, directory permissions, etc. For more "
19501
"information on configuring <application>Apache2</application> see <xref "
19502
"linkend=\"httpd\"/>."
19503
msgstr ""
19504
19505
#: serverguide/C/lamp-applications.xml:500(para)
19506
msgid ""
19507
"The <application>phpMyAdmin</application> documentation comes installed with "
19508
"the package and can be accessed from the <emphasis>phpMyAdmin "
19509
"Documentation</emphasis> link (a question mark with a box around it) under "
19510
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19511
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19512
msgstr ""
19513
19514
#: serverguide/C/lamp-applications.xml:507(para)
19515
msgid ""
19516
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19517
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19518
msgstr ""
19519
19520
#: serverguide/C/lamp-applications.xml:512(para)
19521
msgid ""
19522
"A third resource is the <ulink "
19523
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19524
"Wiki</ulink> page."
19525
msgstr ""
19526
19527
#: serverguide/C/introduction.xml:14(para)
19528
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19529
msgstr ""
19530
19531
#: serverguide/C/introduction.xml:15(para)
19532
msgid ""
19533
"Here you can find information on how to install and configure various server "
19534
"applications. It is a step-by-step, task-oriented guide for configuring and "
19535
"customizing your system."
19536
msgstr ""
19537
19538
#: serverguide/C/introduction.xml:19(para)
19539
msgid ""
19540
"This guide assumes you have a basic understanding of your Ubuntu system. "
19541
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19542
"but if you need detailed instructions installing Ubuntu please refer to the "
19543
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19544
"Installation Guide</ulink>."
19545
msgstr ""
19546
19547
#: serverguide/C/introduction.xml:25(para)
19548
msgid ""
19549
"A HTML version of the manual is available online at <ulink "
19550
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19551
"HTML files are also available in the <application>ubuntu-"
19552
"serverguide</application> package. See <xref linkend=\"package-"
19553
"management\"/> for details on installing packages."
19554
msgstr ""
19555
19556
#: serverguide/C/introduction.xml:32(para)
19557
msgid ""
19558
"If you choose to install the <application>ubuntu-serverguide</application> "
19559
"you can view this document from a console by:"
19560
msgstr ""
19561
19562
#: serverguide/C/introduction.xml:36(command)
19563
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19564
msgstr ""
19565
19566
#: serverguide/C/introduction.xml:39(para)
19567
msgid ""
19568
"If you are using a localized version of Ubuntu, replace "
19569
"<emphasis>C</emphasis> with your language localization (e.g. "
19570
"<emphasis>en_GB</emphasis>)."
19571
msgstr ""
19572
19573
#: serverguide/C/introduction.xml:53(title)
19574
msgid "Support"
19575
msgstr ""
19576
19577
#: serverguide/C/introduction.xml:55(para)
19578
msgid ""
19579
"There are a couple of different ways that Ubuntu Server Edition is "
19580
"supported, commercial support and community support. The main commercial "
19581
"support (and development funding) is available from Canonical Ltd. They "
19582
"supply reasonably priced support contracts on a per desktop or per server "
19583
"basis. For more information see the <ulink "
19584
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19585
"page."
19586
msgstr ""
19587
19588
#: serverguide/C/introduction.xml:62(para)
19589
msgid ""
19590
"Community support is also provided by dedicated individuals, and companies, "
19591
"that wish to make Ubuntu the best distribution possible. Support is provided "
19592
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19593
"large amount of information available can be overwhelming, but a good search "
19594
"engine query can usually provide an answer to your questions. See the <ulink "
19595
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19596
"information."
19597
msgstr ""
19598
19599
#: serverguide/C/installation.xml:14(para)
19600
msgid ""
19601
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19602
"Edition. For more detailed instructions, please refer to the <ulink "
19603
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19604
"Installation Guide</ulink>."
19605
msgstr ""
19606
19607
#: serverguide/C/installation.xml:19(title)
19608
msgid "Preparing to Install"
19609
msgstr ""
19610
19611
#: serverguide/C/installation.xml:20(para)
19612
msgid ""
19613
"This section explains various aspects to consider before starting the "
19614
"installation."
19615
msgstr ""
19616
19617
#: serverguide/C/installation.xml:24(title)
19618
msgid "System Requirements"
19619
msgstr ""
19620
19621
#: serverguide/C/installation.xml:25(para)
19622
msgid ""
19623
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19624
"and AMD64. The table below lists recommended hardware specifications. "
19625
"Depending on your needs, you might manage with less than this. However, most "
19626
"users risk being frustrated if they ignore these suggestions."
19627
msgstr ""
19628
19629
#: serverguide/C/installation.xml:27(title)
19630
msgid "Recommended Minimum Requirements"
19631
msgstr ""
19632
19633
#: serverguide/C/installation.xml:35(para)
19634
msgid "Install Type"
19635
msgstr ""
19636
19637
#: serverguide/C/installation.xml:36(para)
19638
msgid "RAM"
19639
msgstr "Ram"
19640
19641
#: serverguide/C/installation.xml:37(para)
19642
msgid "Hard Drive Space"
19643
msgstr ""
19644
19645
#: serverguide/C/installation.xml:40(para)
19646
msgid "Base System"
19647
msgstr ""
19648
19649
#: serverguide/C/installation.xml:41(para)
19650
msgid "All Tasks Installed"
19651
msgstr ""
19652
19653
#: serverguide/C/installation.xml:46(para)
19654
msgid "Server"
19655
msgstr "Server"
19656
19657
#: serverguide/C/installation.xml:47(para)
19658
msgid "128 megabytes"
19659
msgstr ""
19660
19661
#: serverguide/C/installation.xml:48(para)
19662
msgid "500 megabytes"
19663
msgstr ""
19664
19665
#: serverguide/C/installation.xml:49(para)
19666
msgid "1 gigabyte"
19667
msgstr ""
19668
19669
#: serverguide/C/installation.xml:54(para)
19670
msgid ""
19671
"The Server Edition provides a common base for all sorts of server "
19672
"applications. It is a minimalist design providing a platform for the desired "
19673
"services, such as file/print services, web hosting, email hosting, etc."
19674
msgstr ""
19675
19676
#: serverguide/C/installation.xml:60(para)
19677
msgid ""
19678
"The requirements for UEC are slightly different for Front End requirements "
19679
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19680
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19681
msgstr ""
19682
19683
#: serverguide/C/installation.xml:68(title)
19684
msgid "Server and Desktop Differences"
19685
msgstr ""
19686
19687
#: serverguide/C/installation.xml:69(para)
19688
msgid ""
19689
"There are a few differences between the <emphasis>Ubuntu Server "
19690
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19691
"should be noted that both editions use the same "
19692
"<application>apt</application> repositories. Making it just as easy to "
19693
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19694
"Desktop Edition as it is on the Server Edition."
19695
msgstr ""
19696
19697
#: serverguide/C/installation.xml:75(para)
19698
msgid ""
19699
"The differences between the two editions are the lack of an X window "
19700
"environment in the Server Edition, the installation process, and different "
19701
"Kernel options."
19702
msgstr ""
19703
19704
#: serverguide/C/installation.xml:82(title)
19705
msgid "Kernel Differences:"
19706
msgstr ""
19707
19708
#: serverguide/C/installation.xml:85(para)
19709
msgid ""
19710
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19711
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19712
"Edition."
19713
msgstr ""
19714
19715
#: serverguide/C/installation.xml:91(para)
19716
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19717
msgstr ""
19718
19719
#: serverguide/C/installation.xml:96(para)
19720
msgid ""
19721
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19722
"Desktop Edition."
19723
msgstr ""
19724
19725
#: serverguide/C/installation.xml:102(para)
19726
msgid ""
19727
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19728
"limited by memory addressing space."
19729
msgstr ""
19730
19731
#: serverguide/C/installation.xml:107(para)
19732
msgid ""
19733
"To see all kernel configuration options you can look through "
19734
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19735
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19736
"is a great resource on the options available."
19737
msgstr ""
19738
19739
#: serverguide/C/installation.xml:116(title)
19740
msgid "Backing Up"
19741
msgstr ""
19742
19743
#: serverguide/C/installation.xml:119(para)
19744
msgid ""
19745
"Before installing <application>Ubuntu Server Edition</application> you "
19746
"should make sure all data on the system is backed up. See <xref "
19747
"linkend=\"backups\"/> for backup options."
19748
msgstr ""
19749
19750
#: serverguide/C/installation.xml:123(para)
19751
msgid ""
19752
"If this is not the first time an operating system has been installed on your "
19753
"computer, it is likely you will need to re-partition your disk to make room "
19754
"for Ubuntu."
19755
msgstr ""
19756
19757
#: serverguide/C/installation.xml:127(para)
19758
msgid ""
19759
"Any time you partition your disk, you should be prepared to lose everything "
19760
"on the disk should you make a mistake or something goes wrong during "
19761
"partitioning. The programs used in installation are quite reliable, most "
19762
"have seen years of use, but they also perform destructive actions."
19763
msgstr ""
19764
19765
#: serverguide/C/installation.xml:139(title)
19766
msgid "Installing from CD"
19767
msgstr ""
19768
19769
#: serverguide/C/installation.xml:140(para)
19770
msgid ""
19771
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19772
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19773
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19774
"a graphical installation program. Instead the Server Edition uses a console "
19775
"menu based process."
19776
msgstr ""
19777
19778
#: serverguide/C/installation.xml:147(para)
19779
msgid ""
19780
"First, download and burn the appropriate ISO file from the <ulink "
19781
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19782
msgstr ""
19783
19784
#: serverguide/C/installation.xml:153(para)
19785
msgid "Boot the system from the CD-ROM drive."
19786
msgstr ""
19787
19788
#: serverguide/C/installation.xml:158(para)
19789
msgid ""
19790
"At the boot prompt you will be asked to select the language. Afterwards the "
19791
"installation process begins by asking for your keyboard layout."
19792
msgstr ""
19793
19794
#: serverguide/C/installation.xml:164(para)
19795
msgid ""
19796
"From the main boot menu there are some additional options to install Ubuntu "
19797
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19798
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19799
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19800
"will cover the basic Ubuntu Server install."
19801
msgstr ""
19802
19803
#: serverguide/C/installation.xml:172(para)
19804
msgid ""
19805
"The installer then discovers your hardware configuration, and configures the "
19806
"network settings using DHCP. If you do not wish to use DHCP at the next "
19807
"screen choose \"Go Back\", and you have the option to \"Configure the "
19808
"network manually\"."
19809
msgstr ""
19810
19811
#: serverguide/C/installation.xml:179(para)
19812
msgid "Next, the installer asks for the system's hostname and Time Zone."
19813
msgstr ""
19814
19815
#: serverguide/C/installation.xml:184(para)
19816
msgid ""
19817
"You can then choose from several options to configure the hard drive layout. "
19818
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19819
msgstr ""
19820
19821
#: serverguide/C/installation.xml:190(para)
19822
msgid "The Ubuntu base system is then installed."
19823
msgstr ""
19824
19825
#: serverguide/C/installation.xml:195(para)
19826
msgid ""
19827
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19828
"through the <application>sudo</application> utility."
19829
msgstr ""
19830
19831
#: serverguide/C/installation.xml:201(para)
19832
msgid ""
19833
"After the user is setup, you will be asked to encrypt your <filename "
19834
"role=\"directory\">home</filename> directory."
19835
msgstr ""
19836
19837
#: serverguide/C/installation.xml:207(para)
19838
msgid ""
19839
"The next step in the installation process is to decide how you want to "
19840
"update the system. There are three options:"
19841
msgstr ""
19842
19843
#: serverguide/C/installation.xml:213(para)
19844
msgid ""
19845
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19846
"log into the machine and manually install updates."
19847
msgstr ""
19848
19849
#: serverguide/C/installation.xml:219(para)
19850
msgid ""
19851
"<emphasis>Install security updates Automatically</emphasis>: will install "
19852
"the <application>unattended-upgrades</application> package, which will "
19853
"install security updates without the intervention of an administrator. For "
19854
"more details see <xref linkend=\"automatic-updates\"/>."
19855
msgstr ""
19856
19857
#: serverguide/C/installation.xml:226(para)
19858
msgid ""
19859
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19860
"service provided by Canonical to help manage your Ubuntu machines. See the "
19861
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19862
"site for details."
19863
msgstr ""
19864
19865
#: serverguide/C/installation.xml:235(para)
19866
msgid ""
19867
"You now have the option to install, or not install, several package tasks. "
19868
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19869
"to launch <application>aptitude</application> to choose specific packages to "
19870
"install. For more information see <xref linkend=\"aptitude\"/>."
19871
msgstr ""
19872
19873
#: serverguide/C/installation.xml:243(para)
19874
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19875
msgstr ""
19876
19877
#: serverguide/C/installation.xml:249(para)
19878
msgid ""
19879
"If at any point during installation you are not satisfied by the default "
19880
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19881
"detailed installation menu that will allow you to modify the default "
19882
"settings."
19883
msgstr ""
19884
19885
#: serverguide/C/installation.xml:254(para)
19886
msgid ""
19887
"At some point during the installation process you may want to read the help "
19888
"screen provided by the installation system. To do this, press F1."
19889
msgstr ""
19890
19891
#: serverguide/C/installation.xml:259(para)
19892
msgid ""
19893
"Once again, for detailed instructions see the <ulink "
19894
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
19895
"Installation Guide</ulink>."
19896
msgstr ""
19897
19898
#: serverguide/C/installation.xml:265(title)
19899
msgid "Package Tasks"
19900
msgstr ""
19901
19902
#: serverguide/C/installation.xml:266(para)
19903
msgid ""
19904
"During the Server Edition installation you have the option of installing "
19905
"additional packages from the CD. The packages are grouped by the type of "
19906
"service they provide."
19907
msgstr ""
19908
19909
#: serverguide/C/installation.xml:272(para)
19910
msgid "Cloud computing: Walrus storage service"
19911
msgstr ""
19912
19913
#: serverguide/C/installation.xml:277(para)
19914
msgid "Cloud computing: all-in-one cluster"
19915
msgstr ""
19916
19917
#: serverguide/C/installation.xml:282(para)
19918
msgid "Cloud computing: Cluster controller"
19919
msgstr ""
19920
19921
#: serverguide/C/installation.xml:287(para)
19922
msgid "Cloud computing: Node controller"
19923
msgstr ""
19924
19925
#: serverguide/C/installation.xml:292(para)
19926
msgid "Cloud computing: Storage controller"
19927
msgstr ""
19928
19929
#: serverguide/C/installation.xml:297(para)
19930
msgid "Cloud computing: top-level cloud controller"
19931
msgstr ""
19932
19933
#: serverguide/C/installation.xml:302(para)
19934
msgid "DNS server: Selects the BIND DNS server and its documentation."
19935
msgstr ""
19936
19937
#: serverguide/C/installation.xml:307(para)
19938
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19939
msgstr ""
19940
19941
#: serverguide/C/installation.xml:312(para)
19942
msgid ""
19943
"Mail server: This task selects a variety of package useful for a general "
19944
"purpose mail server system."
19945
msgstr ""
19946
19947
#: serverguide/C/installation.xml:317(para)
19948
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19949
msgstr ""
19950
19951
#: serverguide/C/installation.xml:322(para)
19952
msgid ""
19953
"PostgreSQL database: This task selects client and server packages for the "
19954
"PostgreSQL database."
19955
msgstr ""
19956
19957
#: serverguide/C/installation.xml:327(para)
19958
msgid "Print server: This task sets up your system to be a print server."
19959
msgstr ""
19960
19961
#: serverguide/C/installation.xml:332(para)
19962
msgid ""
19963
"Samba File server: This task sets up your system to be a Samba file server, "
19964
"which is especially suitable in networks with both Windows and Linux systems."
19965
msgstr ""
19966
19967
#: serverguide/C/installation.xml:338(para)
19968
msgid ""
19969
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19970
"etc."
19971
msgstr ""
19972
19973
#: serverguide/C/installation.xml:343(para)
19974
msgid ""
19975
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19976
msgstr ""
19977
19978
#: serverguide/C/installation.xml:348(para)
19979
msgid ""
19980
"Manually select packages: Executes <application>apptitude</application> "
19981
"allowing you to individually select packages."
19982
msgstr ""
19983
19984
#: serverguide/C/installation.xml:353(para)
19985
msgid ""
19986
"Installing the package groups is accomplished using the "
19987
"<application>tasksel</application> utility. One of the important difference "
19988
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19989
"installed, a package is also configured to reasonable defaults, eventually "
19990
"prompting you for additional required information. Likewise, when installing "
19991
"a task, the packages are not only installed, but also configured to provided "
19992
"a fully integrated service."
19993
msgstr ""
19994
19995
#: serverguide/C/installation.xml:360(para)
19996
msgid ""
19997
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19998
"<xref linkend=\"uec\"/>."
19999
msgstr ""
20000
20001
#: serverguide/C/installation.xml:363(para)
20002
msgid ""
20003
"Once the installation process has finished you can view a list of available "
20004
"tasks by entering the following from a terminal prompt:"
20005
msgstr ""
20006
20007
#: serverguide/C/installation.xml:368(command)
20008
msgid "tasksel --list-tasks"
20009
msgstr ""
20010
20011
#: serverguide/C/installation.xml:371(para)
20012
msgid ""
20013
"The output will list tasks from other Ubuntu based distributions such as "
20014
"Kubuntu and Edubuntu. Note that you can also invoke the "
20015
"<command>tasksel</command> command by itself, which will bring up a menu of "
20016
"the different tasks available."
20017
msgstr ""
20018
20019
#: serverguide/C/installation.xml:377(para)
20020
msgid ""
20021
"You can view a list of which packages are installed with each task using the "
20022
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20023
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20024
"following:"
20025
msgstr ""
20026
20027
#: serverguide/C/installation.xml:382(command)
20028
msgid "tasksel --task-packages dns-server"
20029
msgstr ""
20030
20031
#: serverguide/C/installation.xml:384(para)
20032
msgid "The output of the command should list:"
20033
msgstr ""
20034
20035
#: serverguide/C/installation.xml:387(programlisting)
20036
#, no-wrap
20037
msgid ""
20038
"\n"
20039
"bind9-doc \n"
20040
"bind9utils \n"
20041
"bind9\n"
20042
msgstr ""
20043
20044
#: serverguide/C/installation.xml:392(para)
20045
msgid ""
20046
"Also, if you did not install one of the tasks during the installation "
20047
"process, but for example you decide to make your new LAMP server a DNS "
20048
"server as well. Simply insert the installation CD and from a terminal:"
20049
msgstr ""
20050
20051
#: serverguide/C/installation.xml:397(command)
20052
msgid "sudo tasksel install dns-server"
20053
msgstr "sudo tasksel install dns-server"
20054
20055
#: serverguide/C/installation.xml:402(title)
20056
msgid "Upgrading"
20057
msgstr "Opgraderer"
20058
20059
#: serverguide/C/installation.xml:403(para)
20060
msgid ""
20061
"There are several ways to upgrade from one Ubuntu release to another. This "
20062
"section gives an overview of the recommended upgrade method."
20063
msgstr ""
20064
20065
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20066
msgid "do-release-upgrade"
20067
msgstr ""
20068
20069
#: serverguide/C/installation.xml:408(para)
20070
msgid ""
20071
"The recommended way to upgrade a Server Edition installation is to use the "
20072
"<application>do-release-upgrade</application> utility. Part of the "
20073
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20074
"graphical dependencies and is installed by default."
20075
msgstr ""
20076
20077
#: serverguide/C/installation.xml:413(para)
20078
msgid ""
20079
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20080
"upgrade</command>. However, using <application>do-release-"
20081
"upgrade</application> is recommended because it has the ability to handle "
20082
"system configuration changes sometimes needed between releases."
20083
msgstr ""
20084
20085
#: serverguide/C/installation.xml:418(para)
20086
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20087
msgstr ""
20088
20089
#: serverguide/C/installation.xml:424(para)
20090
msgid ""
20091
"It is also possible to use <application>do-release-upgrade</application> to "
20092
"upgrade to a development version of Ubuntu. To accomplish this use the "
20093
"<emphasis>-d</emphasis> switch:"
20094
msgstr ""
20095
20096
#: serverguide/C/installation.xml:429(command)
20097
msgid "do-release-upgrade -d"
20098
msgstr ""
20099
20100
#: serverguide/C/installation.xml:432(para)
20101
msgid ""
20102
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20103
"for production environments."
