« back to all changes in this revision
Viewing changes to serverguide/po/en_CA.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/en_CA.po
1
# English (Canada) translation for ubuntu-docs
2
# Copyright (c) 2007 Rosetta Contributors and Canonical Ltd 2007
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2007.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-09-14 21:18+0000\n"
12
"Last-Translator: Daniel LeBlanc <danidou@gmail.com>\n"
13
"Language-Team: English (Canada) <en_CA@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:47+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Ubuntu Server Guide"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "2007-09-30"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Windows Networking"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"Computer networks are often comprised of diverse systems, and while "
48
"operating a network made up entirely of Ubuntu desktop and server computers "
49
"would certainly be fun, some network environments must consist of both "
50
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
51
"class=\"registered\">Windows</trademark> systems working together in "
52
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
53
"principles and tools used in configuring your Ubuntu Server for sharing "
54
"network resources with Windows computers."
55
56
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
57
msgid "Introduction"
58
msgstr "Introduction"
59
60
#: serverguide/C/windows-networking.xml:27(para)
61
msgid ""
62
"Successfully networking your Ubuntu system with Windows clients involves "
63
"providing and integrating with services common to Windows environments. Such "
64
"services assist the sharing of data and information about the computers and "
65
"users involved in the network, and may be classified under three major "
66
"categories of functionality:"
67
msgstr ""
68
"Successfully networking your Ubuntu system with Windows clients involves "
69
"providing and integrating with services common to Windows environments. Such "
70
"services assist the sharing of data and information about the computers and "
71
"users involved in the network, and may be classified under three major "
72
"categories of functionality:"
73
74
#: serverguide/C/windows-networking.xml:35(para)
75
msgid ""
76
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
77
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
78
"folders, volumes, and the sharing of printers throughout the network."
79
msgstr ""
80
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
81
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
82
"folders, volumes, and the sharing of printers throughout the network."
83
84
#: serverguide/C/windows-networking.xml:41(para)
85
msgid ""
86
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
87
"information about the computers and users of the network with such "
88
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
89
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
90
msgstr ""
91
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
92
"information about the computers and users of the network with such "
93
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
94
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
95
96
#: serverguide/C/windows-networking.xml:48(para)
97
msgid ""
98
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
99
"the identity of a computer or user of the network and determining the "
100
"information the computer or user is authorized to access using such "
101
"principles and technologies as file permissions, group policies, and the "
102
"Kerberos authentication service."
103
msgstr ""
104
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
105
"the identity of a computer or user of the network and determining the "
106
"information the computer or user is authorized to access using such "
107
"principles and technologies as file permissions, group policies, and the "
108
"Kerberos authentication service."
109
110
#: serverguide/C/windows-networking.xml:56(para)
111
msgid ""
112
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
113
"clients and share network resources among them. One of the principal pieces "
114
"of software your Ubuntu system includes for Windows networking is the Samba "
115
"suite of SMB server applications and tools."
116
msgstr ""
117
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
118
"clients and share network resources among them. One of the principal pieces "
119
"of software your Ubuntu system includes for Windows networking is the Samba "
120
"suite of SMB server applications and tools."
121
122
#: serverguide/C/windows-networking.xml:62(para)
123
msgid ""
124
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
125
"of the common Samba use cases, and how to install and configure the "
126
"necessary packages. Additional detailed documentation and information on "
127
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
128
"website</ulink>."
129
msgstr ""
130
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
131
"of the common Samba use cases, and how to install and configure the "
132
"necessary packages. Additional detailed documentation and information on "
133
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
134
"website</ulink>."
135
136
#: serverguide/C/windows-networking.xml:70(title)
137
msgid "Samba File Server"
138
msgstr "Samba File Server"
139
140
#: serverguide/C/windows-networking.xml:72(para)
141
msgid ""
142
"One of the most common ways to network Ubuntu and Windows computers is to "
143
"configure Samba as a File Server. This section covers setting up a "
144
"<application>Samba</application> server to share files with Windows clients."
145
msgstr ""
146
"One of the most common ways to network Ubuntu and Windows computers is to "
147
"configure Samba as a File Server. This section covers setting up a "
148
"<application>Samba</application> server to share files with Windows clients."
149
150
#: serverguide/C/windows-networking.xml:77(para)
151
msgid ""
152
"The server will be configured to share files with any client on the network "
153
"without prompting for a password. If your environment requires stricter "
154
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
155
msgstr ""
156
"The server will be configured to share files with any client on the network "
157
"without prompting for a password. If your environment requires stricter "
158
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
159
160
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
161
msgid "Installation"
162
msgstr "Installation"
163
164
#: serverguide/C/windows-networking.xml:85(para)
165
msgid ""
166
"The first step is to install the <application>samba</application> package. "
167
"From a terminal prompt enter:"
168
msgstr ""
169
"The first step is to install the <application>samba</application> package. "
170
"From a terminal prompt enter:"
171
172
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
173
msgid "sudo apt-get install samba"
174
msgstr "sudo apt-get install samba"
175
176
#: serverguide/C/windows-networking.xml:93(para)
177
msgid ""
178
"That's all there is to it; you are now ready to configure Samba to share "
179
"files."
180
msgstr ""
181
"That's all there is to it; you are now ready to configure Samba to share "
182
"files."
183
184
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
185
msgid "Configuration"
186
msgstr "Configuration"
187
188
#: serverguide/C/windows-networking.xml:101(para)
189
msgid ""
190
"The main Samba configuration file is located in "
191
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
192
"a significant amount of comments in order to document various configuration "
193
"directives."
194
msgstr ""
195
"The main Samba configuration file is located in "
196
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
197
"a significant amount of comments in order to document various configuration "
198
"directives."
199
200
#: serverguide/C/windows-networking.xml:106(para)
201
msgid ""
202
"Not all the available options are included in the default configuration "
203
"file. See the <filename>smb.conf</filename><application>man</application> "
204
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
205
"Collection/\">Samba HOWTO Collection</ulink> for more details."
206
msgstr ""
207
"Not all the available options are included in the default configuration "
208
"file. See the <filename>smb.conf</filename><application>man</application> "
209
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
210
"Collection/\">Samba HOWTO Collection</ulink> for more details."
211
212
#: serverguide/C/windows-networking.xml:116(para)
213
msgid ""
214
"First, edit the following key/value pairs in the "
215
"<emphasis>[global]</emphasis> section of "
216
"<filename>/etc/samba/smb.conf</filename>:"
217
msgstr ""
218
"First, edit the following key/value pairs in the "
219
"<emphasis>[global]</emphasis> section of "
220
"<filename>/etc/samba/smb.conf</filename>:"
221
222
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
223
#, no-wrap
224
msgid ""
225
"\n"
226
" workgroup = EXAMPLE\n"
227
" ...\n"
228
" security = user\n"
229
msgstr ""
230
"\n"
231
" workgroup = EXAMPLE\n"
232
" ...\n"
233
" security = user\n"
234
235
#: serverguide/C/windows-networking.xml:127(para)
236
msgid ""
237
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
238
"section, and is commented by default. Also, change "
239
"<emphasis>EXAMPLE</emphasis> to better match your environment."
240
msgstr ""
241
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
242
"section, and is commented by default. Also, change "
243
"<emphasis>EXAMPLE</emphasis> to better match your environment."
244
245
#: serverguide/C/windows-networking.xml:135(para)
246
msgid ""
247
"Create a new section at the bottom of the file, or uncomment one of the "
248
"examples, for the directory to be shared:"
249
msgstr ""
250
"Create a new section at the bottom of the file, or uncomment one of the "
251
"examples, for the directory to be shared:"
252
253
#: serverguide/C/windows-networking.xml:139(programlisting)
254
#, no-wrap
255
msgid ""
256
"\n"
257
"[share]\n"
258
" comment = Ubuntu File Server Share\n"
259
" path = /srv/samba/share\n"
260
" browsable = yes\n"
261
" guest ok = yes\n"
262
" read only = no\n"
263
" create mask = 0755\n"
264
msgstr ""
265
"\n"
266
"[share]\n"
267
" comment = Ubuntu File Server Share\n"
268
" path = /srv/samba/share\n"
269
" browseable = yes\n"
270
" guest ok = yes\n"
271
" read only = no\n"
272
" create mask = 0755\n"
273
274
#: serverguide/C/windows-networking.xml:151(para)
275
msgid ""
276
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
277
"fit your needs."
278
msgstr ""
279
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
280
"fit your needs."
281
282
#: serverguide/C/windows-networking.xml:156(para)
283
msgid "<emphasis>path:</emphasis> the path to the directory to share."
284
msgstr "<emphasis>path:</emphasis> the path to the directory to share."
285
286
#: serverguide/C/windows-networking.xml:159(para)
287
msgid ""
288
"This example uses <filename>/srv/samba/sharename</filename> because, "
289
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
290
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
291
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
292
"specific data should be served. Technically Samba shares can be placed "
293
"anywhere on the filesystem as long as the permissions are correct, but "
294
"adhering to standards is recommended."
295
msgstr ""
296
"This example uses <filename>/srv/samba/sharename</filename> because, "
297
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
298
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
299
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
300
"specific data should be served. Technically Samba shares can be placed "
301
"anywhere on the filesystem as long as the permissions are correct, but "
302
"adhering to standards is recommended."
303
304
#: serverguide/C/windows-networking.xml:168(para)
305
msgid ""
306
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
307
"directory using <application>Windows Explorer</application>."
308
msgstr ""
309
"<emphasis>browseable:</emphasis> enables Windows clients to browse the "
310
"shared directory using <application>Windows Explorer</application>."
311
312
#: serverguide/C/windows-networking.xml:174(para)
313
msgid ""
314
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
315
"without supplying a password."
316
msgstr ""
317
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
318
"without supplying a password."
319
320
#: serverguide/C/windows-networking.xml:179(para)
321
msgid ""
322
"<emphasis>read only:</emphasis> determines if the share is read only or if "
323
"write privileges are granted. Write privileges are allowed only when the "
324
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
325
"is <emphasis>yes</emphasis>, then access to the share is read only."
326
msgstr ""
327
328
#: serverguide/C/windows-networking.xml:184(para)
329
msgid ""
330
"<emphasis>create mask:</emphasis> determines the permissions new files will "
331
"have when created."
332
msgstr ""
333
"<emphasis>create mask:</emphasis> determines the permissions new files will "
334
"have when created."
335
336
#: serverguide/C/windows-networking.xml:193(para)
337
msgid ""
338
"Now that <application>Samba</application> is configured, the directory needs "
339
"to be created and the permissions changed. From a terminal enter:"
340
msgstr ""
341
"Now that <application>Samba</application> is configured, the directory needs "
342
"to be created and the permissions changed. From a terminal enter:"
343
344
#: serverguide/C/windows-networking.xml:199(command)
345
msgid "sudo mkdir -p /srv/samba/share"
346
msgstr "sudo mkdir -p /srv/samba/share"
347
348
#: serverguide/C/windows-networking.xml:200(command)
349
msgid "sudo chown nobody.nogroup /srv/samba/share/"
350
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
351
352
#: serverguide/C/windows-networking.xml:204(para)
353
msgid ""
354
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
355
"directory tree if it doesn't exist. Change the share name to fit your "
356
"environment."
357
msgstr ""
358
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
359
"directory tree if it doesn't exist. Change the share name to fit your "
360
"environment."
361
362
#: serverguide/C/windows-networking.xml:213(para)
363
msgid ""
364
"Finally, restart the <application>samba</application> services to enable the "
365
"new configuration:"
366
msgstr ""
367
"Finally, restart the <application>samba</application> services to enable the "
368
"new configuration:"
369
370
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
371
msgid "sudo restart smbd"
372
msgstr ""
373
374
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
375
msgid "sudo restart nmbd"
376
msgstr ""
377
378
#: serverguide/C/windows-networking.xml:226(para)
379
msgid ""
380
"Once again, the above configuration gives all access to any client on the "
381
"local network. For a more secure configuration see <xref linkend=\"samba-"
382
"fileprint-security\"/>."
383
msgstr ""
384
"Once again, the above configuration gives all access to any client on the "
385
"local network. For a more secure configuration see <xref linkend=\"samba-"
386
"fileprint-security\"/>."
387
388
#: serverguide/C/windows-networking.xml:232(para)
389
msgid ""
390
"From a Windows client you should now be able to browse to the Ubuntu file "
391
"server and see the shared directory. To check that everything is working try "
392
"creating a directory from Windows."
393
msgstr ""
394
"From a Windows client you should now be able to browse to the Ubuntu file "
395
"server and see the shared directory. To check that everything is working try "
396
"creating a directory from Windows."
397
398
#: serverguide/C/windows-networking.xml:237(para)
399
msgid ""
400
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
401
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
402
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
403
"share actually exists and the permissions are correct."
404
msgstr ""
405
"To create additional shares, simply create new <emphasis>[dir]</emphasis> "
406
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
407
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
408
"share actually exists and the permissions are correct."
409
410
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
411
msgid "Resources"
412
msgstr "Resources"
413
414
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
415
msgid ""
416
"For in depth Samba configurations see the <ulink "
417
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
418
"Collection</ulink>"
419
msgstr ""
420
"For in depth Samba configurations, see the <ulink "
421
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
422
"Collection</ulink>."
423
424
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
425
msgid ""
426
"The guide is also available in <ulink "
427
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
428
"format</ulink>."
429
msgstr ""
430
"The guide is also available in <ulink "
431
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
432
"format</ulink>."
433
434
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
435
msgid ""
436
"O'Reilly's <ulink "
437
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
438
"another good reference."
439
msgstr ""
440
"O'Reilly's <ulink "
441
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
442
"another good reference."
443
444
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
445
msgid ""
446
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
447
"</ulink> page."
448
msgstr ""
449
450
#: serverguide/C/windows-networking.xml:275(title)
451
msgid "Samba Print Server"
452
msgstr "Samba Print Server"
453
454
#: serverguide/C/windows-networking.xml:277(para)
455
msgid ""
456
"Another common use of Samba is to configure it to share printers installed, "
457
"either locally or over the network, on an Ubuntu server. Similar to <xref "
458
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
459
"any client on the local network to use the installed printers without "
460
"prompting for a username and password."
461
msgstr ""
462
"Another common use of Samba is to configure it to share printers, either "
463
"locally or over the network, on an Ubuntu server. Similar to <xref "
464
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
465
"any client on the local network to use the installed printers without "
466
"prompting for a username and password."
467
468
#: serverguide/C/windows-networking.xml:283(para)
469
msgid ""
470
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
471
"security\"/>."
472
msgstr ""
473
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
474
"security\"/>."
475
476
#: serverguide/C/windows-networking.xml:290(para)
477
msgid ""
478
"Before installing and configuring Samba it is best to already have a working "
479
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
480
"for details."
481
msgstr ""
482
"Before installing and configuring Samba it is best to already have a working "
483
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
484
"for details."
485
486
#: serverguide/C/windows-networking.xml:295(para)
487
msgid ""
488
"To install the <application>samba</application> package, from a terminal "
489
"enter:"
490
msgstr ""
491
"To install the <application>samba</application> package, from a terminal "
492
"enter:"
493
494
#: serverguide/C/windows-networking.xml:306(para)
495
msgid ""
496
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
497
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
498
"network, and change <emphasis>security</emphasis> to <emphasis "
499
"role=\"italic\">share</emphasis>:"
500
msgstr ""
501
"After installing Samba, edit <filename>/etc/samba/smb.conf</filename>. "
502
"Change the <emphasis>workgroup</emphasis> attribute to what is appropriate "
503
"for your network, and change <emphasis>security</emphasis> to <emphasis "
504
"role=\"italic\">share</emphasis>:"
505
506
#: serverguide/C/windows-networking.xml:318(para)
507
msgid ""
508
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
509
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
510
msgstr ""
511
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
512
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
513
514
#: serverguide/C/windows-networking.xml:322(programlisting)
515
#, no-wrap
516
msgid ""
517
"\n"
518
" browsable = yes\n"
519
" guest ok = yes\n"
520
msgstr ""
521
"\n"
522
" browseable = yes\n"
523
" guest ok = yes\n"
524
525
#: serverguide/C/windows-networking.xml:327(para)
526
msgid "After editing <filename>smb.conf</filename> restart Samba:"
527
msgstr "After editing <filename>smb.conf</filename> restart Samba:"
528
529
#: serverguide/C/windows-networking.xml:336(para)
530
msgid ""
531
"The default Samba configuration will automatically share any printers "
532
"installed. Simply install the printer locally on your Windows clients."
533
msgstr ""
534
"The default Samba configuration will automatically share any printers "
535
"installed. Simply install the printer locally on your Windows clients."
536
537
#: serverguide/C/windows-networking.xml:365(para)
538
msgid ""
539
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
540
"more information on configuring CUPS."
541
msgstr ""
542
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
543
"more information on configuring CUPS."
544
545
#: serverguide/C/windows-networking.xml:379(title)
546
msgid "Securing a Samba File and Print Server"
547
msgstr "Securing a Samba File and Print Server"
548
549
#: serverguide/C/windows-networking.xml:382(title)
550
msgid "Samba Security Modes"
551
msgstr "Samba Security Modes"
552
553
#: serverguide/C/windows-networking.xml:384(para)
554
msgid ""
555
"There are two security levels available to the Common Internet Filesystem "
556
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
557
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
558
"allows more flexibility, providing four ways of implementing user-level "
559
"security and one way to implement share-level:"
560
msgstr ""
561
"There are two security levels available to the Common Internet Filesystem "
562
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
563
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
564
"allows more flexibility, providing four ways of implementing user-level "
565
"security and one way to implement share-level:"
566
567
#: serverguide/C/windows-networking.xml:393(para)
568
msgid ""
569
"<emphasis>security = user:</emphasis> requires clients to supply a username "
570
"and password to connect to shares. Samba user accounts are separate from "
571
"system accounts, but the <application>libpam-smbpass</application> package "
572
"will sync system users and passwords with the Samba user database."
573
msgstr ""
574
"<emphasis>security = user:</emphasis> requires clients to supply a username "
575
"and password to connect to shares. Samba user accounts are separate from "
576
"system accounts, but the <application>libpam-smbpass</application> package "
577
"will sync system users and passwords with the Samba user database."
578
579
#: serverguide/C/windows-networking.xml:400(para)
580
msgid ""
581
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
582
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
583
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
584
"linkend=\"samba-dc\"/> for further information."
585
msgstr ""
586
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
587
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
588
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
589
"linkend=\"samba-dc\"/> for further information."
590
591
#: serverguide/C/windows-networking.xml:407(para)
592
msgid ""
593
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
594
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
595
"integration\"/> for details."
596
msgstr ""
597
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
598
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
599
"integration\"/> for details."
600
601
#: serverguide/C/windows-networking.xml:413(para)
602
msgid ""
603
"<emphasis>security = server:</emphasis> this mode is left over from before "
604
"Samba could become a member server, and due to some security issues should "
605
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
606
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
607
"of the Samba guide for more details."
608
msgstr ""
609
"<emphasis>security = server:</emphasis> this mode is left over from a time "
610
"before Samba could become a member server, and due to some security issues "
611
"it should not be used. See the <ulink "
612
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
613
"Collection/ServerType.html#id349531\">Server Security</ulink> section of the "
614
"Samba guide for more details."
615
616
#: serverguide/C/windows-networking.xml:421(para)
617
msgid ""
618
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
619
"without supplying a username and password."
620
msgstr ""
621
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
622
"without supplying a username and password."
623
624
#: serverguide/C/windows-networking.xml:428(para)
625
msgid ""
626
"The security mode you choose will depend on your environment and what you "
627
"need the Samba server to accomplish."
628
msgstr ""
629
"The security mode you choose will depend on your environment and what you "
630
"need the Samba server to accomplish."
631
632
#: serverguide/C/windows-networking.xml:434(title)
633
msgid "Security = User"
634
msgstr "Security = User"
635
636
#: serverguide/C/windows-networking.xml:436(para)
637
msgid ""
638
"This section will reconfigure the Samba file and print server, from <xref "
639
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
640
"require authentication."
641
msgstr ""
642
"This section will reconfigure the Samba file and print server, from <xref "
643
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
644
"require authentication."
645
646
#: serverguide/C/windows-networking.xml:441(para)
647
msgid ""
648
"First, install the <application>libpam-smbpass</application> package which "
649
"will sync the system users to the Samba user database:"
650
msgstr ""
651
"First, install the <application>libpam-smbpass</application> package which "
652
"will sync the system users to the Samba user database:"
653
654
#: serverguide/C/windows-networking.xml:447(command)
655
msgid "sudo apt-get install libpam-smbpass"
656
msgstr "sudo apt-get install libpam-smbpass"
657
658
#: serverguide/C/windows-networking.xml:451(para)
659
msgid ""
660
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
661
"<application>libpam-smbpass</application> is already installed."
662
msgstr ""
663
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
664
"<application>libpam-smbpass</application> is already installed."
665
666
#: serverguide/C/windows-networking.xml:457(para)
667
msgid ""
668
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
669
"<emphasis>[share]</emphasis> section change:"
670
msgstr ""
671
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
672
"<emphasis>[share]</emphasis> section change:"
673
674
#: serverguide/C/windows-networking.xml:461(programlisting)
675
#, no-wrap
676
msgid ""
677
"\n"
678
" guest ok = no\n"
679
msgstr ""
680
"\n"
681
" guest ok = no\n"
682
683
#: serverguide/C/windows-networking.xml:465(para)
684
msgid "Finally, restart Samba for the new settings to take effect:"
685
msgstr "Finally, restart Samba for the new settings to take effect:"
686
687
#: serverguide/C/windows-networking.xml:474(para)
688
msgid ""
689
"Now when connecting to the shared directories or printers you should be "
690
"prompted for a username and password."
691
msgstr ""
692
"Now when connecting to the shared directories or printers you should be "
693
"prompted for a username and password."
694
695
#: serverguide/C/windows-networking.xml:479(para)
696
msgid ""
697
"If you choose to map a network drive to the share you can check the "
698
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
699
"enter the username and password once, at least until the password changes."
700
msgstr ""
701
"If you choose to map a network drive to the share you can check the "
702
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
703
"enter the username and password once, at least until the password changes."
704
705
#: serverguide/C/windows-networking.xml:487(title)
706
msgid "Share Security"
707
msgstr "Share Security"
708
709
#: serverguide/C/windows-networking.xml:489(para)
710
msgid ""
711
"There are several options available to increase the security for each "
712
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
713
"this section will cover some common options."
714
msgstr ""
715
"There are several options available to increase the security for each "
716
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
717
"this section will cover some common options."
718
719
#: serverguide/C/windows-networking.xml:495(title)
720
msgid "Groups"
721
msgstr "Groups"
722
723
#: serverguide/C/windows-networking.xml:497(para)
724
msgid ""
725
"Groups define a collection of computers or users which have a common level "
726
"of access to particular network resources and offer a level of granularity "
727
"in controlling access to such resources. For example, if a group <emphasis "
728
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
729
"role=\"italic\">freda</emphasis>, <emphasis "
730
"role=\"italic\">danika</emphasis>, and <emphasis "
731
"role=\"italic\">rob</emphasis> and a second group <emphasis "
732
"role=\"italic\">support</emphasis> is defined and consists of users "
733
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
734
"role=\"italic\">jeremy</emphasis>, and <emphasis "
735
"role=\"italic\">vincent</emphasis> then certain network resources configured "
736
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
737
"subsequently enable access by freda, danika, and rob, but not jeremy or "
738
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
739
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
740
"role=\"italic\">support</emphasis> groups, she will be able to access "
741
"resources configured for access by both groups, whereas all other users will "
742
"have only access to resources explicitly allowing the group they are part of."
743
msgstr ""
744
"Groups define a collection of computers or users which have a common level "
745
"of access to particular network resources and offer a level of granularity "
746
"in controlling access to such resources. For example, if a group <emphasis "
747
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
748
"role=\"italic\">freda</emphasis>, <emphasis "
749
"role=\"italic\">danika</emphasis>, and <emphasis "
750
"role=\"italic\">rob</emphasis> and a second group <emphasis "
751
"role=\"italic\">support</emphasis> is defined and consists of users "
752
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
753
"role=\"italic\">jeremy</emphasis>, and <emphasis "
754
"role=\"italic\">vincent</emphasis> then certain network resources configured "
755
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
756
"subsequently enable access by freda, danika, and rob, but not jeremy or "
757
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
758
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
759
"role=\"italic\">support</emphasis> groups, she will be able to access "
760
"resources configured for access by both groups, whereas all other users will "
761
"have only access to resources explicitly allowing the group they are part of."
762
763
#: serverguide/C/windows-networking.xml:511(para)
764
msgid ""
765
"By default Samba looks for the local system groups defined in "
766
"<filename>/etc/group</filename> to determine which users belong to which "
767
"groups. For more information on adding and removing users from groups see "
768
"<xref linkend=\"adding-deleting-users\"/>."
769
msgstr ""
770
"By default Samba looks for the local system groups defined in "
771
"<filename>/etc/group</filename> to determine which users belong to which "
772
"groups. For more information on adding and removing users from groups see "
773
"<xref linkend=\"adding-deleting-users\"/>."
774
775
#: serverguide/C/windows-networking.xml:517(para)
776
msgid ""
777
"When defining groups in the Samba configuration file, "
778
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
779
"preface the group name with an \"@\" symbol. For example, if you wished to "
780
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
781
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
782
"do so by entering the group name as <emphasis "
783
"role=\"bold\">@sysadmin</emphasis>."
784
msgstr ""
785
"When defining groups in the Samba configuration file, "
786
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
787
"preface the group name with an \"@\" symbol. For example, if you wished to "
788
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
789
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
790
"do so by entering the group name as <emphasis "
791
"role=\"bold\">@sysadmin</emphasis>."
792
793
#: serverguide/C/windows-networking.xml:526(title)
794
msgid "File Permissions"
795
msgstr "File Permissions"
796
797
#: serverguide/C/windows-networking.xml:528(para)
798
msgid ""
799
"File Permissions define the explicit rights a computer or user has to a "
800
"particular directory, file, or set of files. Such permissions may be defined "
801
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
802
"the explicit permissions of a defined file share."
803
msgstr ""
804
"File Permissions define the explicit rights a computer or user has to a "
805
"particular directory, file, or set of files. Such permissions may be defined "
806
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
807
"the explicit permissions of a defined file share."
808
809
#: serverguide/C/windows-networking.xml:534(para)
810
msgid ""
811
"For example, if you have defined a Samba share called "
812
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
813
"only</emphasis> permissions to the group of users known as <emphasis "
814
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
815
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
816
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
817
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
818
"under the <emphasis>[share]</emphasis> entry:"
819
msgstr ""
820
"For example, if you have defined a Samba share called "
821
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
822
"only</emphasis> permissions to the group of users known as <emphasis "
823
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
824
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
825
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
826
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
827
"under the <emphasis>[share]</emphasis> entry:"
828
829
#: serverguide/C/windows-networking.xml:543(programlisting)
830
#, no-wrap
831
msgid ""
832
"\n"
833
" read list = @qa\n"
834
" write list = @sysadmin, vincent\n"
835
msgstr ""
836
"\n"
837
" read list = @qa\n"
838
" write list = @sysadmin, vincent\n"
839
840
#: serverguide/C/windows-networking.xml:548(para)
841
msgid ""
842
"Another possible Samba permission is to declare "
843
"<emphasis>administrative</emphasis> permissions to a particular shared "
844
"resource. Users having administrative permissions may read, write, or modify "
845
"any information contained in the resource the user has been given explicit "
846
"administrative permissions to."