20104
msgstr ""
20105
20106
#: serverguide/C/installation.xml:439(title)
20107
msgid "Advanced Installation"
20108
msgstr "Avanceret installation"
20109
20110
#: serverguide/C/installation.xml:442(title)
20111
msgid "Software RAID"
20112
msgstr "Software-RAID"
20113
20114
#: serverguide/C/installation.xml:444(para)
20115
msgid ""
20116
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20117
"the probability of catastrophic data loss in case of drive failure. RAID is "
20118
"implemented in either software (where the operating system knows about both "
20119
"drives and actively maintains both of them) or hardware (where a special "
20120
"controller makes the OS think there's only one drive and maintains the "
20121
"drives 'invisibly')."
20122
msgstr ""
20123
20124
#: serverguide/C/installation.xml:451(para)
20125
msgid ""
20126
"The RAID software included with current versions of Linux (and Ubuntu) is "
20127
"based on the <application>'mdadm'</application> driver and works very well, "
20128
"better even than many so-called 'hardware' RAID controllers. This section "
20129
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20130
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20131
"another for <emphasis>swap</emphasis>."
20132
msgstr ""
20133
20134
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20135
msgid ""
20136
"Follow the installation steps until you get to the <emphasis>Partition "
20137
"disks</emphasis> step, then:"
20138
msgstr ""
20139
20140
#: serverguide/C/installation.xml:468(para)
20141
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20142
msgstr ""
20143
20144
#: serverguide/C/installation.xml:475(para)
20145
msgid ""
20146
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20147
"partition table on this device?\"</emphasis>."
20148
msgstr ""
20149
20150
#: serverguide/C/installation.xml:479(para)
20151
msgid ""
20152
"Repeat this step for each drive you wish to be part of the RAID array."
20153
msgstr ""
20154
20155
#: serverguide/C/installation.xml:486(para)
20156
msgid ""
20157
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20158
"select <emphasis>\"Create a new partition\"</emphasis>."
20159
msgstr ""
20160
20161
#: serverguide/C/installation.xml:493(para)
20162
msgid ""
20163
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20164
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20165
"size is twice that of RAM. Enter the partition size, then choose "
20166
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20167
msgstr ""
20168
20169
#: serverguide/C/installation.xml:502(para)
20170
msgid ""
20171
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20172
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20173
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20174
"<emphasis>\"Done setting up partition\"</emphasis>."
20175
msgstr ""
20176
20177
#: serverguide/C/installation.xml:511(para)
20178
msgid ""
20179
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20180
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20181
"partition\"</emphasis>."
20182
msgstr ""
20183
20184
#: serverguide/C/installation.xml:519(para)
20185
msgid ""
20186
"Use the rest of the free space on the drive and choose "
20187
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20188
msgstr ""
20189
20190
#: serverguide/C/installation.xml:526(para)
20191
msgid ""
20192
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20193
"at the top, changing it to <emphasis>\"physical volume for "
20194
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20195
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20196
"<emphasis>\"Done setting up partition\"</emphasis>."
20197
msgstr ""
20198
20199
#: serverguide/C/installation.xml:536(para)
20200
msgid "Repeat steps three through eight for the other disk and partitions."
20201
msgstr ""
20202
20203
#: serverguide/C/installation.xml:545(title)
20204
msgid "RAID Configuration"
20205
msgstr ""
20206
20207
#: serverguide/C/installation.xml:547(para)
20208
msgid "With the partitions setup the arrays are ready to be configured:"
20209
msgstr ""
20210
20211
#: serverguide/C/installation.xml:554(para)
20212
msgid ""
20213
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20214
"Software RAID\"</emphasis> at the top."
20215
msgstr ""
20216
20217
#: serverguide/C/installation.xml:561(para)
20218
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20219
msgstr ""
20220
20221
#: serverguide/C/installation.xml:568(para)
20222
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20223
msgstr ""
20224
20225
#: serverguide/C/installation.xml:575(para)
20226
msgid ""
20227
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20228
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20229
msgstr ""
20230
20231
#: serverguide/C/installation.xml:581(para)
20232
msgid ""
20233
"In order to use <emphasis>RAID5</emphasis> you need at least "
20234
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20235
"<emphasis>two</emphasis> drives are required."
20236
msgstr ""
20237
20238
#: serverguide/C/installation.xml:590(para)
20239
msgid ""
20240
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20241
"of hard drives you have, for the array. Then select "
20242
"<emphasis>\"Continue\"</emphasis>."
20243
msgstr ""
20244
20245
#: serverguide/C/installation.xml:598(para)
20246
msgid ""
20247
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20248
"default, then choose <emphasis>\"Continue\"</emphasis>."
20249
msgstr ""
20250
20251
#: serverguide/C/installation.xml:605(para)
20252
msgid ""
20253
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20254
"etc. The numbers will usually match and the different letters correspond to "
20255
"different hard drives."
20256
msgstr ""
20257
20258
#: serverguide/C/installation.xml:610(para)
20259
msgid ""
20260
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20261
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20262
"go to the next step."
20263
msgstr ""
20264
20265
#: serverguide/C/installation.xml:618(para)
20266
msgid ""
20267
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20268
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20269
"and <emphasis>sdb2</emphasis>."
20270
msgstr ""
20271
20272
#: serverguide/C/installation.xml:626(para)
20273
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20274
msgstr ""
20275
20276
#: serverguide/C/installation.xml:636(title)
20277
msgid "Formatting"
20278
msgstr "Formaterer"
20279
20280
#: serverguide/C/installation.xml:638(para)
20281
msgid ""
20282
"There should now be a list of hard drives and RAID devices. The next step is "
20283
"to format and set the mount point for the RAID devices. Treat the RAID "
20284
"device as a local hard drive, format and mount accordingly."
20285
msgstr ""
20286
20287
#: serverguide/C/installation.xml:646(para)
20288
msgid ""
20289
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20290
"#0\"</emphasis> partition."
20291
msgstr ""
20292
20293
#: serverguide/C/installation.xml:653(para)
20294
msgid ""
20295
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20296
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20297
msgstr ""
20298
20299
#: serverguide/C/installation.xml:661(para)
20300
msgid ""
20301
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20302
"#1\"</emphasis> partition."
20303
msgstr ""
20304
20305
#: serverguide/C/installation.xml:668(para)
20306
msgid ""
20307
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20308
"journaling file system\"</emphasis>."
20309
msgstr ""
20310
20311
#: serverguide/C/installation.xml:675(para)
20312
msgid ""
20313
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20314
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20315
"options as appropriate, then select <emphasis>\"Done setting up "
20316
"partition\"</emphasis>."
20317
msgstr ""
20318
20319
#: serverguide/C/installation.xml:683(para)
20320
msgid ""
20321
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20322
"disk\"</emphasis>."
20323
msgstr ""
20324
20325
#: serverguide/C/installation.xml:690(para)
20326
msgid ""
20327
"If you choose to place the root partition on a RAID array, the installer "
20328
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20329
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20330
msgstr ""
20331
20332
#: serverguide/C/installation.xml:695(para)
20333
msgid "The installation process will then continue normally."
20334
msgstr ""
20335
20336
#: serverguide/C/installation.xml:701(title)
20337
msgid "Degraded RAID"
20338
msgstr ""
20339
20340
#: serverguide/C/installation.xml:703(para)
20341
msgid ""
20342
"At some point in the life of the computer a disk failure event may occur. "
20343
"When this happens, using Software RAID, the operating system will place the "
20344
"array into what is known as a <emphasis>degraded</emphasis> state."
20345
msgstr ""
20346
20347
#: serverguide/C/installation.xml:708(para)
20348
msgid ""
20349
"If the array has become degraded, due to the chance of data corruption, by "
20350
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20351
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20352
"second prompt giving you the option to go ahead and boot the system, or "
20353
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20354
"the desired behavior, especially if the machine is in a remote location. "
20355
"Booting to a degraded array can be configured several ways:"
20356
msgstr ""
20357
20358
#: serverguide/C/installation.xml:719(para)
20359
msgid ""
20360
"The <application>dpkg-reconfigure</application> utility can be used to "
20361
"configure the default behavior, and during the process you will be queried "
20362
"about additional settings related to the array. Such as monitoring, email "
20363
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20364
"following:"
20365
msgstr ""
20366
20367
#: serverguide/C/installation.xml:726(command)
20368
msgid "sudo dpkg-reconfigure mdadm"
20369
msgstr "sudo dpkg-reconfigure mdadm"
20370
20371
#: serverguide/C/installation.xml:732(para)
20372
msgid ""
20373
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20374
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20375
"The file has the advantage of being able to pre-configure the system's "
20376
"behavior, and can also be manually edited:"
20377
msgstr ""
20378
20379
#: serverguide/C/installation.xml:738(programlisting)
20380
#, no-wrap
20381
msgid ""
20382
"\n"
20383
"BOOT_DEGRADED=true\n"
20384
msgstr ""
20385
20386
#: serverguide/C/installation.xml:743(para)
20387
msgid "The configuration file can be overridden by using a Kernel argument."
20388
msgstr ""
20389
20390
#: serverguide/C/installation.xml:751(para)
20391
msgid ""
20392
"Using a Kernel argument will allow the system to boot to a degraded array as "
20393
"well:"
20394
msgstr ""
20395
20396
#: serverguide/C/installation.xml:757(para)
20397
msgid ""
20398
"When the server is booting press <keycap>Shift</keycap> to open the "
20399
"<application>Grub</application> menu."
20400
msgstr ""
20401
20402
#: serverguide/C/installation.xml:762(para)
20403
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20404
msgstr ""
20405
20406
#: serverguide/C/installation.xml:767(para)
20407
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20408
msgstr ""
20409
20410
#: serverguide/C/installation.xml:772(para)
20411
msgid ""
20412
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20413
"end of the line."
20414
msgstr ""
20415
20416
#: serverguide/C/installation.xml:777(para)
20417
msgid ""
20418
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20419
"the system."
20420
msgstr ""
20421
20422
#: serverguide/C/installation.xml:786(para)
20423
msgid ""
20424
"Once the system has booted you can either repair the array see <xref "
20425
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20426
"another machine due to major hardware failure."
20427
msgstr ""
20428
20429
#: serverguide/C/installation.xml:793(title)
20430
msgid "RAID Maintenance"
20431
msgstr ""
20432
20433
#: serverguide/C/installation.xml:795(para)
20434
msgid ""
20435
"The <application>mdadm</application> utility can be used to view the status "
20436
"of an array, add disks to an array, remove disks, etc:"
20437
msgstr ""
20438
20439
#: serverguide/C/installation.xml:802(para)
20440
msgid "To view the status of an array, from a terminal prompt enter:"
20441
msgstr ""
20442
20443
#: serverguide/C/installation.xml:806(command)
20444
msgid "sudo mdadm -D /dev/md0"
20445
msgstr "sudo mdadm -D /dev/md0"
20446
20447
#: serverguide/C/installation.xml:809(para)
20448
msgid ""
20449
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20450
"display <emphasis>detailed</emphasis> information about the "
20451
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20452
"with the appropriate RAID device."
20453
msgstr ""
20454
20455
#: serverguide/C/installation.xml:815(para)
20456
msgid "To view the status of a disk in an array:"
20457
msgstr ""
20458
20459
#: serverguide/C/installation.xml:819(command)
20460
msgid "sudo mdadm -E /dev/sda1"
20461
msgstr "sudo mdadm -E /dev/sda1"
20462
20463
#: serverguide/C/installation.xml:821(para)
20464
msgid ""
20465
"The output if very similar to the <command>mdadm -D</command> command, "
20466
"adjust <filename>/dev/sda1</filename> for each disk."
20467
msgstr ""
20468
20469
#: serverguide/C/installation.xml:826(para)
20470
msgid "If a disk fails and needs to be removed from an array enter:"
20471
msgstr ""
20472
20473
#: serverguide/C/installation.xml:830(command)
20474
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20475
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
20476
20477
#: serverguide/C/installation.xml:832(para)
20478
msgid ""
20479
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20480
"the appropriate RAID device and disk."
20481
msgstr ""
20482
20483
#: serverguide/C/installation.xml:837(para)
20484
msgid "Similarly, to add a new disk:"
20485
msgstr ""
20486
20487
#: serverguide/C/installation.xml:841(command)
20488
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20489
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
20490
20491
#: serverguide/C/installation.xml:846(para)
20492
msgid ""
20493
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20494
"though there is nothing physically wrong with the drive. It is usually "
20495
"worthwhile to remove the drive from the array then re-add it. This will "
20496
"cause the drive to re-sync with the array. If the drive will not sync with "
20497
"the array, it is a good indication of hardware failure."
20498
msgstr ""
20499
20500
#: serverguide/C/installation.xml:852(para)
20501
msgid ""
20502
"The <filename>/proc/mdstat</filename> file also contains useful information "
20503
"about the system's RAID devices:"
20504
msgstr ""
20505
20506
#: serverguide/C/installation.xml:857(command)
20507
msgid "cat /proc/mdstat"
20508
msgstr ""
20509
20510
#: serverguide/C/installation.xml:858(computeroutput)
20511
#, no-wrap
20512
msgid ""
20513
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20514
"[raid10] \n"
20515
"md0 : active raid1 sda1[0] sdb1[1]\n"
20516
" 10016384 blocks [2/2] [UU]\n"
20517
" \n"
20518
"unused devices: <none>"
20519
msgstr ""
20520
20521
#: serverguide/C/installation.xml:865(para)
20522
msgid ""
20523
"The following command is great for watching the status of a syncing drive:"
20524
msgstr ""
20525
20526
#: serverguide/C/installation.xml:870(command)
20527
msgid "watch -n1 cat /proc/mdstat"
20528
msgstr ""
20529
20530
#: serverguide/C/installation.xml:873(para)
20531
msgid ""
20532
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20533
"<application>watch</application> command."
20534
msgstr ""
20535
20536
#: serverguide/C/installation.xml:877(para)
20537
msgid ""
20538
"If you do need to replace a faulty drive, after the drive has been replaced "
20539
"and synced, <application>grub</application> will need to be installed. To "
20540
"install <application>grub</application> on the new drive, enter the "
20541
"following:"
20542
msgstr ""
20543
20544
#: serverguide/C/installation.xml:883(command)
20545
msgid "sudo grub-install /dev/md0"
20546
msgstr "sudo grub-install /dev/md0"
20547
20548
#: serverguide/C/installation.xml:886(para)
20549
msgid ""
20550
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20551
msgstr ""
20552
20553
#: serverguide/C/installation.xml:894(para)
20554
msgid ""
20555
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20556
"can be configured. Please see the following links for more information:"
20557
msgstr ""
20558
20559
#: serverguide/C/installation.xml:901(para)
20560
msgid ""
20561
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20562
"Wiki Articles on RAID</ulink>."
20563
msgstr ""
20564
20565
#: serverguide/C/installation.xml:907(ulink)
20566
msgid "Software RAID HOWTO"
20567
msgstr ""
20568
20569
#: serverguide/C/installation.xml:912(ulink)
20570
msgid "Managing RAID on Linux"
20571
msgstr ""
20572
20573
#: serverguide/C/installation.xml:919(title)
20574
msgid "Logical Volume Manager (LVM)"
20575
msgstr ""
20576
20577
#: serverguide/C/installation.xml:921(para)
20578
msgid ""
20579
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20580
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20581
"hard disks. LVM volumes can be created on both software RAID partitions and "
20582
"standard partitions residing on a single disk. Volumes can also be extended, "
20583
"giving greater flexibility to systems as requirements change."
20584
msgstr ""
20585
20586
#: serverguide/C/installation.xml:930(para)
20587
msgid ""
20588
"A side effect of LVM's power and flexibility is a greater degree of "
20589
"complication. Before diving into the LVM installation process, it is best to "
20590
"get familiar with some terms."
20591
msgstr ""
20592
20593
#: serverguide/C/installation.xml:937(para)
20594
msgid ""
20595
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20596
"Volumes (LV)."
20597
msgstr ""
20598
20599
#: serverguide/C/installation.xml:942(para)
20600
msgid ""
20601
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20602
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20603
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20604
msgstr ""
20605
20606
#: serverguide/C/installation.xml:948(para)
20607
msgid ""
20608
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20609
"RAID partition. The Volume Group can be extended by adding more PVs."
20610
msgstr ""
20611
20612
#: serverguide/C/installation.xml:959(para)
20613
msgid ""
20614
"As an example this section covers installing Ubuntu Server Edition with "
20615
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20616
"the initial install only one Physical Volume (PV) will be part of the Volume "
20617
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20618
"can be extended."
20619
msgstr ""
20620
20621
#: serverguide/C/installation.xml:965(para)
20622
msgid ""
20623
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20624
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20625
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20626
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20627
"partitions and configure LVM. At this time the only way to configure a "
20628
"system with both LVM and standard partitions, during installation, is to use "
20629
"the Manual approach."
20630
msgstr ""
20631
20632
#: serverguide/C/installation.xml:982(para)
20633
msgid ""
20634
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20635
"<emphasis>\"Manual\"</emphasis>."
20636
msgstr ""
20637
20638
#: serverguide/C/installation.xml:989(para)
20639
msgid ""
20640
"Select the hard disk and on the next screen choose \"yes\" to "
20641
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20642
msgstr ""
20643
20644
#: serverguide/C/installation.xml:996(para)
20645
msgid ""
20646
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20647
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20648
msgstr ""
20649
20650
#: serverguide/C/installation.xml:1004(para)
20651
msgid ""
20652
"For the LVM <emphasis>/srv</emphasis>, create a new "
20653
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20654
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20655
"<emphasis>\"Done setting up the partition\"</emphasis>."
20656
msgstr ""
20657
20658
#: serverguide/C/installation.xml:1012(para)
20659
msgid ""
20660
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20661
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20662
"disk."
20663
msgstr ""
20664
20665
#: serverguide/C/installation.xml:1020(para)
20666
msgid ""
20667
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20668
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20669
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20670
"After entering a name, select the partition configured for LVM, and choose "
20671
"<emphasis>\"Continue\"</emphasis>."
20672
msgstr ""
20673
20674
#: serverguide/C/installation.xml:1029(para)
20675
msgid ""
20676
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20677
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20678
"volume group, and enter a name for the new LV, for example "
20679
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20680
"a size, which may be the full partition because it can always be extended "
20681
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20682
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20683
msgstr ""
20684
20685
#: serverguide/C/installation.xml:1039(para)
20686
msgid ""
20687
"Now add a filesystem to the new LVM. Select the partition under "
20688
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20689
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20690
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20691
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20692
msgstr ""
20693
20694
#: serverguide/C/installation.xml:1048(para)
20695
msgid ""
20696
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20697
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20698
"the installation."
20699
msgstr ""
20700
20701
#: serverguide/C/installation.xml:1056(para)
20702
msgid "There are some useful utilities to view information about LVM:"
20703
msgstr ""
20704
20705
#: serverguide/C/installation.xml:1061(para)
20706
msgid ""
20707
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20708
msgstr ""
20709
20710
#: serverguide/C/installation.xml:1062(para)
20711
msgid ""
20712
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20713
msgstr ""
20714
20715
#: serverguide/C/installation.xml:1063(para)
20716
msgid ""
20717
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20718
"Physical Volumes."
20719
msgstr ""
20720
20721
#: serverguide/C/installation.xml:1068(title)
20722
msgid "Extending Volume Groups"
20723
msgstr ""
20724
20725
#: serverguide/C/installation.xml:1070(para)
20726
msgid ""
20727
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20728
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20729
"adding it to the volume group (VG), extending the logical volume <filename "
20730
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20731
"example assumes a second hard disk has been added to the system. This hard "
20732
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20733
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20734
"before issuing the commands below. You could lose some data if you issue "
20735
"those commands on a non-empty disk. In our example we will use the entire "
20736
"disk as a physical volume (you could choose to create partitions and use "
20737
"them as different physical volumes)"
20738
msgstr ""
20739
20740
#: serverguide/C/installation.xml:1082(para)
20741
msgid "First, create the physical volume, in a terminal execute:"
20742
msgstr ""
20743
20744
#: serverguide/C/installation.xml:1087(command)
20745
msgid "sudo pvcreate /dev/sdb"
20746
msgstr "sudo pvcreate /dev/sdb"
20747
20748
#: serverguide/C/installation.xml:1093(para)
20749
msgid "Now extend the Volume Group (VG):"
20750
msgstr ""
20751
20752
#: serverguide/C/installation.xml:1098(command)
20753
msgid "sudo vgextend vg01 /dev/sdb"
20754
msgstr "sudo vgextend vg01 /dev/sdb"
20755
20756
#: serverguide/C/installation.xml:1104(para)
20757
msgid ""
20758
"Use <application>vgdisplay</application> to find out the free physical "
20759
"extents - Free PE / size (the size you can allocate). We will assume a free "
20760
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20761
"whole free space available. Use your own PE and/or free space."
20762
msgstr ""
20763
20764
#: serverguide/C/installation.xml:1110(para)
20765
msgid ""
20766
"The Logical Volume (LV) can now be extended by different methods, we will "
20767
"only see how to use the PE to extend the LV:"
20768
msgstr ""
20769
20770
#: serverguide/C/installation.xml:1115(command)
20771
msgid "sudo lvextend /dev/vg01/srv -l +511"
20772
msgstr "sudo lvextend /dev/vg01/srv -l +511"
20773
20774
#: serverguide/C/installation.xml:1118(para)
20775
msgid ""
20776
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20777
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20778
"Gig, Tera, etc bytes."
20779
msgstr ""
20780
20781
#: serverguide/C/installation.xml:1126(para)
20782
msgid ""
20783
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20784
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20785
"practice to unmount it anyway and check the filesystem, so that you don't "
20786
"mess up the day you want to reduce a logical volume (in that case unmounting "
20787
"first is compulsory)."
20788
msgstr ""
20789
20790
#: serverguide/C/installation.xml:1132(para)
20791
msgid ""
20792
"The following commands are for an <emphasis>EXT3</emphasis> or "
20793
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20794
"there may be other utilities available."
20795
msgstr ""
20796
20797
#: serverguide/C/installation.xml:1139(command)
20798
msgid "sudo e2fsck -f /dev/vg01/srv"
20799
msgstr "sudo e2fsck -f /dev/vg01/srv"
20800
20801
#: serverguide/C/installation.xml:1142(para)
20802
msgid ""
20803
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20804
"forces checking even if the system seems clean."
20805
msgstr ""
20806
20807
#: serverguide/C/installation.xml:1149(para)
20808
msgid "Finally, resize the filesystem:"
20809
msgstr ""
20810
20811
#: serverguide/C/installation.xml:1154(command)
20812
msgid "sudo resize2fs /dev/vg01/srv"
20813
msgstr "sudo resize2fs /dev/vg01/srv"
20814
20815
#: serverguide/C/installation.xml:1160(para)
20816
msgid "Now mount the partition and check its size."
20817
msgstr ""
20818
20819
#: serverguide/C/installation.xml:1165(command)
20820
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20821
msgstr ""
20822
20823
#: serverguide/C/installation.xml:1177(para)
20824
msgid ""
20825
"See the <ulink "
20826
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20827
"Articles</ulink>."
20828
msgstr ""
20829
20830
#: serverguide/C/installation.xml:1182(para)
20831
msgid ""
20832
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20833
"HOWTO</ulink> for more information."
20834
msgstr ""
20835
20836
#: serverguide/C/installation.xml:1187(para)
20837
msgid ""
20838
"Another good article is <ulink "
20839
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20840
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20841
"linuxdevcenter.com site."
20842
msgstr ""
20843
20844
#: serverguide/C/installation.xml:1194(para)
20845
msgid ""
20846
"For more information on <application>fdisk</application> see the <ulink "
20847
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20848
"sk man page</ulink>."
20849
msgstr ""
20850
20851
#: serverguide/C/file-server.xml:13(title)
20852
msgid "File Servers"
20853
msgstr ""
20854
20855
#: serverguide/C/file-server.xml:15(para)
20856
msgid ""
20857
"If you have more than one computer on a single network. At some point you "
20858
"will probably need to share files between them. In this section we cover "
20859
"installing and configuring FTP, NFS, and CUPS."
20860
msgstr ""
20861
20862
#: serverguide/C/file-server.xml:22(title)
20863
msgid "FTP Server"
20864
msgstr "FTP-server"
20865
20866
#: serverguide/C/file-server.xml:24(para)
20867
msgid ""
20868
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20869
"files between computers. FTP works on a client/server model. The server "
20870
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20871
"listens for FTP requests from remote clients. When a request is received, it "
20872
"manages the login and sets up the connection. For the duration of the "
20873
"session it executes any of commands sent by the FTP client."
20874
msgstr ""
20875
20876
#: serverguide/C/file-server.xml:33(para)
20877
msgid "Access to an FTP server can be managed in two ways:"
20878
msgstr ""
20879
20880
#: serverguide/C/file-server.xml:37(para)
20881
msgid "Anonymous"
20882
msgstr "Anonym"
20883
20884
#: serverguide/C/file-server.xml:40(para)
20885
msgid "Authenticated"
20886
msgstr ""
20887
20888
#: serverguide/C/file-server.xml:43(para)
20889
msgid ""
20890
"In the Anonymous mode, remote clients can access the FTP server by using the "
20891
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20892
"address as the password. In the Authenticated mode a user must have an "
20893
"account and a password. User access to the FTP server directories and files "
20894
"is dependent on the permissions defined for the account used at login. As a "
20895
"general rule, the FTP daemon will hide the root directory of the FTP server "
20896
"and change it to the FTP Home directory. This hides the rest of the file "
20897
"system from remote sessions."
20898
msgstr ""
20899
20900
#: serverguide/C/file-server.xml:55(title)
20901
msgid "vsftpd - FTP Server Installation"
20902
msgstr ""
20903
20904
#: serverguide/C/file-server.xml:57(para)
20905
msgid ""
20906
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20907
"and maintain. To install <application>vsftpd</application> you can run the "
20908
"following command:"
20909
msgstr ""
20910
20911
#: serverguide/C/file-server.xml:65(command)
20912
msgid "sudo apt-get install vsftpd"
20913
msgstr "sudo apt-get install vsftpd"
20914
20915
#: serverguide/C/file-server.xml:71(title)
20916
msgid "Anonymous FTP Configuration"
20917
msgstr ""
20918
20919
#: serverguide/C/file-server.xml:73(para)
20920
msgid ""
20921
"By default <application>vsftpd</application> is configured to only allow "
20922
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20923
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20924
"default FTP directory."
20925
msgstr ""
20926
20927
#: serverguide/C/file-server.xml:80(para)
20928
msgid ""
20929
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20930
"example, simply create a directory in another location and change the "
20931
"<emphasis>ftp</emphasis> user's home directory:"
20932
msgstr ""
20933
20934
#: serverguide/C/file-server.xml:87(command)
20935
msgid "sudo mkdir /srv/ftp"
20936
msgstr "sudo mkdir /srv/ftp"
20937
20938
#: serverguide/C/file-server.xml:88(command)
20939
msgid "sudo usermod -d /srv/ftp ftp"
20940
msgstr "sudo usermod -d /srv/ftp ftp"
20941
20942
#: serverguide/C/file-server.xml:91(para)
20943
msgid "After making the change restart <application>vsftpd</application>:"
20944
msgstr ""
20945
20946
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20947
msgid "sudo /etc/init.d/vsftpd restart"
20948
msgstr "sudo /etc/init.d/vsftpd restart"
20949
20950
#: serverguide/C/file-server.xml:99(para)
20951
msgid ""
20952
"Finally, copy any files and directories you would like to make available "
20953
"through anonymous FTP to <filename>/srv/ftp</filename>."
20954
msgstr ""
20955
20956
#: serverguide/C/file-server.xml:106(title)
20957
msgid "User Authenticated FTP Configuration"
20958
msgstr ""
20959
20960
#: serverguide/C/file-server.xml:108(para)
20961
msgid ""
20962
"To configure <application>vsftpd</application> to authenticate system users "
20963
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20964
msgstr ""
20965
20966
#: serverguide/C/file-server.xml:114(programlisting)
20967
#, no-wrap
20968
msgid ""
20969
"\n"
20970
"local_enable=YES\n"
20971
"write_enable=YES\n"
20972
msgstr ""
20973
20974
#: serverguide/C/file-server.xml:119(para)
20975
msgid "Now restart <application>vsftpd</application>:"
20976
msgstr ""
20977
20978
#: serverguide/C/file-server.xml:127(para)
20979
msgid ""
20980
"Now when system users login to FTP they will start in their "
20981
"<emphasis>home</emphasis> directories where they can download, upload, "
20982
"create directories, etc."
20983
msgstr ""
20984
20985
#: serverguide/C/file-server.xml:133(para)
20986
msgid ""
20987
"Similarly, by default, the anonymous users are not allowed to upload files "
20988
"to FTP server. To change this setting, you should uncomment the following "
20989
"line, and restart <application>vsftpd</application>:"
20990
msgstr ""
20991
20992
#: serverguide/C/file-server.xml:140(programlisting)
20993
#, no-wrap
20994
msgid ""
20995
"\n"
20996
"anon_upload_enable=YES\n"
20997
msgstr ""
20998
20999
#: serverguide/C/file-server.xml:145(para)
21000
msgid ""
21001
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21002
"not enable anonymous upload on servers accessed directly from the Internet."
21003
msgstr ""
21004
21005
#: serverguide/C/file-server.xml:151(para)
21006
msgid ""
21007
"The configuration file consists of many configuration parameters. The "
21008
"information about each parameter is available in the configuration file. "
21009
"Alternatively, you can refer to the man page, <command>man 5 "
21010
"vsftpd.conf</command> for details of each parameter."
21011
msgstr ""
21012
21013
#: serverguide/C/file-server.xml:162(title)
21014
msgid "Securing FTP"
21015
msgstr ""
21016
21017
#: serverguide/C/file-server.xml:164(para)
21018
msgid ""
21019
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21020
"<application>vsftpd</application> more secure. For example users can be "
21021
"limited to their home directories by uncommenting:"
21022
msgstr ""
21023
21024
#: serverguide/C/file-server.xml:170(programlisting)
21025
#, no-wrap
21026
msgid ""
21027
"\n"
21028
"chroot_local_user=YES\n"
21029
msgstr ""
21030
21031
#: serverguide/C/file-server.xml:174(para)
21032
msgid ""
21033
"You can also limit a specific list of users to just their home directories:"
21034
msgstr ""
21035
21036
#: serverguide/C/file-server.xml:178(programlisting)
21037
#, no-wrap
21038
msgid ""
21039
"\n"
21040
"chroot_list_enable=YES\n"
21041
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21042
msgstr ""
21043
21044
#: serverguide/C/file-server.xml:183(para)
21045
msgid ""
21046
"After uncommenting the above options, create a "
21047
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21048
"per line. Then restart <application>vsftpd</application>:"
21049
msgstr ""
21050
21051
#: serverguide/C/file-server.xml:192(para)
21052
msgid ""
21053
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21054
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21055
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21056
"add them to the list."
21057
msgstr ""
21058
21059
#: serverguide/C/file-server.xml:199(para)
21060
msgid ""
21061
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21062
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21063
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21064
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21065
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21066
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21067
"with a shell may not be ideal for some environments, such as a shared web "
21068
"host."
21069
msgstr ""
21070
21071
#: serverguide/C/file-server.xml:208(para)
21072
msgid ""
21073
"To configure <emphasis>FTPS</emphasis>, edit "
21074
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21075
msgstr ""
21076
21077
#: serverguide/C/file-server.xml:212(programlisting)
21078
#, no-wrap
21079
msgid ""
21080
"\n"
21081
"ssl_enable=Yes\n"
21082
msgstr ""
21083
21084
#: serverguide/C/file-server.xml:216(para)
21085
msgid "Also, notice the certificate and key related options:"
21086
msgstr ""
21087
21088
#: serverguide/C/file-server.xml:220(programlisting)
21089
#, no-wrap
21090
msgid ""
21091
"\n"
21092
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21093
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21094
msgstr ""
21095
21096
#: serverguide/C/file-server.xml:225(para)
21097
msgid ""
21098
"By default these options are set the certificate and key provided by the "
21099
"<application>ssl-cert</application> package. In a production environment "
21100
"these should be replaced with a certificate and key generated for the "
21101
"specific host. For more information on certificates see <xref "
21102
"linkend=\"certificates-and-security\"/>."
21103
msgstr ""
21104
21105
#: serverguide/C/file-server.xml:231(para)
21106
msgid ""
21107
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21108
"be forced to use <emphasis>FTPS</emphasis>:"
21109
msgstr ""
21110
21111
#: serverguide/C/file-server.xml:240(para)
21112
msgid ""
21113
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21114
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21115
"adding the <emphasis>nologin</emphasis> shell:"
21116
msgstr ""
21117
21118
#: serverguide/C/file-server.xml:245(programlisting)
21119
#, no-wrap
21120
msgid ""
21121
"\n"
21122
"# /etc/shells: valid login shells\n"
21123
"/bin/csh\n"
21124
"/bin/sh\n"
21125
"/usr/bin/es\n"
21126
"/usr/bin/ksh\n"
21127
"/bin/ksh\n"
21128
"/usr/bin/rc\n"
21129
"/usr/bin/tcsh\n"
21130
"/bin/tcsh\n"
21131
"/usr/bin/esh\n"
21132
"/bin/dash\n"
21133
"/bin/bash\n"
21134
"/bin/rbash\n"
21135
"/usr/bin/screen\n"
21136
"/usr/sbin/nologin\n"
21137
msgstr ""
21138
21139
#: serverguide/C/file-server.xml:263(para)
21140
msgid ""
21141
"This is necessary because, by default <application>vsftpd</application> uses "
21142
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21143
"configuration file contains:"
21144
msgstr ""
21145
21146
#: serverguide/C/file-server.xml:268(programlisting)
21147
#, no-wrap
21148
msgid ""
21149
"\n"
21150
"auth required pam_shells.so\n"
21151
msgstr ""
21152
21153
#: serverguide/C/file-server.xml:272(para)
21154
msgid ""
21155
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21156
"in the <filename>/etc/shells</filename> file."
21157
msgstr ""
21158
21159
#: serverguide/C/file-server.xml:277(para)
21160
msgid ""
21161
"Most popular FTP clients can be configured connect using FTPS. The "
21162
"<application>lftp</application> command line FTP client has the ability to "
21163
"use FTPS as well."
21164
msgstr ""
21165
21166
#: serverguide/C/file-server.xml:288(para)
21167
msgid ""
21168
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21169
"website</ulink> for more information."
21170
msgstr ""
21171
21172
#: serverguide/C/file-server.xml:293(para)
21173
msgid ""
21174
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21175
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21176
"\">vsftpd.conf man page</ulink>."
21177
msgstr ""
21178
21179
#: serverguide/C/file-server.xml:299(para)
21180
msgid ""
21181
"The CodeGurus article <ulink "
21182
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21183
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21184
"contrasting FTPS and SFTP."
21185
msgstr ""
21186
21187
#: serverguide/C/file-server.xml:305(para)
21188
msgid ""
21189
"Also, for more information see the <ulink "
21190
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21191
"page."
21192
msgstr ""
21193
21194
#: serverguide/C/file-server.xml:315(title)
21195
msgid "Network File System (NFS)"
21196
msgstr ""
21197
21198
#: serverguide/C/file-server.xml:316(para)
21199
msgid ""
21200
"NFS allows a system to share directories and files with others over a "
21201
"network. By using NFS, users and programs can access files on remote systems "
21202
"almost as if they were local files."
21203
msgstr ""
21204
21205
#: serverguide/C/file-server.xml:322(para)
21206
msgid "Some of the most notable benefits that NFS can provide are:"
21207
msgstr ""
21208
21209
#: serverguide/C/file-server.xml:328(para)
21210
msgid ""
21211
"Local workstations use less disk space because commonly used data can be "
21212
"stored on a single machine and still remain accessible to others over the "
21213
"network."
21214
msgstr ""
21215
21216
#: serverguide/C/file-server.xml:333(para)
21217
msgid ""
21218
"There is no need for users to have separate home directories on every "
21219
"network machine. Home directories could be set up on the NFS server and made "
21220
"available throughout the network."
21221
msgstr ""
21222
21223
#: serverguide/C/file-server.xml:339(para)
21224
msgid ""
21225
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21226
"be used by other machines on the network. This may reduce the number of "
21227
"removable media drives throughout the network."
21228
msgstr ""
21229
21230
#: serverguide/C/file-server.xml:349(para)
21231
msgid ""
21232
"At a terminal prompt enter the following command to install the NFS Server:"
21233
msgstr ""
21234
21235
#: serverguide/C/file-server.xml:355(command)
21236
msgid "sudo apt-get install nfs-kernel-server"
21237
msgstr "sudo apt-get install nfs-kernel-server"
21238
21239
#: serverguide/C/file-server.xml:361(para)
21240
msgid ""
21241
"You can configure the directories to be exported by adding them to the "
21242
"<filename>/etc/exports</filename> file. For example:"
21243
msgstr ""
21244
21245
#: serverguide/C/file-server.xml:366(screen)
21246
#, no-wrap
21247
msgid ""
21248
"\n"
21249
"/ubuntu *(ro,sync,no_root_squash)\n"
21250
"/home *(rw,sync,no_root_squash)\n"
21251
msgstr ""
21252
"\n"
21253
"/ubuntu *(ro,sync,no_root_squash)\n"
21254
"/home *(rw,sync,no_root_squash)\n"
21255
21256
#: serverguide/C/file-server.xml:372(para)
21257
msgid ""
21258
"You can replace * with one of the hostname formats. Make the hostname "
21259
"declaration as specific as possible so unwanted systems cannot access the "
21260
"NFS mount."
21261
msgstr ""
21262
21263
#: serverguide/C/file-server.xml:378(para)
21264
msgid ""
21265
"To start the NFS server, you can run the following command at a terminal "
21266
"prompt:"
21267
msgstr ""
21268
21269
#: serverguide/C/file-server.xml:383(command)
21270
msgid "sudo /etc/init.d/nfs-kernel-server start"
21271
msgstr "sudo /etc/init.d/nfs-kernel-server start"
21272
21273
#: serverguide/C/file-server.xml:388(title)
21274
msgid "NFS Client Configuration"
21275
msgstr ""
21276
21277
#: serverguide/C/file-server.xml:389(para)
21278
msgid ""
21279
"Use the <application>mount</application> command to mount a shared NFS "
21280
"directory from another machine, by typing a command line similar to the "
21281
"following at a terminal prompt:"
21282
msgstr ""
21283
21284
#: serverguide/C/file-server.xml:395(command)
21285
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21286
msgstr ""
21287
21288
#: serverguide/C/file-server.xml:399(para)
21289
msgid ""
21290
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21291
"There should be no files or subdirectories in the "
21292
"<filename>/local/ubuntu</filename> directory."
21293
msgstr ""
21294
21295
#: serverguide/C/file-server.xml:406(para)
21296
msgid ""
21297
"An alternate way to mount an NFS share from another machine is to add a line "
21298
"to the <filename>/etc/fstab</filename> file. The line must state the "
21299
"hostname of the NFS server, the directory on the server being exported, and "
21300
"the directory on the local machine where the NFS share is to be mounted."
21301
msgstr ""
21302
21303
#: serverguide/C/file-server.xml:414(para)
21304
msgid ""
21305
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21306
"as follows:"
21307
msgstr ""
21308
21309
#: serverguide/C/file-server.xml:420(programlisting)
21310
#, no-wrap
21311
msgid ""
21312
"\n"
21313
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21314
"rsize=8192,wsize=8192,timeo=14,intr\n"
21315
msgstr ""
21316
21317
#: serverguide/C/file-server.xml:424(para)
21318
msgid ""
21319
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21320
"common</application> package is installed on your client. To install "
21321
"<application>nfs-common</application> enter the following command at the "
21322
"terminal prompt: <screen>\n"
21323
"<command>sudo apt-get install nfs-common</command>\n"
21324
"</screen>"
21325
msgstr ""
21326
21327
#: serverguide/C/file-server.xml:437(ulink)
21328
msgid "Linux NFS faq"
21329
msgstr ""
21330
21331
#: serverguide/C/file-server.xml:439(ulink)
21332
msgid "Ubuntu Wiki NFS Howto"
21333
msgstr ""
21334
21335
#: serverguide/C/file-server.xml:445(title)
21336
msgid "CUPS - Print Server"
21337
msgstr ""
21338
21339
#: serverguide/C/file-server.xml:446(para)
21340
msgid ""
21341
"The primary mechanism for Ubuntu printing and print services is the "
21342
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21343
"printing system is a freely available, portable printing layer which has "
21344
"become the new standard for printing in most Linux distributions."