847
msgstr ""
848
"Another possible Samba permission is to declare "
849
"<emphasis>administrative</emphasis> permissions to a particular shared "
850
"resource. Users having administrative permissions may read, write, or modify "
851
"any information contained in the resource the user has been given explicit "
852
"administrative permissions to."
853
854
#: serverguide/C/windows-networking.xml:554(para)
855
msgid ""
856
"For example, if you wanted to give the user <emphasis "
857
"role=\"italic\">melissa</emphasis> administrative permissions to the "
858
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
859
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
860
"under the <emphasis>[share]</emphasis> entry:"
861
msgstr ""
862
"For example, if you wanted to give the user <emphasis "
863
"role=\"italic\">melissa</emphasis> administrative permissions to the "
864
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
865
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
866
"under the <emphasis>[share]</emphasis> entry:"
867
868
#: serverguide/C/windows-networking.xml:561(programlisting)
869
#, no-wrap
870
msgid ""
871
"\n"
872
" admin users = melissa\n"
873
msgstr ""
874
"\n"
875
" admin users = melissa\n"
876
877
#: serverguide/C/windows-networking.xml:565(para)
878
msgid ""
879
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
880
"the changes to take effect:"
881
msgstr ""
882
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
883
"the changes to take effect:"
884
885
#: serverguide/C/windows-networking.xml:575(para)
886
msgid ""
887
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
888
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
889
"<emphasis role=\"italic\">security = share</emphasis>"
890
msgstr ""
891
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
892
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
893
"<emphasis role=\"italic\">security = share</emphasis>"
894
895
#: serverguide/C/windows-networking.xml:581(para)
896
msgid ""
897
"Now that Samba has been configured to limit which groups have access to the "
898
"shared directory, the filesystem permissions need to be updated."
899
msgstr ""
900
"Now that Samba has been configured to limit which groups have access to the "
901
"shared directory, the filesystem permissions need to be updated."
902
903
#: serverguide/C/windows-networking.xml:586(para)
904
msgid ""
905
"Traditional Linux file permissions do not map well to Windows NT Access "
906
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
907
"providing more fine grained control. For example, to enable ACLs on "
908
"<filename>/srv</filename> an EXT3 filesystem, edit "
909
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
910
msgstr ""
911
"Traditional Linux file permissions do not map well to Windows NT Access "
912
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
913
"providing more fine-grained control. For example, to enable ACLs on "
914
"<filename>/srv</filename> an EXT3 filesystem, edit "
915
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
916
917
#: serverguide/C/windows-networking.xml:593(programlisting)
918
#, no-wrap
919
msgid ""
920
"\n"
921
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
922
"0 1\n"
923
msgstr ""
924
"\n"
925
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
926
"0 1\n"
927
928
#: serverguide/C/windows-networking.xml:597(para)
929
msgid "Then remount the partition:"
930
msgstr "Then remount the partition:"
931
932
#: serverguide/C/windows-networking.xml:602(command)
933
msgid "sudo mount -v -o remount /srv"
934
msgstr "sudo mount -v -o remount /srv"
935
936
#: serverguide/C/windows-networking.xml:606(para)
937
msgid ""
938
"The above example assumes <filename>/srv</filename> on a separate partition. "
939
"If <filename>/srv</filename>, or wherever you have configured your share "
940
"path, is part of the <filename>/</filename> partition a reboot may be "
941
"required."
942
msgstr ""
943
"The above example assumes <filename>/srv</filename> on a separate partition. "
944
"If <filename>/srv</filename>, or wherever you have configured your share "
945
"path, is part of the <filename>/</filename> partition a reboot may be "
946
"required."
947
948
#: serverguide/C/windows-networking.xml:613(para)
949
msgid ""
950
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
951
"group will be given read, write, and execute permissions to "
952
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
953
"will be given read and execute permissions, and the files will be owned by "
954
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
955
msgstr ""
956
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
957
"group will be given read, write, and execute permissions to "
958
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
959
"will be given read and execute permissions, and the files will be owned by "
960
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
961
962
#: serverguide/C/windows-networking.xml:621(command)
963
msgid "sudo chown -R melissa /srv/samba/share/"
964
msgstr "sudo chown -R melissa /srv/samba/share/"
965
966
#: serverguide/C/windows-networking.xml:622(command)
967
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
968
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
969
970
#: serverguide/C/windows-networking.xml:623(command)
971
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
972
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
973
974
#: serverguide/C/windows-networking.xml:627(para)
975
msgid ""
976
"The <application>setfacl</application> command above gives "
977
"<emphasis>execute</emphasis> permissions to all files in the "
978
"<filename>/srv/samba/share</filename> directory, which you may or may not "
979
"want."
980
msgstr ""
981
"The <application>setfacl</application> command above gives "
982
"<emphasis>execute</emphasis> permissions to all files in the "
983
"<filename>/srv/samba/share</filename> directory, which you may or may not "
984
"want."
985
986
#: serverguide/C/windows-networking.xml:633(para)
987
msgid ""
988
"Now from a Windows client you should notice the new file permissions are "
989
"implemented. See the <application>acl</application> and "
990
"<application>setfacl</application> man pages for more information on POSIX "
991
"ACLs."
992
msgstr ""
993
"Now from a Windows client you should notice the new file permissions are "
994
"implemented. See the <application>acl</application> and "
995
"<application>setfacl</application> man pages for more information on POSIX "
996
"ACLs."
997
998
#: serverguide/C/windows-networking.xml:641(title)
999
msgid "Samba AppArmor Profile"
1000
msgstr "Samba AppArmor Profile"
1001
1002
#: serverguide/C/windows-networking.xml:643(para)
1003
msgid ""
1004
"Ubuntu comes with the <application>AppArmor</application> security module, "
1005
"which provides mandatory access controls. The default AppArmor profile for "
1006
"Samba will need to be adapted to your configuration. For more details on "
1007
"using AppArmor see <xref linkend=\"apparmor\"/>."
1008
msgstr ""
1009
"Ubuntu comes with the <application>AppArmor</application> security module, "
1010
"which provides mandatory access controls. The default AppArmor profile for "
1011
"Samba will need to be adapted to your configuration. For more details on "
1012
"using AppArmor see <xref linkend=\"apparmor\"/>."
1013
1014
#: serverguide/C/windows-networking.xml:649(para)
1015
msgid ""
1016
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1017
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1018
"of the <application>apparmor-profiles</application> packages. To install the "
1019
"package, from a terminal prompt enter:"
1020
msgstr ""
1021
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1022
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1023
"of the <application>apparmor-profiles</application> packages. To install the "
1024
"package, from a terminal prompt enter:"
1025
1026
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
1027
msgid "sudo apt-get install apparmor-profiles"
1028
msgstr "sudo apt-get install apparmor-profiles"
1029
1030
#: serverguide/C/windows-networking.xml:660(para)
1031
msgid "This package contains profiles for several other binaries."
1032
msgstr "This package contains profiles for several other binaries."
1033
1034
#: serverguide/C/windows-networking.xml:665(para)
1035
msgid ""
1036
"By default the profiles for <application>smbd</application> and "
1037
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1038
"allowing Samba to work without modifying the profile, and only logging "
1039
"errors. To place the <application>smbd</application> profile into "
1040
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1041
"profile will need to be modified to reflect any directories that are shared."
1042
msgstr ""
1043
"By default the profiles for <application>smbd</application> and "
1044
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1045
"allowing Samba to work without modifying the profile, and only logging "
1046
"errors. To place the <application>smbd</application> profile into "
1047
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1048
"profile will need to be modified to reflect any directories that are shared."
1049
1050
#: serverguide/C/windows-networking.xml:672(para)
1051
msgid ""
1052
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1053
"for <emphasis>[share]</emphasis> from the file server example:"
1054
msgstr ""
1055
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1056
"for <emphasis>[share]</emphasis> from the file server example:"
1057
1058
#: serverguide/C/windows-networking.xml:677(programlisting)
1059
#, no-wrap
1060
msgid ""
1061
"\n"
1062
" /srv/samba/share/ r,\n"
1063
" /srv/samba/share/** rwkix,\n"
1064
msgstr ""
1065
"\n"
1066
" /srv/samba/share/ r,\n"
1067
" /srv/samba/share/** rwkix,\n"
1068
1069
#: serverguide/C/windows-networking.xml:682(para)
1070
msgid ""
1071
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1072
msgstr ""
1073
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1074
1075
#: serverguide/C/windows-networking.xml:687(command)
1076
msgid "sudo aa-enforce /usr/sbin/smbd"
1077
msgstr "sudo aa-enforce /usr/sbin/smbd"
1078
1079
#: serverguide/C/windows-networking.xml:688(command)
1080
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1081
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1082
1083
#: serverguide/C/windows-networking.xml:691(para)
1084
msgid ""
1085
"You should now be able to read, write, and execute files in the shared "
1086
"directory as normal, and the <application>smbd</application> binary will "
1087
"have access to only the configured files and directories. Be sure to add "
1088
"entries for each directory you configure Samba to share. Also, any errors "
1089
"will be logged to <filename>/var/log/syslog</filename>."
1090
msgstr ""
1091
1092
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
1093
msgid ""
1094
"O'Reilly's <ulink "
1095
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1096
"also a good reference."
1097
msgstr ""
1098
"O'Reilly's <ulink "
1099
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1100
"also a good reference."
1101
1102
#: serverguide/C/windows-networking.xml:722(para)
1103
msgid ""
1104
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1105
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1106
"security."
1107
msgstr ""
1108
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1109
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1110
"security."
1111
1112
#: serverguide/C/windows-networking.xml:728(para)
1113
msgid ""
1114
"For more information on Samba and ACLs see the <ulink "
1115
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1116
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1117
msgstr ""
1118
"For more information on Samba and ACLs see the <ulink "
1119
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1120
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1121
1122
#: serverguide/C/windows-networking.xml:744(title)
1123
msgid "Samba as a Domain Controller"
1124
msgstr "Samba as a Domain Controller"
1125
1126
#: serverguide/C/windows-networking.xml:746(para)
1127
msgid ""
1128
"Although it cannot act as an Active Directory Primary Domain Controller "
1129
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1130
"domain controller. A major advantage of this configuration is the ability to "
1131
"centralize user and machine credentials. Samba can also use multiple "
1132
"backends to store the user information."
1133
msgstr ""
1134
"Although it cannot act as an Active Directory Primary Domain Controller "
1135
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1136
"domain controller. A major advantage of this configuration is the ability to "
1137
"centralize user and machine credentials. Samba can also use multiple "
1138
"backends to store the user information."
1139
1140
#: serverguide/C/windows-networking.xml:753(title)
1141
msgid "Primary Domain Controller"
1142
msgstr "Primary Domain Controller"
1143
1144
#: serverguide/C/windows-networking.xml:755(para)
1145
msgid ""
1146
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1147
"using the default smbpasswd backend."
1148
msgstr ""
1149
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1150
"using the default smbpasswd backend."
1151
1152
#: serverguide/C/windows-networking.xml:762(para)
1153
msgid ""
1154
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1155
"the user accounts, by entering the following in a terminal prompt:"
1156
msgstr ""
1157
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1158
"the user accounts, by entering the following in a terminal prompt:"
1159
1160
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1161
msgid "sudo apt-get install samba libpam-smbpass"
1162
msgstr "sudo apt-get install samba libpam-smbpass"
1163
1164
#: serverguide/C/windows-networking.xml:774(para)
1165
msgid ""
1166
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1167
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1168
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1169
"should relate to your organization:"
1170
msgstr ""
1171
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1172
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1173
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1174
"should relate to your organization:"
1175
1176
#: serverguide/C/windows-networking.xml:789(para)
1177
msgid ""
1178
"In the commented <quote>Domains</quote> section add or uncomment the "
1179
"following:"
1180
msgstr ""
1181
"In the commented <quote>Domains</quote> section add or uncomment the "
1182
"following:"
1183
1184
#: serverguide/C/windows-networking.xml:793(programlisting)
1185
#, no-wrap
1186
msgid ""
1187
"\n"
1188
" domain logons = yes\n"
1189
" logon path = \\\\%N\\%U\\profile\n"
1190
" logon drive = H:\n"
1191
" logon home = \\\\%N\\%U\n"
1192
" logon script = logon.cmd\n"
1193
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1194
"/var/lib/samba -s /bin/false %u\n"
1195
msgstr ""
1196
1197
#: serverguide/C/windows-networking.xml:804(para)
1198
msgid ""
1199
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1200
"Samba to act as a domain controller."
1201
msgstr ""
1202
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1203
"Samba to act as a domain controller."
1204
1205
#: serverguide/C/windows-networking.xml:809(para)
1206
msgid ""
1207
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1208
"their home directory. It is also possible to configure a "
1209
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1210
"directory."
1211
msgstr ""
1212
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1213
"their home directory. It is also possible to configure a "
1214
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1215
"directory."
1216
1217
#: serverguide/C/windows-networking.xml:815(para)
1218
msgid ""
1219
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1220
msgstr ""
1221
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1222
1223
#: serverguide/C/windows-networking.xml:820(para)
1224
msgid ""
1225
"<emphasis>logon home:</emphasis> specifies the home directory location."
1226
msgstr ""
1227
"<emphasis>logon home:</emphasis> specifies the home directory location."
1228
1229
#: serverguide/C/windows-networking.xml:825(para)
1230
msgid ""
1231
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1232
"once a user has logged in. The script needs to be placed in the "
1233
"<emphasis>[netlogon]</emphasis> share."
1234
msgstr ""
1235
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1236
"once a user has logged in. The script needs to be placed in the "
1237
"<emphasis>[netlogon]</emphasis> share."
1238
1239
#: serverguide/C/windows-networking.xml:831(para)
1240
msgid ""
1241
"<emphasis>add machine script:</emphasis> a script that will automatically "
1242
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1243
"workstation to join the domain."
1244
msgstr ""
1245
"<emphasis>add machine script:</emphasis> a script that will automatically "
1246
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1247
"workstation to join the domain."
1248
1249
#: serverguide/C/windows-networking.xml:835(para)
1250
msgid ""
1251
"In this example the <emphasis>machines</emphasis> group will need to be "
1252
"created using the <application>addgroup</application> utility see <xref "
1253
"linkend=\"adding-deleting-users\"/> for details."
1254
msgstr ""
1255
"In this example the <emphasis>machines</emphasis> group will need to be "
1256
"created using the <application>addgroup</application> utility see <xref "
1257
"linkend=\"adding-deleting-users\"/> for details."
1258
1259
#: serverguide/C/windows-networking.xml:839(para)
1260
msgid ""
1261
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1262
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1263
"(and other admin functions) to work. This is achieved by executing:"
1264
msgstr ""
1265
1266
#: serverguide/C/windows-networking.xml:844(command)
1267
msgid ""
1268
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1269
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1270
"SeRemoteShutdownPrivilege"
1271
msgstr ""
1272
1273
#: serverguide/C/windows-networking.xml:851(para)
1274
msgid ""
1275
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1276
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1277
"commented."
1278
msgstr ""
1279
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1280
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1281
"commented."
1282
1283
#: serverguide/C/windows-networking.xml:860(para)
1284
msgid ""
1285
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1286
"role=\"italic\">logon home</emphasis> to be mapped:"
1287
msgstr ""
1288
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1289
"role=\"italic\">logon home</emphasis> to be mapped:"
1290
1291
#: serverguide/C/windows-networking.xml:865(programlisting)
1292
#, no-wrap
1293
msgid ""
1294
"\n"
1295
"[homes]\n"
1296
" comment = Home Directories\n"
1297
" browseable = no\n"
1298
" read only = no\n"
1299
" create mask = 0700\n"
1300
" directory mask = 0700\n"
1301
" valid users = %S\n"
1302
msgstr ""
1303
"\n"
1304
"[homes]\n"
1305
" comment = Home Directories\n"
1306
" browseable = no\n"
1307
" read only = no\n"
1308
" create mask = 0700\n"
1309
" directory mask = 0700\n"
1310
" valid users = %S\n"
1311
1312
#: serverguide/C/windows-networking.xml:878(para)
1313
msgid ""
1314
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1315
"share needs to be configured. To enable the share, uncomment:"
1316
msgstr ""
1317
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1318
"share needs to be configured. To enable the share, uncomment:"
1319
1320
#: serverguide/C/windows-networking.xml:883(programlisting)
1321
#, no-wrap
1322
msgid ""
1323
"\n"
1324
"[netlogon]\n"
1325
" comment = Network Logon Service\n"
1326
" path = /srv/samba/netlogon\n"
1327
" guest ok = yes\n"
1328
" read only = yes\n"
1329
" share modes = no\n"
1330
msgstr ""
1331
"\n"
1332
"[netlogon]\n"
1333
" comment = Network Logon Service\n"
1334
" path = /srv/samba/netlogon\n"
1335
" guest ok = yes\n"
1336
" read only = yes\n"
1337
" share modes = no\n"
1338
1339
#: serverguide/C/windows-networking.xml:893(para)
1340
msgid ""
1341
"The original <emphasis>netlogon</emphasis> share path is "
1342
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1343
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1344
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1345
"location for site-specific data provided by the system."
1346
msgstr ""
1347
"The original <emphasis>netlogon</emphasis> share path is "
1348
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1349
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1350
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1351
"location for site-specific data provided by the system."
1352
1353
#: serverguide/C/windows-networking.xml:904(para)
1354
msgid ""
1355
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1356
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1357
msgstr ""
1358
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1359
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1360
1361
#: serverguide/C/windows-networking.xml:910(command)
1362
msgid "sudo mkdir -p /srv/samba/netlogon"
1363
msgstr "sudo mkdir -p /srv/samba/netlogon"
1364
1365
#: serverguide/C/windows-networking.xml:911(command)
1366
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1367
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1368
1369
#: serverguide/C/windows-networking.xml:914(para)
1370
msgid ""
1371
"You can enter any normal Windows logon script commands in "
1372
"<filename>logon.cmd</filename> to customize the client's environment."
1373
msgstr ""
1374
"You can enter any normal Windows logon script commands in "
1375
"<filename>logon.cmd</filename> to customize the client's environment."
1376
1377
#: serverguide/C/windows-networking.xml:922(para)
1378
msgid ""
1379
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1380
"workstation to the domain, a system group needs to be mapped to the Windows "
1381
"<emphasis>Domain Admins</emphasis> group. Using the "
1382
"<application>net</application> utility, from a terminal enter:"
1383
msgstr ""
1384
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1385
"workstation to the domain, a system group needs to be mapped to the Windows "
1386
"<emphasis>Domain Admins</emphasis> group. Using the "
1387
"<application>net</application> utility, from a terminal enter:"
1388
1389
#: serverguide/C/windows-networking.xml:929(command)
1390
msgid ""
1391
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1392
"type=d"
1393
msgstr ""
1394
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1395
"type=d"
1396
1397
#: serverguide/C/windows-networking.xml:933(para)
1398
msgid ""
1399
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1400
"prefer. Also, the user used to join the domain needs to be a member of the "
1401
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1402
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1403
"allows <application>sudo</application> use."
1404
msgstr ""
1405
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1406
"prefer. Also, the user used to join the domain needs to be a member of the "
1407
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1408
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1409
"allows <application>sudo</application> use."
1410
1411
#: serverguide/C/windows-networking.xml:944(para)
1412
msgid "Finally, restart Samba to enable the new domain controller:"
1413
msgstr "Finally, restart Samba to enable the new domain controller:"
1414
1415
#: serverguide/C/windows-networking.xml:956(para)
1416
msgid ""
1417
"You should now be able to join Windows clients to the Domain in the same "
1418
"manner as joining them to an NT4 domain running on a Windows server."
1419
msgstr ""
1420
"You should now be able to join Windows clients to the Domain in the same "
1421
"manner as joining them to an NT4 domain running on a Windows server."
1422
1423
#: serverguide/C/windows-networking.xml:966(title)
1424
msgid "Backup Domain Controller"
1425
msgstr "Backup Domain Controller"
1426
1427
#: serverguide/C/windows-networking.xml:968(para)
1428
msgid ""
1429
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1430
"Backup Domain Controller (BDC) as well. This will allow clients to "
1431
"authenticate in case the PDC becomes unavailable."
1432
msgstr ""
1433
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1434
"Backup Domain Controller (BDC) as well. This will allow clients to "
1435
"authenticate in case the PDC becomes unavailable."
1436
1437
#: serverguide/C/windows-networking.xml:973(para)
1438
msgid ""
1439
"When configuring Samba as a BDC you need a way to sync account information "
1440
"with the PDC. There are multiple ways of accomplishing this "
1441
"<application>scp</application>, <application>rsync</application>, or by "
1442
"using <application>LDAP</application> as the <emphasis>passdb "
1443
"backend</emphasis>."
1444
msgstr ""
1445
"When configuring Samba as a BDC you need a way to sync account information "
1446
"with the PDC. There are multiple ways of accomplishing this "
1447
"<application>scp</application>, <application>rsync</application>, or by "
1448
"using <application>LDAP</application> as the <emphasis>passdb "
1449
"backend</emphasis>."
1450
1451
#: serverguide/C/windows-networking.xml:979(para)
1452
msgid ""
1453
"Using LDAP is the most robust way to sync account information, because both "
1454
"domain controllers can use the same information in real time. However, "
1455
"setting up a LDAP server may be overly complicated for a small number of "
1456
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1457
msgstr ""
1458
"Using LDAP is the most robust way to sync account information, because both "
1459
"domain controllers can use the same information in real time. However, "
1460
"setting up a LDAP server may be overly complicated for a small number of "
1461
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1462
1463
#: serverguide/C/windows-networking.xml:988(para)
1464
msgid ""
1465
"First, install <application>samba</application> and <application>libpam-"
1466
"smbpass</application>. From a terminal enter:"
1467
msgstr ""
1468
"First, install <application>samba</application> and <application>libpam-"
1469
"smbpass</application>. From a terminal enter:"
1470
1471
#: serverguide/C/windows-networking.xml:999(para)
1472
msgid ""
1473
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1474
"following in the <emphasis>[global]</emphasis>:"
1475
msgstr ""
1476
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1477
"following in the <emphasis>[global]</emphasis>:"
1478
1479
#: serverguide/C/windows-networking.xml:1012(para)
1480
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1481
msgstr "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1482
1483
#: serverguide/C/windows-networking.xml:1016(programlisting)
1484
#, no-wrap
1485
msgid ""
1486
"\n"
1487
" domain logons = yes\n"
1488
" domain master = no\n"
1489
msgstr ""
1490
"\n"
1491
" domain logons = yes\n"
1492
" domain master = no\n"
1493
1494
#: serverguide/C/windows-networking.xml:1024(para)
1495
msgid ""
1496
"Make sure a user has rights to read the files in "
1497
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1498
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1499
"files, enter:"
1500
msgstr ""
1501
"Make sure a user has rights to read the files in "
1502
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1503
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1504
"files, enter:"
1505
1506
#: serverguide/C/windows-networking.xml:1030(command)
1507
msgid "sudo chgrp -R admin /var/lib/samba"
1508
msgstr "sudo chgrp -R admin /var/lib/samba"
1509
1510
#: serverguide/C/windows-networking.xml:1036(para)
1511
msgid ""
1512
"Next, sync the user accounts, using <application>scp</application> to copy "
1513
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1514
msgstr ""
1515
"Next, sync the user accounts, using <application>scp</application> to copy "
1516
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1517
1518
#: serverguide/C/windows-networking.xml:1042(command)
1519
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1520
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1521
1522
#: serverguide/C/windows-networking.xml:1046(para)
1523
msgid ""
1524
"Replace <emphasis>username</emphasis> with a valid username and "
1525
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1526
msgstr ""
1527
"Replace <emphasis>username</emphasis> with a valid username and "
1528
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1529
1530
#: serverguide/C/windows-networking.xml:1055(para)
1531
msgid "Finally, restart <application>samba</application>:"
1532
msgstr "Finally, restart <application>samba</application>:"
1533
1534
#: serverguide/C/windows-networking.xml:1067(para)
1535
msgid ""
1536
"You can test that your Backup Domain controller is working by stopping the "
1537
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1538
"the domain."
1539
msgstr ""
1540
"You can test that your Backup Domain controller is working by stopping the "
1541
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1542
"the domain."
1543
1544
#: serverguide/C/windows-networking.xml:1072(para)
1545
msgid ""
1546
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1547
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1548
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1549
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1550
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1551
msgstr ""
1552
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1553
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1554
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1555
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1556
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1557
1558
#: serverguide/C/windows-networking.xml:1102(para)
1559
msgid ""
1560
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1561
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1562
"up a Primary Domain Controller."
1563
msgstr ""
1564
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1565
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1566
"up a Primary Domain Controller."
1567
1568
#: serverguide/C/windows-networking.xml:1108(para)
1569
msgid ""
1570
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1571
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1572
"explains setting up a Backup Domain Controller."
1573
msgstr ""
1574
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1575
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1576
"explains setting up a Backup Domain Controller."
1577
1578
#: serverguide/C/windows-networking.xml:1123(title)
1579
msgid "Samba Active Directory Integration"
1580
msgstr "Samba Active Directory Integration"
1581
1582
#: serverguide/C/windows-networking.xml:1126(title)
1583
msgid "Accessing a Samba Share"
1584
msgstr "Accessing a Samba Share"
1585
1586
#: serverguide/C/windows-networking.xml:1128(para)
1587
msgid ""
1588
"Another, use for Samba is to integrate into an existing Windows network. "
1589
"Once part of an Active Directory domain, Samba can provide file and print "
1590
"services to AD users."
1591
msgstr ""
1592
"Another, use for Samba is to integrate into an existing Windows network. "
1593
"Once part of an Active Directory domain, Samba can provide file and print "
1594
"services to AD users."
1595
1596
#: serverguide/C/windows-networking.xml:1133(para)
1597
msgid ""
1598
"The simplest way to join an AD domain is to use <application>Likewise-"
1599
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1600
"open\"/>."
1601
msgstr ""
1602
"The simplest way to join an AD domain is to use <application>Likewise-"
1603
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1604
"open\"/>."
1605
1606
#: serverguide/C/windows-networking.xml:1138(para)
1607
msgid ""
1608
"Once part of the domain, enter the following command in the terminal prompt:"
1609
msgstr ""
1610
1611
#: serverguide/C/windows-networking.xml:1143(command)
1612
msgid "sudo apt-get install samba smbfs smbclient"
1613
msgstr "sudo apt-get install samba smbfs smbclient"
1614
1615
#: serverguide/C/windows-networking.xml:1146(para)
1616
msgid ""
1617
"Since the <application>likewise-open</application> and "
1618
"<application>samba</application> packages use separate "
1619
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1620
"<filename role=\"directory\">/var/lib/samba</filename>:"
1621
msgstr ""
1622
"Since the <application>likewise-open</application> and "
1623
"<application>samba</application> packages use separate "
1624
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1625
"<filename role=\"directory\">/var/lib/samba</filename>:"
1626
1627
#: serverguide/C/windows-networking.xml:1152(command)
1628
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1629
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1630
1631
#: serverguide/C/windows-networking.xml:1153(command)
1632
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1633
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1634
1635
#: serverguide/C/windows-networking.xml:1156(para)
1636
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1637
msgstr "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1638
1639
#: serverguide/C/windows-networking.xml:1160(programlisting)
1640
#, no-wrap
1641
msgid ""
1642
"\n"
1643
" workgroup = EXAMPLE\n"
1644
" ...\n"
1645
" security = ads\n"
1646
" realm = EXAMPLE.COM\n"
1647
" ...\n"
1648
" idmap backend = lwopen\n"
1649
" idmap uid = 50-9999999999\n"
1650
" idmap gid = 50-9999999999\n"
1651
msgstr ""
1652
"\n"
1653
" workgroup = EXAMPLE\n"
1654
" ...\n"
1655
" security = ads\n"
1656
" realm = EXAMPLE.COM\n"
1657
" ...\n"
1658
" idmap backend = lwopen\n"
1659
" idmap uid = 50-9999999999\n"
1660
" idmap gid = 50-9999999999\n"
1661
1662
#: serverguide/C/windows-networking.xml:1171(para)
1663
msgid ""
1664
"Restart <application>samba</application> for the new settings to take effect:"
1665
msgstr ""
1666
"Restart <application>samba</application> for the new settings to take effect:"
1667
1668
#: serverguide/C/windows-networking.xml:1180(para)
1669
msgid ""
1670
"You should now be able to access any <application>Samba</application> shares "
1671
"from a Windows client. However, be sure to give the appropriate AD users or "
1672
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1673
"security\"/> for more details."