21345
msgstr ""
21346
21347
#: serverguide/C/file-server.xml:453(para)
21348
msgid ""
21349
"CUPS manages print jobs and queues and provides network printing using the "
21350
"standard Internet Printing Protocol (IPP), while offering support for a very "
21351
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21352
"also supports PostScript Printer Description (PPD) and auto-detection of "
21353
"network printers, and features a simple web-based configuration and "
21354
"administration tool."
21355
msgstr ""
21356
21357
#: serverguide/C/file-server.xml:463(para)
21358
msgid ""
21359
"To install CUPS on your Ubuntu computer, simply use "
21360
"<application>sudo</application> with the <application>apt-get</application> "
21361
"command and give the packages to install as the first parameter. A complete "
21362
"CUPS install has many package dependencies, but they may all be specified on "
21363
"the same command line. Enter the following at a terminal prompt to install "
21364
"CUPS:"
21365
msgstr ""
21366
21367
#: serverguide/C/file-server.xml:468(command)
21368
msgid "sudo apt-get install cups"
21369
msgstr "sudo apt-get install cups"
21370
21371
#: serverguide/C/file-server.xml:471(para)
21372
msgid ""
21373
"Upon authenticating with your user password, the packages should be "
21374
"downloaded and installed without error. Upon the conclusion of installation, "
21375
"the CUPS server will be started automatically."
21376
msgstr ""
21377
21378
#: serverguide/C/file-server.xml:476(para)
21379
msgid ""
21380
"For troubleshooting purposes, you can access CUPS server errors via the "
21381
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21382
"error log does not show enough information to troubleshoot any problems you "
21383
"encounter, the verbosity of the CUPS log can be increased by changing the "
21384
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21385
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21386
"everything, from the default of \"info\". If you make this change, remember "
21387
"to change it back once you've solved your problem, to prevent the log file "
21388
"from becoming overly large."
21389
msgstr ""
21390
21391
#: serverguide/C/file-server.xml:489(para)
21392
msgid ""
21393
"The Common UNIX Printing System server's behavior is configured through the "
21394
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21395
"The CUPS configuration file follows the same syntax as the primary "
21396
"configuration file for the Apache HTTP server, so users familiar with "
21397
"editing Apache's configuration file should feel at ease when editing the "
21398
"CUPS configuration file. Some examples of settings you may wish to change "
21399
"initially will be presented here."
21400
msgstr ""
21401
21402
#: serverguide/C/file-server.xml:499(para)
21403
msgid ""
21404
"Prior to editing the configuration file, you should make a copy of the "
21405
"original file and protect it from writing, so you will have the original "
21406
"settings as a reference, and to reuse as necessary."
21407
msgstr ""
21408
21409
#: serverguide/C/file-server.xml:503(para)
21410
msgid ""
21411
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21412
"writing with the following commands, issued at a terminal prompt:"
21413
msgstr ""
21414
21415
#: serverguide/C/file-server.xml:509(command)
21416
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21417
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21418
21419
#: serverguide/C/file-server.xml:510(command)
21420
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21421
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
21422
21423
#: serverguide/C/file-server.xml:515(para)
21424
msgid ""
21425
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21426
"address of the designated administrator of the CUPS server, simply edit the "
21427
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21428
"preferred text editor, and add or modify the <emphasis "
21429
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21430
"you are the Administrator for the CUPS server, and your e-mail address is "
21431
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21432
"as such:"
21433
msgstr ""
21434
21435
#: serverguide/C/file-server.xml:526(screen)
21436
#, no-wrap
21437
msgid ""
21438
"\n"
21439
"ServerAdmin bjoy@somebigco.com\n"
21440
msgstr ""
21441
21442
#: serverguide/C/file-server.xml:532(para)
21443
msgid ""
21444
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21445
"server installation listens only on the loopback interface at IP address "
21446
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21447
"listen on an actual network adapter's IP address, you must specify either a "
21448
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21449
"addition of a Listen directive. For example, if your CUPS server resides on "
21450
"a local network at the IP address <emphasis "
21451
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21452
"accessible to the other systems on this subnetwork, you would edit the "
21453
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21454
"such:"
21455
msgstr ""
21456
21457
#: serverguide/C/file-server.xml:546(screen)
21458
#, no-wrap
21459
msgid ""
21460
"\n"
21461
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21462
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21463
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21464
"(IPP)\n"
21465
msgstr ""
21466
21467
#: serverguide/C/file-server.xml:552(para)
21468
msgid ""
21469
"In the example above, you may comment out or remove the reference to the "
21470
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21471
"</application> to listen on that interface, but would rather have it only "
21472
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21473
"listening for all network interfaces for which a certain hostname is bound, "
21474
"including the Loopback, you could create a Listen entry for the hostname "
21475
"<emphasis>socrates</emphasis> as such:"
21476
msgstr ""
21477
21478
#: serverguide/C/file-server.xml:562(screen)
21479
#, no-wrap
21480
msgid ""
21481
"\n"
21482
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21483
msgstr ""
21484
21485
#: serverguide/C/file-server.xml:566(para)
21486
msgid ""
21487
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21488
"instead, as in:"
21489
msgstr ""
21490
21491
#: serverguide/C/file-server.xml:568(screen)
21492
#, no-wrap
21493
msgid ""
21494
"\n"
21495
"Port 631 # Listen on port 631 on all interfaces\n"
21496
msgstr ""
21497
21498
#: serverguide/C/file-server.xml:575(para)
21499
msgid ""
21500
"For more examples of configuration directives in the CUPS server "
21501
"configuration file, view the associated system manual page by entering the "
21502
"following command at a terminal prompt:"
21503
msgstr ""
21504
21505
#: serverguide/C/file-server.xml:582(command)
21506
msgid "man cupsd.conf"
21507
msgstr ""
21508
21509
#: serverguide/C/file-server.xml:586(para)
21510
msgid ""
21511
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21512
"configuration file, you'll need to restart the CUPS server by typing the "
21513
"following command at a terminal prompt:"
21514
msgstr ""
21515
21516
#: serverguide/C/file-server.xml:592(command)
21517
msgid "sudo /etc/init.d/cups restart"
21518
msgstr "sudo /etc/init.d/cups restart"
21519
21520
#: serverguide/C/file-server.xml:598(title)
21521
msgid "Web Interface"
21522
msgstr "Webgrænseflade"
21523
21524
#: serverguide/C/file-server.xml:600(para)
21525
msgid ""
21526
"CUPS can be configured and monitored using a web interface, which by default "
21527
"is available at <ulink "
21528
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21529
"web interface can be used to perform all printer management tasks."
21530
msgstr ""
21531
21532
#: serverguide/C/file-server.xml:604(para)
21533
msgid ""
21534
"In order to perform administrative tasks via the web interface, you must "
21535
"either have the root account enabled on your server, or authenticate as a "
21536
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21537
"reasons, CUPS won't authenticate a user that doesn't have a password."
21538
msgstr ""
21539
21540
#: serverguide/C/file-server.xml:607(para)
21541
msgid ""
21542
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21543
"at the terminal prompt: <screen>\n"
21544
"<command>sudo usermod -aG lpadmin username</command>\n"
21545
"</screen>"
21546
msgstr ""
21547
21548
#: serverguide/C/file-server.xml:613(para)
21549
msgid ""
21550
"Further documentation is available in the <emphasis "
21551
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21552
msgstr ""
21553
21554
#: serverguide/C/file-server.xml:621(ulink)
21555
msgid "CUPS Website"
21556
msgstr ""
21557
21558
#: serverguide/C/file-server.xml:624(ulink)
21559
msgid "Ubuntu Wiki CUPS page"
21560
msgstr ""
21561
21562
#: serverguide/C/dns.xml:13(title)
21563
msgid "Domain Name Service (DNS)"
21564
msgstr ""
21565
21566
#: serverguide/C/dns.xml:14(para)
21567
msgid ""
21568
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21569
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21570
"alleviates the need to remember IP addresses. Computers that run DNS are "
21571
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21572
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21573
"common program used for maintaining a name server on Linux."
21574
msgstr ""
21575
21576
#: serverguide/C/dns.xml:24(para)
21577
msgid ""
21578
"At a terminal prompt, enter the following command to install "
21579
"<application>dns</application>:"
21580
msgstr ""
21581
21582
#: serverguide/C/dns.xml:28(command)
21583
msgid "sudo apt-get install bind9"
21584
msgstr "sudo apt-get install bind9"
21585
21586
#: serverguide/C/dns.xml:30(para)
21587
msgid ""
21588
"A very useful package for testing and troubleshooting DNS issues is the "
21589
"dnsutils package. To install <application>dnsutils</application> enter the "
21590
"following:"
21591
msgstr ""
21592
21593
#: serverguide/C/dns.xml:35(command)
21594
msgid "sudo apt-get install dnsutils"
21595
msgstr "sudo apt-get install dnsutils"
21596
21597
#: serverguide/C/dns.xml:40(para)
21598
msgid ""
21599
"There are many ways to configure <application>BIND9</application>. Some of "
21600
"the most common configurations are a caching nameserver, primary master, and "
21601
"as a secondary master."
21602
msgstr ""
21603
21604
#: serverguide/C/dns.xml:46(para)
21605
msgid ""
21606
"When configured as a caching nameserver BIND9 will find the answer to name "
21607
"queries and remember the answer when the domain is queried again."
21608
msgstr ""
21609
21610
#: serverguide/C/dns.xml:52(para)
21611
msgid ""
21612
"As a primary master server BIND9 reads the data for a zone from a file on "
21613
"it's host and is authoritative for that zone."
21614
msgstr ""
21615
21616
#: serverguide/C/dns.xml:57(para)
21617
msgid ""
21618
"In a secondary master configuration BIND9 gets the zone data from another "
21619
"nameserver authoritative for the zone."
21620
msgstr ""
21621
21622
#: serverguide/C/dns.xml:65(para)
21623
msgid ""
21624
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21625
"directory. The primary configuration file is "
21626
"<filename>/etc/bind/named.conf</filename>."
21627
msgstr ""
21628
21629
#: serverguide/C/dns.xml:72(para)
21630
msgid ""
21631
"The <emphasis>include</emphasis> line specifies the filename which contains "
21632
"the DNS options. The <emphasis>directory</emphasis> line in the "
21633
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21634
"look for files. All files BIND uses will be relative to this directory."
21635
msgstr ""
21636
21637
#: serverguide/C/dns.xml:80(para)
21638
msgid ""
21639
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21640
"nameservers in the world. The servers change over time, so the "
21641
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21642
"This is usually done as updates to the <application>bind9</application> "
21643
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21644
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21645
msgstr ""
21646
21647
#: serverguide/C/dns.xml:90(para)
21648
msgid ""
21649
"It is possible to configure the same server to be a caching name server, "
21650
"primary master, and secondary master. A server can be the Start of Authority "
21651
"(SOA) for one zone, while providing secondary service for another zone. All "
21652
"the while providing caching services for hosts on the local LAN."
21653
msgstr ""
21654
21655
#: serverguide/C/dns.xml:98(title)
21656
msgid "Caching Nameserver"
21657
msgstr ""
21658
21659
#: serverguide/C/dns.xml:99(para)
21660
msgid ""
21661
"The default configuration is setup to act as a caching server. All that is "
21662
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21663
"uncomment and edit the following in "
21664
"<filename>/etc/bind/named.conf.options</filename>:"
21665
msgstr ""
21666
21667
#: serverguide/C/dns.xml:103(programlisting)
21668
#, no-wrap
21669
msgid ""
21670
"\n"
21671
"forwarders {\n"
21672
" 1.2.3.4;\n"
21673
" 5.6.7.8;\n"
21674
" };\n"
21675
msgstr ""
21676
"\n"
21677
"forwarders {\n"
21678
" 1.2.3.4;\n"
21679
" 5.6.7.8;\n"
21680
" };\n"
21681
21682
#: serverguide/C/dns.xml:110(para)
21683
msgid ""
21684
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21685
"the IP Adresses of actual nameservers."
21686
msgstr ""
21687
21688
#: serverguide/C/dns.xml:114(para)
21689
msgid ""
21690
"Now restart the DNS server, to enable the new configuration. From a terminal "
21691
"prompt:"
21692
msgstr ""
21693
21694
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21695
msgid "sudo /etc/init.d/bind9 restart"
21696
msgstr "sudo /etc/init.d/bind9 restart"
21697
21698
#: serverguide/C/dns.xml:120(para)
21699
msgid ""
21700
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21701
"DNS server."
21702
msgstr ""
21703
21704
#: serverguide/C/dns.xml:125(title)
21705
msgid "Primary Master"
21706
msgstr ""
21707
21708
#: serverguide/C/dns.xml:126(para)
21709
msgid ""
21710
"In this section <application>BIND9</application> will be configured as the "
21711
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21712
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21713
"(Fully Qualified Domain Name)."
21714
msgstr ""
21715
21716
#: serverguide/C/dns.xml:132(title)
21717
msgid "Forward Zone File"
21718
msgstr ""
21719
21720
#: serverguide/C/dns.xml:133(para)
21721
msgid ""
21722
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21723
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21724
msgstr ""
21725
21726
#: serverguide/C/dns.xml:137(programlisting)
21727
#, no-wrap
21728
msgid ""
21729
"\n"
21730
"zone \"example.com\" {\n"
21731
"\ttype master;\n"
21732
" file \"/etc/bind/db.example.com\";\n"
21733
"};\n"
21734
msgstr ""
21735
21736
#: serverguide/C/dns.xml:143(para)
21737
msgid ""
21738
"Now use an existing zone file as a template to create the "
21739
"<filename>/etc/bind/db.example.com</filename> file:"
21740
msgstr ""
21741
21742
#: serverguide/C/dns.xml:147(command)
21743
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21744
msgstr ""
21745
21746
#: serverguide/C/dns.xml:149(para)
21747
msgid ""
21748
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21749
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21750
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21751
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21752
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21753
"leaving the \".\" at the end."
21754
msgstr ""
21755
21756
#: serverguide/C/dns.xml:155(para)
21757
msgid ""
21758
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21759
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21760
msgstr ""
21761
21762
#: serverguide/C/dns.xml:159(programlisting)
21763
#, no-wrap
21764
msgid ""
21765
"\n"
21766
";\n"
21767
"; BIND data file for local loopback interface\n"
21768
";\n"
21769
"$TTL 604800\n"
21770
"@ IN SOA ns.example.com. root.example.com. (\n"
21771
" 2 ; Serial\n"
21772
" 604800 ; Refresh\n"
21773
" 86400 ; Retry\n"
21774
" 2419200 ; Expire\n"
21775
" 604800 ) ; Negative Cache TTL\n"
21776
";\n"
21777
"@ IN NS ns.example.com.\n"
21778
"@ IN A 127.0.0.1\n"
21779
"@ IN AAAA ::1\n"
21780
"ns IN A 192.168.1.10\n"
21781
msgstr ""
21782
21783
#: serverguide/C/dns.xml:176(para)
21784
msgid ""
21785
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21786
"make changes to the zone file. If you make multiple changes before "
21787
"restarting BIND9, simply increment the Serial once."
21788
msgstr ""
21789
21790
#: serverguide/C/dns.xml:180(para)
21791
msgid ""
21792
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21793
"linkend=\"dns-record-types\"/> for details."
21794
msgstr ""
21795
21796
#: serverguide/C/dns.xml:184(para)
21797
msgid ""
21798
"Many admins like to use the last date edited as the serial of a zone, such "
21799
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21800
"<emphasis>ss</emphasis> is the Serial Number)"
21801
msgstr ""
21802
21803
#: serverguide/C/dns.xml:189(para)
21804
msgid ""
21805
"Once you have made a change to the zone file "
21806
"<application>BIND9</application> will need to be restarted for the changes "
21807
"to take effect:"
21808
msgstr ""
21809
21810
#: serverguide/C/dns.xml:198(title)
21811
msgid "Reverse Zone File"
21812
msgstr ""
21813
21814
#: serverguide/C/dns.xml:199(para)
21815
msgid ""
21816
"Now that the zone is setup and resolving names to IP Adresses a "
21817
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21818
"DNS to resolve an address to a name."
21819
msgstr ""
21820
21821
#: serverguide/C/dns.xml:203(para)
21822
msgid "Edit /etc/bind/named.conf.local and add the following:"
21823
msgstr ""
21824
21825
#: serverguide/C/dns.xml:206(programlisting)
21826
#, no-wrap
21827
msgid ""
21828
"\n"
21829
"zone \"1.168.192.in-addr.arpa\" {\n"
21830
" type master;\n"
21831
" notify no;\n"
21832
" file \"/etc/bind/db.192\";\n"
21833
"};\n"
21834
msgstr ""
21835
21836
#: serverguide/C/dns.xml:214(para)
21837
msgid ""
21838
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21839
"whatever network you are using. Also, name the zone file "
21840
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21841
"first octet of your network."
21842
msgstr ""
21843
21844
#: serverguide/C/dns.xml:219(para)
21845
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21846
msgstr ""
21847
21848
#: serverguide/C/dns.xml:223(command)
21849
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21850
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21851
21852
#: serverguide/C/dns.xml:225(para)
21853
msgid ""
21854
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21855
"same options as <filename>/etc/bind/db.example.com</filename>:"
21856
msgstr ""
21857
21858
#: serverguide/C/dns.xml:229(programlisting)
21859
#, no-wrap
21860
msgid ""
21861
"\n"
21862
";\n"
21863
"; BIND reverse data file for local loopback interface\n"
21864
";\n"
21865
"$TTL 604800\n"
21866
"@ IN SOA ns.example.com. root.example.com. (\n"
21867
" 2 ; Serial\n"
21868
" 604800 ; Refresh\n"
21869
" 86400 ; Retry\n"
21870
" 2419200 ; Expire\n"
21871
" 604800 ) ; Negative Cache TTL\n"
21872
";\n"
21873
"@ IN NS ns.\n"
21874
"10 IN PTR ns.example.com.\n"
21875
msgstr ""
21876
21877
#: serverguide/C/dns.xml:244(para)
21878
msgid ""
21879
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21880
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21881
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21882
"create a <emphasis>PTR record</emphasis> in "
21883
"<filename>/etc/bind/db.192</filename>."
21884
msgstr ""
21885
21886
#: serverguide/C/dns.xml:249(para)
21887
msgid ""
21888
"After creating the reverse zone file restart "
21889
"<application>BIND9</application>:"
21890
msgstr ""
21891
21892
#: serverguide/C/dns.xml:258(title)
21893
msgid "Secondary Master"
21894
msgstr ""
21895
21896
#: serverguide/C/dns.xml:259(para)
21897
msgid ""
21898
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21899
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21900
"availability of the domain should the Primary become unavailable."
21901
msgstr ""
21902
21903
#: serverguide/C/dns.xml:263(para)
21904
msgid ""
21905
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21906
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21907
"and Reverse zone definitions in "
21908
"<filename>/etc/bind/named.conf.local</filename>:"
21909
msgstr ""
21910
21911
#: serverguide/C/dns.xml:267(programlisting)
21912
#, no-wrap
21913
msgid ""
21914
"\n"
21915
"zone \"example.com\" {\n"
21916
" type master;\n"
21917
"\tfile \"/etc/bind/db.example.com\";\n"
21918
" allow-transfer { 192.168.1.11; };\n"
21919
"};\n"
21920
"\n"
21921
"zone \"1.168.192.in-addr.arpa\" {\n"
21922
" type master;\n"
21923
" notify no;\n"
21924
" file \"/etc/bind/db.192\";\n"
21925
"\tallow-transfer { 192.168.1.11; };\n"
21926
"};\n"
21927
msgstr ""
21928
21929
#: serverguide/C/dns.xml:282(para)
21930
msgid ""
21931
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21932
"Secondary nameserver."
21933
msgstr ""
21934
21935
#: serverguide/C/dns.xml:286(para)
21936
msgid ""
21937
"Next, on the Secondary Master, install the <application>bind9</application> "
21938
"package the same way as on the Primary. Then edit the "
21939
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21940
"declarations for the Forward and Reverse zones:"
21941
msgstr ""
21942
21943
#: serverguide/C/dns.xml:290(programlisting)
21944
#, no-wrap
21945
msgid ""
21946
"\n"
21947
"zone \"example.com\" {\n"
21948
"\ttype slave;\n"
21949
" file \"/var/cache/bind/db.example.com\";\n"
21950
" masters { 192.168.1.10; };\n"
21951
"}; \n"
21952
" \n"
21953
"zone \"1.168.192.in-addr.arpa\" {\n"
21954
"\ttype slave;\n"
21955
" file \"/var/cache/bind/db.192\";\n"
21956
" masters { 192.168.1.10; };\n"
21957
"};\n"
21958
msgstr ""
21959
21960
#: serverguide/C/dns.xml:304(para)
21961
msgid ""
21962
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21963
"Primary nameserver."