1674
msgstr ""
1675
"You should now be able to access any <application>Samba</application> shares "
1676
"from a Windows client. However, be sure to give the appropriate AD users or "
1677
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1678
"security\"/> for more details."
1679
1680
#: serverguide/C/windows-networking.xml:1188(title)
1681
msgid "Accessing a Windows Share"
1682
msgstr "Accessing a Windows Share"
1683
1684
#: serverguide/C/windows-networking.xml:1190(para)
1685
msgid ""
1686
"Now that the Samba server is part of the Active Directory domain you can "
1687
"access any Windows server shares:"
1688
msgstr ""
1689
"Now that the Samba server is part of the Active Directory domain you can "
1690
"access any Windows server shares:"
1691
1692
#: serverguide/C/windows-networking.xml:1197(para)
1693
msgid ""
1694
"To mount a Windows file share enter the following in a terminal prompt:"
1695
msgstr ""
1696
"To mount a Windows file share enter the following in a terminal prompt:"
1697
1698
#: serverguide/C/windows-networking.xml:1201(command)
1699
msgid "mount.cifs //fs01.example.com/share mount_point"
1700
msgstr "mount.cifs //fs01.example.com/share mount_point"
1701
1702
#: serverguide/C/windows-networking.xml:1204(para)
1703
msgid ""
1704
"It is also possible to access shares on computers not part of an AD domain, "
1705
"but a username and password will need to be provided."
1706
msgstr ""
1707
"It is also possible to access shares on computers not part of an AD domain, "
1708
"but a username and password will need to be provided."
1709
1710
#: serverguide/C/windows-networking.xml:1212(para)
1711
msgid ""
1712
"To mount the share during boot place an entry in "
1713
"<filename>/etc/fstab</filename>, for example:"
1714
msgstr ""
1715
"To mount the share during boot place an entry in "
1716
"<filename>/etc/fstab</filename>, for example:"
1717
1718
#: serverguide/C/windows-networking.xml:1216(programlisting)
1719
#, no-wrap
1720
msgid ""
1721
"\n"
1722
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1723
"0 0\n"
1724
msgstr ""
1725
"\n"
1726
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1727
"0 0\n"
1728
1729
#: serverguide/C/windows-networking.xml:1223(para)
1730
msgid ""
1731
"Another way to copy files from a Windows server is to use the "
1732
"<application>smbclient</application> utility. To list the files in a Windows "
1733
"share:"
1734
msgstr ""
1735
"Another way to copy files from a Windows server is to use the "
1736
"<application>smbclient</application> utility. To list the files in a Windows "
1737
"share:"
1738
1739
#: serverguide/C/windows-networking.xml:1229(command)
1740
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1741
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1742
1743
#: serverguide/C/windows-networking.xml:1235(para)
1744
msgid "To copy a file from the share, enter:"
1745
msgstr "To copy a file from the share, enter:"
1746
1747
#: serverguide/C/windows-networking.xml:1240(command)
1748
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1749
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1750
1751
#: serverguide/C/windows-networking.xml:1243(para)
1752
msgid ""
1753
"This will copy the <filename>file.txt</filename> into the current directory."
1754
msgstr ""
1755
"This will copy the <filename>file.txt</filename> into the current directory."
1756
1757
#: serverguide/C/windows-networking.xml:1250(para)
1758
msgid "And to copy a file to the share:"
1759
msgstr "And to copy a file to the share:"
1760
1761
#: serverguide/C/windows-networking.xml:1255(command)
1762
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1763
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1764
1765
#: serverguide/C/windows-networking.xml:1258(para)
1766
msgid ""
1767
"This will copy the <filename>/etc/hosts</filename> to "
1768
"<filename>//fs01.example.com/share/hosts</filename>."
1769
msgstr ""
1770
1771
#: serverguide/C/windows-networking.xml:1265(para)
1772
msgid ""
1773
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1774
"<application>smbclient</application> command all at once. This is useful for "
1775
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1776
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1777
"and directory commands, simply execute:"
1778
msgstr ""
1779
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1780
"<application>smbclient</application> command all at once. This is useful for "
1781
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1782
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1783
"and directory commands, simply execute:"
1784
1785
#: serverguide/C/windows-networking.xml:1272(command)
1786
msgid "smbclient //fs01.example.com/share -k"
1787
msgstr "smbclient //fs01.example.com/share -k"
1788
1789
#: serverguide/C/windows-networking.xml:1279(para)
1790
msgid ""
1791
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1792
"<emphasis>//192.168.0.5/share</emphasis>, "
1793
"<emphasis>username=steve,password=secret</emphasis>, and "
1794
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1795
"file name, and an actual username and password with rights to the share."
1796
msgstr ""
1797
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1798
"<emphasis>//192.168.0.5/share</emphasis>, "
1799
"<emphasis>username=steve,password=secret</emphasis>, and "
1800
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1801
"file name, and an actual username and password with rights to the share."
1802
1803
#: serverguide/C/windows-networking.xml:1290(para)
1804
msgid ""
1805
"For more <application>smbclient</application> options see the man page: "
1806
"<command>man smbclient</command>, also available <ulink "
1807
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1808
">online</ulink>."
1809
msgstr ""
1810
1811
#: serverguide/C/windows-networking.xml:1295(para)
1812
msgid ""
1813
"The <application>mount.cifs</application><ulink "
1814
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1815
"\">man page</ulink> is also useful for more detailed information."
1816
msgstr ""
1817
1818
#: serverguide/C/windows-networking.xml:1308(title)
1819
msgid "Likewise Open"
1820
msgstr "Likewise Open"
1821
1822
#: serverguide/C/windows-networking.xml:1310(para)
1823
msgid ""
1824
"<application>Likewise Open</application> simplifies the necessary "
1825
"configuration needed to authenticate a Linux machine to an Active Directory "
1826
"domain. Based on <application>winbind</application>, the "
1827
"<application>likewise-open</application> package takes the pain out of "
1828
"integrating Ubuntu authentication into an existing Windows network."
1829
msgstr ""
1830
"<application>Likewise Open</application> simplifies the necessary "
1831
"configuration needed to authenticate a Linux machine to an Active Directory "
1832
"domain. Based on <application>winbind</application>, the "
1833
"<application>likewise-open</application> package takes the pain out of "
1834
"integrating Ubuntu authentication into an existing Windows network."
1835
1836
#: serverguide/C/windows-networking.xml:1319(para)
1837
msgid ""
1838
"There are two ways to use Likewise Open, <application>likewise-"
1839
"open</application> the command line utility and <application>likewise-open-"
1840
"gui</application>. This section focuses on the command line utility."
1841
msgstr ""
1842
"There are two ways to use Likewise Open, <application>likewise-"
1843
"open</application> the command line utility and <application>likewise-open-"
1844
"gui</application>. This section focuses on the command line utility."
1845
1846
#: serverguide/C/windows-networking.xml:1324(para)
1847
msgid ""
1848
"To install the <application>likewise-open</application> package, open a "
1849
"terminal prompt and enter:"
1850
msgstr ""
1851
"To install the <application>likewise-open</application> package, open a "
1852
"terminal prompt and enter:"
1853
1854
#: serverguide/C/windows-networking.xml:1329(command)
1855
msgid "sudo apt-get install likewise-open"
1856
msgstr "sudo apt-get install likewise-open"
1857
1858
#: serverguide/C/windows-networking.xml:1334(title)
1859
msgid "Joining a Domain"
1860
msgstr "Joining a Domain"
1861
1862
#: serverguide/C/windows-networking.xml:1336(para)
1863
msgid ""
1864
"The main executable file of the <application>likewise-open</application> "
1865
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1866
"join your computer to the domain. Before you join a domain you will need to "
1867
"make sure you have:"
1868
msgstr ""
1869
"The main executable file of the <application>likewise-open</application> "
1870
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1871
"join your computer to the domain. Before you join a domain you will need to "
1872
"make sure you have:"
1873
1874
#: serverguide/C/windows-networking.xml:1344(para)
1875
msgid ""
1876
"Access to an Active Directory user with appropriate rights to join the "
1877
"domain."
1878
msgstr ""
1879
"Access to an Active Directory user with appropriate rights to join the "
1880
"domain."
1881
1882
#: serverguide/C/windows-networking.xml:1349(para)
1883
msgid ""
1884
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1885
"you want to join. If your AD domain does not match a valid domain such as "
1886
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1887
"the form of <emphasis>domainname.local</emphasis>."
1888
msgstr ""
1889
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1890
"you want to join. If your AD domain does not match a valid domain such as "
1891
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1892
"the form of <emphasis>domainname.local</emphasis>."
1893
1894
#: serverguide/C/windows-networking.xml:1356(para)
1895
msgid ""
1896
"DNS for the domain setup properly. In a production AD environment this "
1897
"should be the case. Proper Microsoft DNS is needed so that client "
1898
"workstations can determine the Active Directory domain is available."
1899
msgstr ""
1900
"DNS for the domain setup properly. In a production AD environment this "
1901
"should be the case. Proper Microsoft DNS is needed so that client "
1902
"workstations can determine the Active Directory domain is available."
1903
1904
#: serverguide/C/windows-networking.xml:1360(para)
1905
msgid ""
1906
"If you don't have a Windows DNS server on your network, see <xref "
1907
"linkend=\"likewise-open-ms-dns\"/> for details."
1908
msgstr ""
1909
"If you don't have a Windows DNS server on your network, see <xref "
1910
"linkend=\"likewise-open-ms-dns\"/> for details."
1911
1912
#: serverguide/C/windows-networking.xml:1367(para)
1913
msgid "To join a domain, from a terminal prompt enter:"
1914
msgstr "To join a domain, from a terminal prompt enter:"
1915
1916
#: serverguide/C/windows-networking.xml:1372(command)
1917
msgid "sudo domainjoin-cli join example.com Administrator"
1918
msgstr "sudo domainjoin-cli join example.com Administrator"
1919
1920
#: serverguide/C/windows-networking.xml:1376(para)
1921
msgid ""
1922
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1923
"<emphasis>Administrator</emphasis> with the appropriate user name."
1924
msgstr ""
1925
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1926
"<emphasis>Administrator</emphasis> with the appropriate user name."
1927
1928
#: serverguide/C/windows-networking.xml:1382(para)
1929
msgid ""
1930
"You will then be prompted for the user's password. If all goes well a "
1931
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1932
msgstr ""
1933
"You will then be prompted for the user's password. If all goes well a "
1934
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1935
1936
#: serverguide/C/windows-networking.xml:1388(para)
1937
msgid ""
1938
"After joining the domain, it is necessary to reboot before attempting to "
1939
"authenticate against the domain."
1940
msgstr ""
1941
1942
#: serverguide/C/windows-networking.xml:1394(para)
1943
msgid ""
1944
"After successfully joining an Ubuntu machine to an Active Directory domain "
1945
"you can authenticate using any valid AD user. To login you will need to "
1946
"enter the user name as 'domain\\username'. For example to ssh to a server "
1947
"joined to the domain enter:"
1948
msgstr ""
1949
"After successfully joining an Ubuntu machine to an Active Directory domain "
1950
"you can authenticate using any valid AD user. To login you will need to "
1951
"enter the user name as 'domain\\username'. For example to ssh to a server "
1952
"joined to the domain enter:"
1953
1954
#: serverguide/C/windows-networking.xml:1401(command)
1955
msgid "ssh 'example\\steve'@hostname"
1956
msgstr "ssh 'example\\steve'@hostname"
1957
1958
#: serverguide/C/windows-networking.xml:1405(para)
1959
msgid ""
1960
"If configuring a Desktop the user name will need to be prefixed with "
1961
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1962
msgstr ""
1963
"If configuring a Desktop the user name will need to be prefixed with "
1964
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1965
1966
#: serverguide/C/windows-networking.xml:1411(para)
1967
msgid ""
1968
"To make likewise-open use a default domain, you can add the following "
1969
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1970
msgstr ""
1971
"To make likewise-open use a default domain, you can add the following "
1972
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1973
1974
#: serverguide/C/windows-networking.xml:1415(programlisting)
1975
#, no-wrap
1976
msgid ""
1977
"\n"
1978
"winbind use default domain = yes\n"
1979
msgstr ""
1980
"\n"
1981
"winbind use default domain = yes\n"
1982
1983
#: serverguide/C/windows-networking.xml:1419(para)
1984
msgid "Then restart the <application>likewise-open</application> daemons:"
1985
msgstr "Then restart the <application>likewise-open</application> daemons:"
1986
1987
#: serverguide/C/windows-networking.xml:1424(command)
1988
msgid "sudo /etc/init.d/likewise-open restart"
1989
msgstr "sudo /etc/init.d/likewise-open restart"
1990
1991
#: serverguide/C/windows-networking.xml:1428(para)
1992
msgid ""
1993
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1994
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1995
"using only their username."
1996
msgstr ""
1997
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1998
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1999
"using only their username."
2000
2001
#: serverguide/C/windows-networking.xml:1434(para)
2002
msgid ""
2003
"The <application>domainjoin-cli</application> utility can also be used to "
2004
"leave the domain. From a terminal:"
2005
msgstr ""
2006
"The <application>domainjoin-cli</application> utility can also be used to "
2007
"leave the domain. From a terminal:"
2008
2009
#: serverguide/C/windows-networking.xml:1439(command)
2010
msgid "sudo domainjoin-cli leave"
2011
msgstr "sudo domainjoin-cli leave"
2012
2013
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
2014
msgid "Other Utilities"
2015
msgstr "Other Utilities"
2016
2017
#: serverguide/C/windows-networking.xml:1446(para)
2018
msgid ""
2019
"The <application>likewise-open</application> package comes with a few other "
2020
"utilities that may be useful for gathering information about the Active "
2021
"Directory environment. These utilities are used to join the machine to the "
2022
"domain, and are the same as those available in the <application>samba-"
2023
"common</application> and <application>winbind</application> packages:"
2024
msgstr ""
2025
"The <application>likewise-open</application> package comes with a few other "
2026
"utilities that may be useful for gathering information about the Active "
2027
"Directory environment. These utilities are used to join the machine to the "
2028
"domain, and are the same as those available in the <application>samba-"
2029
"common</application> and <application>winbind</application> packages:"
2030
2031
#: serverguide/C/windows-networking.xml:1455(para)
2032
msgid ""
2033
"<application>lwinet</application>: Returns information about the network and "
2034
"the domain."
2035
msgstr ""
2036
"<application>lwinet</application>: Returns information about the network and "
2037
"the domain."
2038
2039
#: serverguide/C/windows-networking.xml:1460(para)
2040
msgid ""
2041
"<application>lwimsg</application>: Allows interaction with the "
2042
"<application>likewise-winbindd</application> daemon."
2043
msgstr ""
2044
"<application>lwimsg</application>: Allows interaction with the "
2045
"<application>likewise-winbindd</application> daemon."
2046
2047
#: serverguide/C/windows-networking.xml:1465(para)
2048
msgid ""
2049
"<application>lwiinfo</application>: Displays information about various parts "
2050
"of the Domain."
2051
msgstr ""
2052
"<application>lwiinfo</application>: Displays information about various parts "
2053
"of the Domain."
2054
2055
#: serverguide/C/windows-networking.xml:1471(para)
2056
msgid "Please refer to each utility's man page specific for details."
2057
msgstr "Please refer to each utility's man page specific for details."
2058
2059
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
2060
msgid "Troubleshooting"
2061
msgstr "Troubleshooting"
2062
2063
#: serverguide/C/windows-networking.xml:1481(para)
2064
msgid ""
2065
"If the client has trouble joining the domain, double check that the "
2066
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2067
"example:"
2068
msgstr ""
2069
"If the client has trouble joining the domain, double check that the "
2070
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2071
"example:"
2072
2073
#: serverguide/C/windows-networking.xml:1486(programlisting)
2074
#, no-wrap
2075
msgid ""
2076
"\n"
2077
"nameserver 192.168.0.1\n"
2078
msgstr ""
2079
"\n"
2080
"nameserver 192.168.0.1\n"
2081
2082
#: serverguide/C/windows-networking.xml:1491(para)
2083
msgid ""
2084
"For more information when joining a domain, use the <emphasis>--loglevel "
2085
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2086
"<application>domainjoin-cli</application> utility:"
2087
msgstr ""
2088
"For more information when joining a domain, use the <emphasis>--loglevel "
2089
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2090
"<application>domainjoin-cli</application> utility:"
2091
2092
#: serverguide/C/windows-networking.xml:1497(command)
2093
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2094
msgstr ""
2095
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2096
2097
#: serverguide/C/windows-networking.xml:1501(para)
2098
msgid ""
2099
"If an Active Directory user has trouble logging in, check the "
2100
"<filename>/var/log/auth.log</filename> for details."
2101
msgstr ""
2102
"If an Active Directory user has trouble logging in, check the "
2103
"<filename>/var/log/auth.log</filename> for details."
2104
2105
#: serverguide/C/windows-networking.xml:1506(para)
2106
msgid ""
2107
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
2108
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
2109
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
2110
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
2111
"<emphasis>hosts</emphasis> option. For example:"
2112
msgstr ""
2113
2114
#: serverguide/C/windows-networking.xml:1512(programlisting)
2115
#, no-wrap
2116
msgid ""
2117
"\n"
2118
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2119
msgstr ""
2120
"\n"
2121
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2122
2123
#: serverguide/C/windows-networking.xml:1516(para)
2124
msgid "Change the above to:"
2125
msgstr "Change the above to:"
2126
2127
#: serverguide/C/windows-networking.xml:1520(programlisting)
2128
#, no-wrap
2129
msgid ""
2130
"\n"
2131
"hosts: files dns [NOTFOUND=return]\n"
2132
msgstr ""
2133
"\n"
2134
"hosts: files dns [NOTFOUND=return]\n"
2135
2136
#: serverguide/C/windows-networking.xml:1524(para)
2137
msgid "Then restart networking by entering:"
2138
msgstr "Then restart networking by entering:"
2139
2140
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
2141
msgid "sudo /etc/init.d/networking restart"
2142
msgstr "sudo /etc/init.d/networking restart"
2143
2144
#: serverguide/C/windows-networking.xml:1532(para)
2145
msgid "You should now be able to join the Active Directory domain."
2146
msgstr "You should now be able to join the Active Directory domain."
2147
2148
#: serverguide/C/windows-networking.xml:1540(title)
2149
msgid "Microsoft DNS"
2150
msgstr "Microsoft DNS"
2151
2152
#: serverguide/C/windows-networking.xml:1542(para)
2153
msgid ""
2154
"The following are instructions for installing DNS on an Active Directory "
2155
"domain controller running Windows Server 2003, but the instructions should "
2156
"be similar for other versions:"
2157
msgstr ""
2158
"The following are instructions for installing DNS on an Active Directory "
2159
"domain controller running Windows Server 2003, but the instructions should "
2160
"be similar for other versions:"
2161
2162
#: serverguide/C/windows-networking.xml:1551(para)
2163
msgid ""
2164
"Click "
2165
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
2166
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
2167
"This will open the <application>Server Role Mangement</application> utility."
2168
msgstr ""
2169
2170
#: serverguide/C/windows-networking.xml:1559(para)
2171
msgid "Click <guilabel>Add or remove a role</guilabel>"
2172
msgstr ""
2173
2174
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
2175
msgid "Click Next"
2176
msgstr "Click Next"
2177
2178
#: serverguide/C/windows-networking.xml:1561(para)
2179
msgid "Select \"DNS Server\""
2180
msgstr "Select \"DNS Server\""
2181
2182
#: serverguide/C/windows-networking.xml:1563(para)
2183
msgid "Click Next again to proceed"
2184
msgstr ""
2185
2186
#: serverguide/C/windows-networking.xml:1564(para)
2187
msgid "Select \"Create a forward lookup zone\" if it is not selected."
2188
msgstr "Select \"Create a forward lookup zone\" if it is not selected."
2189
2190
#: serverguide/C/windows-networking.xml:1566(para)
2191
msgid ""
2192
"Make sure \"This server maintains the zone\" is selected and click Next."
2193
msgstr ""
2194
"Make sure \"This server maintains the zone\" is selected and click Next."
2195
2196
#: serverguide/C/windows-networking.xml:1567(para)
2197
msgid "Enter your domain name and click Next"
2198
msgstr "Enter your domain name and click Next"
2199
2200
#: serverguide/C/windows-networking.xml:1568(para)
2201
msgid "Click Next to \"Allow only secure dynamic updates\""
2202
msgstr "Click Next to \"Allow only secure dynamic updates\""
2203
2204
#: serverguide/C/windows-networking.xml:1570(para)
2205
msgid ""
2206
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2207
"should not forward queries\" and click Next."
2208
msgstr ""
2209
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2210
"should not forward queries\" and click Next."
2211
2212
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
2213
msgid "Click Finish"
2214
msgstr "Click Finish"
2215
2216
#: serverguide/C/windows-networking.xml:1577(para)
2217
msgid ""
2218
"DNS is now installed and can be further configured using the "
2219
"<application>Microsoft Management Console</application> DNS snap-in."
2220
msgstr ""
2221
"DNS is now installed and can be further configured using the "
2222
"<application>Microsoft Management Console</application> DNS snap-in."
2223
2224
#: serverguide/C/windows-networking.xml:1585(para)
2225
msgid "Click Start"
2226
msgstr "Click Start"
2227
2228
#: serverguide/C/windows-networking.xml:1586(para)
2229
msgid "Control Panel"
2230
msgstr "Control Panel"
2231
2232
#: serverguide/C/windows-networking.xml:1587(para)
2233
msgid "Network Connections"
2234
msgstr "Network Connections"
2235
2236
#: serverguide/C/windows-networking.xml:1588(para)
2237
msgid "Right Click \"Local Area Connection\""
2238
msgstr "Right Click \"Local Area Connection\""
2239
2240
#: serverguide/C/windows-networking.xml:1589(para)
2241
msgid "Click Properties"
2242
msgstr "Click Properties"
2243
2244
#: serverguide/C/windows-networking.xml:1590(para)
2245
msgid "Double click \"Internet Protocol (TCP/IP)\""
2246
msgstr "Double click \"Internet Protocol (TCP/IP)\""
2247
2248
#: serverguide/C/windows-networking.xml:1591(para)
2249
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2250
msgstr "Enter the Server's IP Address as the \"Preferred DNS server\""
2251
2252
#: serverguide/C/windows-networking.xml:1592(para)
2253
msgid "Click Ok"
2254
msgstr "Click Ok"
2255
2256
#: serverguide/C/windows-networking.xml:1593(para)
2257
msgid "Click Ok again to save the settings"
2258
msgstr "Click Ok again to save the settings"
2259
2260
#: serverguide/C/windows-networking.xml:1582(para)
2261
msgid ""
2262
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2263
msgstr ""
2264
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2265
2266
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2267
msgid "References"
2268
msgstr "References"
2269
2270
#: serverguide/C/windows-networking.xml:1602(para)
2271
msgid ""
2272
"Please refer to the <ulink "
2273
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2274
"further information."
2275
msgstr ""
2276
"Please refer to the <ulink "
2277
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2278
"further information."
2279
2280
#: serverguide/C/windows-networking.xml:1606(para)
2281
msgid ""
2282
"For more <application>domainjoin-cli</application> options see the man page: "
2283
"<command>man domainjoin-cli</command>."
2284
msgstr ""
2285
"For more <application>domainjoin-cli</application> options see the man page: "
2286
"<command>man domainjoin-cli</command>."
2287
2288
#: serverguide/C/windows-networking.xml:1610(para)
2289
msgid ""
2290
"Also, see the <ulink "
2291
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2292
"LikewiseOpen</ulink> page."
2293
msgstr ""
2294
2295
#: serverguide/C/web-servers.xml:13(title)
2296
msgid "Web Servers"
2297
msgstr "Web Servers"
2298
2299
#: serverguide/C/web-servers.xml:14(para)
2300
msgid ""
2301
"A Web server is a software responsible for accepting HTTP requests from "
2302
"clients, which are known as Web browsers, and serving them HTTP responses "
2303
"along with optional data contents, which usually are Web pages such as HTML "
2304
"documents and linked objects (images, etc.)."
2305
msgstr ""
2306
"A Web server is a software responsible for accepting HTTP requests from "
2307
"clients, which are known as Web browsers, and serving them HTTP responses "
2308
"along with optional data contents, which usually are Web pages such as HTML "
2309
"documents and linked objects (images, etc.)."
2310
2311
#: serverguide/C/web-servers.xml:19(title)
2312
msgid "HTTPD - Apache2 Web Server"
2313
msgstr "HTTPD - Apache2 Web Server"
2314
2315
#: serverguide/C/web-servers.xml:20(para)
2316
msgid ""
2317
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2318
"are used to serve Web Pages requested by client computers. Clients typically "
2319
"request and view Web Pages using Web Browser applications such as "
2320
"<application>Firefox</application>, <application>Opera</application>, or "
2321
"<application>Mozilla</application>."
2322
msgstr ""
2323
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2324
"are used to serve Web Pages requested by client computers. Clients typically "
2325
"request and view Web Pages using Web Browser applications such as "
2326
"<application>Firefox</application>, <application>Opera</application>, or "
2327
"<application>Mozilla</application>."
2328
2329
#: serverguide/C/web-servers.xml:24(para)
2330
msgid ""
2331
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2332
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2333
"resource. For example, to view the home page of the <ulink "
2334
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2335
"the FQDN. To request specific information about <ulink "
2336
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2337
"enter the FQDN followed by a path."
2338
msgstr ""
2339
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2340
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2341
"resource. For example, to view the home page of the <ulink "
2342
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2343
"the FQDN. To request specific information about <ulink "
2344
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2345
"enter the FQDN followed by a path."
2346
2347
#: serverguide/C/web-servers.xml:29(para)
2348
msgid ""
2349
"The most common protocol used to transfer Web pages is the Hyper Text "
2350
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2351
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2352
"protocol for uploading and downloading files, are also supported."
2353
msgstr ""
2354
"The most common protocol used to transfer Web pages is the Hyper Text "
2355
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2356
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2357
"protocol for uploading and downloading files, are also supported."
2358
2359
#: serverguide/C/web-servers.xml:33(para)
2360
msgid ""
2361
"Apache Web Servers are often used in combination with the "
2362
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2363
"(<application>PHP</application>) scripting language, and other popular "
2364
"scripting languages such as <application>Python</application> and "
2365
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2366
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2367
"for the development and deployment of Web-based applications."
2368
msgstr ""
2369
"Apache Web Servers are often used in combination with the "
2370
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2371
"(<application>PHP</application>) scripting language, and other popular "
2372
"scripting languages such as <application>Python</application> and "
2373
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2374
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2375
"for the development and deployment of Web-based applications."
2376
2377
#: serverguide/C/web-servers.xml:42(para)
2378
msgid ""
2379
"The <application>Apache2</application> web server is available in Ubuntu "
2380
"Linux. To install Apache2:"
2381
msgstr ""
2382
2383
#: serverguide/C/web-servers.xml:48(para)
2384
msgid "At a terminal prompt enter the following command:"
2385
msgstr "At a terminal prompt enter the following command:"
2386
2387
#: serverguide/C/web-servers.xml:53(command)
2388
msgid "sudo apt-get install apache2"
2389
msgstr "sudo apt-get install apache2"
2390
2391
#: serverguide/C/web-servers.xml:63(para)
2392
msgid ""
2393
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2394
"text configuration files. These <emphasis>directives</emphasis> are "
2395
"separated between the following files and directories:"
2396
msgstr ""
2397
2398
#: serverguide/C/web-servers.xml:71(para)
2399
msgid ""
2400
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2401
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2402
msgstr ""
2403
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2404
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2405
2406
#: serverguide/C/web-servers.xml:77(para)
2407
msgid ""
2408
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2409
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2410
"serve content may add files, or symlinks, to this directory."
2411
msgstr ""
2412
2413
#: serverguide/C/web-servers.xml:83(para)
2414
msgid ""
2415
"<emphasis>envvars:</emphasis> file where Apache2 "
2416
"<emphasis>environment</emphasis> variables are set."
2417
msgstr ""
2418
"<emphasis>envvars:</emphasis> file where Apache2 "
2419
"<emphasis>environment</emphasis> variables are set."
2420
2421
#: serverguide/C/web-servers.xml:88(para)
2422
msgid ""
2423
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2424
"file, named after the <application>httpd</application> daemon. The file can "
2425
"be used for <emphasis>user specific</emphasis> configuration options that "
2426
"globally effect Apache2."
2427
msgstr ""
2428
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2429
"file, named after the <application>httpd</application> daemon. The file can "
2430
"be used for <emphasis>user specific</emphasis> configuration options that "
2431
"globally effect Apache2."
2432
2433
#: serverguide/C/web-servers.xml:95(para)
2434
msgid ""
2435
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2436
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2437
"modules will have specific configuration files, however."
2438
msgstr ""
2439
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2440
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2441
"modules will have specific configuration files, however."
2442
2443
#: serverguide/C/web-servers.xml:101(para)
2444
msgid ""
2445
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2446
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2447
"configuration file is symlinked it will be enabled the next time "
2448
"<application>apache2</application> is restarted."
2449
msgstr ""
2450
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2451
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2452
"configuration file is symlinked it will be enabled the next time "
2453
"<application>apache2</application> is restarted."
2454
2455
#: serverguide/C/web-servers.xml:108(para)
2456
msgid ""
2457
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2458
"TCP ports Apache2 is listening on."
2459
msgstr ""
2460
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2461
"TCP ports Apache2 is listening on."
2462
2463
#: serverguide/C/web-servers.xml:113(para)
2464
msgid ""
2465
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2466
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2467
"to be configured for multiple sites that have separate configurations."
2468
msgstr ""
2469
2470
#: serverguide/C/web-servers.xml:119(para)
2471
msgid ""
2472
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2473
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2474
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2475
"a configuration file in sites-available is symlinked, the site configured by "
2476
"it will be active once Apache2 is restarted."
2477
msgstr ""
2478
2479
#: serverguide/C/web-servers.xml:127(para)
2480
msgid ""
2481
"In addition, other configuration files may be added using the "
2482
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2483
"many configuration files. Any directive may be placed in any of these "
2484
"configuration files. Changes to the main configuration files are only "
2485
"recognized by Apache2 when it is started or restarted."
2486
msgstr ""
2487
"In addition, other configuration files may be added using the "
2488
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2489
"many configuration files. Any directive may be placed in any of these "
2490
"configuration files. Changes to the main configuration files are only "
2491
"recognized by Apache2 when it is started or restarted."
2492
2493
#: serverguide/C/web-servers.xml:136(para)
2494
msgid ""
2495
"The server also reads a file containing mime document types; the filename is "
2496
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2497
"<filename>/etc/mime.types</filename> by default."
2498
msgstr ""
2499
"The server also reads a file containing mime document types; the filename is "
2500
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2501
"<filename>/etc/mime.types</filename> by default."
2502
2503
#: serverguide/C/web-servers.xml:141(title)
2504
msgid "Basic Settings"
2505
msgstr "Basic Settings"
2506
2507
#: serverguide/C/web-servers.xml:142(para)
2508
msgid ""
2509
"This section explains Apache2 server essential configuration parameters. "
2510
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2511
"Documentation</ulink> for more details."
2512
msgstr ""
2513
"This section explains Apache2 server essential configuration parameters. "
2514
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2515
"Documentation</ulink> for more details."
2516
2517
#: serverguide/C/web-servers.xml:150(para)
2518
msgid ""
2519
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2520
"it is configured with a single default virtual host (using the "
2521
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2522
"if you have a single site, or used as a template for additional virtual "
2523
"hosts if you have multiple sites. If left alone, the default virtual host "
2524
"will serve as your default site, or the site users will see if the URL they "
2525
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2526
"your custom sites. To modify the default virtual host, edit the file "
2527
"<filename>/etc/apache2/sites-available/default</filename>."
2528
msgstr ""
2529
2530
#: serverguide/C/web-servers.xml:163(para)
2531
msgid ""
2532
"The directives set for a virtual host only apply to that particular virtual "
2533
"host. If a directive is set server-wide and not defined within the virtual "
2534
"host settings, the default setting is used. For example, you can define a "
2535
"Webmaster email address and not define individual email addresses for each "
2536
"virtual host."
2537
msgstr ""
2538
2539
#: serverguide/C/web-servers.xml:171(para)
2540
msgid ""
2541
"If you wish to configure a new virtual host or site, copy that file into the "
2542
"same directory with a name you choose. For example:"
2543
msgstr ""
2544
2545
#: serverguide/C/web-servers.xml:177(command)
2546
msgid ""
2547
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2548
"available/mynewsite"
2549
msgstr ""
2550
2551
#: serverguide/C/web-servers.xml:180(para)
2552
msgid ""
2553
"Edit the new file to configure the new site using some of the directives "
2554
"described below."
2555
msgstr ""
2556
2557
#: serverguide/C/web-servers.xml:187(para)
2558
msgid ""
2559
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2560
"to be advertised for the server's administrator. The default value is "
2561
"webmaster@localhost. This should be changed to an email address that is "
2562
"delivered to you (if you are the server's administrator). If your website "
2563
"has a problem, Apache2 will display an error message containing this email "
2564
"address to report the problem to. Find this directive in your site's "
2565
"configuration file in /etc/apache2/sites-available."
2566
msgstr ""
2567
2568
#: serverguide/C/web-servers.xml:198(para)
2569
msgid ""
2570
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2571
"the IP address, Apache2 should listen on. If the IP address is not "
2572
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2573
"it runs on. The default value for the Listen directive is 80. Change this to "
2574
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2575
"that it will not be available to the Internet, to (for example) 81 to change "
2576
"the port that it listens on, or leave it as is for normal operation. This "
2577
"directive can be found and changed in its own file, "
2578
"<filename>/etc/apache2/ports.conf</filename>"
2579
msgstr ""
2580
2581
#: serverguide/C/web-servers.xml:211(para)
2582
msgid ""
2583
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2584
"FQDN your site should answer to. The default virtual host has no ServerName "
2585
"directive specified, so it will respond to all requests that do not match a "
2586
"ServerName directive in another virtual host. If you have just acquired the "
2587
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2588
"value of the ServerName directive in your virtual host configuration file "
2589
"should be ubunturocks.com. Add this directive to the new virtual host file "
2590
"you created earlier (<filename>/etc/apache2/sites-"
2591
"available/mynewsite</filename>)."
2592
msgstr ""
2593
2594
#: serverguide/C/web-servers.xml:223(para)
2595
msgid ""
2596
"You may also want your site to respond to www.ubunturocks.com, since many "
2597
"users will assume the www prefix is appropriate. Use the "
2598
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2599
"wildcards in the ServerAlias directive."
2600
msgstr ""
2601
2602
#: serverguide/C/web-servers.xml:230(para)
2603
msgid ""
2604
"For example, the following configuration will cause your site to respond to "
2605
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2606
msgstr ""
2607
2608
#: serverguide/C/web-servers.xml:236(programlisting)
2609
#, no-wrap
2610
msgid ""
2611
"\n"
2612
"ServerAlias *.ubunturocks.com\n"
2613
msgstr ""
2614
2615
#: serverguide/C/web-servers.xml:242(para)
2616
msgid ""
2617
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2618
"should look for the files that make up the site. The default value is "
2619
"/var/www. No site is configured there, but if you uncomment the "
2620
"<emphasis>RedirectMatch</emphasis> directive in "
2621
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2622
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2623
"this value in your site's virtual host file, and remember to create that "
2624
"directory if necessary!"
2625
msgstr ""
2626
2627
#: serverguide/C/web-servers.xml:254(para)
2628
msgid ""
2629
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2630
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2631
"enabled point to \"available\" sites."
2632
msgstr ""
2633
2634
#: serverguide/C/web-servers.xml:260(para)
2635
msgid ""
2636
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2637
"<application>a2ensite</application> utility and restart Apache2:"
2638
msgstr ""
2639
2640
#: serverguide/C/web-servers.xml:266(command)
2641
msgid "sudo a2ensite mynewsite"
2642
msgstr ""
2643
2644
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2645
msgid "sudo /etc/init.d/apache2 restart"
2646
msgstr ""
2647
2648
#: serverguide/C/web-servers.xml:271(para)
2649
msgid ""
2650
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2651
"name for the VirtualHost. One method is to name the file after the "
2652
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2653
msgstr ""
2654
2655
#: serverguide/C/web-servers.xml:278(para)
2656
msgid ""
2657
"Similarly, use the <application>a2dissite</application> utility to disable "
2658
"sites. This is can be useful when troubleshooting configuration problems "
2659
"with multiple VirtualHosts:"
2660
msgstr ""
2661
2662
#: serverguide/C/web-servers.xml:284(command)
2663
msgid "sudo a2dissite mynewsite"
2664
msgstr ""
2665
2666
#: serverguide/C/web-servers.xml:290(title)
2667
msgid "Default Settings"
2668
msgstr ""
2669
2670
#: serverguide/C/web-servers.xml:292(para)
2671
msgid ""
2672
"This section explains configuration of the Apache2 server default settings. "
2673
"For example, if you add a virtual host, the settings you configure for the "
2674
"virtual host take precedence for that virtual host. For a directive not "
2675
"defined within the virtual host settings, the default value is used."
2676
msgstr ""
2677
2678
#: serverguide/C/web-servers.xml:304(para)
2679
msgid ""
2680
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2681
"server when a user requests an index of a directory by specifying a forward "
2682
"slash (/) at the end of the directory name."
2683
msgstr ""
2684
2685
#: serverguide/C/web-servers.xml:311(para)
2686
msgid ""
2687
"For example, when a user requests the page "
2688
"http://www.example.com/this_directory/, he or she will get either the "
2689
"DirectoryIndex page if it exists, a server-generated directory list if it "
2690
"does not and the Indexes option is specified, or a Permission Denied page if "
2691
"neither is true. The server will try to find one of the files listed in the "
2692
"DirectoryIndex directive and will return the first one it finds. If it does "
2693
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2694
"set for that directory, the server will generate and return a list, in HTML "
2695
"format, of the subdirectories and files in the directory. The default value, "
2696
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2697
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2698
"Apache2 finds a file in a requested directory matching any of these names, "
2699
"the first will be displayed."
2700
msgstr ""
2701
2702
#: serverguide/C/web-servers.xml:332(para)
2703
msgid ""
2704
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2705
"file for Apache2 to use for specific error events. For example, if a user "
2706
"requests a resource that does not exist, a 404 error will occur, and per "
2707
"Apache2's default configuration, the file "
2708
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2709
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2710
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2711
"redirects requests to the /error directory to "
2712
"<filename>/usr/share/apache2/error/</filename>."
2713
msgstr ""
2714
2715
#: serverguide/C/web-servers.xml:344(para)
2716
msgid ""
2717
"To see a list of the default ErrorDocument directives, use this command:"
2718
msgstr ""
2719
2720
#: serverguide/C/web-servers.xml:350(command)
2721
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2722
msgstr ""
2723
2724
#: serverguide/C/web-servers.xml:355(para)
2725
msgid ""
2726
"By default, the server writes the transfer log to the file "
2727
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2728
"per-site basis in your virtual host configuration files with the "
2729
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2730
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2731
"specify the file to which errors are logged, via the "
2732
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2733
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2734
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2735
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2736
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2737
"/etc/apache2/apache2.conf</filename> for the default value)."
2738
msgstr ""
2739
2740
#: serverguide/C/web-servers.xml:370(para)
2741
msgid ""
2742
"Some options are specified on a per-directory basis rather than per-server. "
2743
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2744
"is enclosed in XML-like tags, like so:"
2745
msgstr ""
2746
2747
#: serverguide/C/web-servers.xml:376(programlisting)
2748
#, no-wrap
2749
msgid ""
2750
"\n"
2751
"<Directory /var/www/mynewsite>\n"
2752
"...\n"
2753
"</Directory>\n"
2754
msgstr ""
2755
2756
#: serverguide/C/web-servers.xml:382(para)
2757
msgid ""
2758
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2759
"one or more of the following values (among others), separated by spaces:"
2760
msgstr ""
2761
2762
#: serverguide/C/web-servers.xml:394(para)
2763
msgid ""
2764
"Most files should not be executed as CGI scripts. This would be very "
2765
"dangerous. CGI scripts should kept in a directory separate from and outside "
2766
"your DocumentRoot, and only this directory should have the ExecCGI option "
2767
"set. This is the default, and the default location for CGI scripts is "
2768
"<filename>/usr/lib/cgi-bin</filename>."
2769
msgstr ""
2770
2771
#: serverguide/C/web-servers.xml:389(para)
2772
msgid ""
2773
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2774
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2775
msgstr ""
2776
2777
#: serverguide/C/web-servers.xml:405(para)
2778
msgid ""
2779
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2780
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2781
"other files. This is not a common option. See <ulink "
2782
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2783
"HOWTO</ulink> for more information."
2784
msgstr ""
2785
2786
#: serverguide/C/web-servers.xml:414(para)
2787
msgid ""
2788
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2789
"includes, but disable the <emphasis>#exec</emphasis> and "
2790
"<emphasis>#include</emphasis> commands in CGI scripts."
2791
msgstr ""
2792
2793
#: serverguide/C/web-servers.xml:426(para)
2794
msgid ""
2795
"For security reasons, this should usually not be set, and certainly should "
2796
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2797
"per-directory basis only if you are certain you want users to see the entire "
2798
"contents of the directory."
2799
msgstr ""
2800
2801
#: serverguide/C/web-servers.xml:421(para)
2802
msgid ""
2803
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2804
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2805
"index.html) exists in the requested directory. <placeholder-1/>"
2806
msgstr ""
2807
2808
#: serverguide/C/web-servers.xml:436(para)
2809
msgid ""
2810
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2811
"multiviews; this option is disabled by default for security reasons. See the "
2812
"<ulink "
2813
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2814
"Apache2 documentation on this option</ulink>."
2815
msgstr ""
2816
2817
#: serverguide/C/web-servers.xml:444(para)
2818
msgid ""
2819
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2820
"symbolic links if the target file or directory has the same owner as the "
2821
"link."
2822
msgstr ""
2823
2824
#: serverguide/C/web-servers.xml:456(title)
2825
msgid "httpd Settings"
2826
msgstr ""
2827
2828
#: serverguide/C/web-servers.xml:458(para)
2829
msgid ""
2830
"This section explains some basic <application>httpd</application> daemon "
2831
"configuration settings."
2832
msgstr ""
2833
2834
#: serverguide/C/web-servers.xml:462(para)
2835
msgid ""
2836
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2837
"the path to the lockfile used when the server is compiled with either "
2838
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2839
"stored on the local disk. It should be left to the default value unless the "
2840
"logs directory is located on an NFS share. If this is the case, the default "
2841
"value should be changed to a location on the local disk and to a directory "
2842
"that is readable only by root."
2843
msgstr ""
2844
2845
#: serverguide/C/web-servers.xml:471(para)
2846
msgid ""
2847
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2848
"file in which the server records its process ID (pid). This file should only "
2849
"be readable by root. In most cases, it should be left to the default value."
2850
msgstr ""
2851
2852
#: serverguide/C/web-servers.xml:477(para)
2853
msgid ""
2854
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2855
"used by the server to answer requests. This setting determines the server's "
2856
"access. Any files inaccessible to this user will also be inaccessible to "
2857
"your website's visitors. The default value for User is www-data."
2858
msgstr ""
2859
2860
#: serverguide/C/web-servers.xml:484(para)
2861
msgid ""
2862
"Unless you know exactly what you are doing, do not set the User directive to "
2863
"root. Using root as the User will create large security holes for your Web "
2864
"server."
2865
msgstr ""
2866
2867
#: serverguide/C/web-servers.xml:490(para)
2868
msgid ""
2869
"The Group directive is similar to the User directive. Group sets the group "
2870
"under which the server will answer requests. The default group is also www-"
2871
"data."
2872
msgstr ""
2873
2874
#: serverguide/C/web-servers.xml:496(title)
2875
msgid "Apache2 Modules"
2876
msgstr ""
2877
2878
#: serverguide/C/web-servers.xml:498(para)
2879
msgid ""
2880
"Apache2 is a modular server. This implies that only the most basic "
2881
"functionality is included in the core server. Extended features are "
2882
"available through modules which can be loaded into Apache2. By default, a "
2883
"base set of modules is included in the server at compile-time. If the server "
2884
"is compiled to use dynamically loaded modules, then modules can be compiled "
2885
"separately, and added at any time using the LoadModule directive. Otherwise, "
2886
"Apache2 must be recompiled to add or remove modules."
2887
msgstr ""
2888
2889
#: serverguide/C/web-servers.xml:510(para)
2890
msgid ""
2891
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2892
"Configuration directives may be conditionally included on the presence of a "
2893
"particular module by enclosing them in an "
2894
"<emphasis><IfModule></emphasis> block."
2895
msgstr ""
2896
2897
#: serverguide/C/web-servers.xml:517(para)
2898
msgid ""
2899
"You can install additional Apache2 modules and use them with your Web "
2900
"server. For example, run the following command from a terminal prompt to "
2901
"install the <emphasis>MySQL Authentication</emphasis> module:"
2902
msgstr ""
2903
2904
#: serverguide/C/web-servers.xml:524(command)
2905
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2906
msgstr ""
2907
2908
#: serverguide/C/web-servers.xml:527(para)
2909
msgid ""
2910
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2911
"additional modules."
2912
msgstr ""
2913
2914
#: serverguide/C/web-servers.xml:531(para)
2915
msgid ""
2916
"Use the <application>a2enmod</application> utility to enable a module:"
2917
msgstr ""
2918
2919
#: serverguide/C/web-servers.xml:537(command)
2920
msgid "sudo a2enmod auth_mysql"
2921
msgstr ""
2922
2923
#: serverguide/C/web-servers.xml:541(para)
2924
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2925
msgstr ""
2926
2927
#: serverguide/C/web-servers.xml:546(command)
2928
msgid "sudo a2dismod auth_mysql"
2929
msgstr ""
2930
2931
#: serverguide/C/web-servers.xml:553(title)
2932
msgid "HTTPS Configuration"
2933
msgstr ""
2934
2935
#: serverguide/C/web-servers.xml:555(para)
2936
msgid ""
2937
"The <application>mod_ssl</application> module adds an important feature to "
2938
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2939
"browser is communicating using SSL, the https:// prefix is used at the "
2940
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2941
"bar."
2942
msgstr ""
2943
2944
#: serverguide/C/web-servers.xml:564(para)
2945
msgid ""
2946
"The <application>mod_ssl</application> module is available in "
2947
"<application>apache2-common</application> package. Execute the following "
2948
"command from a terminal prompt to enable the "
2949
"<application>mod_ssl</application> module:"
2950
msgstr ""
2951
2952
#: serverguide/C/web-servers.xml:571(command)
2953
msgid "sudo a2enmod ssl"
2954
msgstr ""
2955
2956
#: serverguide/C/web-servers.xml:574(para)
2957
msgid ""
2958
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2959
"available/default-ssl</filename>. In order for "
2960
"<application>Apache2</application> to provide HTTPS, a "
2961
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2962
"needed. The default HTTPS configuration will use a certificate and key "
2963
"generated by the <application>ssl-cert</application> package. They are good "
2964
"for testing, but the auto-generated certificate and key should be replaced "
2965
"by a certificate specific to the site or server. For information on "
2966
"generating a key and obtaining a certificate see <xref "
2967
"linkend=\"certificates-and-security\"/>"
2968
msgstr ""
2969
2970
#: serverguide/C/web-servers.xml:584(para)
2971
msgid ""
2972
"To configure <application>Apache2</application> for HTTPS, enter the "
2973
"following:"
2974
msgstr ""
2975
2976
#: serverguide/C/web-servers.xml:589(command)
2977
msgid "sudo a2ensite default-ssl"
2978
msgstr ""
2979
2980
#: serverguide/C/web-servers.xml:593(para)
2981
msgid ""
2982
"The directories <filename>/etc/ssl/certs</filename> and "
2983
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2984
"install the certificate and key in another directory make sure to change "
2985
"<emphasis>SSLCertificateFile</emphasis> and "
2986
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2987
msgstr ""
2988
2989
#: serverguide/C/web-servers.xml:600(para)
2990
msgid ""
2991
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2992
"settings:"
2993
msgstr ""
2994
2995
#: serverguide/C/web-servers.xml:611(para)
2996
msgid ""
2997
"Depending on how you obtained your certificate you may need to enter a "
2998
"passphrase when <application>Apache2</application> starts."
2999
msgstr ""
3000
3001
#: serverguide/C/web-servers.xml:617(para)
3002
msgid ""
3003
"You can access the secure server pages by typing https://your_hostname/url/ "
3004
"in your browser address bar."
3005
msgstr ""
3006
3007
#: serverguide/C/web-servers.xml:628(para)
3008
msgid ""
3009
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
3010
"Documentation</ulink> contains in depth information on Apache2 configuration "
3011
"directives. Also, see the <application>apache2-doc</application> package for "
3012
"the official Apache2 docs."
3013
msgstr ""
3014
3015
#: serverguide/C/web-servers.xml:635(para)
3016
msgid ""
3017
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
3018
"Documentation</ulink> site for more SSL related information."
3019
msgstr ""
3020
3021
#: serverguide/C/web-servers.xml:641(para)
3022
msgid ""
3023
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
3024
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
3025
"configurations."
3026
msgstr ""
3027
3028
#: serverguide/C/web-servers.xml:647(para)
3029
msgid ""
3030
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
3031
"server</emphasis> IRC channel on <ulink "
3032
"url=\"http://freenode.net/\">freenode.net</ulink>."
3033
msgstr ""
3034
3035
#: serverguide/C/web-servers.xml:653(para)
3036
msgid ""
3037
"Usually integrated with PHP and MySQL the <ulink "
3038
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3039
"Ubuntu Wiki </ulink> page is a good resource."
3040
msgstr ""
3041
3042
#: serverguide/C/web-servers.xml:664(title)
3043
msgid "PHP5 - Scripting Language"
3044
msgstr ""
3045
3046
#: serverguide/C/web-servers.xml:665(para)
3047
msgid ""
3048
"PHP is a general-purpose scripting language suited for Web development. The "
3049
"PHP script can be embedded into HTML. This section explains how to install "
3050
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
3051
msgstr ""
3052
3053
#: serverguide/C/web-servers.xml:669(para)
3054
msgid ""
3055
"This section assumes you have installed and configured Apache2 Web Server "
3056
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
3057
"sections in this document to install and configure Apache2 and MySQL "
3058
"respectively."
3059
msgstr ""
3060
3061
#: serverguide/C/web-servers.xml:676(para)
3062
msgid "The PHP5 is available in Ubuntu Linux."
3063
msgstr ""
3064
3065
#: serverguide/C/web-servers.xml:678(para)
3066
msgid ""
3067
"To install PHP5 you can enter the following command in the terminal prompt: "
3068
"<screen>\n"
3069
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3070
"</screen>"
3071
msgstr ""
3072
3073
#: serverguide/C/web-servers.xml:687(para)
3074
msgid ""
3075
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
3076
"line you should install <application>php5-cli</application> package. To "
3077
"install <application>php5-cli</application> you can enter the following "
3078
"command in the terminal prompt: <screen>\n"
3079
"<command>sudo apt-get install php5-cli</command>\n"
3080
"</screen>"
3081
msgstr ""
3082
3083
#: serverguide/C/web-servers.xml:696(para)
3084
msgid ""
3085
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
3086
"accomplish this, you should install <application>php5-cgi</application> "
3087
"package. You can run the following command in a terminal prompt to install "
3088
"<application>php5-cgi</application> package: <screen>\n"
3089
"<command>sudo apt-get install php5-cgi</command>\n"
3090
"</screen>"
3091
msgstr ""
3092
3093
#: serverguide/C/web-servers.xml:706(para)
3094
msgid ""
3095
"To use <application>MySQL</application> with PHP5 you should install "
3096
"<application>php5-mysql</application> package. To install <application>php5-"
3097
"mysql</application> you can enter the following command in the terminal "
3098
"prompt: <screen>\n"
3099
"<command>sudo apt-get install php5-mysql</command>\n"
3100
"</screen>"
3101
msgstr ""
3102
3103
#: serverguide/C/web-servers.xml:714(para)
3104
msgid ""
3105
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
3106
"install <application>php5-pgsql</application> package. To install "
3107
"<application>php5-pgsql</application> you can enter the following command in "
3108
"the terminal prompt: <screen>\n"
3109
"<command>sudo apt-get install php5-pgsql</command>\n"
3110
"</screen>"
3111
msgstr ""
3112
3113
#: serverguide/C/web-servers.xml:727(para)
3114
msgid ""
3115
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3116
"you have installed <application>php5-cli</application> package, you can run "
3117
"PHP5 scripts from your command prompt."
3118
msgstr ""
3119
3120
#: serverguide/C/web-servers.xml:734(para)
3121
msgid ""
3122
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3123
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3124
"when you install the module. Please verify if the files "
3125
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3126
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3127
"not exists, you can enable the module using <command>a2enmod</command> "
3128
"command."