21964
msgstr ""
21965
21966
#: serverguide/C/dns.xml:308(para)
21967
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21968
msgstr ""
21969
21970
#: serverguide/C/dns.xml:314(para)
21971
msgid ""
21972
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21973
msgstr ""
21974
21975
#: serverguide/C/dns.xml:317(programlisting)
21976
#, no-wrap
21977
msgid ""
21978
"\n"
21979
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21980
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21981
msgstr ""
21982
21983
#: serverguide/C/dns.xml:322(para)
21984
msgid ""
21985
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21986
"on the Primary is larger than the one on the Secondary."
21987
msgstr ""
21988
21989
#: serverguide/C/dns.xml:328(para)
21990
msgid ""
21991
"The default directory for non-authoritative zone files is "
21992
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21993
"<application>AppArmor</application> to allow the "
21994
"<application>named</application> daemon to write to it. For more information "
21995
"on AppArmor see <xref linkend=\"apparmor\"/>."
21996
msgstr ""
21997
21998
#: serverguide/C/dns.xml:339(para)
21999
msgid ""
22000
"This section covers ways to help determine the cause when problems happen "
22001
"with DNS and <application>BIND9</application>."
22002
msgstr ""
22003
22004
#: serverguide/C/dns.xml:345(title)
22005
msgid "resolv.conf"
22006
msgstr ""
22007
22008
#: serverguide/C/dns.xml:346(para)
22009
msgid ""
22010
"The first step in testing <application>BIND9</application> is to add the "
22011
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22012
"be configured as well as another host to double check things. Simply edit "
22013
"<filename>/etc/resolv.conf</filename> and add the following:"
22014
msgstr ""
22015
22016
#: serverguide/C/dns.xml:351(programlisting)
22017
#, no-wrap
22018
msgid ""
22019
"\n"
22020
"nameserver\t192.168.1.10\n"
22021
"nameserver\t192.168.1.11\n"
22022
msgstr ""
22023
22024
#: serverguide/C/dns.xml:356(para)
22025
msgid ""
22026
"You should also add the IP Address of the Secondary nameserver in case the "
22027
"Primary becomes unavailable."
22028
msgstr ""
22029
22030
#: serverguide/C/dns.xml:362(title)
22031
msgid "dig"
22032
msgstr ""
22033
22034
#: serverguide/C/dns.xml:363(para)
22035
msgid ""
22036
"If you installed the <application>dnsutils</application> package you can "
22037
"test your setup using the DNS lookup utility <application>dig</application>:"
22038
msgstr ""
22039
22040
#: serverguide/C/dns.xml:369(para)
22041
msgid ""
22042
"After installing <application>BIND9</application> use "
22043
"<application>dig</application> against the loopback interface to make sure "
22044
"it is listening on port 53. From a terminal prompt:"
22045
msgstr ""
22046
22047
#: serverguide/C/dns.xml:374(command)
22048
msgid "dig -x 127.0.0.1"
22049
msgstr ""
22050
22051
#: serverguide/C/dns.xml:376(para)
22052
msgid "You should see lines similar to the following in the command output:"
22053
msgstr ""
22054
22055
#: serverguide/C/dns.xml:379(programlisting)
22056
#, no-wrap
22057
msgid ""
22058
"\n"
22059
";; Query time: 1 msec\n"
22060
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22061
msgstr ""
22062
22063
#: serverguide/C/dns.xml:385(para)
22064
msgid ""
22065
"If you have configured <application>BIND9</application> as a "
22066
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22067
"the query time:"
22068
msgstr ""
22069
22070
#: serverguide/C/dns.xml:390(command)
22071
msgid "dig ubuntu.com"
22072
msgstr ""
22073
22074
#: serverguide/C/dns.xml:392(para)
22075
msgid "Note the query time toward the end of the command output:"
22076
msgstr ""
22077
22078
#: serverguide/C/dns.xml:395(programlisting)
22079
#, no-wrap
22080
msgid ""
22081
"\n"
22082
";; Query time: 49 msec\n"
22083
msgstr ""
22084
22085
#: serverguide/C/dns.xml:398(para)
22086
msgid "After a second dig there should be improvement:"
22087
msgstr ""
22088
22089
#: serverguide/C/dns.xml:401(programlisting)
22090
#, no-wrap
22091
msgid ""
22092
"\n"
22093
";; Query time: 1 msec\n"
22094
msgstr ""
22095
22096
#: serverguide/C/dns.xml:408(title)
22097
msgid "ping"
22098
msgstr "ping"
22099
22100
#: serverguide/C/dns.xml:410(para)
22101
msgid ""
22102
"Now to demonstrate how applications make use of DNS to resolve a host name "
22103
"use the <application>ping</application> utility to send an ICMP echo "
22104
"request. From a terminal prompt enter:"
22105
msgstr ""
22106
22107
#: serverguide/C/dns.xml:416(command)
22108
msgid "ping example.com"
22109
msgstr ""
22110
22111
#: serverguide/C/dns.xml:418(para)
22112
msgid ""
22113
"This tests if the nameserver can resolve the name "
22114
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22115
"should resemble:"
22116
msgstr ""
22117
22118
#: serverguide/C/dns.xml:422(programlisting)
22119
#, no-wrap
22120
msgid ""
22121
"\n"
22122
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22123
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22124
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22125
msgstr ""
22126
22127
#: serverguide/C/dns.xml:429(title)
22128
msgid "named-checkzone"
22129
msgstr ""
22130
22131
#: serverguide/C/dns.xml:430(para)
22132
msgid ""
22133
"A great way to test your zone files is by using the <application>named-"
22134
"checkzone</application> utility installed with the "
22135
"<application>bind9</application> package. This utility allows you to make "
22136
"sure the configuration is correct before restarting "
22137
"<application>BIND9</application> and making the changes live."
22138
msgstr ""
22139
22140
#: serverguide/C/dns.xml:437(para)
22141
msgid ""
22142
"To test our example Forward zone file enter the following from a command "
22143
"prompt:"
22144
msgstr ""
22145
22146
#: serverguide/C/dns.xml:441(command)
22147
msgid "named-checkzone example.com /etc/bind/db.example.com"
22148
msgstr ""
22149
22150
#: serverguide/C/dns.xml:443(para)
22151
msgid ""
22152
"If everything is configured correctly you should see output similar to:"
22153
msgstr ""
22154
22155
#: serverguide/C/dns.xml:446(programlisting)
22156
#, no-wrap
22157
msgid ""
22158
"\n"
22159
"zone example.com/IN: loaded serial 6\n"
22160
"OK\n"
22161
msgstr ""
22162
22163
#: serverguide/C/dns.xml:452(para)
22164
msgid "Similarly, to test the Reverse zone file enter the following:"
22165
msgstr ""
22166
22167
#: serverguide/C/dns.xml:456(command)
22168
msgid "named-checkzone example.com /etc/bind/db.192"
22169
msgstr ""
22170
22171
#: serverguide/C/dns.xml:458(para)
22172
msgid "The output should be similar to:"
22173
msgstr ""
22174
22175
#: serverguide/C/dns.xml:461(programlisting)
22176
#, no-wrap
22177
msgid ""
22178
"\n"
22179
"zone example.com/IN: loaded serial 3\n"
22180
"OK\n"
22181
msgstr ""
22182
22183
#: serverguide/C/dns.xml:468(para)
22184
msgid ""
22185
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22186
"different."
22187
msgstr ""
22188
22189
#: serverguide/C/dns.xml:475(title)
22190
msgid "Logging"
22191
msgstr "Logning"
22192
22193
#: serverguide/C/dns.xml:476(para)
22194
msgid ""
22195
"<application>BIND9</application> has a wide variety of logging configuration "
22196
"options available. There are two main options. The "
22197
"<emphasis>channel</emphasis> option configures where logs go, and the "
22198
"<emphasis>category</emphasis> option determines what information to log."
22199
msgstr ""
22200
22201
#: serverguide/C/dns.xml:480(para)
22202
msgid "If no logging option is configured the default option is:"
22203
msgstr ""
22204
22205
#: serverguide/C/dns.xml:483(programlisting)
22206
#, no-wrap
22207
msgid ""
22208
"\n"
22209
"logging {\n"
22210
" category default { default_syslog; default_debug; };\n"
22211
" category unmatched { null; };\n"
22212
"};\n"
22213
msgstr ""
22214
22215
#: serverguide/C/dns.xml:489(para)
22216
msgid ""
22217
"This section covers configuring <application>BIND9</application> to send "
22218
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22219
"file."
22220
msgstr ""
22221
22222
#: serverguide/C/dns.xml:494(para)
22223
msgid ""
22224
"First, we need to configure a channel to specify which file to send the "
22225
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22226
"the following:"
22227
msgstr ""
22228
22229
#: serverguide/C/dns.xml:498(programlisting)
22230
#, no-wrap
22231
msgid ""
22232
"\n"
22233
"logging {\n"
22234
" channel query.log { \n"
22235
" file \"/var/log/query.log\";\n"
22236
" severity debug 3; \n"
22237
" }; \n"
22238
"};\n"
22239
msgstr ""
22240
22241
#: serverguide/C/dns.xml:508(para)
22242
msgid "Next, configure a category to send all DNS queries to the query file:"
22243
msgstr ""
22244
22245
#: serverguide/C/dns.xml:511(programlisting)
22246
#, no-wrap
22247
msgid ""
22248
"\n"
22249
"logging {\n"
22250
" channel query.log { \n"
22251
" file \"/var/log/query.log\"; \n"
22252
" severity debug 3; \n"
22253
" }; \n"
22254
" <emphasis>category queries { query.log; };</emphasis> \n"
22255
"};\n"
22256
msgstr ""
22257
22258
#: serverguide/C/dns.xml:523(para)
22259
msgid ""
22260
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22261
"level isn't specified level 1 is the default."
22262
msgstr ""
22263
22264
#: serverguide/C/dns.xml:529(para)
22265
msgid ""
22266
"Since the <emphasis>named daemon</emphasis> runs as the "
22267
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22268
"file must be created and the ownership changed:"
22269
msgstr ""
22270
22271
#: serverguide/C/dns.xml:534(command)
22272
msgid "sudo touch /var/log/query.log"
22273
msgstr "sudo touch /var/log/query.log"
22274
22275
#: serverguide/C/dns.xml:535(command)
22276
msgid "sudo chown bind /var/log/query.log"
22277
msgstr "sudo chown bind /var/log/query.log"
22278
22279
#: serverguide/C/dns.xml:539(para)
22280
msgid ""
22281
"Before <application>named</application> daemon can write to the new log file "
22282
"the <application>AppArmor</application> profile must be updated. First, edit "
22283
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22284
msgstr ""
22285
22286
#: serverguide/C/dns.xml:543(programlisting)
22287
#, no-wrap
22288
msgid ""
22289
"\n"
22290
"/var/log/query.log w,\n"
22291
msgstr ""
22292
22293
#: serverguide/C/dns.xml:546(para)
22294
msgid "Next, reload the profile:"
22295
msgstr ""
22296
22297
#: serverguide/C/dns.xml:550(command)
22298
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22299
msgstr "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22300
22301
#: serverguide/C/dns.xml:552(para)
22302
msgid ""
22303
"For more information on <application>AppArmor</application> see <xref "
22304
"linkend=\"apparmor\"/>"
22305
msgstr ""
22306
22307
#: serverguide/C/dns.xml:557(para)
22308
msgid ""
22309
"Now restart <application>BIND9</application> for the changes to take effect:"
22310
msgstr ""
22311
22312
#: serverguide/C/dns.xml:565(para)
22313
msgid ""
22314
"You should see the file <filename>/var/log/query.log</filename> fill with "
22315
"query information. This is a simple example of the "
22316
"<application>BIND9</application> logging options. For coverage of advanced "
22317
"options see <xref linkend=\"dns-more-info\"/>."
22318
msgstr ""
22319
22320
#: serverguide/C/dns.xml:574(title)
22321
msgid "Common Record Types"
22322
msgstr ""
22323
22324
#: serverguide/C/dns.xml:575(para)
22325
msgid "This section covers some of the most common DNS record types."
22326
msgstr ""
22327
22328
#: serverguide/C/dns.xml:580(para)
22329
msgid ""
22330
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22331
msgstr ""
22332
22333
#: serverguide/C/dns.xml:583(programlisting)
22334
#, no-wrap
22335
msgid ""
22336
"\n"
22337
"www IN A 192.168.1.12\n"
22338
msgstr ""
22339
22340
#: serverguide/C/dns.xml:588(para)
22341
msgid ""
22342
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22343
"record. You cannot create a CNAME record pointing to another CNAME record."
22344
msgstr ""
22345
22346
#: serverguide/C/dns.xml:591(programlisting)
22347
#, no-wrap
22348
msgid ""
22349
"\n"
22350
"web IN CNAME www\n"
22351
msgstr ""
22352
22353
#: serverguide/C/dns.xml:596(para)
22354
msgid ""
22355
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22356
"to. Must point to an A record, not a CNAME."
22357
msgstr ""
22358
22359
#: serverguide/C/dns.xml:599(programlisting)
22360
#, no-wrap
22361
msgid ""
22362
"\n"
22363
" IN MX 1 mail.example.com.\n"
22364
"mail IN A 192.168.1.13\n"
22365
msgstr ""
22366
22367
#: serverguide/C/dns.xml:605(para)
22368
msgid ""
22369
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22370
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22371
"Secondary servers are defined."
22372
msgstr ""
22373
22374
#: serverguide/C/dns.xml:609(programlisting)
22375
#, no-wrap
22376
msgid ""
22377
"\n"
22378
" IN NS ns.example.com.\n"
22379
"\tIN NS ns2.example.com.\n"
22380
"ns IN A 192.168.1.10\n"
22381
"ns2\tIN A\t 192.168.1.11\n"
22382
msgstr ""
22383
22384
#: serverguide/C/dns.xml:622(para)
22385
msgid ""
22386
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22387
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22388
msgstr ""
22389
22390
#: serverguide/C/dns.xml:627(para)
22391
msgid ""
22392
"For in depth coverage of <emphasis>DNS</emphasis> and "
22393
"<application>BIND9</application> see <ulink "
22394
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22395
msgstr ""
22396
22397
#: serverguide/C/dns.xml:632(para)
22398
msgid ""
22399
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22400
"BIND</ulink> is a popular book now in it's fifth edition."
22401
msgstr ""
22402
22403
#: serverguide/C/dns.xml:637(para)
22404
msgid ""
22405
"A great place to ask for <application>BIND9</application> assistance, and "
22406
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22407
"server</emphasis> IRC channel on <ulink "
22408
"url=\"http://freenode.net\">freenode</ulink>."
22409
msgstr ""
22410
22411
#: serverguide/C/dns.xml:643(para)
22412
msgid ""
22413
"Also, see the <ulink "
22414
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22415
"HOWTO</ulink> in the Ubuntu Wiki."
22416
msgstr ""
22417
22418
#: serverguide/C/databases.xml:13(title)
22419
msgid "Databases"
22420
msgstr "Databaser"
22421
22422
#: serverguide/C/databases.xml:14(para)
22423
msgid "Ubuntu provides two popular database servers. They are:"
22424
msgstr ""
22425
22426
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22427
msgid "PostgreSQL"
22428
msgstr "PostgreSQL"
22429
22430
#: serverguide/C/databases.xml:25(para)
22431
msgid ""
22432
"They are available in the main repository. This section explains how to "
22433
"install and configure these database servers."
22434
msgstr ""
22435
22436
#: serverguide/C/databases.xml:32(para)
22437
msgid ""
22438
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22439
"It is intended for mission-critical, heavy-load production systems as well "
22440
"as for embedding into mass-deployed software."
22441
msgstr ""
22442
22443
#: serverguide/C/databases.xml:41(para)
22444
msgid "To install MySQL, run the following command from a terminal prompt:"
22445
msgstr ""
22446
22447
#: serverguide/C/databases.xml:46(command)
22448
msgid "sudo apt-get install mysql-server"
22449
msgstr "sudo apt-get install mysql-server"
22450
22451
#: serverguide/C/databases.xml:48(para)
22452
msgid ""
22453
"During the installation process you will be prompted to enter a password for "
22454
"the <application>MySQL</application> root user."
22455
msgstr ""
22456
22457
#: serverguide/C/databases.xml:53(para)
22458
msgid ""
22459
"Once the installation is complete, the MySQL server should be started "
22460
"automatically. You can run the following command from a terminal prompt to "
22461
"check whether the MySQL server is running:"
22462
msgstr ""
22463
22464
#: serverguide/C/databases.xml:61(command)
22465
msgid "sudo netstat -tap | grep mysql"
22466
msgstr "sudo netstat -tap | grep mysql"
22467
22468
#: serverguide/C/databases.xml:70(programlisting)
22469
#, no-wrap
22470
msgid ""
22471
"\n"
22472
"tcp 0 0 localhost:mysql *:* LISTEN "
22473
" 2556/mysqld\n"
22474
msgstr ""
22475
22476
#: serverguide/C/databases.xml:74(para)
22477
msgid ""
22478
"If the server is not running correctly, you can type the following command "
22479
"to start it:"
22480
msgstr ""
22481
22482
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22483
msgid "sudo /etc/init.d/mysql restart"
22484
msgstr "sudo /etc/init.d/mysql restart"
22485
22486
#: serverguide/C/databases.xml:85(para)
22487
msgid ""
22488
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22489
"the basic settings -- log file, port number, etc. For example, to configure "
22490
"<application>MySQL</application> to listen for connections from network "
22491
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22492
"server's IP address:"
22493
msgstr ""
22494
22495
#: serverguide/C/databases.xml:91(programlisting)
22496
#, no-wrap
22497
msgid ""
22498
"\n"
22499
"bind-address = 192.168.0.5\n"
22500
msgstr ""
22501
22502
#: serverguide/C/databases.xml:95(para)
22503
msgid "Replace 192.168.0.5 with the appropriate address."
22504
msgstr ""
22505
22506
#: serverguide/C/databases.xml:99(para)
22507
msgid ""
22508
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22509
"<application>mysql</application> daemon will need to be restarted:"
22510
msgstr ""
22511
22512
#: serverguide/C/databases.xml:107(para)
22513
msgid ""
22514
"If you would like to change the "
22515
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22516
"terminal enter:"
22517
msgstr ""
22518
22519
#: serverguide/C/databases.xml:113(command)
22520
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22521
msgstr ""
22522
22523
#: serverguide/C/databases.xml:116(para)
22524
msgid ""
22525
"The <application>mysql</application> daemon will be stopped, and you will be "
22526
"prompted to enter a new password."
22527
msgstr ""
22528
22529
#: serverguide/C/databases.xml:125(para)
22530
msgid ""
22531
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22532
"more information."
22533
msgstr ""
22534
22535
#: serverguide/C/databases.xml:130(para)
22536
msgid ""
22537
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22538
"<application>mysql-doc-5.0</application> package. To install the package "
22539
"enter the following in a terminal:"
22540
msgstr ""
22541
22542
#: serverguide/C/databases.xml:135(command)
22543
msgid "sudo apt-get install mysql-doc-5.0"
22544
msgstr "sudo apt-get install mysql-doc-5.0"
22545
22546
#: serverguide/C/databases.xml:137(para)
22547
msgid ""
22548
"The documentation is in HTML format, to view them enter "
22549
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22550
"chapter/index.html</command> in your browser's address bar."
22551
msgstr ""
22552
22553
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22554
msgid ""
22555
"For general SQL information see <ulink "
22556
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22557
"Special Edition</ulink> by Rafe Colburn."
22558
msgstr ""
22559
22560
#: serverguide/C/databases.xml:149(para)
22561
msgid ""
22562
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22563
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22564
msgstr ""
22565
22566
#: serverguide/C/databases.xml:158(para)
22567
msgid ""
22568
"PostgreSQL is an object-relational database system that has the features of "
22569
"traditional commercial database systems with enhancements to be found in "
22570
"next-generation DBMS systems."