3129
msgstr ""
3130
3131
#: serverguide/C/web-servers.xml:745(para)
3132
msgid ""
3133
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3134
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3135
"following command at a terminal prompt to restart your web server: "
3136
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3137
msgstr ""
3138
3139
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3140
msgid "Testing"
3141
msgstr ""
3142
3143
#: serverguide/C/web-servers.xml:754(para)
3144
msgid ""
3145
"To verify your installation, you can run following PHP5 phpinfo script:"
3146
msgstr ""
3147
3148
#: serverguide/C/web-servers.xml:757(programlisting)
3149
#, no-wrap
3150
msgid ""
3151
"\n"
3152
"<?php\n"
3153
" phpinfo();\n"
3154
"?>\n"
3155
msgstr ""
3156
3157
#: serverguide/C/web-servers.xml:762(para)
3158
msgid ""
3159
"You can save the content in a file <filename>phpinfo.php</filename> and "
3160
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3161
"server. When point your browser to "
3162
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3163
"various PHP5 configuration parameters."
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:776(para)
3167
msgid ""
3168
"For more in depth information see <ulink "
3169
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3170
msgstr ""
3171
3172
#: serverguide/C/web-servers.xml:781(para)
3173
msgid ""
3174
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3175
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3176
"5</ulink> and the <ulink "
3177
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3178
msgstr ""
3179
3180
#: serverguide/C/web-servers.xml:788(para)
3181
msgid ""
3182
"Also, see the <ulink "
3183
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3184
"Ubuntu Wiki</ulink> page for more information."
3185
msgstr ""
3186
3187
#: serverguide/C/web-servers.xml:799(title)
3188
msgid "Squid - Proxy Server"
3189
msgstr ""
3190
3191
#: serverguide/C/web-servers.xml:800(para)
3192
msgid ""
3193
"Squid is a full-featured web proxy cache server application which provides "
3194
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3195
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3196
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3197
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3198
"caching. Squid also supports a wide variety of caching protocols, such as "
3199
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3200
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3201
"Protocol. (WCCP)"
3202
msgstr ""
3203
3204
#: serverguide/C/web-servers.xml:808(para)
3205
msgid ""
3206
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3207
"and caching server needs, and scales from the branch office to enterprise "
3208
"level networks while providing extensive, granular access control mechanisms "
3209
"and monitoring of critical parameters via the Simple Network Management "
3210
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3211
"Squid proxy, or caching servers, ensure your system is configured with a "
3212
"large amount of physical memory, as Squid maintains an in-memory cache for "
3213
"increased performance."
3214
msgstr ""
3215
3216
#: serverguide/C/web-servers.xml:817(para)
3217
msgid ""
3218
"At a terminal prompt, enter the following command to install the Squid "
3219
"server:"
3220
msgstr ""
3221
3222
#: serverguide/C/web-servers.xml:822(command)
3223
msgid "sudo apt-get install squid"
3224
msgstr ""
3225
3226
#: serverguide/C/web-servers.xml:828(para)
3227
msgid ""
3228
"Squid is configured by editing the directives contained within the "
3229
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3230
"examples illustrate some of the directives which may be modified to affect "
3231
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3232
"see the References section."
3233
msgstr ""
3234
3235
#: serverguide/C/web-servers.xml:834(para)
3236
msgid ""
3237
"Prior to editing the configuration file, you should make a copy of the "
3238
"original file and protect it from writing so you will have the original "
3239
"settings as a reference, and to re-use as necessary."
3240
msgstr ""
3241
3242
#: serverguide/C/web-servers.xml:837(para)
3243
msgid ""
3244
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3245
"writing with the following commands entered at a terminal prompt:"
3246
msgstr ""
3247
3248
#: serverguide/C/web-servers.xml:842(command)
3249
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3250
msgstr ""
3251
3252
#: serverguide/C/web-servers.xml:843(command)
3253
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3254
msgstr ""
3255
3256
#: serverguide/C/web-servers.xml:849(para)
3257
msgid ""
3258
"To set your Squid server to listen on TCP port 8888 instead of the default "
3259
"TCP port 3128, change the http_port directive as such:"
3260
msgstr ""
3261
3262
#: serverguide/C/web-servers.xml:853(programlisting)
3263
#, no-wrap
3264
msgid ""
3265
"\n"
3266
"http_port 8888\n"
3267
msgstr ""
3268
3269
#: serverguide/C/web-servers.xml:858(para)
3270
msgid ""
3271
"Change the visible_hostname directive in order to give the Squid server a "
3272
"specific hostname. This hostname does not necessarily need to be the "
3273
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3274
msgstr ""
3275
3276
#: serverguide/C/web-servers.xml:862(programlisting)
3277
#, no-wrap
3278
msgid ""
3279
"\n"
3280
"visible_hostname weezie\n"
3281
msgstr ""
3282
3283
#: serverguide/C/web-servers.xml:867(para)
3284
msgid ""
3285
"Using Squid's access control, you may configure use of Internet services "
3286
"proxied by Squid to be available only users with certain Internet Protocol "
3287
"(IP) addresses. For example, we will illustrate access by users of the "
3288
"192.168.42.0/24 subnetwork only:"
3289
msgstr ""
3290
3291
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3292
msgid ""
3293
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3294
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3295
msgstr ""
3296
3297
#: serverguide/C/web-servers.xml:875(programlisting)
3298
#, no-wrap
3299
msgid ""
3300
"\n"
3301
"acl fortytwo_network src 192.168.42.0/24\n"
3302
msgstr ""
3303
3304
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3305
msgid ""
3306
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3307
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3308
msgstr ""
3309
3310
#: serverguide/C/web-servers.xml:882(programlisting)
3311
#, no-wrap
3312
msgid ""
3313
"\n"
3314
"http_access allow fortytwo_network\n"
3315
msgstr ""
3316
3317
#: serverguide/C/web-servers.xml:887(para)
3318
msgid ""
3319
"Using the excellent access control features of Squid, you may configure use "
3320
"of Internet services proxied by Squid to be available only during normal "
3321
"business hours. For example, we'll illustrate access by employees of a "
3322
"business which is operating between 9:00AM and 5:00PM, Monday through "
3323
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3324
msgstr ""
3325
3326
#: serverguide/C/web-servers.xml:895(programlisting)
3327
#, no-wrap
3328
msgid ""
3329
"\n"
3330
"acl biz_network src 10.1.42.0/24\n"
3331
"acl biz_hours time M T W T F 9:00-17:00\n"
3332
msgstr ""
3333
3334
#: serverguide/C/web-servers.xml:903(programlisting)
3335
#, no-wrap
3336
msgid ""
3337
"\n"
3338
"http_access allow biz_network biz_hours\n"
3339
msgstr ""
3340
3341
#: serverguide/C/web-servers.xml:910(para)
3342
msgid ""
3343
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3344
"save the file and restart the <application>squid</application> server "
3345
"application to effect the changes using the following command entered at a "
3346
"terminal prompt:"
3347
msgstr ""
3348
3349
#: serverguide/C/web-servers.xml:917(command)
3350
msgid "sudo /etc/init.d/squid restart"
3351
msgstr ""
3352
3353
#: serverguide/C/web-servers.xml:924(ulink)
3354
msgid "Squid Website"
3355
msgstr ""
3356
3357
#: serverguide/C/web-servers.xml:926(para)
3358
msgid ""
3359
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3360
"Squid</ulink> page."
3361
msgstr ""
3362
3363
#: serverguide/C/web-servers.xml:933(title)
3364
msgid "Ruby on Rails"
3365
msgstr ""
3366
3367
#: serverguide/C/web-servers.xml:934(para)
3368
msgid ""
3369
"Ruby on Rails is an open source web framework for developing database backed "
3370
"web applications. It is optimized for sustainable productivity of the "
3371
"programmer since it lets the programmer to write code by favouring "
3372
"convention over configuration."
3373
msgstr ""
3374
3375
#: serverguide/C/web-servers.xml:941(para)
3376
msgid ""
3377
"Before installing <application>Rails</application> you should install "
3378
"<application>Apache</application> and <application>MySQL</application>. To "
3379
"install the <application>Apache</application> package, please refer to <xref "
3380
"linkend=\"httpd\"/>. For instructions on installing "
3381
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3382
msgstr ""
3383
3384
#: serverguide/C/web-servers.xml:949(para)
3385
msgid ""
3386
"Once you have <application>Apache</application> and "
3387
"<application>MySQL</application> packages installed, you are ready to "
3388
"install <application>Ruby on Rails</application> package."
3389
msgstr ""
3390
3391
#: serverguide/C/web-servers.xml:956(para)
3392
msgid ""
3393
"To install the <application>Ruby</application> base packages and "
3394
"<application>Ruby on Rails</application>, you can enter the following "
3395
"command in the terminal prompt:"
3396
msgstr ""
3397
3398
#: serverguide/C/web-servers.xml:962(command)
3399
msgid "sudo apt-get install rails"
3400
msgstr ""
3401
3402
#: serverguide/C/web-servers.xml:968(para)
3403
msgid ""
3404
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3405
"configuration file to setup your domains."
3406
msgstr ""
3407
3408
#: serverguide/C/web-servers.xml:972(para)
3409
msgid ""
3410
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3411
msgstr ""
3412
3413
#: serverguide/C/web-servers.xml:976(programlisting)
3414
#, no-wrap
3415
msgid ""
3416
"\n"
3417
"DocumentRoot /path/to/rails/application/public\n"
3418
msgstr ""
3419
3420
#: serverguide/C/web-servers.xml:979(para)
3421
msgid ""
3422
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3423
"directive:"
3424
msgstr ""
3425
3426
#: serverguide/C/web-servers.xml:983(programlisting)
3427
#, no-wrap
3428
msgid ""
3429
"\n"
3430
"<Directory \"/path/to/rails/application/public\">\n"
3431
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3432
" AllowOverride All\n"
3433
" Order allow,deny\n"
3434
" allow from all\n"
3435
" AddHandler cgi-script .cgi\n"
3436
"</Directory>\n"
3437
msgstr ""
3438
3439
#: serverguide/C/web-servers.xml:993(para)
3440
msgid ""
3441
"You should also enable the <application>mod_rewrite</application> module for "
3442
"Apache. To enable <application>mod_rewrite</application> module, please "
3443
"enter the following command in a terminal prompt:"
3444
msgstr ""
3445
3446
#: serverguide/C/web-servers.xml:999(command)
3447
msgid "sudo a2enmod rewrite"
3448
msgstr ""
3449
3450
#: serverguide/C/web-servers.xml:1002(para)
3451
msgid ""
3452
"Finally you will need to change the ownership of the "
3453
"<filename>/path/to/rails/application/public</filename> and "
3454
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3455
"used to run the <application>Apache</application> process:"
3456
msgstr ""
3457
3458
#: serverguide/C/web-servers.xml:1008(command)
3459
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3460
msgstr ""
3461
3462
#: serverguide/C/web-servers.xml:1009(command)
3463
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3464
msgstr ""
3465
3466
#: serverguide/C/web-servers.xml:1012(para)
3467
msgid ""
3468
"That's it! Now you have your Server ready for your <application>Ruby on "
3469
"Rails</application> applications."
3470
msgstr ""
3471
3472
#: serverguide/C/web-servers.xml:1021(para)
3473
msgid ""
3474
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3475
"for more information."
3476
msgstr ""
3477
3478
#: serverguide/C/web-servers.xml:1026(para)
3479
msgid ""
3480
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3481
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3482
"resource."
3483
msgstr ""
3484
3485
#: serverguide/C/web-servers.xml:1032(para)
3486
msgid ""
3487
"Another place for more information is the <ulink "
3488
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3489
"Wiki</ulink> page."
3490
msgstr ""
3491
3492
#: serverguide/C/web-servers.xml:1043(title)
3493
msgid "Apache Tomcat"
3494
msgstr ""
3495
3496
#: serverguide/C/web-servers.xml:1044(para)
3497
msgid ""
3498
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3499
"JSP (Java Server Pages) web applications."
3500
msgstr ""
3501
3502
#: serverguide/C/web-servers.xml:1046(para)
3503
msgid ""
3504
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3505
"different ways of running Tomcat. You can install them as a classic unique "
3506
"system-wide instance, that will be started at boot time and will run as the "
3507
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3508
"will run with your own user rights, and that you should start and stop by "
3509
"yourself. This second way is particularly useful in a development server "
3510
"context where multiple users need to test on their own private Tomcat "
3511
"instances."
3512
msgstr ""
3513
3514
#: serverguide/C/web-servers.xml:1056(title)
3515
msgid "System-wide installation"
3516
msgstr ""
3517
3518
#: serverguide/C/web-servers.xml:1057(para)
3519
msgid ""
3520
"To install the <application>Tomcat</application> server, you can enter the "
3521
"following command in the terminal prompt:"
3522
msgstr ""
3523
3524
#: serverguide/C/web-servers.xml:1060(command)
3525
msgid "sudo apt-get install tomcat6"
3526
msgstr ""
3527
3528
#: serverguide/C/web-servers.xml:1062(para)
3529
msgid ""
3530
"This will install a Tomcat server with just a default ROOT webapp that "
3531
"displays a minimal \"It works\" page by default."
3532
msgstr ""
3533
3534
#: serverguide/C/web-servers.xml:1068(para)
3535
msgid ""
3536
"Tomcat configuration files can be found in "
3537
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3538
"will be described here, please see <ulink "
3539
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3540
"documentation</ulink> for more."
3541
msgstr ""
3542
3543
#: serverguide/C/web-servers.xml:1074(title)
3544
msgid "Changing default ports"
3545
msgstr ""
3546
3547
#: serverguide/C/web-servers.xml:1075(para)
3548
msgid ""
3549
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3550
"connector on port 8009. You might want to change those default ports to "
3551
"avoid conflict with another server on the system. This is done by changing "
3552
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3553
msgstr ""
3554
3555
#: serverguide/C/web-servers.xml:1080(programlisting)
3556
#, no-wrap
3557
msgid ""
3558
"\n"
3559
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3560
" connectionTimeout=\"20000\" \n"
3561
" redirectPort=\"8443\" />\n"
3562
"...\n"
3563
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3564
"/>\n"
3565
msgstr ""
3566
3567
#: serverguide/C/web-servers.xml:1089(title)
3568
msgid "Changing JVM used"
3569
msgstr ""
3570
3571
#: serverguide/C/web-servers.xml:1090(para)
3572
msgid ""
3573
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3574
"then try some other JVMs. If you have various JVMs installed, you can set "
3575
"which should be used by setting JAVA_HOME in "
3576
"<filename>/etc/default/tomcat6</filename>:"
3577
msgstr ""
3578
3579
#: serverguide/C/web-servers.xml:1094(programlisting)
3580
#, no-wrap
3581
msgid ""
3582
"\n"
3583
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3584
msgstr ""
3585
3586
#: serverguide/C/web-servers.xml:1099(title)
3587
msgid "Declaring users and roles"
3588
msgstr ""
3589
3590
#: serverguide/C/web-servers.xml:1100(para)
3591
msgid ""
3592
"Usernames, passwords and roles (groups) can be defined centrally in a "
3593
"Servlet container. In Tomcat 6.0 this is done in the "
3594
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3595
msgstr ""
3596
3597
#: serverguide/C/web-servers.xml:1103(programlisting)
3598
#, no-wrap
3599
msgid ""
3600
"\n"
3601
"<role rolename=\"admin\"/>\n"
3602
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3603
msgstr ""
3604
3605
#: serverguide/C/web-servers.xml:1111(title)
3606
msgid "Using Tomcat standard webapps"
3607
msgstr ""
3608
3609
#: serverguide/C/web-servers.xml:1112(para)
3610
msgid ""
3611
"Tomcat is shipped with webapps that you can install for documentation, "
3612
"administration or demo purposes."
3613
msgstr ""
3614
3615
#: serverguide/C/web-servers.xml:1115(title)
3616
msgid "Tomcat documentation"
3617
msgstr ""
3618
3619
#: serverguide/C/web-servers.xml:1116(para)
3620
msgid ""
3621
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3622
"documentation, packaged as a webapp that you can access by default at "
3623
"http://yourserver:8080/docs. You can install it by entering the following "
3624
"command in the terminal prompt:"
3625
msgstr ""
3626
3627
#: serverguide/C/web-servers.xml:1121(command)
3628
msgid "sudo apt-get install tomcat6-docs"
3629
msgstr ""
3630
3631
#: serverguide/C/web-servers.xml:1125(title)
3632
msgid "Tomcat administration webapps"
3633
msgstr ""
3634
3635
#: serverguide/C/web-servers.xml:1126(para)
3636
msgid ""
3637
"The <application>tomcat6-admin</application> package contains two webapps "
3638
"that can be used to administer the Tomcat server using a web interface. You "
3639
"can install them by entering the following command in the terminal prompt:"
3640
msgstr ""
3641
3642
#: serverguide/C/web-servers.xml:1131(command)
3643
msgid "sudo apt-get install tomcat6-admin"
3644
msgstr ""
3645
3646
#: serverguide/C/web-servers.xml:1133(para)
3647
msgid ""
3648
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3649
"access by default at http://yourserver:8080/manager/html. It is primarily "
3650
"used to get server status and restart webapps."
3651
msgstr ""
3652
3653
#: serverguide/C/web-servers.xml:1136(para)
3654
msgid ""
3655
"Access to the <emphasis>manager</emphasis> application is protected by "
3656
"default: you need to define a user with the role \"manager\" in "
3657
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3658
msgstr ""
3659
3660
#: serverguide/C/web-servers.xml:1140(para)
3661
msgid ""
3662
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3663
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3664
"used to create virtual hosts dynamically."
3665
msgstr ""
3666
3667
#: serverguide/C/web-servers.xml:1144(para)
3668
msgid ""
3669
"Access to the <emphasis>host-manager</emphasis> application is also "
3670
"protected by default: you need to define a user with the role \"admin\" in "
3671
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3672
msgstr ""
3673
3674
#: serverguide/C/web-servers.xml:1149(para)
3675
msgid ""
3676
"For security reasons, the tomcat6 user cannot write to the "
3677
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3678
"these admin webapps (application deployment, virtual host creation) need "
3679
"write access to that directory. If you want to use these features execute "
3680
"the following, to give users in the tomcat6 group the necessary rights:"
3681
msgstr ""
3682
3683
#: serverguide/C/web-servers.xml:1156(command)
3684
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3685
msgstr ""
3686
3687
#: serverguide/C/web-servers.xml:1157(command)
3688
msgid "sudo chmod -R g+w /etc/tomcat6"
3689
msgstr ""
3690
3691
#: serverguide/C/web-servers.xml:1162(title)
3692
msgid "Tomcat examples webapps"
3693
msgstr ""
3694
3695
#: serverguide/C/web-servers.xml:1163(para)
3696
msgid ""
3697
"The <application>tomcat6-examples</application> package contains two webapps "
3698
"that can be used to test or demonstrate Servlets and JSP features, which you "
3699
"can access them by default at http://yourserver:8080/examples. You can "
3700
"install them by entering the following command in the terminal prompt:"
3701
msgstr ""
3702
3703
#: serverguide/C/web-servers.xml:1169(command)
3704
msgid "sudo apt-get install tomcat6-examples"
3705
msgstr ""
3706
3707
#: serverguide/C/web-servers.xml:1175(title)
3708
msgid "Using private instances"
3709
msgstr ""
3710
3711
#: serverguide/C/web-servers.xml:1176(para)
3712
msgid ""
3713
"Tomcat is heavily used in development and testing scenarios where using a "
3714
"single system-wide instance doesn't meet the requirements of multiple users "
3715
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3716
"help deploy your own user-oriented instances, allowing every user on a "
3717
"system to run (without root rights) separate private instances while still "
3718
"using the system-installed libraries."
3719
msgstr ""
3720
3721
#: serverguide/C/web-servers.xml:1183(para)
3722
msgid ""
3723
"It is possible to run the system-wide instance and the private instances in "
3724
"parallel, as long as they do not use the same TCP ports."
3725
msgstr ""
3726
3727
#: serverguide/C/web-servers.xml:1187(title)
3728
msgid "Installing private instance support"
3729
msgstr ""
3730
3731
#: serverguide/C/web-servers.xml:1188(para)
3732
msgid ""
3733
"You can install everything necessary to run private instances by entering "
3734
"the following command in the terminal prompt:"
3735
msgstr ""
3736
3737
#: serverguide/C/web-servers.xml:1191(command)
3738
msgid "sudo apt-get install tomcat6-user"
3739
msgstr ""
3740
3741
#: serverguide/C/web-servers.xml:1195(title)
3742
msgid "Creating a private instance"
3743
msgstr ""
3744
3745
#: serverguide/C/web-servers.xml:1196(para)
3746
msgid ""
3747
"You can create a private instance directory by entering the following "
3748
"command in the terminal prompt:"
3749
msgstr ""
3750
3751
#: serverguide/C/web-servers.xml:1199(command)
3752
msgid "tomcat6-instance-create my-instance"
3753
msgstr ""
3754
3755
#: serverguide/C/web-servers.xml:1201(para)
3756
msgid ""
3757
"This will create a new <filename>my-instance</filename> directory with all "
3758
"the necessary subdirectories and scripts. You can for example install your "
3759
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3760
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3761
"are deployed by default."
3762
msgstr ""
3763
3764
#: serverguide/C/web-servers.xml:1209(title)
3765
msgid "Configuring your private instance"
3766
msgstr ""
3767
3768
#: serverguide/C/web-servers.xml:1210(para)
3769
msgid ""
3770
"You will find the classic Tomcat configuration files for your private "
3771
"instance in the <filename>conf/</filename> subdirectory. You should for "
3772
"example certainly edit the <filename>conf/server.xml</filename> file to "
3773
"change the default ports used by your private Tomcat instance to avoid "
3774
"conflict with other instances that might be running."
3775
msgstr ""
3776
3777
#: serverguide/C/web-servers.xml:1218(title)
3778
msgid "Starting/stopping your private instance"
3779
msgstr ""
3780
3781
#: serverguide/C/web-servers.xml:1219(para)
3782
msgid ""
3783
"You can start your private instance by entering the following command in the "
3784
"terminal prompt (supposing your instance is located in the <filename>my-"
3785
"instance</filename> directory):"
3786
msgstr ""
3787
3788
#: serverguide/C/web-servers.xml:1223(command)
3789
msgid "my-instance/bin/startup.sh"
3790
msgstr ""
3791
3792
#: serverguide/C/web-servers.xml:1225(para)
3793
msgid ""
3794
"You should check the <filename>logs/</filename> subdirectory for any error. "
3795
"If you have a <emphasis>java.net.BindException: Address already in "
3796
"use<null>:8080</emphasis> error, it means that the port you're using "
3797
"is already taken and that you should change it."
3798
msgstr ""
3799
3800
#: serverguide/C/web-servers.xml:1230(para)
3801
msgid ""
3802
"You can stop your instance by entering the following command in the terminal "
3803
"prompt (supposing your instance is located in the <filename>my-"
3804
"instance</filename> directory):"
3805
msgstr ""
3806
3807
#: serverguide/C/web-servers.xml:1234(command)
3808
msgid "my-instance/bin/shutdown.sh"
3809
msgstr ""
3810
3811
#: serverguide/C/web-servers.xml:1243(para)
3812
msgid ""
3813
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3814
"website for more information."
3815
msgstr ""
3816
3817
#: serverguide/C/web-servers.xml:1248(para)
3818
msgid ""
3819
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3820
"Definitive Guide</ulink> is a good resource for building web applications "
3821
"with Tomcat."
3822
msgstr ""
3823
3824
#: serverguide/C/web-servers.xml:1254(para)
3825
msgid ""
3826
"For additional books see the <ulink "
3827
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3828
"page."
3829
msgstr ""
3830
3831
#: serverguide/C/web-servers.xml:1259(para)
3832
msgid ""
3833
"Also, see the<ulink "
3834
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3835
"Tomcat</ulink> page."
3836
msgstr ""
3837
3838
#: serverguide/C/vpn.xml:13(title)
3839
msgid "VPN"
3840
msgstr ""
3841
3842
#: serverguide/C/vpn.xml:15(para)
3843
msgid ""
3844
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3845
"network connection between two or more networks. There are several ways to "
3846
"create a VPN using software as well as dedicated hardware appliances. This "
3847
"chapter will cover installing and configuring "
3848
"<application>OpenVPN</application> to create a VPN between two servers."
3849
msgstr ""
3850
3851
#: serverguide/C/vpn.xml:23(title)
3852
msgid "OpenVPN"
3853
msgstr ""
3854
3855
#: serverguide/C/vpn.xml:25(para)
3856
msgid ""
3857
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3858
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3859
"clients through a bridge interface on the VPN server. This guide will assume "
3860
"that one VPN node, the server in this case, has a bridge interface "
3861
"configured. For more information on setting up a bridge see <xref "
3862
"linkend=\"bridging\"/>."
3863
msgstr ""
3864
3865
#: serverguide/C/vpn.xml:35(para)
3866
msgid "To install <application>openvpn</application> in a terminal enter:"
3867
msgstr ""
3868
3869
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3870
msgid "sudo apt-get install openvpn"
3871
msgstr ""
3872
3873
#: serverguide/C/vpn.xml:45(title)
3874
msgid "Server Certificates"
3875
msgstr ""
3876
3877
#: serverguide/C/vpn.xml:47(para)
3878
msgid ""
3879
"Now that the <application>openvpn</application> package is installed, the "
3880
"certificates for the VPN server need to be created."
3881
msgstr ""
3882
3883
#: serverguide/C/vpn.xml:52(para)
3884
msgid ""
3885
"First, copy the <filename>easy-rsa</filename> directory to "
3886
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3887
"scripts will not be lost when the package is updated. You will also need to "
3888
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3889
"the current user permission to create files. From a terminal enter:"
3890
msgstr ""
3891
3892
#: serverguide/C/vpn.xml:59(command)
3893
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3894
msgstr ""
3895
3896
#: serverguide/C/vpn.xml:60(command)
3897
msgid ""
3898
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3899
"rsa/"
3900
msgstr ""
3901
3902
#: serverguide/C/vpn.xml:61(command)
3903
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3904
msgstr ""
3905
3906
#: serverguide/C/vpn.xml:64(para)
3907
msgid ""
3908
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3909
"following to your environment:"
3910
msgstr ""
3911
3912
#: serverguide/C/vpn.xml:68(programlisting)
3913
#, no-wrap
3914
msgid ""
3915
"\n"
3916
"export KEY_COUNTRY=\"US\"\n"
3917
"export KEY_PROVINCE=\"NC\"\n"
3918
"export KEY_CITY=\"Winston-Salem\"\n"
3919
"export KEY_ORG=\"Example Company\"\n"
3920
"export KEY_EMAIL=\"steve@example.com\"\n"
3921
msgstr ""
3922
3923
#: serverguide/C/vpn.xml:76(para)
3924
msgid "Enter the following to create the server certificates:"
3925
msgstr ""
3926
3927
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3928
msgid "cd /etc/openvpn/easy-rsa/"
3929
msgstr ""
3930
3931
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3932
msgid "source vars"
3933
msgstr ""
3934
3935
#: serverguide/C/vpn.xml:83(command)
3936
msgid "./clean-all"
3937
msgstr ""
3938
3939
#: serverguide/C/vpn.xml:84(command)
3940
msgid "./build-dh"
3941
msgstr ""
3942
3943
#: serverguide/C/vpn.xml:85(command)
3944
msgid "./pkitool --initca"
3945
msgstr ""
3946
3947
#: serverguide/C/vpn.xml:86(command)
3948
msgid "./pkitool --server server"
3949
msgstr ""
3950
3951
#: serverguide/C/vpn.xml:87(command)
3952
msgid "cd keys"
3953
msgstr ""
3954
3955
#: serverguide/C/vpn.xml:88(command)
3956
msgid "openvpn --genkey --secret ta.key"
3957
msgstr ""
3958
3959
#: serverguide/C/vpn.xml:89(command)
3960
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3961
msgstr ""
3962
3963
#: serverguide/C/vpn.xml:94(title)
3964
msgid "Client Certificates"
3965
msgstr ""
3966
3967
#: serverguide/C/vpn.xml:96(para)
3968
msgid ""
3969
"The VPN client will also need a certificate to authenticate itself to the "
3970
"server. To create the certificate, enter the following in a terminal:"
3971
msgstr ""
3972
3973
#: serverguide/C/vpn.xml:104(command)
3974
msgid "./pkitool hostname"
3975
msgstr ""
3976
3977
#: serverguide/C/vpn.xml:108(para)
3978
msgid ""
3979
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3980
"machine connecting to the VPN."
3981
msgstr ""
3982
3983
#: serverguide/C/vpn.xml:113(para)
3984
msgid "Copy the following files to the client:"
3985
msgstr ""
3986
3987
#: serverguide/C/vpn.xml:118(para)
3988
msgid "/etc/openvpn/ca.crt"
3989
msgstr ""
3990
3991
#: serverguide/C/vpn.xml:119(para)
3992
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3993
msgstr ""
3994
3995
#: serverguide/C/vpn.xml:120(para)
3996
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3997
msgstr ""
3998
3999
#: serverguide/C/vpn.xml:121(para)
4000
msgid "/etc/openvpn/ta.key"
4001
msgstr ""
4002
4003
#: serverguide/C/vpn.xml:125(para)
4004
msgid ""
4005
"Remember to adjust the above file names for your client machine's "
4006
"<emphasis>hostname</emphasis>."
4007
msgstr ""
4008
4009
#: serverguide/C/vpn.xml:130(para)
4010
msgid ""
4011
"It is best to use a secure method to copy the certificate and key files. The "
4012
"<application>scp</application> utility is a good choice, but copying the "
4013
"files to removable media then to the client, also works well."
4014
msgstr ""
4015
4016
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4017
msgid "Server Configuration"
4018
msgstr ""
4019
4020
#: serverguide/C/vpn.xml:143(para)
4021
msgid ""
4022
"Now configure the <application>openvpn</application> server by creating "
4023
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4024
"terminal enter:"
4025
msgstr ""
4026
4027
#: serverguide/C/vpn.xml:149(command)
4028
msgid ""
4029
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4030
"/etc/openvpn/"
4031
msgstr ""
4032
4033
#: serverguide/C/vpn.xml:150(command)
4034
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4035
msgstr ""
4036
4037
#: serverguide/C/vpn.xml:153(para)
4038
msgid ""
4039
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4040
"options to:"
4041
msgstr ""
4042
4043
#: serverguide/C/vpn.xml:157(programlisting)
4044
#, no-wrap
4045
msgid ""
4046
"\n"
4047
"local 172.18.100.101\n"
4048
"dev tap0\n"
4049
"up \"/etc/openvpn/up.sh br0\"\n"
4050
"down \"/etc/openvpn/down.sh br0\"\n"
4051
";server 10.8.0.0 255.255.255.0\n"
4052
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4053
"push \"route 172.18.100.1 255.255.255.0\"\n"
4054
"push \"dhcp-option DNS 172.18.100.20\"\n"
4055
"push \"dhcp-option DOMAIN example.com\"\n"
4056
"tls-auth ta.key 0 # This file is secret\n"
4057
"user nobody\n"
4058
"group nogroup\n"
4059
msgstr ""
4060
4061
#: serverguide/C/vpn.xml:174(para)
4062
msgid ""
4063
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4064
msgstr ""
4065
4066
#: serverguide/C/vpn.xml:179(para)
4067
msgid ""
4068
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4069
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4070
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4071
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4072
"to clients."
4073
msgstr ""
4074
4075
#: serverguide/C/vpn.xml:186(para)
4076
msgid ""
4077
"<emphasis>push</emphasis>: are directives to add networking options for "
4078
"clients."
4079
msgstr ""
4080
4081
#: serverguide/C/vpn.xml:191(para)
4082
msgid ""
4083
"<emphasis>user and group</emphasis>: configure which user and group the "
4084
"<application>openvpn</application> daemon executes as."
4085
msgstr ""
4086
4087
#: serverguide/C/vpn.xml:198(para)
4088
msgid ""
4089
"Replace all IP addresses and domain names above with those of your network."
4090
msgstr ""
4091
4092
#: serverguide/C/vpn.xml:203(para)
4093
msgid ""
4094
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4095
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4096
msgstr ""
4097
4098
#: serverguide/C/vpn.xml:207(programlisting)
4099
#, no-wrap
4100
msgid ""
4101
"\n"
4102
"#!/bin/sh\n"
4103
"\n"
4104
"BR=$1\n"
4105
"DEV=$2\n"
4106
"MTU=$3\n"
4107
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4108
"/usr/sbin/brctl addif $BR $DEV\n"
4109
msgstr ""
4110
4111
#: serverguide/C/vpn.xml:217(para)
4112
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4113
msgstr ""
4114
4115
#: serverguide/C/vpn.xml:221(programlisting)
4116
#, no-wrap
4117
msgid ""
4118
"\n"
4119
"#!/bin/sh\n"
4120
"\n"
4121
"BR=$1\n"
4122
"DEV=$2\n"
4123
"\n"
4124
"/usr/sbin/brctl delif $BR $DEV\n"
4125
"/sbin/ifconfig $DEV down\n"
4126
msgstr ""
4127
4128
#: serverguide/C/vpn.xml:231(para)
4129
msgid "Then make them executable:"
4130
msgstr ""
4131
4132
#: serverguide/C/vpn.xml:236(command)
4133
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4134
msgstr ""
4135
4136
#: serverguide/C/vpn.xml:237(command)
4137
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4138
msgstr ""
4139
4140
#: serverguide/C/vpn.xml:240(para)
4141
msgid ""
4142
"After configuring the server, restart <application>openvpn</application> by "
4143
"entering:"
4144
msgstr ""
4145
4146
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4147
msgid "sudo /etc/init.d/openvpn restart"
4148
msgstr ""
4149
4150
#: serverguide/C/vpn.xml:250(title)
4151
msgid "Client Configuration"
4152
msgstr ""
4153
4154
#: serverguide/C/vpn.xml:252(para)
4155
msgid "First, install <application>openvpn</application> on the client:"
4156
msgstr ""
4157
4158
#: serverguide/C/vpn.xml:260(para)
4159
msgid ""
4160
"Then with the server configured and the client certificates copied to the "
4161
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4162
"file by copying the example. In a terminal on the client machine enter:"
4163
msgstr ""
4164
4165
#: serverguide/C/vpn.xml:266(command)
4166
msgid ""
4167
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4168
"/etc/openvpn"
4169
msgstr ""
4170
4171
#: serverguide/C/vpn.xml:269(para)
4172
msgid ""
4173
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4174
"following options:"
4175
msgstr ""
4176
4177
#: serverguide/C/vpn.xml:273(programlisting)
4178
#, no-wrap
4179
msgid ""
4180
"\n"
4181
"dev tap\n"
4182
"remote vpn.example.com 1194\n"
4183
"cert hostname.crt\n"
4184
"key hostname.key\n"
4185
"tls-auth ta.key 1\n"
4186
msgstr ""
4187
4188
#: serverguide/C/vpn.xml:282(para)
4189
msgid ""
4190
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4191
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4192
"key filenames."
4193
msgstr ""
4194
4195
#: serverguide/C/vpn.xml:288(para)
4196
msgid "Finally, restart <application>openvpn</application>:"
4197
msgstr ""
4198
4199
#: serverguide/C/vpn.xml:296(para)
4200
msgid "You should now be able to connect to the remote LAN through the VPN."
4201
msgstr ""
4202
4203
#: serverguide/C/vpn.xml:307(para)
4204
msgid ""
4205
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4206
"additional information."
4207
msgstr ""
4208
4209
#: serverguide/C/vpn.xml:312(para)
4210
msgid ""
4211
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4212
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4213
msgstr ""
4214
4215
#: serverguide/C/vpn.xml:318(para)
4216
msgid ""
4217
"Another source of further information is the <ulink "
4218
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4219
"OpenVPN</ulink> page."
4220
msgstr ""
4221
4222
#: serverguide/C/virtualization.xml:13(title)
4223
msgid "Virtualization"
4224
msgstr ""
4225
4226
#: serverguide/C/virtualization.xml:14(para)
4227
msgid ""
4228
"Virtualization is being adopted in many different environments and "
4229
"situations. If you are a developer, virtualization can provide you with a "
4230
"contained environment where you can safely do almost any sort of development "
4231
"safe from messing up your main working environment. If you are a systems "
4232
"administrator, you can use virtualization to more easily separate your "
4233
"services and move them around based on demand."
4234
msgstr ""
4235
4236
#: serverguide/C/virtualization.xml:20(para)
4237
msgid ""
4238
"The default virtualization technology supported in Ubuntu is "
4239
"<application>KVM</application>, a technology that takes advantage of "
4240
"virtualization extensions built into Intel and AMD hardware. For hardware "
4241
"without virtualization extensions <application>Xen</application> and "
4242
"<application>Qemu</application> are popular solutions."
4243
msgstr ""
4244
4245
#: serverguide/C/virtualization.xml:27(title)
4246
msgid "libvirt"
4247
msgstr ""
4248
4249
#: serverguide/C/virtualization.xml:28(para)
4250
msgid ""
4251
"The <application>libvirt</application> library is used to interface with "
4252
"different virtualization technologies. Before getting started with "
4253
"<application>libvirt</application> it is best to make sure your hardware "
4254
"supports the necessary virtualization extensions for "
4255
"<application>KVM</application>. Enter the following from a terminal prompt:"
4256
msgstr ""
4257
4258
#: serverguide/C/virtualization.xml:35(command)
4259
msgid "kvm-ok"
4260
msgstr ""
4261
4262
#: serverguide/C/virtualization.xml:37(para)
4263
msgid ""
4264
"A message will be printed informing you if your CPU "
4265
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4266
"virtualization."
4267
msgstr ""
4268
4269
#: serverguide/C/virtualization.xml:41(para)
4270
msgid ""
4271
"On most computer whose processor supports virtualization, it is necessary to "
4272
"activate an option in the BIOS to enable it."
4273
msgstr ""
4274
4275
#: serverguide/C/virtualization.xml:47(title)
4276
msgid "Virtual Networking"
4277
msgstr ""
4278
4279
#: serverguide/C/virtualization.xml:49(para)
4280
msgid ""
4281
"There are a few different ways to allow a virtual machine access to the "
4282
"external network. The default virtual network configuration is "
4283
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4284
"traffic is NATed through the host interface to the outside network."
4285
msgstr ""
4286
4287
#: serverguide/C/virtualization.xml:54(para)
4288
msgid ""
4289
"To enable external hosts to directly access services on virtual machines a "
4290
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4291
"interfaces to connect to the outside network through the physical interface, "
4292
"making them appear as normal hosts to the rest of the network. For "
4293
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4294
msgstr ""
4295
4296
#: serverguide/C/virtualization.xml:63(para)
4297
msgid "To install the necessary packages, from a terminal prompt enter:"
4298
msgstr ""
4299
4300
#: serverguide/C/virtualization.xml:67(command)
4301
msgid "sudo apt-get install kvm libvirt-bin"
4302
msgstr ""
4303
4304
#: serverguide/C/virtualization.xml:69(para)
4305
msgid ""
4306
"After installing <application>libvirt-bin</application>, the user used to "
4307
"manage virtual machines will need to be added to the "
4308
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4309
"the advanced networking options."
4310
msgstr ""
4311
4312
#: serverguide/C/virtualization.xml:73(para)
4313
msgid "In a terminal enter:"
4314
msgstr ""
4315
4316
#: serverguide/C/virtualization.xml:77(command)
4317
msgid "sudo adduser $USER libvirtd"
4318
msgstr ""
4319
4320
#: serverguide/C/virtualization.xml:80(para)
4321
msgid ""
4322
"If the user chosen is the current user, you will need to log out and back in "
4323
"for the new group membership to take effect."
4324
msgstr ""
4325
4326
#: serverguide/C/virtualization.xml:84(para)
4327
msgid ""
4328
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4329
"Installing a virtual machine follows the same process as installing the "
4330
"operating system directly on the hardware. You either need a way to automate "
4331
"the installation, or a keyboard and monitor will need to be attached to the "
4332
"physical machine."
4333
msgstr ""
4334
4335
#: serverguide/C/virtualization.xml:89(para)
4336
msgid ""
4337
"In the case of virtual machines a Graphical User Interface (GUI) is "
4338
"analogous to using a physical keyboard and mouse. Instead of installing a "
4339
"GUI the <application>virt-viewer</application> application can be used to "
4340
"connect to a virtual machine's console using <application>VNC</application>. "
4341
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4342
msgstr ""
4343
4344
#: serverguide/C/virtualization.xml:94(para)
4345
msgid ""
4346
"There are several ways to automate the Ubuntu installation process, for "
4347
"example using preseeds, kickstart, etc. Refer to the <ulink "
4348
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4349
"Installation Guide</ulink> for details."
4350
msgstr ""
4351
4352
#: serverguide/C/virtualization.xml:98(para)
4353
msgid ""
4354
"Yet another way to install an Ubuntu virtual machine is to use "
4355
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4356
"builder</application> allows you to setup advanced partitions, execute "
4357
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4358
"vmbuilder\"/>"
4359
msgstr ""
4360
4361
#: serverguide/C/virtualization.xml:104(title)
4362
msgid "virt-install"
4363
msgstr ""
4364
4365
#: serverguide/C/virtualization.xml:105(para)
4366
msgid ""
4367
"<application>virt-install</application> is part of the <application>python-"
4368
"virtinst</application> package. To install it, from a terminal prompt enter:"
4369
msgstr ""
4370
4371
#: serverguide/C/virtualization.xml:109(command)
4372
msgid "sudo apt-get install python-virtinst"
4373
msgstr ""
4374
4375
#: serverguide/C/virtualization.xml:111(para)
4376
msgid ""
4377
"There are several options available when using <application>virt-"
4378
"install</application>. For example:"
4379
msgstr ""
4380
4381
#: serverguide/C/virtualization.xml:115(command)
4382
msgid ""
4383
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4384
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4385
msgstr ""
4386
4387
#: serverguide/C/virtualization.xml:122(para)
4388
msgid ""
4389
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4390
"be <emphasis>web_devel</emphasis> in this example."
4391
msgstr ""
4392
4393
#: serverguide/C/virtualization.xml:127(para)
4394
msgid ""
4395
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4396
"machine will use."
4397
msgstr ""
4398
4399
#: serverguide/C/virtualization.xml:132(para)
4400
msgid ""
4401
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4402
"disk which can be a file, partition, or logical volume. In this example a "
4403
"file named <filename>web_devel.img</filename>."
4404
msgstr ""
4405
4406
#: serverguide/C/virtualization.xml:138(para)
4407
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4408
msgstr ""
4409
4410
#: serverguide/C/virtualization.xml:143(para)
4411
msgid ""
4412
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4413
"file can be either an ISO file or the path to the host's CDROM device."
4414
msgstr ""
4415
4416
#: serverguide/C/virtualization.xml:149(para)
4417
msgid ""
4418
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4419
"technologies."
4420
msgstr ""
4421
4422
#: serverguide/C/virtualization.xml:154(para)
4423
msgid ""
4424
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4425
msgstr ""
4426
4427
#: serverguide/C/virtualization.xml:159(para)
4428
msgid ""
4429
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4430
"virtual machine's console."
4431
msgstr ""
4432
4433
#: serverguide/C/virtualization.xml:164(para)
4434
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4435
msgstr ""
4436
4437
#: serverguide/C/virtualization.xml:169(para)
4438
msgid ""
4439
"After launching <application>virt-install</application> you can connect to "
4440
"the virtual machine's console either locally using a GUI or with the "
4441
"<application>virt-viewer</application> utility."
4442
msgstr ""
4443
4444
#: serverguide/C/virtualization.xml:175(title)
4445
msgid "virt-clone"
4446
msgstr ""
4447
4448
#: serverguide/C/virtualization.xml:176(para)
4449
msgid ""
4450
"The <application>virt-clone</application> application can be used to copy "
4451
"one virtual machine to another. For example:"
4452
msgstr ""
4453
4454
#: serverguide/C/virtualization.xml:180(command)
4455
msgid ""
4456
"sudo virt-clone -o web_devel -n database_devel -f "
4457
"/path/to/database_devel.img --connect=qemu:///system"
4458
msgstr ""
4459
4460
#: serverguide/C/virtualization.xml:184(para)
4461
msgid "<emphasis>-o:</emphasis> original virtual machine."
4462
msgstr ""
4463
4464
#: serverguide/C/virtualization.xml:189(para)
4465
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4466
msgstr ""
4467
4468
#: serverguide/C/virtualization.xml:194(para)
4469
msgid ""
4470
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4471
"be used by the new virtual machine."
4472
msgstr ""
4473
4474
#: serverguide/C/virtualization.xml:199(para)
4475
msgid ""
4476
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4477
msgstr ""
4478
4479
#: serverguide/C/virtualization.xml:204(para)
4480
msgid ""
4481
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4482
"help troubleshoot problems with <application>virt-clone</application>."
4483
msgstr ""
4484
4485
#: serverguide/C/virtualization.xml:209(para)
4486
msgid ""
4487
"Replace <emphasis>web_devel</emphasis> and "
4488
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4489
msgstr ""
4490
4491
#: serverguide/C/virtualization.xml:215(title)
4492
msgid "Virtual Machine Management"
4493
msgstr ""
4494
4495
#: serverguide/C/virtualization.xml:217(title)
4496
msgid "virsh"
4497
msgstr ""
4498
4499
#: serverguide/C/virtualization.xml:218(para)
4500
msgid ""
4501
"There are several utilities available to manage virtual machines and "
4502
"<application>libvirt</application>. The <application>virsh</application> "
4503
"utility can be used from the command line. Some examples:"
4504
msgstr ""
4505
4506
#: serverguide/C/virtualization.xml:224(para)
4507
msgid "To list running virtual machines:"
4508
msgstr ""
4509
4510
#: serverguide/C/virtualization.xml:228(command)
4511
msgid "virsh -c qemu:///system list"
4512
msgstr ""
4513
4514
#: serverguide/C/virtualization.xml:232(para)
4515
msgid "To start a virtual machine:"
4516
msgstr ""
4517
4518
#: serverguide/C/virtualization.xml:236(command)
4519
msgid "virsh -c qemu:///system start web_devel"
4520
msgstr ""
4521
4522
#: serverguide/C/virtualization.xml:240(para)
4523
msgid "Similarly, to start a virtual machine at boot:"
4524
msgstr ""
4525
4526
#: serverguide/C/virtualization.xml:244(command)
4527
msgid "virsh -c qemu:///system autostart web_devel"
4528
msgstr ""
4529
4530
#: serverguide/C/virtualization.xml:248(para)
4531
msgid "Reboot a virtual machine with:"
4532
msgstr ""
4533
4534
#: serverguide/C/virtualization.xml:252(command)
4535
msgid "virsh -c qemu:///system reboot web_devel"
4536
msgstr ""
4537
4538
#: serverguide/C/virtualization.xml:256(para)
4539
msgid ""
4540
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4541
"order to be restored later. The following will save the virtual machine "
4542
"state into a file named according to the date:"
4543
msgstr ""
4544
4545
#: serverguide/C/virtualization.xml:261(command)
4546
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4547
msgstr ""
4548
4549
#: serverguide/C/virtualization.xml:263(para)
4550
msgid "Once saved the virtual machine will no longer be running."
4551
msgstr ""
4552
4553
#: serverguide/C/virtualization.xml:268(para)
4554
msgid "A saved virtual machine can be restored using:"
4555
msgstr ""
4556
4557
#: serverguide/C/virtualization.xml:272(command)
4558
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4559
msgstr ""
4560
4561
#: serverguide/C/virtualization.xml:276(para)
4562
msgid "To shutdown a virtual machine do:"
4563
msgstr ""
4564
4565
#: serverguide/C/virtualization.xml:280(command)
4566
msgid "virsh -c qemu:///system shutdown web_devel"
4567
msgstr ""
4568
4569
#: serverguide/C/virtualization.xml:284(para)
4570
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4571
msgstr ""
4572
4573
#: serverguide/C/virtualization.xml:288(command)
4574
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4575
msgstr ""
4576
4577
#: serverguide/C/virtualization.xml:293(para)
4578
msgid ""
4579
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4580
"appropriate virtual machine name, and <filename>web_devel-"
4581
"022708.state</filename> with a descriptive file name."
4582
msgstr ""
4583
4584
#: serverguide/C/virtualization.xml:300(title)
4585
msgid "Virtual Machine Manager"
4586
msgstr ""
4587
4588
#: serverguide/C/virtualization.xml:301(para)
4589
msgid ""
4590
"The <application>virt-manager</application> package contains a graphical "
4591
"utility to manage local and remote virtual machines. To install virt-manager "
4592
"enter:"
4593
msgstr ""
4594
4595
#: serverguide/C/virtualization.xml:306(command)
4596
msgid "sudo apt-get install virt-manager"
4597
msgstr ""
4598
4599
#: serverguide/C/virtualization.xml:308(para)
4600
msgid ""
4601
"Since <application>virt-manager</application> requires a Graphical User "
4602
"Interface (GUI) environment it is recommended to be installed on a "
4603
"workstation or test machine instead of a production server. To connect to "
4604
"the local <application>libvirt</application> service enter:"
4605
msgstr ""
4606
4607
#: serverguide/C/virtualization.xml:314(command)
4608
msgid "virt-manager -c qemu:///system"
4609
msgstr ""
4610
4611
#: serverguide/C/virtualization.xml:316(para)
4612
msgid ""
4613
"You can connect to the <application>libvirt</application> service running on "
4614
"another host by entering the following in a terminal prompt:"
4615
msgstr ""
4616
4617
#: serverguide/C/virtualization.xml:320(command)
4618
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:323(para)
4622
msgid ""
4623
"The above example assumes that <application>SSH</application> connectivity "
4624
"between the management system and virtnode1.mydomain.com has already been "
4625
"configured, and uses SSH keys for authentication. SSH "
4626
"<emphasis>keys</emphasis> are needed because "
4627
"<application>libvirt</application> sends the password prompt to another "
4628
"process. For details on configuring <application>SSH</application> see <xref "
4629
"linkend=\"openssh-server\"/>"
4630
msgstr ""
4631
4632
#: serverguide/C/virtualization.xml:333(title)
4633
msgid "Virtual Machine Viewer"
4634
msgstr ""
4635
4636
#: serverguide/C/virtualization.xml:334(para)
4637
msgid ""
4638
"The <application>virt-viewer</application> application allows you to connect "
4639
"to a virtual machine's console. <application>virt-viewer</application> does "
4640
"require a Graphical User Interface (GUI) to interface with the virtual "
4641
"machine."
4642
msgstr ""
4643
4644
#: serverguide/C/virtualization.xml:338(para)
4645
msgid ""
4646
"To install <application>virt-viewer</application> from a terminal enter:"
4647
msgstr ""
4648
4649
#: serverguide/C/virtualization.xml:342(command)
4650
msgid "sudo apt-get install virt-viewer"
4651
msgstr ""
4652
4653
#: serverguide/C/virtualization.xml:344(para)
4654
msgid ""
4655
"Once a virtual machine is installed and running you can connect to the "
4656
"virtual machine's console by using:"
4657
msgstr ""
4658
4659
#: serverguide/C/virtualization.xml:348(command)
4660
msgid "virt-viewer -c qemu:///system web_devel"
4661
msgstr ""
4662
4663
#: serverguide/C/virtualization.xml:350(para)
4664
msgid ""
4665
"Similar to <application>virt-manager</application>, <application>virt-"
4666
"viewer</application> can connect to a remote host using "
4667
"<emphasis>SSH</emphasis> with key authentication, as well:"
4668
msgstr ""
4669
4670
#: serverguide/C/virtualization.xml:355(command)
4671
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4672
msgstr ""
4673
4674
#: serverguide/C/virtualization.xml:357(para)
4675
msgid ""
4676
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4677
"appropriate virtual machine name."
4678
msgstr ""
4679
4680
#: serverguide/C/virtualization.xml:360(para)
4681
msgid ""
4682
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4683
"can also setup <application>SSH</application> access to the virtual machine. "
4684
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4685
"more details."
4686
msgstr ""
4687
4688
#: serverguide/C/virtualization.xml:369(para)
4689
msgid ""
4690
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4691
"for more details."
4692
msgstr ""
4693
4694
#: serverguide/C/virtualization.xml:374(para)
4695
msgid ""
4696
"For more information on <application>libvirt</application> see the <ulink "
4697
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4698
msgstr ""
4699
4700
#: serverguide/C/virtualization.xml:379(para)
4701
msgid ""
4702
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4703
"Manager</ulink> site has more information on <application>virt-"
4704
"manager</application> development."
4705
msgstr ""
4706
4707
#: serverguide/C/virtualization.xml:385(para)
4708
msgid ""
4709
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4710
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4711
"technology in Ubuntu."
4712
msgstr ""
4713
4714
#: serverguide/C/virtualization.xml:391(para)
4715
msgid ""
4716
"Another good resource is the <ulink "
4717
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4718
msgstr ""
4719
4720
#: serverguide/C/virtualization.xml:399(title)
4721
msgid "JeOS and vmbuilder"
4722
msgstr ""
4723
4724
#: serverguide/C/virtualization.xml:405(title)
4725
msgid "What is JeOS"
4726
msgstr ""
4727
4728
#: serverguide/C/virtualization.xml:407(para)
4729
msgid ""
4730
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4731
"variant of the Ubuntu Server operating system, configured specifically for "
4732
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4733
"only as an option either:"
4734
msgstr ""
4735
4736
#: serverguide/C/virtualization.xml:414(para)
4737
msgid ""
4738
"While installing from the Server Edition ISO (pressing "
4739
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4740
"installation\", which is the package selection equivalent to JeOS)."
4741
msgstr ""
4742
4743
#: serverguide/C/virtualization.xml:420(para)
4744
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4745
msgstr ""
4746
4747
#: serverguide/C/virtualization.xml:426(para)
4748
msgid ""
4749
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4750
"kernel that only contains the base elements needed to run within a "
4751
"virtualized environment."
4752
msgstr ""
4753
4754
#: serverguide/C/virtualization.xml:431(para)
4755
msgid ""
4756
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4757
"in the latest virtualization products from VMware. This combination of "
4758
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4759
"delivers a highly efficient use of server resources in large virtual "
4760
"deployments."
4761
msgstr ""
4762
4763
#: serverguide/C/virtualization.xml:437(para)
4764
msgid ""
4765
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4766
"can configure their supporting OS exactly as they require. They have the "
4767
"peace of mind that updates, whether for security or enhancement reasons, "
4768
"will be limited to the bare minimum of what is required in their specific "
4769
"environment. In turn, users deploying virtual appliances built on top of "
4770
"JeOS will have to go through fewer updates and therefore less maintenance "
4771
"than they would have had to with a standard full installation of a server."
4772
msgstr ""
4773
4774
#: serverguide/C/virtualization.xml:446(title)
4775
msgid "What is vmbuilder"
4776
msgstr ""
4777
4778
#: serverguide/C/virtualization.xml:448(para)
4779
msgid ""
4780
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4781
"will fetch the various package and build a virtual machine tailored for your "
4782
"needs in about a minute. vmbuilder is a script that automates the process of "
4783
"creating a ready to use Linux based VM. The currently supported hypervisors "
4784
"are KVM and Xen."