22571
msgstr ""
22572
22573
#: serverguide/C/databases.xml:165(para)
22574
msgid ""
22575
"To install PostgreSQL, run the following command in the command prompt:"
22576
msgstr ""
22577
22578
#: serverguide/C/databases.xml:172(command)
22579
msgid "sudo apt-get install postgresql"
22580
msgstr "sudo apt-get install postgresql"
22581
22582
#: serverguide/C/databases.xml:176(para)
22583
msgid ""
22584
"Once the installation is complete, you should configure the PostgreSQL "
22585
"server based on your needs, although the default configuration is viable."
22586
msgstr ""
22587
22588
#: serverguide/C/databases.xml:184(para)
22589
msgid ""
22590
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22591
"client authentication methods. By default, IDENT authentication method is "
22592
"used for <application>postgres</application> and local users. Please refer "
22593
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22594
"PostgreSQL Administrator's Guide</ulink>."
22595
msgstr ""
22596
22597
#: serverguide/C/databases.xml:191(para)
22598
msgid ""
22599
"The following discussion assumes that you wish to enable TCP/IP connections "
22600
"and use the MD5 method for client authentication. PostgreSQL configuration "
22601
"files are stored in the "
22602
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22603
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22604
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22605
msgstr ""
22606
22607
#: serverguide/C/databases.xml:201(para)
22608
msgid ""
22609
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22610
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22611
msgstr ""
22612
22613
#: serverguide/C/databases.xml:208(para)
22614
msgid ""
22615
"To enable TCP/IP connections, edit the file "
22616
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22617
msgstr ""
22618
22619
#: serverguide/C/databases.xml:210(para)
22620
msgid ""
22621
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22622
"change it to:"
22623
msgstr ""
22624
22625
#: serverguide/C/databases.xml:213(programlisting)
22626
#, no-wrap
22627
msgid ""
22628
"\n"
22629
"listen_addresses = 'localhost'\n"
22630
msgstr ""
22631
22632
#: serverguide/C/databases.xml:217(para)
22633
msgid ""
22634
"To allow other computers to connect to your "
22635
"<application>PostgreSQL</application> server replace 'localhost' with the "
22636
"<emphasis>IP Address</emphasis> of your server."
22637
msgstr ""
22638
22639
#: serverguide/C/databases.xml:222(para)
22640
msgid ""
22641
"You may also edit all other parameters, if you know what you are doing! For "
22642
"details, refer to the configuration file or to the PostgreSQL documentation."
22643
msgstr ""
22644
22645
#: serverguide/C/databases.xml:227(para)
22646
msgid ""
22647
"Now that we can connect to our <application>PostgreSQL</application> server, "
22648
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22649
"user. Run the following command at a terminal prompt to connect to the "
22650
"default PostgreSQL template database:"
22651
msgstr ""
22652
22653
#: serverguide/C/databases.xml:234(command)
22654
msgid "sudo -u postgres psql template1"
22655
msgstr "sudo -u postgres psql template1"
22656
22657
#: serverguide/C/databases.xml:236(para)
22658
msgid ""
22659
"The above command connects to PostgreSQL database "
22660
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22661
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22662
"run the following SQL command at the <application>psql</application> prompt "
22663
"to configure the password for the user <emphasis "
22664
"role=\"italics\">postgres</emphasis>."
22665
msgstr ""
22666
22667
#: serverguide/C/databases.xml:244(command)
22668
msgid "ALTER USER postgres with encrypted password 'your_password';"
22669
msgstr ""
22670
22671
#: serverguide/C/databases.xml:246(para)
22672
msgid ""
22673
"After configuring the password, edit the file "
22674
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22675
"<emphasis>MD5</emphasis> authentication with the "
22676
"<emphasis>postgres</emphasis> user:"
22677
msgstr ""
22678
22679
#: serverguide/C/databases.xml:252(programlisting)
22680
#, no-wrap
22681
msgid ""
22682
"\n"
22683
"local all postgres md5\n"
22684
msgstr ""
22685
22686
#: serverguide/C/databases.xml:256(para)
22687
msgid ""
22688
"Finally, you should restart the <application>PostgreSQL</application> "
22689
"service to initialize the new configuration. From a terminal prompt enter "
22690
"the following to restart <application>PostgreSQL</application>:"
22691
msgstr ""
22692
22693
#: serverguide/C/databases.xml:262(command)
22694
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22695
msgstr "sudo /etc/init.d/postgresql-8.4 restart"
22696
22697
#: serverguide/C/databases.xml:265(para)
22698
msgid ""
22699
"The above configuration is not complete by any means. Please refer <ulink "
22700
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22701
"Administrator's Guide</ulink> to configure more parameters."
22702
msgstr ""
22703
22704
#: serverguide/C/databases.xml:276(para)
22705
msgid ""
22706
"As mentioned above the <ulink "
22707
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22708
"Guide</ulink> is an excellent resource. The guide is also available in the "
22709
"<application>postgresql-doc-8.4</application> package. Execute the following "
22710
"in a terminal to install the package:"
22711
msgstr ""
22712
22713
#: serverguide/C/databases.xml:282(command)
22714
msgid "sudo apt-get install postgresql-doc-8.4"
22715
msgstr "sudo apt-get install postgresql-doc-8.4"
22716
22717
#: serverguide/C/databases.xml:284(para)
22718
msgid ""
22719
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22720
"8.4/html/index.html</command> into the address bar of your browser."
22721
msgstr ""
22722
22723
#: serverguide/C/databases.xml:296(para)
22724
msgid ""
22725
"Also, see the <ulink "
22726
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22727
"Wiki</ulink> page for more information."
22728
msgstr ""
22729
22730
#: serverguide/C/clustering.xml:13(title)
22731
msgid "Clustering"
22732
msgstr ""
22733
22734
#: serverguide/C/clustering.xml:16(title)
22735
msgid "DRBD"
22736
msgstr ""
22737
22738
#: serverguide/C/clustering.xml:18(para)
22739
msgid ""
22740
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22741
"multiple hosts. The replication is transparent to other applications on the "
22742
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22743
"volumes, etc can be mirrored."
22744
msgstr ""
22745
22746
#: serverguide/C/clustering.xml:24(para)
22747
msgid ""
22748
"To get started using <application>drbd</application>, first install the "
22749
"necessary packages. From a terminal enter:"
22750
msgstr ""
22751
22752
#: serverguide/C/clustering.xml:29(command)
22753
msgid "sudo apt-get install drbd8-utils"
22754
msgstr "sudo apt-get install drbd8-utils"
22755
22756
#: serverguide/C/clustering.xml:33(para)
22757
msgid ""
22758
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22759
"virtual machine you will need to manually compile the "
22760
"<application>drbd</application> module. It may be easier to install the "
22761
"<application>linux-server</application> package inside the virtual machine."
22762
msgstr ""
22763
22764
#: serverguide/C/clustering.xml:40(para)
22765
msgid ""
22766
"This section covers setting up a <application>drbd</application> to "
22767
"replicate a separate <filename>/srv</filename> partition, with an "
22768
"<application>ext3</application> filesystem between two hosts. The partition "
22769
"size is not particularly relevant, but both partitions need to be the same "
22770
"size."
22771
msgstr ""
22772
22773
#: serverguide/C/clustering.xml:49(para)
22774
msgid ""
22775
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22776
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22777
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22778
"See <xref linkend=\"dns\"/> for details."
22779
msgstr ""
22780
22781
#: serverguide/C/clustering.xml:57(para)
22782
msgid ""
22783
"To configure <application>drbd</application>, on the first host edit "
22784
"<filename>/etc/drbd.conf</filename>:"
22785
msgstr ""
22786
22787
#: serverguide/C/clustering.xml:61(programlisting)
22788
#, no-wrap
22789
msgid ""
22790
"\n"
22791
"global { usage-count no; }\n"
22792
"common { syncer { rate 100M; } }\n"
22793
"resource r0 {\n"
22794
" protocol C;\n"
22795
" startup {\n"
22796
" wfc-timeout 15;\n"
22797
" degr-wfc-timeout 60;\n"
22798
" }\n"
22799
" net {\n"
22800
" cram-hmac-alg sha1;\n"
22801
" shared-secret \"secret\";\n"
22802
" }\n"
22803
" on drbd01 {\n"
22804
" device /dev/drbd0;\n"
22805
" disk /dev/sdb1;\n"
22806
" address 192.168.0.1:7788;\n"
22807
" meta-disk internal;\n"
22808
" }\n"
22809
" on drbd02 {\n"
22810
" device /dev/drbd0;\n"
22811
" disk /dev/sdb1;\n"
22812
" address 192.168.0.2:7788;\n"
22813
" meta-disk internal;\n"
22814
" }\n"
22815
"} \n"
22816
msgstr ""
22817
22818
#: serverguide/C/clustering.xml:90(para)
22819
msgid ""
22820
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22821
"this example their default values are fine."
22822
msgstr ""
22823
22824
#: serverguide/C/clustering.xml:98(para)
22825
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22826
msgstr ""
22827
22828
#: serverguide/C/clustering.xml:103(command)
22829
msgid "scp /etc/drbd.conf drbd02:~"
22830
msgstr ""
22831
22832
#: serverguide/C/clustering.xml:109(para)
22833
msgid ""
22834
"And, on <emphasis>drbd02</emphasis> move the file to "
22835
"<filename>/etc</filename>:"
22836
msgstr ""
22837
22838
#: serverguide/C/clustering.xml:114(command)
22839
msgid "sudo mv drbd.conf /etc/"
22840
msgstr "sudo mv drbd.conf /etc/"
22841
22842
#: serverguide/C/clustering.xml:120(para)
22843
msgid ""
22844
"Next, on both hosts, start the <application>drbd</application> daemon:"
22845
msgstr ""
22846
22847
#: serverguide/C/clustering.xml:125(command)
22848
msgid "sudo /etc/init.d/drbd start"
22849
msgstr "sudo /etc/init.d/drbd start"
22850
22851
#: serverguide/C/clustering.xml:131(para)
22852
msgid ""
22853
"Now using the <application>drbdadm</application> utility initialize the meta "
22854
"data storage. On each server execute:"
22855
msgstr ""
22856
22857
#: serverguide/C/clustering.xml:137(command)
22858
msgid "sudo drbdadm create-md r0"
22859
msgstr "sudo drbdadm create-md r0"
22860
22861
#: serverguide/C/clustering.xml:143(para)
22862
msgid ""
22863
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22864
"primary, enter the following:"
22865
msgstr ""
22866
22867
#: serverguide/C/clustering.xml:148(command)
22868
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22869
msgstr "sudo drbdadm -- --overwrite-data-of-peer primary all"
22870
22871
#: serverguide/C/clustering.xml:154(para)
22872
msgid ""
22873
"After executing the above command, the data will start syncing with the "
22874
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
22875
"the following:"
22876
msgstr ""
22877
22878
#: serverguide/C/clustering.xml:160(command)
22879
msgid "watch -n1 cat /proc/drbd"
22880
msgstr ""
22881
22882
#: serverguide/C/clustering.xml:163(para)
22883
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22884
msgstr ""
22885
22886
#: serverguide/C/clustering.xml:170(para)
22887
msgid ""
22888
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22889
msgstr ""
22890
22891
#: serverguide/C/clustering.xml:175(command)
22892
msgid "sudo mkfs.ext3 /dev/drbd0"
22893
msgstr "sudo mkfs.ext3 /dev/drbd0"
22894
22895
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22896
msgid "sudo mount /dev/drbd0 /srv"
22897
msgstr "sudo mount /dev/drbd0 /srv"
22898
22899
#: serverguide/C/clustering.xml:186(para)
22900
msgid ""
22901
"To test that the data is actually syncing between the hosts copy some files "
22902
"on the <emphasis>drbd01</emphasis>, the primary, to "
22903
"<filename>/srv</filename>:"
22904
msgstr ""
22905
22906
#: serverguide/C/clustering.xml:195(para)
22907
msgid "Next, unmount <filename>/srv</filename>:"
22908
msgstr ""
22909
22910
#: serverguide/C/clustering.xml:203(para)
22911
msgid ""
22912
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22913
"<emphasis>secondary</emphasis> role:"
22914
msgstr ""
22915
22916
#: serverguide/C/clustering.xml:208(command)
22917
msgid "sudo drbdadm secondary r0"
22918
msgstr "sudo drbdadm secondary r0"
22919
22920
#: serverguide/C/clustering.xml:211(para)
22921
msgid ""
22922
"Now on the <emphasis>secondary</emphasis> server "
22923
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22924
msgstr ""
22925
22926
#: serverguide/C/clustering.xml:216(command)
22927
msgid "sudo drbdadm primary r0"
22928
msgstr "sudo drbdadm primary r0"
22929
22930
#: serverguide/C/clustering.xml:219(para)
22931
msgid "Lastly, mount the partition:"
22932
msgstr ""
22933
22934
#: serverguide/C/clustering.xml:227(para)
22935
msgid ""
22936
"Using <emphasis>ls</emphasis> you should see "
22937
"<filename>/srv/default</filename> copied from the former "
22938
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22939
msgstr ""
22940
22941
#: serverguide/C/clustering.xml:238(para)
22942
msgid ""
22943
"For more information on <application>DRBD</application> see the <ulink "
22944
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22945
msgstr ""
22946
22947
#: serverguide/C/clustering.xml:243(para)
22948
msgid ""
22949
"The <ulink "
22950
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22951
">drbd.conf man page</ulink> contains details on the options not covered in "
22952
"this guide."
22953
msgstr ""
22954
22955
#: serverguide/C/clustering.xml:249(para)
22956
msgid ""
22957
"Also, see the <ulink "
22958
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22959
"rbdadm man page</ulink>."
22960
msgstr ""
22961
22962
#: serverguide/C/clustering.xml:254(para)
22963
msgid ""
22964
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22965
"Wiki</ulink> page also has more information."
22966
msgstr ""
22967
22968
#: serverguide/C/chat.xml:13(title)
22969
msgid "Chat Applications"
22970
msgstr ""
22971
22972
#: serverguide/C/chat.xml:19(para)
22973
msgid ""
22974
"In this section, we will discuss how to install and configure a IRC server, "
22975
"<application>ircd-irc2</application>. We will also discuss how to install "
22976
"and configure Jabber, an instance messaging server."
22977
msgstr ""
22978
22979
#: serverguide/C/chat.xml:28(title)
22980
msgid "IRC Server"
22981
msgstr "IRC-Server"
22982
22983
#: serverguide/C/chat.xml:30(para)
22984
msgid ""
22985
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22986
"explains how to install and configure the original IRC server "
22987
"<application>ircd-irc2</application>."
22988
msgstr ""
22989
22990
#: serverguide/C/chat.xml:39(para)
22991
msgid ""
22992
"To install <application>ircd-irc2</application>, run the following command "
22993
"in the command prompt:"
22994
msgstr ""
22995
22996
#: serverguide/C/chat.xml:45(command)
22997
msgid "sudo apt-get install ircd-irc2"
22998
msgstr "sudo apt-get install ircd-irc2"
22999
23000
#: serverguide/C/chat.xml:48(para)
23001
msgid ""
23002
"The configuration files are stored in <filename>/etc/ircd</filename> "
23003
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
23004
"irc2</filename> directory."
23005
msgstr ""
23006
23007
#: serverguide/C/chat.xml:59(para)
23008
msgid ""
23009
"The IRC settings can be done in the configuration file "
23010
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23011
"this file by editing the following line:"
23012
msgstr ""
23013
23014
#: serverguide/C/chat.xml:64(programlisting)
23015
#, no-wrap
23016
msgid ""
23017
"\n"
23018
"M:irc.localhost::Debian ircd default configuration::000A\n"
23019
msgstr ""
23020
23021
#: serverguide/C/chat.xml:68(para)
23022
msgid ""
23023
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23024
"you set irc.livecipher.com as IRC host name, please make sure "
23025
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23026
"name should not be same as the host name."
23027
msgstr ""
23028
23029
#: serverguide/C/chat.xml:75(para)
23030
msgid ""
23031
"The IRC admin details can be configured by editing the following line:"
23032
msgstr ""
23033
23034
#: serverguide/C/chat.xml:80(programlisting)
23035
#, no-wrap
23036
msgid ""
23037
"\n"
23038
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23039
"Server::IRCnet:\n"
23040
msgstr ""
23041
23042
#: serverguide/C/chat.xml:84(para)
23043
msgid ""
23044
"You should add specific lines to configure the list of IRC ports to listen "
23045
"on, to configure Operator credentials, to configure client authentication, "
23046
"etc. For details, please refer to the example configuration file "
23047
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23048
msgstr ""
23049
23050
#: serverguide/C/chat.xml:92(para)
23051
msgid ""
23052
"The IRC banner to be displayed in the IRC client, when the user connects to "
23053
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23054
msgstr ""
23055
23056
#: serverguide/C/chat.xml:97(para)
23057
msgid ""
23058
"After making necessary changes to the configuration file, you can restart "
23059
"the IRC server using following command:"
23060
msgstr ""
23061
23062
#: serverguide/C/chat.xml:101(programlisting)
23063
#, no-wrap
23064
msgid ""
23065
"\n"
23066
"sudo /etc/init.d/ircd-irc2 restart\n"
23067
msgstr ""
23068
"\n"
23069
"sudo /etc/init.d/ircd-irc2 restart\n"
23070
23071
#: serverguide/C/chat.xml:109(para)
23072
msgid ""
23073
"You may also be interested to take a look at other IRC servers available in "
23074
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23075
"<application>ircd-hybrid</application>."
23076
msgstr ""
23077
23078
#: serverguide/C/chat.xml:117(para)
23079
msgid ""
23080
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23081
"FAQ</ulink> for more details about the IRC Server."
23082
msgstr ""
23083
23084
#: serverguide/C/chat.xml:124(para)
23085
msgid ""
23086
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23087
"IRCD</ulink> page has more information."
23088
msgstr ""
23089
23090
#: serverguide/C/chat.xml:132(title)
23091
msgid "Jabber Instant Messaging Server"
23092
msgstr ""
23093
23094
#: serverguide/C/chat.xml:134(para)
23095
msgid ""
23096
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23097
"XMPP, an open standard for instant messaging, and used by many popular "
23098
"applications. This section covers setting up a <emphasis>Jabberd "
23099
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23100
"to providing messaging services to users over the Internet."
23101
msgstr ""
23102
23103
#: serverguide/C/chat.xml:143(para)
23104
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23105
msgstr ""
23106
23107
#: serverguide/C/chat.xml:148(command)
23108
msgid "sudo apt-get install jabberd2"
23109
msgstr "sudo apt-get install jabberd2"
23110
23111
#: serverguide/C/chat.xml:155(para)
23112
msgid ""
23113
"A couple of XML configuration files will be used to configure "
23114
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23115
"authentication. This is a very simple form of authentication. However, "
23116
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23117
"Postgresql, etc for for user authentication."
23118
msgstr ""
23119
23120
#: serverguide/C/chat.xml:162(para)
23121
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23122
msgstr ""
23123
23124
#: serverguide/C/chat.xml:166(programlisting)
23125
#, no-wrap
23126
msgid ""
23127
"\n"
23128
" <id>jabber.example.com</id>\n"
23129
msgstr ""
23130
23131
#: serverguide/C/chat.xml:171(para)
23132
msgid ""
23133
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23134
"id, of your server."
23135
msgstr ""
23136
23137
#: serverguide/C/chat.xml:176(para)
23138
msgid "Now in the <storage> section change the <driver> to:"
23139
msgstr ""
23140
23141
#: serverguide/C/chat.xml:180(programlisting)
23142
#, no-wrap
23143
msgid ""
23144
"\n"
23145
" <driver>db</driver>\n"
23146
msgstr ""
23147
23148
#: serverguide/C/chat.xml:184(para)
23149
msgid ""
23150
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23151
"<emphasis><local></emphasis> section change:"
23152
msgstr ""
23153
23154
#: serverguide/C/chat.xml:188(programlisting)
23155
#, no-wrap
23156
msgid ""
23157
"\n"
23158
" <id>jabber.example.com</id>\n"
23159
msgstr ""
23160
23161
#: serverguide/C/chat.xml:192(para)
23162
msgid ""
23163
"And in the <authreg> section adjust the <module> section to:"
23164
msgstr ""
23165
23166
#: serverguide/C/chat.xml:196(programlisting)
23167
#, no-wrap
23168
msgid ""
23169
"\n"
23170
" <module>db</module>\n"
23171
msgstr ""
23172
23173
#: serverguide/C/chat.xml:200(para)
23174
msgid ""
23175
"Finally, restart <application>jabberd2</application> to enable the new "
23176
"settings:"
23177
msgstr ""
23178
23179
#: serverguide/C/chat.xml:205(command)
23180
msgid "sudo /etc/init.d/jabberd2 restart"
23181
msgstr "sudo /etc/init.d/jabberd2 restart"
23182
23183
#: serverguide/C/chat.xml:208(para)
23184
msgid ""
23185
"You should now be able to connect to the server using a Jabber client like "
23186
"<application>Pidgin</application> for example."