4785
msgstr ""
4786
4787
#: serverguide/C/virtualization.xml:454(para)
4788
msgid ""
4789
"You can pass command line options to add extra packages, remove packages, "
4790
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4791
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4792
"a local mirror, you can bootstrap a VM in less than a minute."
4793
msgstr ""
4794
4795
#: serverguide/C/virtualization.xml:460(para)
4796
msgid ""
4797
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4798
"vm-builder</application> started with little emphasis as a hack to help "
4799
"developers test their new code in a virtual machine without having to "
4800
"restart from scratch each time. As a few Ubuntu administrators started to "
4801
"notice this script, a few of them went on improving it and adapting it for "
4802
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4803
"virtualization specialist, not the golf player) decided to rewrite it from "
4804
"scratch for Intrepid as a python script with a few new design goals:"
4805
msgstr ""
4806
4807
#: serverguide/C/virtualization.xml:470(para)
4808
msgid "Develop it so that it can be reused by other distributions."
4809
msgstr ""
4810
4811
#: serverguide/C/virtualization.xml:475(para)
4812
msgid ""
4813
"Use a plugin mechanisms for all virtualization interactions so that others "
4814
"can easily add logic for other virtualization environments."
4815
msgstr ""
4816
4817
#: serverguide/C/virtualization.xml:480(para)
4818
msgid ""
4819
"Provide an easy to maintain web interface as an option to the command line "
4820
"interface."
4821
msgstr ""
4822
4823
#: serverguide/C/virtualization.xml:486(para)
4824
msgid "But the general principles and commands remain the same."
4825
msgstr ""
4826
4827
#: serverguide/C/virtualization.xml:493(title)
4828
msgid "Initial Setup"
4829
msgstr ""
4830
4831
#: serverguide/C/virtualization.xml:495(para)
4832
msgid ""
4833
"It is assumed that you have installed and configured "
4834
"<application>libvirt</application> and <application>KVM</application> "
4835
"locally on the machine you are using. For details on how to perform this, "
4836
"please refer to:"
4837
msgstr ""
4838
4839
#: serverguide/C/virtualization.xml:507(para)
4840
msgid ""
4841
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4842
"page."
4843
msgstr ""
4844
4845
#: serverguide/C/virtualization.xml:513(para)
4846
msgid ""
4847
"We also assume that you know how to use a text based text editor such as "
4848
"nano or vi. If you have not used any of them before, you can get an overview "
4849
"of the various text editors available by reading the <ulink "
4850
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4851
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4852
"principle should remain on other virtualization technologies."
4853
msgstr ""
4854
4855
#: serverguide/C/virtualization.xml:521(title)
4856
msgid "Install vmbuilder"
4857
msgstr ""
4858
4859
#: serverguide/C/virtualization.xml:523(para)
4860
msgid ""
4861
"The name of the package that we need to install is <application>python-vm-"
4862
"builder</application>. In a terminal prompt enter:"
4863
msgstr ""
4864
4865
#: serverguide/C/virtualization.xml:528(command)
4866
msgid "sudo apt-get install python-vm-builder"
4867
msgstr ""
4868
4869
#: serverguide/C/virtualization.xml:532(para)
4870
msgid ""
4871
"If you are running Hardy, you can still perform most of this using the older "
4872
"version of the package named <application>ubuntu-vm-builder</application>, "
4873
"there are only a few changes to the syntax of the tool."
4874
msgstr ""
4875
4876
#: serverguide/C/virtualization.xml:541(title)
4877
msgid "Defining Your Virtual Machine"
4878
msgstr ""
4879
4880
#: serverguide/C/virtualization.xml:543(para)
4881
msgid ""
4882
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4883
"are a few thing to consider:"
4884
msgstr ""
4885
4886
#: serverguide/C/virtualization.xml:549(para)
4887
msgid ""
4888
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4889
"will know how to extend disk size to fit their need, so either plan for a "
4890
"large virtual disk to allow for your appliance to grow, or explain fairly "
4891
"well in your documentation how to allocate more space. It might actually be "
4892
"a good idea to store data on some separate external storage."
4893
msgstr ""
4894
4895
#: serverguide/C/virtualization.xml:556(para)
4896
msgid ""
4897
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4898
"whatever you think is a safe minimum for your appliance."
4899
msgstr ""
4900
4901
#: serverguide/C/virtualization.xml:562(para)
4902
msgid ""
4903
"The <application>vmbuilder</application> command has 2 main parameters: the "
4904
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4905
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4906
"and can be found using the following command:"
4907
msgstr ""
4908
4909
#: serverguide/C/virtualization.xml:568(command)
4910
msgid "vmbuilder --help"
4911
msgstr ""
4912
4913
#: serverguide/C/virtualization.xml:572(title)
4914
msgid "Base Parameters"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:574(para)
4918
msgid ""
4919
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4920
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4921
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4922
msgstr ""
4923
4924
#: serverguide/C/virtualization.xml:580(command)
4925
msgid ""
4926
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4927
"-libvirt qemu:///system"
4928
msgstr ""
4929
4930
#: serverguide/C/virtualization.xml:583(para)
4931
msgid ""
4932
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4933
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4934
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4935
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4936
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4937
"libvirt</emphasis> tells to inform the local virtualization environment to "
4938
"add the resulting VM to the list of available machines."
4939
msgstr ""
4940
4941
#: serverguide/C/virtualization.xml:591(para)
4942
msgid "Notes:"
4943
msgstr ""
4944
4945
#: serverguide/C/virtualization.xml:597(para)
4946
msgid ""
4947
"Because of the nature of operations performed by vmbuilder, it needs to have "
4948
"root privilege, hence the use of sudo."
4949
msgstr ""
4950
4951
#: serverguide/C/virtualization.xml:602(para)
4952
msgid ""
4953
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4954
"a 64 bit machine (--arch amd64)."
4955
msgstr ""
4956
4957
#: serverguide/C/virtualization.xml:607(para)
4958
msgid ""
4959
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4960
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4961
"use <emphasis>--flavour</emphasis> server instead."
4962
msgstr ""
4963
4964
#: serverguide/C/virtualization.xml:615(title)
4965
msgid "JeOS Installation Parameters"
4966
msgstr ""
4967
4968
#: serverguide/C/virtualization.xml:618(title)
4969
msgid "JeOS Networking"
4970
msgstr ""
4971
4972
#: serverguide/C/virtualization.xml:621(title)
4973
msgid "Assigning a fixed IP address"
4974
msgstr ""
4975
4976
#: serverguide/C/virtualization.xml:623(para)
4977
msgid ""
4978
"As a virtual appliance that may be deployed on various very different "
4979
"networks, it is very difficult to know what the actual network will look "
4980
"like. In order to simplify configuration, it is a good idea to take an "
4981
"approach similar to what network hardware vendors usually do, namely "
4982
"assigning an initial fixed IP address to the appliance in a private class "
4983
"network that you will provide in your documentation. An address in the range "
4984
"192.168.0.0/255 is usually a good choice."
4985
msgstr ""
4986
4987
#: serverguide/C/virtualization.xml:630(para)
4988
msgid "To do this we'll use the following parameters:"
4989
msgstr ""
4990
4991
#: serverguide/C/virtualization.xml:636(para)
4992
msgid ""
4993
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4994
"dhcp if not specified)"
4995
msgstr ""
4996
4997
#: serverguide/C/virtualization.xml:641(para)
4998
msgid ""
4999
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5000
"255.255.255.0)"
5001
msgstr ""
5002
5003
#: serverguide/C/virtualization.xml:646(para)
5004
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5005
msgstr ""
5006
5007
#: serverguide/C/virtualization.xml:651(para)
5008
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5009
msgstr ""
5010
5011
#: serverguide/C/virtualization.xml:656(para)
5012
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5013
msgstr ""
5014
5015
#: serverguide/C/virtualization.xml:661(para)
5016
msgid ""
5017
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5018
msgstr ""
5019
5020
#: serverguide/C/virtualization.xml:667(para)
5021
msgid ""
5022
"We assume for now that default values are good enough, so the resulting "
5023
"invocation becomes:"
5024
msgstr ""
5025
5026
#: serverguide/C/virtualization.xml:672(command)
5027
msgid ""
5028
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5029
"-libvirt qemu:///system --ip 192.168.0.100"
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:677(title)
5033
msgid "Modifying the libvirt Template to use Bridging"
5034
msgstr ""
5035
5036
#: serverguide/C/virtualization.xml:679(para)
5037
msgid ""
5038
"Because our appliance will be likely to need to be accessed by remote hosts, "
5039
"we need to configure libvirt so that the appliance uses bridge networking. "
5040
"To do this we use vmbuilder template mechanism to modify the default one."
5041
msgstr ""
5042
5043
#: serverguide/C/virtualization.xml:684(para)
5044
msgid ""
5045
"In our working directory we create the template hierarchy and copy the "
5046
"default template:"
5047
msgstr ""
5048
5049
#: serverguide/C/virtualization.xml:689(command)
5050
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
5051
msgstr ""
5052
5053
#: serverguide/C/virtualization.xml:690(command)
5054
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5055
msgstr ""
5056
5057
#: serverguide/C/virtualization.xml:693(para)
5058
msgid ""
5059
"We can then edit "
5060
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
5061
"change:"
5062
msgstr ""
5063
5064
#: serverguide/C/virtualization.xml:697(programlisting)
5065
#, no-wrap
5066
msgid ""
5067
"\n"
5068
" <interface type='network'>\n"
5069
" <source network='default'/>\n"
5070
" </interface>\n"
5071
msgstr ""
5072
5073
#: serverguide/C/virtualization.xml:703(para)
5074
msgid "To:"
5075
msgstr ""
5076
5077
#: serverguide/C/virtualization.xml:707(programlisting)
5078
#, no-wrap
5079
msgid ""
5080
"\n"
5081
" <interface type='bridge'>\n"
5082
" <source bridge='br0'/>\n"
5083
" </interface>\n"
5084
msgstr ""
5085
5086
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5087
msgid "Partitioning"
5088
msgstr ""
5089
5090
#: serverguide/C/virtualization.xml:719(para)
5091
msgid ""
5092
"Partitioning of the virtual appliance will have to take into consideration "
5093
"what you are planning to do with is. Because most appliances want to have a "
5094
"separate storage for data, having a separate <filename>/var</filename> would "
5095
"make sense."
5096
msgstr ""
5097
5098
#: serverguide/C/virtualization.xml:724(para)
5099
msgid ""
5100
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
5101
msgstr ""
5102
5103
#: serverguide/C/virtualization.xml:728(programlisting)
5104
#, no-wrap
5105
msgid ""
5106
"\n"
5107
"--part PATH\n"
5108
" Allows you to specify a partition table in a partition file, located at "
5109
"PATH. Each line of the partition file should specify\n"
5110
" (root first):\n"
5111
" mountpoint size\n"
5112
" where size is in megabytes. You can have up to 4 virtual disks, a new "
5113
"disk starts on a\n"
5114
" line with ’---’. ie :\n"
5115
" root 1000\n"
5116
" /opt 1000\n"
5117
" swap 256\n"
5118
" ---\n"
5119
" /var 2000\n"
5120
" /log 1500\n"
5121
msgstr ""
5122
5123
#: serverguide/C/virtualization.xml:743(para)
5124
msgid ""
5125
"In our case we will define a text file name "
5126
"<filename>vmbuilder.partition</filename> which will contain the following:"
5127
msgstr ""
5128
5129
#: serverguide/C/virtualization.xml:747(programlisting)
5130
#, no-wrap
5131
msgid ""
5132
"\n"
5133
"root 8000\n"
5134
"swap 4000\n"
5135
"---\n"
5136
"/var 20000\n"
5137
msgstr ""
5138
5139
#: serverguide/C/virtualization.xml:755(para)
5140
msgid ""
5141
"Note that as we are using virtual disk images, the actual sizes that we put "
5142
"here are maximum sizes for these volumes."
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:760(para)
5146
msgid "Our command line now looks like:"
5147
msgstr ""
5148
5149
#: serverguide/C/virtualization.xml:765(command)
5150
msgid ""
5151
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5152
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5153
msgstr ""
5154
5155
#: serverguide/C/virtualization.xml:770(para)
5156
msgid ""
5157
"Using a \"\\\" in a command will allow long command strings to wrap to the "
5158
"next line."
5159
msgstr ""
5160
5161
#: serverguide/C/virtualization.xml:777(title)
5162
msgid "User and Password"
5163
msgstr ""
5164
5165
#: serverguide/C/virtualization.xml:779(para)
5166
msgid ""
5167
"Again setting up a virtual appliance, you will need to provide a default "
5168
"user and password that is generic so that you can include it in your "
5169
"documentation. We will see later on in this tutorial how we will provide "
5170
"some security by defining a script that will be run the first time a user "
5171
"actually logs in the appliance, that will, among other things, ask him to "
5172
"change his password. In this example I will use <emphasis>'user'</emphasis> "
5173
"as my user name, and <emphasis>'default'</emphasis> as the password."
5174
msgstr ""
5175
5176
#: serverguide/C/virtualization.xml:787(para)
5177
msgid "To do this we use the following optional parameters:"
5178
msgstr ""
5179
5180
#: serverguide/C/virtualization.xml:793(para)
5181
msgid ""
5182
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
5183
"Default: ubuntu."
5184
msgstr ""
5185
5186
#: serverguide/C/virtualization.xml:798(para)
5187
msgid ""
5188
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
5189
"added. Default: Ubuntu."
5190
msgstr ""
5191
5192
#: serverguide/C/virtualization.xml:803(para)
5193
msgid ""
5194
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
5195
"Default: ubuntu."
5196
msgstr ""
5197
5198
#: serverguide/C/virtualization.xml:809(para)
5199
msgid "Our resulting command line becomes:"
5200
msgstr ""
5201
5202
#: serverguide/C/virtualization.xml:814(command)
5203
msgid ""
5204
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5205
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
5206
"-user user --name user --pass default"
5207
msgstr ""
5208
5209
#: serverguide/C/virtualization.xml:822(title)
5210
msgid "Installing Required Packages"
5211
msgstr ""
5212
5213
#: serverguide/C/virtualization.xml:824(para)
5214
msgid ""
5215
"In this example we will be installing a package "
5216
"<application>(Limesurvey)</application> that accesses a "
5217
"<application>MySQL</application> database and has a web interface. We will "
5218
"therefore require our OS to provide us with:"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:831(para)
5222
msgid "Apache"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:832(para)
5226
msgid "PHP"
5227
msgstr ""
5228
5229
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5230
msgid "MySQL"
5231
msgstr ""
5232
5233
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5234
msgid "OpenSSH Server"
5235
msgstr ""
5236
5237
#: serverguide/C/virtualization.xml:835(para)
5238
msgid "Limesurvey (as an example application that we have packaged)"
5239
msgstr ""
5240
5241
#: serverguide/C/virtualization.xml:838(para)
5242
msgid ""
5243
"This is done using vmbuilder by specifying the --addpkg option multiple "
5244
"times:"
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:842(programlisting)
5248
#, no-wrap
5249
msgid ""
5250
"\n"
5251
"--addpkg PKG\n"
5252
" Install PKG into the guest (can be specfied multiple times)\n"
5253
msgstr ""
5254
5255
#: serverguide/C/virtualization.xml:847(para)
5256
msgid ""
5257
"However, due to the way vmbuilder operates, packages that have to ask "
5258
"questions to the user during the post install phase are not supported and "
5259
"should instead be installed while interactivity can occur. This is the case "
5260
"of Limesurvey, which we will have to install later, once the user logs in."
5261
msgstr ""
5262
5263
#: serverguide/C/virtualization.xml:853(para)
5264
msgid ""
5265
"Other packages that ask simple debconf question, such as <application>mysql-"
5266
"server</application> asking to set a password, the package can be installed "
5267
"immediately, but we will have to reconfigure it the first time the user logs "
5268
"in."
5269
msgstr ""
5270
5271
#: serverguide/C/virtualization.xml:859(para)
5272
msgid ""
5273
"If some packages that we need to install are not in main, we need to enable "
5274
"the additional repositories using --comp and --ppa:"
5275
msgstr ""
5276
5277
#: serverguide/C/virtualization.xml:863(programlisting)
5278
#, no-wrap
5279
msgid ""
5280
"\n"
5281
"--components COMP1,COMP2,...,COMPN\n"
5282
" A comma separated list of distro components to include (e.g. "
5283
"main,universe). This defaults\n"
5284
" to \"main\"\n"
5285
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5286
msgstr ""
5287
5288
#: serverguide/C/virtualization.xml:870(para)
5289
msgid ""
5290
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5291
"PPA (personal package archive) address so that it is added to the VM "
5292
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5293
"to the command line:"
5294
msgstr ""
5295
5296
#: serverguide/C/virtualization.xml:876(command)
5297
msgid ""
5298
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5299
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5300
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5301
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5302
"server --ppa nijaba"
5303
msgstr ""
5304
5305
#: serverguide/C/virtualization.xml:883(title)
5306
msgid "OpenSSH"
5307
msgstr ""
5308
5309
#: serverguide/C/virtualization.xml:885(para)
5310
msgid ""
5311
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5312
"it will allow our admins to access the appliance remotely. However, pushing "
5313
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5314
"security risk as all these server will share the same secret key, making it "
5315
"very easy for hackers to target our appliance with all the tools they need "
5316
"to crack it open in a breeze. As for the user password, we will instead rely "
5317
"on a script that will install OpenSSH the first time a user logs in so that "
5318
"the key generated will be different for each appliance. For this we'll use a "
5319
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5320
"interaction."
5321
msgstr ""
5322
5323
#: serverguide/C/virtualization.xml:897(title)
5324
msgid "Speed Considerations"
5325
msgstr ""
5326
5327
#: serverguide/C/virtualization.xml:900(title)
5328
msgid "Package Caching"
5329
msgstr ""
5330
5331
#: serverguide/C/virtualization.xml:902(para)
5332
msgid ""
5333
"When vmbuilder creates builds your system, it has to go fetch each one of "
5334
"the packages that composes it over the network to one of the official "
5335
"repositories, which, depending on your internet connection speed and the "
5336
"load of the mirror, can have a big impact on the actual build time. In order "
5337
"to reduce this, it is recommended to either have a local repository (which "
5338
"can be created using <application>apt-mirror</application>) or using a "
5339
"caching proxy such as <application>apt-proxy</application>. The later option "
5340
"being much simpler to implement and requiring less disk space, it is the one "
5341
"we will pick in this tutorial. To install it, simply type:"
5342
msgstr ""
5343
5344
#: serverguide/C/virtualization.xml:912(command)
5345
msgid "sudo apt-get install apt-proxy"
5346
msgstr ""
5347
5348
#: serverguide/C/virtualization.xml:915(para)
5349
msgid ""
5350
"Once this is complete, your (empty) proxy is ready for use on "
5351
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5352
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5353
"option:"
5354
msgstr ""
5355
5356
#: serverguide/C/virtualization.xml:920(programlisting)
5357
#, no-wrap
5358
msgid ""
5359
"\n"
5360
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5361
" is http://archive.ubuntu.com/ubuntu for official\n"
5362
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5363
" otherwise\n"
5364
msgstr ""
5365
5366
#: serverguide/C/virtualization.xml:927(para)
5367
msgid "So we add to the command line:"
5368
msgstr ""
5369
5370
#: serverguide/C/virtualization.xml:932(command)
5371
msgid "--mirror http://mirroraddress:9999/ubuntu"
5372
msgstr ""
5373
5374
#: serverguide/C/virtualization.xml:936(para)
5375
msgid ""
5376
"The mirror address specified here will also be used in the "
5377
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5378
"is useful to specify here an address that can be resolved by the guest or to "
5379
"plan on reseting this address later on, such as in a <emphasis>--"
5380
"firstboot</emphasis> script."
5381
msgstr ""
5382
5383
#: serverguide/C/virtualization.xml:945(title)
5384
msgid "Install a Local Mirror"
5385
msgstr ""
5386
5387
#: serverguide/C/virtualization.xml:947(para)
5388
msgid ""
5389
"If we are in a larger environment, it may make sense to setup a local mirror "
5390
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5391
"script that will handle the mirroring for you. You should plan on having "
5392
"about 20 gigabyte of free space per supported release and architecture."
5393
msgstr ""
5394
5395
#: serverguide/C/virtualization.xml:953(para)
5396
msgid ""
5397
"By default, <application>apt-mirror</application> uses the configuration "
5398
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5399
"replicate only the architecture of the local machine. If you would like to "
5400
"support other architectures on your mirror, simply duplicate the lines "
5401
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5402
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5403
"archives as well, you will have:"
5404
msgstr ""
5405
5406
#: serverguide/C/virtualization.xml:960(programlisting)
5407
#, no-wrap
5408
msgid ""
5409
"\n"
5410
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5411
"multiverse \n"
5412
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5413
"universe multiverse\n"
5414
"\n"
5415
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5416
"universe multiverse \n"
5417
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5418
"universe multiverse \n"
5419
"\n"
5420
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5421
"universe multiverse \n"
5422
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5423
"restricted universe multiverse \n"
5424
"\n"
5425
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5426
"universe multiverse \n"
5427
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5428
"restricted universe multiverse \n"
5429
"\n"
5430
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5431
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5432
"installer \n"
5433
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5434
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5435
"installer \n"
5436
msgstr ""
5437
5438
#: serverguide/C/virtualization.xml:977(para)
5439
msgid ""
5440
"Notice that the source packages are not mirrored as they are seldom used "
5441
"compared to the binaries and they do take a lot more space, but they can be "
5442
"easily added to the list."
5443
msgstr ""
5444
5445
#: serverguide/C/virtualization.xml:982(para)
5446
msgid ""
5447
"Once the mirror has finished replicating (and this can be quite long), you "
5448
"need to configure Apache so that your mirror files (in "
5449
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5450
"default), are published by your Apache server. For more information on "
5451
"Apache see <xref linkend=\"httpd\"/>."
5452
msgstr ""
5453
5454
#: serverguide/C/virtualization.xml:991(title)
5455
msgid "Installing in a RAM Disk"
5456
msgstr ""
5457
5458
#: serverguide/C/virtualization.xml:993(para)
5459
msgid ""
5460
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5461
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5462
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5463
"-tmpfs</emphasis> will help you do just that:"
5464
msgstr ""
5465
5466
#: serverguide/C/virtualization.xml:999(programlisting)
5467
#, no-wrap
5468
msgid ""
5469
"\n"
5470
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5471
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5472
msgstr ""
5473
5474
#: serverguide/C/virtualization.xml:1004(para)
5475
msgid ""
5476
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5477
"have 1G of free ram."
5478
msgstr ""
5479
5480
#: serverguide/C/virtualization.xml:1011(title)
5481
msgid "Package the Application"
5482
msgstr ""
5483
5484
#: serverguide/C/virtualization.xml:1013(para)
5485
msgid "Two option are available to us:"
5486
msgstr ""
5487
5488
#: serverguide/C/virtualization.xml:1019(para)
5489
msgid ""
5490
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5491
"package. Since this is outside of the scope of this tutorial, we will not "
5492
"perform this here and invite the reader to read the documentation on how to "
5493
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5494
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5495
"repository for your package so that updates can be conveniently pulled from "
5496
"it. See the <ulink url=\"http://www.debian-"
5497
"administration.org/articles/286\">Debian Administration</ulink> article for "
5498
"a tutorial on this."
5499
msgstr ""
5500
5501
#: serverguide/C/virtualization.xml:1028(para)
5502
msgid ""
5503
"Manually install the application under <filename>/opt</filename> as "
5504
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5505
"guidelines</ulink>."
5506
msgstr ""
5507
5508
#: serverguide/C/virtualization.xml:1035(para)
5509
msgid ""
5510
"In our case we'll use <application>Limesurvey</application> as example web "
5511
"application for which we wish to provide a virtual appliance. As noted "
5512
"before, we've made a version of the package available in a PPA (Personal "
5513
"Package Archive)."
5514
msgstr ""
5515
5516
#: serverguide/C/virtualization.xml:1042(title)
5517
msgid "Finishing Install"
5518
msgstr ""
5519
5520
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5521
msgid "First Boot"
5522
msgstr ""
5523
5524
#: serverguide/C/virtualization.xml:1047(para)
5525
msgid ""
5526
"As we mentioned earlier, the first time the machine boots we'll need to "
5527
"install <application>openssh-server</application> so that the key generated "
5528
"for it is unique for each machine. To do this, we'll write a script called "
5529
"<filename>boot.sh</filename> as follows:"
5530
msgstr ""
5531
5532
#: serverguide/C/virtualization.xml:1053(programlisting)
5533
#, no-wrap
5534
msgid ""
5535
"\n"
5536
"# This script will run the first time the virtual machine boots\n"
5537
"# It is ran as root.\n"
5538
"\n"
5539
"apt-get update\n"
5540
"apt-get install -qqy --force-yes openssh-server\n"
5541
msgstr ""
5542
5543
#: serverguide/C/virtualization.xml:1061(para)
5544
msgid ""
5545
"And we add the <command>--firstboot boot.sh</command> option to our command "
5546
"line."
5547
msgstr ""
5548
5549
#: serverguide/C/virtualization.xml:1067(title)
5550
msgid "First Login"
5551
msgstr ""
5552
5553
#: serverguide/C/virtualization.xml:1069(para)
5554
msgid ""
5555
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5556
"set them up the first time a user logs in using a script named login.sh. "
5557
"We'll also use this script to let the user specify:"
5558
msgstr ""
5559
5560
#: serverguide/C/virtualization.xml:1075(para)
5561
msgid "His own password"
5562
msgstr ""
5563
5564
#: serverguide/C/virtualization.xml:1076(para)
5565
msgid "Define the keyboard and other locale info he wants to use"
5566
msgstr ""
5567
5568
#: serverguide/C/virtualization.xml:1079(para)
5569
msgid "So we'll define <filename>login.sh</filename> as follows:"
5570
msgstr ""
5571
5572
#: serverguide/C/virtualization.xml:1083(programlisting)
5573
#, no-wrap
5574
msgid ""
5575
"\n"
5576
"# This script is ran the first time a user logs in\n"
5577
"\n"
5578
"echo \"Your appliance is about to be finished to be set up.\"\n"
5579
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5580
"echo \"starting by changing your user password.\"\n"
5581
"\n"
5582
"passwd\n"
5583
"\n"
5584
"#give the opportunity to change the keyboard\n"
5585
"sudo dpkg-reconfigure console-setup\n"
5586
"\n"
5587
"#configure the mysql server root password\n"
5588
"sudo dpkg-reconfigure mysql-server-5.0\n"
5589
"\n"
5590
"#install limesurvey\n"
5591
"sudo apt-get install -qqy --force-yes limesurvey\n"
5592
"\n"
5593
"echo \"Your appliance is now configured. To use it point your\"\n"
5594
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5595
msgstr ""
5596
5597
#: serverguide/C/virtualization.xml:1105(para)
5598
msgid ""
5599
"And we add the <command>--firstlogin login.sh</command> option to our "
5600
"command line."