23187
msgstr ""
23188
23189
#: serverguide/C/chat.xml:213(para)
23190
msgid ""
23191
"The advantage of using Berkeley DB for user data is that after being "
23192
"configured no additional maintenance is required. If you need more control "
23193
"over user accounts and credentials another authentication method is "
23194
"recommended."
23195
msgstr ""
23196
23197
#: serverguide/C/chat.xml:225(para)
23198
msgid ""
23199
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23200
"Site</ulink> contains more details on configuring "
23201
"<application>Jabberd2</application>."
23202
msgstr ""
23203
23204
#: serverguide/C/chat.xml:231(para)
23205
msgid ""
23206
"For more authentication options see the <ulink "
23207
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23208
"Guide</ulink>."
23209
msgstr ""
23210
23211
#: serverguide/C/chat.xml:236(para)
23212
msgid ""
23213
"Also, the <ulink "
23214
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23215
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23216
msgstr ""
23217
23218
#: serverguide/C/backups.xml:13(title)
23219
msgid "Backups"
23220
msgstr ""
23221
23222
#: serverguide/C/backups.xml:14(para)
23223
msgid ""
23224
"There are many ways to backup an Ubuntu installation. The most important "
23225
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23226
"consisting of what to backup, where to back it up to, and how to restore it."
23227
msgstr ""
23228
23229
#: serverguide/C/backups.xml:18(para)
23230
msgid ""
23231
"The following sections discuss various ways of accomplishing these tasks."
23232
msgstr ""
23233
23234
#: serverguide/C/backups.xml:22(title)
23235
msgid "Shell Scripts"
23236
msgstr ""
23237
23238
#: serverguide/C/backups.xml:23(para)
23239
msgid ""
23240
"One of the simplest ways to backup a system is using a <emphasis>shell "
23241
"script</emphasis>. For example, a script can be used to configure which "
23242
"directories to backup, and use those directories as arguments to the "
23243
"<application>tar</application> utility creating an archive file. The archive "
23244
"file can then be moved or copied to another location. The archive can also "
23245
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23246
msgstr ""
23247
23248
#: serverguide/C/backups.xml:29(para)
23249
msgid ""
23250
"The <application>tar</application> utility creates one archive file out of "
23251
"many files or directories. <application>tar</application> can also filter "
23252
"the files through compression utilities reducing the size of the archive "
23253
"file."
23254
msgstr ""
23255
23256
#: serverguide/C/backups.xml:35(title)
23257
msgid "Simple Shell Script"
23258
msgstr ""
23259
23260
#: serverguide/C/backups.xml:36(para)
23261
msgid ""
23262
"The following shell script uses <application>tar</application> to create an "
23263
"archive file on a remotely mounted NFS file system. The archive filename is "
23264
"determined using additional command line utilities."
23265
msgstr ""
23266
23267
#: serverguide/C/backups.xml:40(programlisting)
23268
#, no-wrap
23269
msgid ""
23270
"\n"
23271
"#!/bin/sh\n"
23272
"####################################\n"
23273
"#\n"
23274
"# Backup to NFS mount script.\n"
23275
"#\n"
23276
"####################################\n"
23277
"\n"
23278
"# What to backup. \n"
23279
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23280
"\n"
23281
"# Where to backup to.\n"
23282
"dest=\"/mnt/backup\"\n"
23283
"\n"
23284
"# Create archive filename.\n"
23285
"day=$(date +%A)\n"
23286
"hostname=$(hostname -s)\n"
23287
"archive_file=\"$hostname-$day.tgz\"\n"
23288
"\n"
23289
"# Print start status message.\n"
23290
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23291
"date\n"
23292
"echo\n"
23293
"\n"
23294
"# Backup the files using tar.\n"
23295
"tar czf $dest/$archive_file $backup_files\n"
23296
"\n"
23297
"# Print end status message.\n"
23298
"echo\n"
23299
"echo \"Backup finished\"\n"
23300
"date\n"
23301
"\n"
23302
"# Long listing of files in $dest to check file sizes.\n"
23303
"ls -lh $dest\n"
23304
msgstr ""
23305
23306
#: serverguide/C/backups.xml:77(para)
23307
msgid ""
23308
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23309
"would like to backup. The list should be customized to fit your needs."
23310
msgstr ""
23311
23312
#: serverguide/C/backups.xml:83(para)
23313
msgid ""
23314
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23315
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23316
"day of the week, giving a backup history of seven days. There are other ways "
23317
"to accomplish this including other ways using the "
23318
"<application>date</application> utility."
23319
msgstr ""
23320
23321
#: serverguide/C/backups.xml:90(para)
23322
msgid ""
23323
"<emphasis>$hostname:</emphasis> variable containing the "
23324
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23325
"archive filename gives you the option of placing daily archive files from "
23326
"multiple systems in the same directory."
23327
msgstr ""
23328
23329
#: serverguide/C/backups.xml:97(para)
23330
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23331
msgstr ""
23332
23333
#: serverguide/C/backups.xml:102(para)
23334
msgid ""
23335
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23336
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23337
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23338
"details using <emphasis>NFS</emphasis>."
23339
msgstr ""
23340
23341
#: serverguide/C/backups.xml:109(para)
23342
msgid ""
23343
"<emphasis>status messages:</emphasis> optional messages printed to the "
23344
"console using the <application>echo</application> utility."
23345
msgstr ""
23346
23347
#: serverguide/C/backups.xml:115(para)
23348
msgid ""
23349
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23350
"<application>tar</application> command used to create the archive file."
23351
msgstr ""
23352
23353
#: serverguide/C/backups.xml:121(para)
23354
msgid "<emphasis>c:</emphasis> creates an archive."
23355
msgstr ""
23356
23357
#: serverguide/C/backups.xml:126(para)
23358
msgid ""
23359
"<emphasis>z:</emphasis> filter the archive through the "
23360
"<application>gzip</application> utility compressing the archive."
23361
msgstr ""
23362
23363
#: serverguide/C/backups.xml:131(para)
23364
msgid ""
23365
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23366
"<application>tar</application> output will be sent to STDOUT."
23367
msgstr ""
23368
23369
#: serverguide/C/backups.xml:138(para)
23370
msgid ""
23371
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23372
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23373
"of the destination directory. This is useful for a quick file size check of "
23374
"the archive file. This check should not replace testing the archive file."
23375
msgstr ""
23376
23377
#: serverguide/C/backups.xml:145(para)
23378
msgid ""
23379
"This is a simple example of a backup shell script. There are large amount of "
23380
"options that can be included in a backup script. See <xref linkend=\"backup-"
23381
"shellscript-references\"/> for links to resources providing more in depth "
23382
"shell scripting information."
23383
msgstr ""
23384
23385
#: serverguide/C/backups.xml:152(title)
23386
msgid "Executing the Script"
23387
msgstr ""
23388
23389
#: serverguide/C/backups.xml:154(title)
23390
msgid "Executing from a Terminal"
23391
msgstr ""
23392
23393
#: serverguide/C/backups.xml:155(para)
23394
msgid ""
23395
"The simplest way of executing the above backup script is to copy and paste "
23396
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23397
"from a terminal prompt:"
23398
msgstr ""
23399
23400
#: serverguide/C/backups.xml:160(command)
23401
msgid "sudo bash backup.sh"
23402
msgstr "sudo bash backup.sh"
23403
23404
#: serverguide/C/backups.xml:162(para)
23405
msgid ""
23406
"This is a great way to test the script to make sure everything works as "
23407
"expected."
23408
msgstr ""
23409
23410
#: serverguide/C/backups.xml:167(title)
23411
msgid "Executing with cron"
23412
msgstr ""
23413
23414
#: serverguide/C/backups.xml:168(para)
23415
msgid ""
23416
"The <application>cron</application> utility can be used to automate the "
23417
"script execution. The <application>cron</application> daemon allows the "
23418
"execution of scripts, or commands, at a specified time and date."
23419
msgstr ""
23420
23421
#: serverguide/C/backups.xml:172(para)
23422
msgid ""
23423
"<application>cron</application> is configured through entries in a "
23424
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23425
"separated into fields:"
23426
msgstr ""
23427
23428
#: serverguide/C/backups.xml:176(programlisting)
23429
#, no-wrap
23430
msgid ""
23431
"\n"
23432
"# m h dom mon dow command\n"
23433
msgstr ""
23434
23435
#: serverguide/C/backups.xml:181(para)
23436
msgid ""
23437
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23438
msgstr ""
23439
23440
#: serverguide/C/backups.xml:186(para)
23441
msgid ""
23442
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23443
msgstr ""
23444
23445
#: serverguide/C/backups.xml:191(para)
23446
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23447
msgstr ""
23448
23449
#: serverguide/C/backups.xml:196(para)
23450
msgid ""
23451
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23452
msgstr ""
23453
23454
#: serverguide/C/backups.xml:201(para)
23455
msgid ""
23456
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23457
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23458
"valid."
23459
msgstr ""
23460
23461
#: serverguide/C/backups.xml:206(para)
23462
msgid "<emphasis>command:</emphasis> the command to execute."
23463
msgstr ""
23464
23465
#: serverguide/C/backups.xml:211(para)
23466
msgid ""
23467
"To add or change entries in a <filename>crontab</filename> file the "
23468
"<application>crontab -e</application> command should be used. Also, the "
23469
"contents of a <filename>crontab</filename> file can be viewed using the "
23470
"<application>crontab -l</application> command."
23471
msgstr ""
23472
23473
#: serverguide/C/backups.xml:215(para)
23474
msgid ""
23475
"To execute the <application>backup.sh</application> script listed above "
23476
"using <application>cron</application>. Enter the following from a terminal "
23477
"prompt:"
23478
msgstr ""
23479
23480
#: serverguide/C/backups.xml:220(command)
23481
msgid "sudo crontab -e"
23482
msgstr "sudo crontab -e"
23483
23484
#: serverguide/C/backups.xml:223(para)
23485
msgid ""
23486
"Using <application>sudo</application> with the <application>crontab -"
23487
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23488
"This is necessary if you are backing up directories only the root user has "
23489
"access to."
23490
msgstr ""
23491
23492
#: serverguide/C/backups.xml:228(para)
23493
msgid "Add the following entry to the <filename>crontab</filename> file:"
23494
msgstr ""
23495
23496
#: serverguide/C/backups.xml:231(programlisting)
23497
#, no-wrap
23498
msgid ""
23499
"\n"
23500
"# m h dom mon dow command\n"
23501
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23502
msgstr ""
23503
23504
#: serverguide/C/backups.xml:235(para)
23505
msgid ""
23506
"The <application>backup.sh</application> script will now be executed every "
23507
"day at 12:00 am."
23508
msgstr ""
23509
23510
#: serverguide/C/backups.xml:239(para)
23511
msgid ""
23512
"The <application>backup.sh</application> script will need to be copied to "
23513
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23514
"to execute properly. The script can reside anywhere on the file system "
23515
"simply change the script path appropriately."
23516
msgstr ""
23517
23518
#: serverguide/C/backups.xml:244(para)
23519
msgid ""
23520
"For more in depth <application>crontab</application> options see <xref "
23521
"linkend=\"backup-shellscript-references\"/>."
23522
msgstr ""
23523
23524
#: serverguide/C/backups.xml:250(title)
23525
msgid "Restoring from the Archive"
23526
msgstr ""
23527
23528
#: serverguide/C/backups.xml:251(para)
23529
msgid ""
23530
"Once an archive has been created it is important to test the archive. The "
23531
"archive can be tested by listing the files it contains, but the best test is "
23532
"to <emphasis>restore</emphasis> a file from the archive."
23533
msgstr ""
23534
23535
#: serverguide/C/backups.xml:257(para)
23536
msgid "To see a listing of the archive contents. From a terminal prompt:"
23537
msgstr ""
23538
23539
#: serverguide/C/backups.xml:261(command)
23540
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23541
msgstr ""
23542
23543
#: serverguide/C/backups.xml:265(para)
23544
msgid "To restore a file from the archive to a different directory enter:"
23545
msgstr ""
23546
23547
#: serverguide/C/backups.xml:269(command)
23548
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23549
msgstr ""
23550
23551
#: serverguide/C/backups.xml:271(para)
23552
msgid ""
23553
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23554
"redirects the extracted files to the specified directory. The above example "
23555
"will extract the <filename>/etc/hosts</filename> file to "
23556
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23557
"recreates the directory structure that it contains."
23558
msgstr ""
23559
23560
#: serverguide/C/backups.xml:276(para)
23561
msgid ""
23562
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23563
"the file to restore."
23564
msgstr ""
23565
23566
#: serverguide/C/backups.xml:281(para)
23567
msgid "To restore all files in the archive enter the following:"
23568
msgstr ""
23569
23570
#: serverguide/C/backups.xml:285(command)
23571
msgid "cd /"
23572
msgstr ""
23573
23574
#: serverguide/C/backups.xml:286(command)
23575
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23576
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23577
23578
#: serverguide/C/backups.xml:291(para)
23579
msgid "This will overwrite the files currently on the file system."
23580
msgstr ""
23581
23582
#: serverguide/C/backups.xml:300(para)
23583
msgid ""
23584
"For more information on shell scripting see the <ulink "
23585
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23586
msgstr ""
23587
23588
#: serverguide/C/backups.xml:305(para)
23589
msgid ""
23590
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23591
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23592
"great resource for shell scripting."
23593
msgstr ""
23594
23595
#: serverguide/C/backups.xml:311(para)
23596
msgid ""
23597
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23598
"Wiki Page</ulink> contains details on advanced "
23599
"<application>cron</application> options."
23600
msgstr ""
23601
23602
#: serverguide/C/backups.xml:318(para)
23603
msgid ""
23604
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23605
"tar Manual</ulink> for more <application>tar</application> options."
23606
msgstr ""
23607
23608
#: serverguide/C/backups.xml:324(para)
23609
msgid ""
23610
"The Wikipedia <ulink "
23611
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23612
"Scheme</ulink> article contains information on other backup rotation schemes."
23613
msgstr ""
23614
23615
#: serverguide/C/backups.xml:330(para)
23616
msgid ""
23617
"The shell script uses <application>tar</application> to create the archive, "
23618
"but there many other command line utilities that can be used. For example:"
23619
msgstr ""
23620
23621
#: serverguide/C/backups.xml:336(para)
23622
msgid ""
23623
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23624
"files to and from archives."
23625
msgstr ""
23626
23627
#: serverguide/C/backups.xml:341(para)
23628
msgid ""
23629
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23630
"the <application>coreutils</application> package. A low level utility that "
23631
"can copy data from one format to another"
23632
msgstr ""
23633
23634
#: serverguide/C/backups.xml:347(para)
23635
msgid ""
23636
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23637
"snap shot utility used to create copies of an entire file system."
23638
msgstr ""
23639
23640
#: serverguide/C/backups.xml:358(title)
23641
msgid "Archive Rotation"
23642
msgstr ""
23643
23644
#: serverguide/C/backups.xml:359(para)
23645
msgid ""
23646
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23647
"allows for seven different archives. For a server whose data doesn't change "
23648
"often this may be enough. If the server has a large amount of data a more "
23649
"robust rotation scheme should be used."
23650
msgstr ""
23651
23652
#: serverguide/C/backups.xml:365(title)
23653
msgid "Rotating NFS Archives"
23654
msgstr ""
23655
23656
#: serverguide/C/backups.xml:366(para)
23657
msgid ""
23658
"In this section the shell script will be slightly modified to implement a "
23659
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23660
msgstr ""
23661
23662
#: serverguide/C/backups.xml:372(para)
23663
msgid ""
23664
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23665
"Friday."
23666
msgstr ""
23667
23668
#: serverguide/C/backups.xml:377(para)
23669
msgid ""
23670
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23671
"weekly backups a month."
23672
msgstr ""
23673
23674
#: serverguide/C/backups.xml:382(para)
23675
msgid ""
23676
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23677
"rotating two monthly backups based on if the month is odd or even."
23678
msgstr ""
23679
23680
#: serverguide/C/backups.xml:388(para)
23681
msgid "Here is the new script:"
23682
msgstr ""
23683
23684
#: serverguide/C/backups.xml:391(programlisting)
23685
#, no-wrap
23686
msgid ""
23687
"\n"
23688
"#!/bin/bash\n"
23689
"####################################\n"
23690
"#\n"
23691
"# Backup to NFS mount script with\n"
23692
"# grandfather-father-son rotation.\n"
23693
"#\n"
23694
"####################################\n"
23695
"\n"
23696
"# What to backup. \n"
23697
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23698
"\n"
23699
"# Where to backup to.\n"
23700
"dest=\"/mnt/backup\"\n"
23701
"\n"
23702
"# Setup variables for the archive filename.\n"
23703
"day=$(date +%A)\n"
23704
"hostname=$(hostname -s)\n"
23705
"\n"
23706
"# Find which week of the month 1-4 it is.\n"
23707
"day_num=$(date +%d)\n"
23708
"if (( $day_num <= 7 )); then\n"
23709
" week_file=\"$hostname-week1.tgz\"\n"
23710
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23711
" week_file=\"$hostname-week2.tgz\"\n"
23712
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23713
" week_file=\"$hostname-week3.tgz\"\n"
23714
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23715
" week_file=\"$hostname-week4.tgz\"\n"
23716
"fi\n"
23717
"\n"
23718
"# Find if the Month is odd or even.\n"
23719
"month_num=$(date +%m)\n"
23720
"month=$(expr $month_num % 2)\n"
23721
"if [ $month -eq 0 ]; then\n"
23722
" month_file=\"$hostname-month2.tgz\"\n"
23723
"else\n"
23724
" month_file=\"$hostname-month1.tgz\"\n"
23725
"fi\n"
23726
"\n"
23727
"# Create archive filename.\n"
23728
"if [ $day_num == 1 ]; then\n"
23729
"\tarchive_file=$month_file\n"
23730
"elif [ $day != \"Saturday\" ]; then\n"
23731
" archive_file=\"$hostname-$day.tgz\"\n"
23732
"else \n"
23733
"\tarchive_file=$week_file\n"
23734
"fi\n"
23735
"\n"
23736
"# Print start status message.\n"
23737
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23738
"date\n"
23739
"echo\n"
23740
"\n"
23741
"# Backup the files using tar.\n"
23742
"tar czf $dest/$archive_file $backup_files\n"
23743
"\n"
23744
"# Print end status message.\n"
23745
"echo\n"
23746
"echo \"Backup finished\"\n"
23747
"date\n"
23748
"\n"
23749
"# Long listing of files in $dest to check file sizes.\n"
23750
"ls -lh $dest/\n"
23751
msgstr ""
23752
23753
#: serverguide/C/backups.xml:456(para)
23754
msgid ""
23755
"The script can be executed using the same methods as in <xref "
23756
"linkend=\"backup-executing-shellscript\"/>."
23757
msgstr ""
23758
23759
#: serverguide/C/backups.xml:459(para)
23760
msgid ""
23761
"It is good practice to take backup media off site in case of a disaster. In "
23762
"the shell script example the backup media is another server providing an NFS "
23763
"share. In all likelihood taking the NFS server to another location would not "
23764
"be practical. Depending upon connection speeds it may be an option to copy "
23765
"the archive file over a WAN link to a server in another location."
23766
msgstr ""
23767
23768
#: serverguide/C/backups.xml:465(para)
23769
msgid ""
23770
"Another option is to copy the archive file to an external hard drive which "
23771
"can then be taken off site. Since the price of external hard drives continue "
23772
"to decrease it may be cost-effective to use two drives for each archive "
23773
"level. This would allow you to have one external drive attached to the "
23774
"backup server and one in another location."
23775
msgstr ""
23776
23777
#: serverguide/C/backups.xml:472(title)
23778
msgid "Tape Drives"
23779
msgstr ""
23780
23781
#: serverguide/C/backups.xml:473(para)
23782
msgid ""
23783
"A tape drive attached to the server can be used instead of a NFS share. "
23784
"Using a tape drive simplifies archive rotation, and taking the media off "
23785
"site as well."
23786
msgstr ""
23787
23788
#: serverguide/C/backups.xml:477(para)
23789
msgid ""
23790
"When using a tape drive the filename portions of the script aren't needed "
23791
"because the date is sent directly to the tape device. Some commands to "
23792
"manipulate the tape are needed. This is accomplished using "
23793
"<application>mt</application>, a magnetic tape control utility part of the "
23794
"<application>cpio</application> package."
23795
msgstr ""
23796
23797
#: serverguide/C/backups.xml:482(para)
23798
msgid "Here is the shell script modified to use a tape drive:"
23799
msgstr ""
23800
23801
#: serverguide/C/backups.xml:485(programlisting)
23802
#, no-wrap
23803
msgid ""
23804
"\n"
23805
"#!/bin/bash\n"
23806
"####################################\n"
23807
"#\n"
23808
"# Backup to tape drive script.\n"
23809
"#\n"
23810
"####################################\n"
23811
"\n"
23812
"# What to backup. \n"
23813
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23814
"\n"
23815
"# Where to backup to.\n"
23816
"dest=\"/dev/st0\"\n"
23817
"\n"
23818
"# Print start status message.\n"
23819
"echo \"Backing up $backup_files to $dest\"\n"
23820
"date\n"
23821
"echo\n"
23822
"\n"
23823
"# Make sure the tape is rewound.\n"
23824
"mt -f $dest rewind\n"
23825
"\n"
23826
"# Backup the files using tar.\n"
23827
"tar czf $dest $backup_files\n"
23828
"\n"
23829
"# Rewind and eject the tape.\n"
23830
"mt -f $dest rewoffl\n"
23831
"\n"
23832
"# Print end status message.\n"
23833
"echo\n"
23834
"echo \"Backup finished\"\n"
23835
"date\n"
23836
msgstr ""
23837
23838
#: serverguide/C/backups.xml:519(para)
23839
msgid ""
23840
"The default device name for a SCSI tape drive is "
23841
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23842
"system."
23843
msgstr ""
23844
23845
#: serverguide/C/backups.xml:524(para)
23846
msgid ""
23847
"Restoring from a tape drive is basically the same as restoring from a file. "
23848
"Simply rewind the tape and use the device path instead of a file path. For "
23849
"example to restore the <filename>/etc/hosts</filename> file to "
23850
"<filename>/tmp/etc/hosts</filename>:"
23851
msgstr ""
23852
23853
#: serverguide/C/backups.xml:529(command)
23854
msgid "mt -f /dev/st0 rewind"
23855
msgstr ""
23856
23857
#: serverguide/C/backups.xml:530(command)
23858
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23859
msgstr ""
23860
23861
#: serverguide/C/backups.xml:535(title)
23862
msgid "Bacula"
23863
msgstr ""
23864
23865
#: serverguide/C/backups.xml:536(para)
23866
msgid ""
23867
"<application>Bacula</application> is a backup program enabling you to "
23868
"backup, restore, and verify data across your network. There are Bacula "
23869
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23870
"wide solution."
23871
msgstr ""
23872
23873
#: serverguide/C/backups.xml:542(para)
23874
msgid ""
23875
"<application>Bacula</application> is made up of several components and "
23876
"services used to manage which files to backup and where to back them up to:"
23877
msgstr ""
23878
23879
#: serverguide/C/backups.xml:548(para)
23880
msgid ""
23881
"<application>Bacula Director:</application> a service that controls all "
23882
"backup, restore, verify, and archive operations."
23883
msgstr ""
23884
23885
#: serverguide/C/backups.xml:553(para)
23886
msgid ""
23887
"<application>Bacula Console:</application> an application allowing "
23888
"communication with the Director. There are three versions of the Console:"
23889
msgstr ""
23890
23891
#: serverguide/C/backups.xml:558(para)
23892
msgid "Text based command line version."
23893
msgstr ""
23894
23895
#: serverguide/C/backups.xml:559(para)
23896
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23897
msgstr ""
23898
23899
#: serverguide/C/backups.xml:560(para)
23900
msgid "wxWidgets GUI interface."
23901
msgstr ""
23902
23903
#: serverguide/C/backups.xml:564(para)
23904
msgid ""
23905
"<application>Bacula File:</application> also known as the "
23906
"<application>Bacula Client</application> program. This application is "
23907
"installed on machines to be backed up, and is responsible for the data "
23908
"requested by the Director."
23909
msgstr ""
23910
23911
#: serverguide/C/backups.xml:570(para)
23912
msgid ""
23913
"<application>Bacula Storage:</application> the programs that perform the "
23914
"storage and recovery of data to the physical media."
23915
msgstr ""
23916
23917
#: serverguide/C/backups.xml:575(para)
23918
msgid ""
23919
"<application>Bacula Catalog:</application> is responsible for maintaining "
23920
"the file indexes and volume databases for all files backed up, enabling "
23921
"quick location and restoration of archived files. The Catalog supports three "
23922
"different databases MySQL, PostgreSQL, and SQLite."
23923
msgstr ""
23924
23925
#: serverguide/C/backups.xml:581(para)
23926
msgid ""
23927
"<application>Bacula Monitor:</application> allows the monitoring of the "
23928
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23929
"available as a GTK+ GUI application."
23930
msgstr ""
23931
23932
#: serverguide/C/backups.xml:587(para)
23933
msgid ""
23934
"These services and applications can be run on multiple servers and clients, "
23935
"or they can be installed on one machine if backing up a single disk or "
23936
"volume."
23937
msgstr ""
23938
23939
#: serverguide/C/backups.xml:594(para)
23940
msgid ""
23941
"There are multiple packages containing the different "
23942
"<application>Bacula</application> components. To install Bacula, from a "
23943
"terminal prompt enter:"
23944
msgstr ""
23945
23946
#: serverguide/C/backups.xml:599(command)
23947
msgid "sudo apt-get install bacula"
23948
msgstr "sudo apt-get install bacula"
23949
23950
#: serverguide/C/backups.xml:601(para)
23951
msgid ""
23952
"By default installing the <application>bacula</application> package will use "
23953
"a <application>MySQL</application> database for the Catalog. If you want to "
23954
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23955
"director-sqlite3</application> or <application>bacula-director-"
23956
"pgsql</application> respectively."
23957
msgstr ""
23958
23959
#: serverguide/C/backups.xml:607(para)
23960
msgid ""
23961
"During the install process you will be asked to supply credentials for the "
23962
"database <emphasis>administrator</emphasis> and the "
23963
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23964
"database administrator will need to have the appropriate rights to create a "
23965
"database, see <xref linkend=\"mysql\"/> for more information."
23966
msgstr ""
23967
23968
#: serverguide/C/backups.xml:617(para)
23969
msgid ""
23970
"<application>Bacula</application> configuration files are formatted based on "
23971
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23972
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23973
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23974
"directory."
23975
msgstr ""
23976
23977
#: serverguide/C/backups.xml:622(para)
23978
msgid ""
23979
"The various <application>Bacula</application> components must authorize "
23980
"themselves to each other. This is accomplished using the "
23981
"<emphasis>password</emphasis> directive. For example, the "
23982
"<emphasis>Storage</emphasis> resource password in the "
23983
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23984
"<emphasis>Director</emphasis> resource password in "
23985
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23986
msgstr ""
23987
23988
#: serverguide/C/backups.xml:628(para)
23989
msgid ""
23990
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23991
"to archive the <application>Bacula</application> Catalog. If you plan on "
23992
"using the server to backup more than one client you should change the name "
23993
"of this job to something more descriptive. To change the name edit "
23994
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23995
msgstr ""
23996
23997
#: serverguide/C/backups.xml:633(programlisting)
23998
#, no-wrap
23999
msgid ""
24000
"\n"
24001
"#\n"
24002
"# Define the main nightly save backup job\n"
24003
"# By default, this job will back up to disk in \n"
24004
"Job {\n"
24005
" Name = \"BackupServer\"\n"
24006
" JobDefs = \"DefaultJob\"\n"
24007
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24008
"}\n"
24009
msgstr ""
24010
24011
#: serverguide/C/backups.xml:644(para)
24012
msgid ""
24013
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24014
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24015
"your appropriate hostname, or other descriptive name."
24016
msgstr ""
24017
24018
#: serverguide/C/backups.xml:649(para)
24019
msgid ""
24020
"The <emphasis>Console</emphasis> can be used to query the "
24021
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24022
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24023
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24024
"the following from a terminal:"
24025
msgstr ""
24026
24027
#: serverguide/C/backups.xml:655(command)
24028
msgid "sudo adduser $username bacula"
24029
msgstr ""
24030
24031
#: serverguide/C/backups.xml:658(para)
24032
msgid ""
24033
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24034
"you are adding the current user to the group you should log out and back in "
24035
"for the new permissions to take effect."
24036
msgstr ""
24037
24038
#: serverguide/C/backups.xml:665(title)
24039
msgid "Localhost Backup"
24040
msgstr ""
24041
24042
#: serverguide/C/backups.xml:666(para)
24043
msgid ""
24044
"This section describes how to backup specified directories on a single host "
24045
"to a local tape drive."
24046
msgstr ""
24047
24048
#: serverguide/C/backups.xml:671(para)
24049
msgid ""
24050
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24051
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24052
msgstr ""
24053
24054
#: serverguide/C/backups.xml:674(programlisting)
24055
#, no-wrap
24056
msgid ""
24057
"\n"
24058
"Device {\n"
24059
" Name = \"Tape Drive\"\n"
24060
" Device Type = tape\n"
24061
" Media Type = DDS-4\n"
24062
" Archive Device = /dev/st0\n"
24063
" Hardware end of medium = No;\n"
24064
" AutomaticMount = yes; # when device opened, read it\n"
24065
" AlwaysOpen = Yes;\n"
24066
" RemovableMedia = yes;\n"
24067
" RandomAccess = no;\n"
24068
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24069
"}\n"
24070
msgstr ""
24071
24072
#: serverguide/C/backups.xml:688(para)
24073
msgid ""
24074
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24075
"Type and Archive Device to match your hardware."
24076
msgstr ""
24077
24078
#: serverguide/C/backups.xml:691(para)
24079
msgid "You could also uncomment one of the other examples in the file."
24080
msgstr ""
24081
24082
#: serverguide/C/backups.xml:696(para)
24083
msgid ""
24084
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24085
"<application>Storage</application> daemon will need to be restarted:"
24086
msgstr ""
24087
24088
#: serverguide/C/backups.xml:701(command)
24089
msgid "sudo /etc/init.d/bacula-sd restart"
24090
msgstr "sudo /etc/init.d/bacula-sd restart"
24091
24092
#: serverguide/C/backups.xml:705(para)
24093
msgid ""
24094
"Now add a <emphasis>Storage</emphasis> resource in "
24095
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24096
msgstr ""
24097
24098
#: serverguide/C/backups.xml:708(programlisting)
24099
#, no-wrap
24100
msgid ""
24101
"\n"
24102
"# Definition of \"Tape Drive\" storage device\n"
24103
"Storage {\n"
24104
" Name = TapeDrive\n"
24105
" # Do not use \"localhost\" here \n"
24106
" Address = backupserver # N.B. Use a fully qualified name "
24107
"here\n"
24108
" SDPort = 9103\n"
24109
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24110
" Device = \"Tape Drive\"\n"
24111
" Media Type = tape\n"
24112
"}\n"
24113
msgstr ""
24114
24115
#: serverguide/C/backups.xml:720(para)
24116
msgid ""
24117
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24118
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24119
"to the actual host name."
24120
msgstr ""
24121
24122
#: serverguide/C/backups.xml:724(para)
24123
msgid ""
24124
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24125
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24126
msgstr ""
24127
24128
#: serverguide/C/backups.xml:730(para)
24129
msgid ""
24130
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24131
"directories to backup, by adding:"
24132
msgstr ""
24133
24134
#: serverguide/C/backups.xml:733(programlisting)
24135
#, no-wrap
24136
msgid ""
24137
"\n"
24138
"# LocalhostBacup FileSet.\n"
24139
"FileSet {\n"
24140
" Name = \"LocalhostFiles\"\n"
24141
" Include {\n"
24142
" Options {\n"
24143
" signature = MD5\n"
24144
" compression=GZIP\n"
24145
" }\n"
24146
" File = /etc\n"
24147
" File = /home\n"
24148
" }\n"
24149
"}\n"
24150
msgstr ""
24151
24152
#: serverguide/C/backups.xml:747(para)
24153
msgid ""
24154
"This <emphasis>FileSet</emphasis> will backup the <filename "
24155
"role=\"directory\">/etc</filename> and <filename "
24156
"role=\"directory\">/home</filename> directories. The "
24157
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24158
"create a MD5 signature for each file backed up, and to compress the files "
24159
"using GZIP."
24160
msgstr ""
24161
24162
#: serverguide/C/backups.xml:754(para)
24163
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24164
msgstr ""
24165
24166
#: serverguide/C/backups.xml:757(programlisting)
24167
#, no-wrap
24168
msgid ""
24169
"\n"
24170
"# LocalhostBackup Schedule -- Daily.\n"
24171
"Schedule {\n"
24172
" Name = \"LocalhostDaily\"\n"
24173
" Run = Full daily at 00:01\n"
24174
"}\n"
24175
msgstr ""
24176
24177
#: serverguide/C/backups.xml:764(para)
24178
msgid ""
24179
"The job will run every day at 00:01 or 12:01 am. There are many other "
24180
"scheduling options available."
24181
msgstr ""
24182
24183
#: serverguide/C/backups.xml:769(para)
24184
msgid "Finally create the <emphasis>Job</emphasis>:"
24185
msgstr ""
24186
24187
#: serverguide/C/backups.xml:772(programlisting)
24188
#, no-wrap
24189
msgid ""
24190
"\n"
24191
"# Localhost backup.\n"
24192
"Job {\n"
24193
" Name = \"LocalhostBackup\"\n"
24194
" JobDefs = \"DefaultJob\"\n"
24195
" Enabled = yes\n"
24196
" Level = Full\n"
24197
" FileSet = \"LocalhostFiles\"\n"
24198
" Schedule = \"LocalhostDaily\"\n"
24199
" Storage = TapeDrive\n"
24200
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24201
"} \n"
24202
msgstr ""
24203
24204
#: serverguide/C/backups.xml:785(para)
24205
msgid ""
24206
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24207
"drive."
24208
msgstr ""
24209
24210
#: serverguide/C/backups.xml:790(para)
24211
msgid ""
24212
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24213
"current tape does not have a label <application>Bacula</application> will "
24214
"send an email letting you know. To label a tape using the "
24215
"<application>Console</application> enter the following from a terminal:"
24216
msgstr ""
24217
24218
#: serverguide/C/backups.xml:796(command)
24219
msgid "bconsole"
24220
msgstr ""
24221
24222
#: serverguide/C/backups.xml:800(para)
24223
msgid "At the Bacula Console prompt enter:"
24224
msgstr ""
24225
24226
#: serverguide/C/backups.xml:804(command)
24227
msgid "label"
24228
msgstr ""
24229
24230
#: serverguide/C/backups.xml:808(para)
24231
msgid ""
24232
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24233
msgstr ""
24234
24235
#: serverguide/C/backups.xml:818(userinput)
24236
#, no-wrap
24237
msgid "2"
24238
msgstr "2"
24239
24240
#: serverguide/C/backups.xml:812(computeroutput)
24241
#, no-wrap
24242
msgid ""
24243
"\n"
24244
"Automatically selected Catalog: MyCatalog\n"
24245
"Using Catalog \"MyCatalog\"\n"
24246
"The defined Storage resources are:\n"
24247
" 1: File\n"
24248
" 2: TapeDrive\n"
24249
"Select Storage resource (1-2):<placeholder-1/>\n"
24250
msgstr ""
24251
24252
#: serverguide/C/backups.xml:823(para)
24253
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24254
msgstr ""
24255
24256
#: serverguide/C/backups.xml:828(userinput)
24257
#, no-wrap
24258
msgid "Sunday"
24259
msgstr "Søndag"
24260
24261
#: serverguide/C/backups.xml:827(computeroutput)
24262
#, no-wrap
24263
msgid ""
24264
"\n"
24265
"Enter new Volume name: <placeholder-1/>\n"
24266
"Defined Pools:\n"
24267
" 1: Default\n"
24268
" 2: Scratch"
24269
msgstr ""
24270
24271
#: serverguide/C/backups.xml:833(para)
24272
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24273
msgstr ""
24274
24275
#: serverguide/C/backups.xml:838(para)
24276
msgid "Now, select the <emphasis>Pool</emphasis>:"
24277
msgstr ""
24278
24279
#: serverguide/C/backups.xml:843(userinput)
24280
#, no-wrap
24281
msgid "1"
24282
msgstr "1"
24283
24284
#: serverguide/C/backups.xml:842(computeroutput)
24285
#, no-wrap
24286
msgid ""
24287
"\n"
24288
"Select the Pool (1-2): <placeholder-1/>\n"
24289
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24290
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24291
msgstr ""
24292
24293
#: serverguide/C/backups.xml:850(para)
24294
msgid ""
24295
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24296
"backup the localhost to an attached tape drive."
24297
msgstr ""
24298
24299
#: serverguide/C/backups.xml:858(para)
24300
msgid ""
24301
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24302
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24303
"Manual</ulink>"
24304
msgstr ""
24305
24306
#: serverguide/C/backups.xml:864(para)
24307
msgid ""
24308
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24309
"the latest Bacula news and developments."
24310
msgstr ""
24311
24312
#: serverguide/C/backups.xml:869(para)
24313
msgid ""
24314
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24315
"Ubuntu Wiki</ulink> page."
24316
msgstr ""
24317
24318
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24319
#: serverguide/C/backups.xml:0(None)
24320
msgid "translator-credits"
24321
msgstr ""
24322
"Launchpad Contributions:\n"
24323
" AJenbo https://launchpad.net/~ajenbo\n"
24324
" Per Jensen https://launchpad.net/~grontoft"
24325
24326
#~ msgid "2008"
24327
#~ msgstr "2008"
24328
24329
#~ msgid "sudo /etc/init.d/samba restart"
24330
#~ msgstr "sudo /etc/init.d/samba restart"
24331
24332
#~ msgid ""
24333
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
24334
#~ "libvirt qemu:///system"
24335
#~ msgstr ""
24336
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
24337
#~ "libvirt qemu:///system"
24338
24339
#~ msgid ""
24340
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
24341
#~ "libvirt qemu:///system --ip 192.168.0.100"
24342
#~ msgstr ""
24343
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
24344
#~ "libvirt qemu:///system --ip 192.168.0.100"
24345
24346
#~ msgid ""
24347
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
24348
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
24349
#~ msgstr ""
24350
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
24351
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
24352
24353
#~ msgid ""
24354
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
24355
#~ "/var/lib/one/.ssh/authorized_keys\""
24356
#~ msgstr ""
24357
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
24358
#~ "/var/lib/one/.ssh/authorized_keys\""
24359
24360
#~ msgid "sudo apt-get install opennebula-node"
24361
#~ msgstr "sudo apt-get install opennebula-node"
24362
24363
#~ msgid "sudo apt-get install opennebula"
24364
#~ msgstr "sudo apt-get install opennebula"
24365
24366
#, no-wrap
24367
#~ msgid ""
24368
#~ "\n"
24369
#~ "Unattended-Upgrade::Allowed-Origins {\n"
24370
#~ " \"Ubuntu lucid-security\";\n"
24371
#~ "// \"Ubuntu lucid-updates\";\n"
24372
#~ "};\n"
24373
#~ msgstr ""
24374
#~ "\n"
24375
#~ "Unattended-Upgrade::Allowed-Origins {\n"
24376
#~ " \"Ubuntu lucid-security\";\n"
24377
#~ "// \"Ubuntu lucid-updates\";\n"
24378
#~ "};\n"
24379
24380
#~ msgid "sudo apt-get install ebox"
24381
#~ msgstr "sudo apt-get install ebox"
24382
24383
#~ msgid ""
24384
#~ "sudo cp /etc/ldapscripts/ldapadduser.template.sample "
24385
#~ "/etc/ldapscripts/ldapadduser.template"
24386
#~ msgstr ""
24387
#~ "sudo cp /etc/ldapscripts/ldapadduser.template.sample "
24388
#~ "/etc/ldapscripts/ldapadduser.template"
24389
24390
#~ msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
24391
#~ msgstr "sudo mv keytab.kdc01 /etc/kr5b.keytab"
24392
24393
#~ msgid "sudo apt-get install dkim-filter python-policyd-spf"
24394
#~ msgstr "sudo apt-get install dkim-filter python-policyd-spf"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1