5601
msgstr ""
5602
5603
#: serverguide/C/virtualization.xml:1112(title)
5604
msgid "Useful Additions"
5605
msgstr ""
5606
5607
#: serverguide/C/virtualization.xml:1115(title)
5608
msgid "Configuring Automatic Updates"
5609
msgstr ""
5610
5611
#: serverguide/C/virtualization.xml:1117(para)
5612
msgid ""
5613
"To have your system be configured to update itself on a regular basis, we "
5614
"will just install <application>unattended-upgrades</application>, so we add "
5615
"the following option to our command line:"
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:1123(command)
5619
msgid "--addpkg unattended-upgrades"
5620
msgstr ""
5621
5622
#: serverguide/C/virtualization.xml:1126(para)
5623
msgid ""
5624
"As we have put our application package in a PPA, the process will update not "
5625
"only the system, but also the application each time we update the version in "
5626
"the PPA."
5627
msgstr ""
5628
5629
#: serverguide/C/virtualization.xml:1133(title)
5630
msgid "ACPI Event Handling"
5631
msgstr ""
5632
5633
#: serverguide/C/virtualization.xml:1135(para)
5634
msgid ""
5635
"For your virtual machine to be able to handle restart and shutdown events it "
5636
"is being sent, it is a good idea to install the acpid package as well. To do "
5637
"this we just add the following option:"
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:1141(command)
5641
msgid "--addpkg acpid"
5642
msgstr ""
5643
5644
#: serverguide/C/virtualization.xml:1147(title)
5645
msgid "Final Command"
5646
msgstr ""
5647
5648
#: serverguide/C/virtualization.xml:1149(para)
5649
msgid "Here is the command with all the options discussed above:"
5650
msgstr ""
5651
5652
#: serverguide/C/virtualization.xml:1154(command)
5653
msgid ""
5654
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5655
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5656
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5657
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5658
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5659
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5660
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5661
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5662
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5663
"firstlogin login.sh"
5664
msgstr ""
5665
5666
#: serverguide/C/virtualization.xml:1169(para)
5667
msgid ""
5668
"If you are interested in learning more, have questions or suggestions, "
5669
"please contact the Ubuntu Server Team at:"
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1174(para)
5673
msgid "IRC: #ubuntu-server on freenode"
5674
msgstr ""
5675
5676
#: serverguide/C/virtualization.xml:1179(para)
5677
msgid ""
5678
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5679
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5680
msgstr ""
5681
5682
#: serverguide/C/virtualization.xml:1184(para)
5683
msgid ""
5684
"Also, see the <ulink "
5685
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5686
"Wiki</ulink> page."
5687
msgstr ""
5688
5689
#: serverguide/C/virtualization.xml:1192(title)
5690
msgid "UEC"
5691
msgstr ""
5692
5693
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5694
msgid "Overview"
5695
msgstr ""
5696
5697
#: serverguide/C/virtualization.xml:1197(para)
5698
msgid ""
5699
"This tutorial covers <application>UEC</application> installation from the "
5700
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5701
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5702
"and one or more nodes attached."
5703
msgstr ""
5704
5705
#: serverguide/C/virtualization.xml:1202(para)
5706
msgid ""
5707
"From this Tutorial you will learn how to install, configure, register and "
5708
"perform several operations on a basic <application>UEC</application> setup "
5709
"that results in a cloud with a one controller <emphasis>\"front-"
5710
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5711
"instances. You will also use examples to help get you started using your own "
5712
"private compute cloud."
5713
msgstr ""
5714
5715
#: serverguide/C/virtualization.xml:1210(title)
5716
msgid "Prerequisites"
5717
msgstr ""
5718
5719
#: serverguide/C/virtualization.xml:1212(para)
5720
msgid ""
5721
"To deploy a minimal cloud infrastructure, you’ll need at least "
5722
"<emphasis>two</emphasis> dedicated systems:"
5723
msgstr ""
5724
5725
#: serverguide/C/virtualization.xml:1218(para)
5726
msgid "A front end."
5727
msgstr ""
5728
5729
#: serverguide/C/virtualization.xml:1223(para)
5730
msgid "One or more node(s)."
5731
msgstr ""
5732
5733
#: serverguide/C/virtualization.xml:1229(para)
5734
msgid ""
5735
"The following are recommendations, rather than fixed requirements. However, "
5736
"our experience in developing this documentation indicated the following "
5737
"suggestions."
5738
msgstr ""
5739
5740
#: serverguide/C/virtualization.xml:1234(title)
5741
msgid "Front End Requirements"
5742
msgstr ""
5743
5744
#: serverguide/C/virtualization.xml:1236(para)
5745
msgid "Use the following table for a system that will run one or more of:"
5746
msgstr ""
5747
5748
#: serverguide/C/virtualization.xml:1241(para)
5749
msgid "Cloud Controller (CLC)"
5750
msgstr ""
5751
5752
#: serverguide/C/virtualization.xml:1242(para)
5753
msgid "Cluster Controller (CC)"
5754
msgstr ""
5755
5756
#: serverguide/C/virtualization.xml:1243(para)
5757
msgid "Walrus (the S3-like storage service)"
5758
msgstr ""
5759
5760
#: serverguide/C/virtualization.xml:1244(para)
5761
msgid "Storage Controller (SC)"
5762
msgstr ""
5763
5764
#: serverguide/C/virtualization.xml:1248(title)
5765
msgid "UEC Front End Requirements"
5766
msgstr ""
5767
5768
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5769
msgid "Hardware"
5770
msgstr ""
5771
5772
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5773
msgid "Minimum"
5774
msgstr ""
5775
5776
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5777
msgid "Suggested"
5778
msgstr ""
5779
5780
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5781
msgid "Notes"
5782
msgstr ""
5783
5784
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5785
msgid "CPU"
5786
msgstr ""
5787
5788
#: serverguide/C/virtualization.xml:1265(para)
5789
msgid "1 GHz"
5790
msgstr ""
5791
5792
#: serverguide/C/virtualization.xml:1266(para)
5793
msgid "2 x 2 GHz"
5794
msgstr ""
5795
5796
#: serverguide/C/virtualization.xml:1267(para)
5797
msgid ""
5798
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5799
"a dual core processor."
5800
msgstr ""
5801
5802
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5803
msgid "Memory"
5804
msgstr ""
5805
5806
#: serverguide/C/virtualization.xml:1271(para)
5807
msgid "2 GB"
5808
msgstr ""
5809
5810
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5811
msgid "4 GB"
5812
msgstr ""
5813
5814
#: serverguide/C/virtualization.xml:1273(para)
5815
msgid "The Java web front end benefits from lots of available memory."
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5819
msgid "Disk"
5820
msgstr ""
5821
5822
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5823
msgid "5400 RPM IDE"
5824
msgstr ""
5825
5826
#: serverguide/C/virtualization.xml:1278(para)
5827
msgid "7200 RPM SATA"
5828
msgstr ""
5829
5830
#: serverguide/C/virtualization.xml:1279(para)
5831
msgid ""
5832
"Slower disks will work, but will yield much longer instance startup times."
5833
msgstr ""
5834
5835
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5836
msgid "Disk Space"
5837
msgstr ""
5838
5839
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5840
msgid "40 GB"
5841
msgstr ""
5842
5843
#: serverguide/C/virtualization.xml:1284(para)
5844
msgid "200 GB"
5845
msgstr ""
5846
5847
#: serverguide/C/virtualization.xml:1285(para)
5848
msgid ""
5849
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5850
"does not like to run out of disk space."
5851
msgstr ""
5852
5853
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5854
msgid "Networking"
5855
msgstr ""
5856
5857
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5858
msgid "100 Mbps"
5859
msgstr ""
5860
5861
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5862
msgid "1000 Mbps"
5863
msgstr ""
5864
5865
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5866
msgid ""
5867
"Machine images are hundreds of MB, and need to be copied over the network to "
5868
"nodes."
5869
msgstr ""
5870
5871
#: serverguide/C/virtualization.xml:1299(title)
5872
msgid "Node Requirements"
5873
msgstr ""
5874
5875
#: serverguide/C/virtualization.xml:1301(para)
5876
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5877
msgstr ""
5878
5879
#: serverguide/C/virtualization.xml:1306(para)
5880
msgid "the Node Controller (NC)"
5881
msgstr ""
5882
5883
#: serverguide/C/virtualization.xml:1310(title)
5884
msgid "UEC Node Requirements"
5885
msgstr ""
5886
5887
#: serverguide/C/virtualization.xml:1327(para)
5888
msgid "VT Extensions"
5889
msgstr ""
5890
5891
#: serverguide/C/virtualization.xml:1328(para)
5892
msgid "VT, 64-bit, Multicore"
5893
msgstr ""
5894
5895
#: serverguide/C/virtualization.xml:1329(para)
5896
msgid ""
5897
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5898
"only run 1 VM per CPU core on a Node."
5899
msgstr ""
5900
5901
#: serverguide/C/virtualization.xml:1333(para)
5902
msgid "1 GB"
5903
msgstr ""
5904
5905
#: serverguide/C/virtualization.xml:1335(para)
5906
msgid "Additional memory means more, and larger guests."
5907
msgstr ""
5908
5909
#: serverguide/C/virtualization.xml:1340(para)
5910
msgid "7200 RPM SATA or SCSI"
5911
msgstr ""
5912
5913
#: serverguide/C/virtualization.xml:1341(para)
5914
msgid ""
5915
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5916
"bottleneck."
5917
msgstr ""
5918
5919
#: serverguide/C/virtualization.xml:1346(para)
5920
msgid "100 GB"
5921
msgstr ""
5922
5923
#: serverguide/C/virtualization.xml:1347(para)
5924
msgid ""
5925
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5926
"space."
5927
msgstr ""
5928
5929
#: serverguide/C/virtualization.xml:1363(title)
5930
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5931
msgstr ""
5932
5933
#: serverguide/C/virtualization.xml:1367(para)
5934
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5935
msgstr ""
5936
5937
#: serverguide/C/virtualization.xml:1372(para)
5938
msgid ""
5939
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5940
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5941
"components are present."
5942
msgstr ""
5943
5944
#: serverguide/C/virtualization.xml:1377(para)
5945
msgid ""
5946
"You can then choose which components to install, based on your chosen <ulink "
5947
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5948
msgstr ""
5949
5950
#: serverguide/C/virtualization.xml:1382(para)
5951
msgid ""
5952
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5953
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5954
msgstr ""
5955
5956
#: serverguide/C/virtualization.xml:1388(para)
5957
msgid ""
5958
"It will ask two other cloud-specific questions during the course of the "
5959
"install:"
5960
msgstr ""
5961
5962
#: serverguide/C/virtualization.xml:1393(para)
5963
msgid "Name of your cluster."
5964
msgstr ""
5965
5966
#: serverguide/C/virtualization.xml:1396(para)
5967
msgid "e.g. <emphasis>cluster1</emphasis>."
5968
msgstr ""
5969
5970
#: serverguide/C/virtualization.xml:1399(para)
5971
msgid ""
5972
"A range of public IP addresses on the LAN that the cloud can allocate to "
5973
"instances."
5974
msgstr ""
5975
5976
#: serverguide/C/virtualization.xml:1402(para)
5977
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5978
msgstr ""
5979
5980
#: serverguide/C/virtualization.xml:1410(title)
5981
msgid "Installing the Node Controller(s)"
5982
msgstr ""
5983
5984
#: serverguide/C/virtualization.xml:1412(para)
5985
msgid ""
5986
"The node controller install is even simpler. Just make sure that you are "
5987
"connected to the network on which the cloud/cluster controller is already "
5988
"running."
5989
msgstr ""
5990
5991
#: serverguide/C/virtualization.xml:1418(para)
5992
msgid "Boot from the same ISO on the node(s)."
5993
msgstr ""
5994
5995
#: serverguide/C/virtualization.xml:1423(para)
5996
msgid ""
5997
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5998
msgstr ""
5999
6000
#: serverguide/C/virtualization.xml:1428(para)
6001
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6002
msgstr ""
6003
6004
#: serverguide/C/virtualization.xml:1433(para)
6005
msgid ""
6006
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
6007
"install for you."
6008
msgstr ""
6009
6010
#: serverguide/C/virtualization.xml:1438(para)
6011
msgid "Confirm the partitioning scheme."
6012
msgstr ""
6013
6014
#: serverguide/C/virtualization.xml:1443(para)
6015
msgid ""
6016
"The rest of the installation should proceed uninterrupted; complete the "
6017
"installation and reboot the node."
6018
msgstr ""
6019
6020
#: serverguide/C/virtualization.xml:1451(title)
6021
msgid "Register the Node(s)"
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1456(para)
6025
msgid ""
6026
"Nodes are the physical systems within <application>UEC</application> that "
6027
"actually run the virtual machine instances of the cloud."
6028
msgstr ""
6029
6030
#: serverguide/C/virtualization.xml:1460(para)
6031
msgid "All component registration should be automatic, assuming:"
6032
msgstr ""
6033
6034
#: serverguide/C/virtualization.xml:1466(para)
6035
msgid "Public SSH keys have been exchanged properly."
6036
msgstr ""
6037
6038
#: serverguide/C/virtualization.xml:1471(para)
6039
msgid "The services are configured properly."
6040
msgstr ""
6041
6042
#: serverguide/C/virtualization.xml:1476(para)
6043
msgid ""
6044
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
6045
msgstr ""
6046
6047
#: serverguide/C/virtualization.xml:1481(para)
6048
msgid "Verify Registration."
6049
msgstr ""
6050
6051
#: serverguide/C/virtualization.xml:1487(para)
6052
msgid ""
6053
"Steps a to e should only be required if you're using the <ulink "
6054
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
6055
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
6056
"should already be completed automatically for you, and therefore you can "
6057
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
6058
msgstr ""
6059
6060
#: serverguide/C/virtualization.xml:1495(para)
6061
msgid "Exchange Public Keys"
6062
msgstr ""
6063
6064
#: serverguide/C/virtualization.xml:1497(para)
6065
msgid ""
6066
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
6067
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
6068
"Controller as the eucalyptus user."
6069
msgstr ""
6070
6071
#: serverguide/C/virtualization.xml:1502(para)
6072
msgid ""
6073
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
6074
"ssh key by:"
6075
msgstr ""
6076
6077
#: serverguide/C/virtualization.xml:1508(para)
6078
msgid ""
6079
"On the target controller, temporarily set a password for the eucalyptus user:"
6080
msgstr ""
6081
6082
#: serverguide/C/virtualization.xml:1512(command)
6083
msgid "sudo passwd eucalyptus"
6084
msgstr ""
6085
6086
#: serverguide/C/virtualization.xml:1516(para)
6087
msgid "Then, on the Cloud Controller:"
6088
msgstr ""
6089
6090
#: serverguide/C/virtualization.xml:1520(command)
6091
msgid ""
6092
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
6093
"eucalyptus@<IP_OF_NODE>"
6094
msgstr ""
6095
6096
#: serverguide/C/virtualization.xml:1524(para)
6097
msgid ""
6098
"You can now remove the password of the eucalyptus account on the target "
6099
"controller, if you wish:"
6100
msgstr ""
6101
6102
#: serverguide/C/virtualization.xml:1528(command)
6103
msgid "sudo passwd -d eucalyptus"
6104
msgstr ""
6105
6106
#: serverguide/C/virtualization.xml:1535(para)
6107
msgid "Configuring the Services"
6108
msgstr ""
6109
6110
#: serverguide/C/virtualization.xml:1537(para)
6111
msgid "On the <emphasis>Cloud Controller</emphasis>:"
6112
msgstr ""
6113
6114
#: serverguide/C/virtualization.xml:1543(para)
6115
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
6116
msgstr ""
6117
6118
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
6119
msgid ""
6120
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
6121
"cc.conf</filename>"
6122
msgstr ""
6123
6124
#: serverguide/C/virtualization.xml:1549(para)
6125
msgid ""
6126
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6127
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6128
"addresses."
6129
msgstr ""
6130
6131
#: serverguide/C/virtualization.xml:1556(para)
6132
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
6133
msgstr ""
6134
6135
#: serverguide/C/virtualization.xml:1560(para)
6136
msgid ""
6137
"Define the shell variable WALRUS_IP_ADDR in "
6138
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
6139
"address."
6140
msgstr ""
6141
6142
#: serverguide/C/virtualization.xml:1565(para)
6143
msgid "On the <emphasis>Cluster Controller</emphasis>:"
6144
msgstr ""
6145
6146
#: serverguide/C/virtualization.xml:1571(para)
6147
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
6148
msgstr ""
6149
6150
#: serverguide/C/virtualization.xml:1577(para)
6151
msgid ""
6152
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6153
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6154
"addresses."
6155
msgstr ""
6156
6157
#: serverguide/C/virtualization.xml:1587(para)
6158
msgid "Publish"
6159
msgstr ""
6160
6161
#: serverguide/C/virtualization.xml:1589(para)
6162
msgid "Now start the publication services."
6163
msgstr ""
6164
6165
#: serverguide/C/virtualization.xml:1595(emphasis)
6166
msgid "Walrus Controller:"
6167
msgstr ""
6168
6169
#: serverguide/C/virtualization.xml:1597(command)
6170
msgid "sudo start eucalyptus-walrus-publication"
6171
msgstr ""
6172
6173
#: serverguide/C/virtualization.xml:1601(emphasis)
6174
msgid "Cluster Controller:"
6175
msgstr ""
6176
6177
#: serverguide/C/virtualization.xml:1603(command)
6178
msgid "sudo start eucalyptus-cc-publication"
6179
msgstr ""
6180
6181
#: serverguide/C/virtualization.xml:1607(emphasis)
6182
msgid "Storage Controller:"
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:1609(command)
6186
msgid "sudo start eucalyptus-sc-publication"
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:1613(emphasis)
6190
msgid "Node Controller:"
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:1615(command)
6194
msgid "sudo start eucalyptus-nc-publication"
6195
msgstr ""
6196
6197
#: serverguide/C/virtualization.xml:1622(para)
6198
msgid "Start the Listener"
6199
msgstr ""
6200
6201
#: serverguide/C/virtualization.xml:1624(para)
6202
msgid ""
6203
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
6204
"Controller(s)</emphasis>, run:"
6205
msgstr ""
6206
6207
#: serverguide/C/virtualization.xml:1629(command)
6208
msgid "sudo start uec-component-listener"
6209
msgstr ""
6210
6211
#: serverguide/C/virtualization.xml:1634(para)
6212
msgid "Verify Registration"
6213
msgstr ""
6214
6215
#: serverguide/C/virtualization.xml:1637(command)
6216
msgid "cat /var/log/eucalyptus/registration.log"
6217
msgstr ""
6218
6219
#: serverguide/C/virtualization.xml:1638(computeroutput)
6220
#, no-wrap
6221
msgid ""
6222
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
6223
"10.1.1.75\n"
6224
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
6225
"0\n"
6226
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
6227
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
6228
"0\n"
6229
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
6230
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
6231
"returned 0\n"
6232
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
6233
"10.1.1.71\n"
6234
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
6235
msgstr ""
6236
6237
#: serverguide/C/virtualization.xml:1649(para)
6238
msgid "The output on your machine will vary from the example above."
6239
msgstr ""
6240
6241
#: serverguide/C/virtualization.xml:1659(title)
6242
msgid "Obtain Credentials"
6243
msgstr ""
6244
6245
#: serverguide/C/virtualization.xml:1661(para)
6246
msgid ""
6247
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
6248
"users of the cloud will need to retrieve their credentials. This can be done "
6249
"either through a web browser, or at the command line."
6250
msgstr ""
6251
6252
#: serverguide/C/virtualization.xml:1667(title)
6253
msgid "From a Web Browser"
6254
msgstr ""
6255
6256
#: serverguide/C/virtualization.xml:1671(para)
6257
msgid ""
6258
"From your web browser (either remotely or on your Ubuntu server) access the "
6259
"following URL:"
6260
msgstr ""
6261
6262
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6263
#, no-wrap
6264
msgid ""
6265
"\n"
6266
"https://<cloud-controller-ip-address>:8443/\n"
6267
msgstr ""
6268
6269
#: serverguide/C/virtualization.xml:1679(para)
6270
msgid ""
6271
"You must use a secure connection, so make sure you use \"https\" not "
6272
"\"http\" in your URL. You will get a security certificate warning. You will "
6273
"have to add an exception to view the page. If you do not accept it you will "
6274
"not be able to view the Eucalyptus configuration page."
6275
msgstr ""
6276
6277
#: serverguide/C/virtualization.xml:1687(para)
6278
msgid ""
6279
"Use username <emphasis>'admin'</emphasis> and password "
6280
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6281
"to change your password)."
6282
msgstr ""
6283
6284
#: serverguide/C/virtualization.xml:1693(para)
6285
msgid ""
6286
"Then follow the on-screen instructions to update the admin password and "
6287
"email address."
6288
msgstr ""
6289
6290
#: serverguide/C/virtualization.xml:1698(para)
6291
msgid ""
6292
"Once the first time configuration process is completed, click the "
6293
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6294
"the screen."
6295
msgstr ""
6296
6297
#: serverguide/C/virtualization.xml:1704(para)
6298
msgid ""
6299
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6300
"certificates."
6301
msgstr ""
6302
6303
#: serverguide/C/virtualization.xml:1709(para)
6304
msgid "Save them to <filename>~/.euca</filename>."
6305
msgstr ""
6306
6307
#: serverguide/C/virtualization.xml:1714(para)
6308
msgid ""
6309
"Unzip the downloaded zip file into a safe location "
6310
"(<filename>~/.euca</filename>)."
6311
msgstr ""
6312
6313
#: serverguide/C/virtualization.xml:1718(command)
6314
msgid "unzip -d ~/.euca mycreds.zip"
6315
msgstr ""
6316
6317
#: serverguide/C/virtualization.xml:1725(title)
6318
msgid "From a Command Line"
6319
msgstr ""
6320
6321
#: serverguide/C/virtualization.xml:1729(para)
6322
msgid ""
6323
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6324
"Controller</emphasis>, you can run:"
6325
msgstr ""
6326
6327
#: serverguide/C/virtualization.xml:1733(command)
6328
msgid "mkdir -p ~/.euca"
6329
msgstr ""
6330
6331
#: serverguide/C/virtualization.xml:1734(command)
6332
msgid "chmod 700 ~/.euca"
6333
msgstr ""
6334
6335
#: serverguide/C/virtualization.xml:1735(command)
6336
msgid "cd ~/.euca"
6337
msgstr ""
6338
6339
#: serverguide/C/virtualization.xml:1736(command)
6340
msgid "sudo euca_conf --get-credentials mycreds.zip"
6341
msgstr ""
6342
6343
#: serverguide/C/virtualization.xml:1737(command)
6344
msgid "unzip mycreds.zip"
6345
msgstr ""
6346
6347
#: serverguide/C/virtualization.xml:1738(command)
6348
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6349
msgstr ""
6350
6351
#: serverguide/C/virtualization.xml:1739(command)
6352
msgid "cd -"
6353
msgstr ""
6354
6355
#: serverguide/C/virtualization.xml:1746(title)
6356
msgid "Extracting and Using Your Credentials"
6357
msgstr ""
6358
6359
#: serverguide/C/virtualization.xml:1748(para)
6360
msgid ""
6361
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6362
"certificates."
6363
msgstr ""
6364
6365
#: serverguide/C/virtualization.xml:1754(para)
6366
msgid "Install the required cloud user tools:"
6367
msgstr ""
6368
6369
#: serverguide/C/virtualization.xml:1758(command)
6370
msgid "sudo apt-get install euca2ools"
6371
msgstr ""
6372
6373
#: serverguide/C/virtualization.xml:1762(para)
6374
msgid ""
6375
"To validate that everything is working correctly, get the local cluster "
6376
"availability details:"
6377
msgstr ""
6378
6379
#: serverguide/C/virtualization.xml:1766(command)
6380
msgid ". ~/.euca/eucarc"
6381
msgstr ""
6382
6383
#: serverguide/C/virtualization.xml:1767(command)
6384
msgid "euca-describe-availability-zones verbose"
6385
msgstr ""
6386
6387
#: serverguide/C/virtualization.xml:1768(computeroutput)
6388
#, no-wrap
6389
msgid ""
6390
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6391
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6392
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6393
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6394
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6395
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6396
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6397
msgstr ""
6398
6399
#: serverguide/C/virtualization.xml:1778(para)
6400
msgid "Your output from the above command will vary."
6401
msgstr ""
6402
6403
#: serverguide/C/virtualization.xml:1788(title)
6404
msgid "Install an Image from the Store"
6405
msgstr ""
6406
6407
#: serverguide/C/virtualization.xml:1790(para)
6408
msgid ""
6409
"The following is by far the simplest way to install an image. However, "
6410
"advanced users may be interested in learning how to <ulink "
6411
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6412
"own image</ulink>."
6413
msgstr ""
6414
6415
#: serverguide/C/virtualization.xml:1795(para)
6416
msgid ""
6417
"The simplest way to add an image to <application>UEC</application> is to "
6418
"install it from the Image Store on the UEC web interface."
6419
msgstr ""
6420
6421
#: serverguide/C/virtualization.xml:1801(para)
6422
msgid ""
6423
"Access the web interface at the following URL (Make sure you specify https):"
6424
msgstr ""
6425
6426
#: serverguide/C/virtualization.xml:1809(para)
6427
msgid ""
6428
"Enter your login and password (if requested, as you may still be logged in "
6429
"from earlier)."
6430
msgstr ""
6431
6432
#: serverguide/C/virtualization.xml:1814(para)
6433
msgid "Click on the <emphasis>Store</emphasis> tab."
6434
msgstr ""
6435
6436
#: serverguide/C/virtualization.xml:1819(para)
6437
msgid "Browse available images."
6438
msgstr ""
6439
6440
#: serverguide/C/virtualization.xml:1824(para)
6441
msgid "Click on <emphasis>install</emphasis> for the image you want."
6442
msgstr ""
6443
6444
#: serverguide/C/virtualization.xml:1830(para)
6445
msgid ""
6446
"Once the image has been downloaded and installed, you can click on "
6447
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6448
"button to view the command to execute to instantiate (start) this image. The "
6449
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6450
"tab."
6451
msgstr ""
6452
6453
#: serverguide/C/virtualization.xml:1838(title)
6454
msgid "Run an Image"
6455
msgstr ""
6456
6457
#: serverguide/C/virtualization.xml:1840(para)
6458
msgid "There are multiple ways to instantiate an image in UEC:"
6459
msgstr ""
6460
6461
#: serverguide/C/virtualization.xml:1845(para)
6462
msgid "Use the command line."
6463
msgstr ""
6464
6465
#: serverguide/C/virtualization.xml:1846(para)
6466
msgid ""
6467
"Use one of the UEC compatible management tools such as "
6468
"<emphasis>Landscape</emphasis>."
6469
msgstr ""
6470
6471
#: serverguide/C/virtualization.xml:1848(para)
6472
msgid ""
6473
"Use the <ulink "
6474
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6475
"extension to Firefox."
6476
msgstr ""
6477
6478
#: serverguide/C/virtualization.xml:1854(para)
6479
msgid "Here we will describe the process from the command line:"
6480
msgstr ""
6481
6482
#: serverguide/C/virtualization.xml:1860(para)
6483
msgid ""
6484
"Before running an instance of your image, you should first create a "
6485
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6486
"instance as root, once it boots. The key is stored, so you will only have to "
6487
"do this once."
6488
msgstr ""
6489
6490
#: serverguide/C/virtualization.xml:1864(para)
6491
msgid "Run the following command:"
6492
msgstr ""
6493
6494
#: serverguide/C/virtualization.xml:1867(programlisting)
6495
#, no-wrap
6496
msgid ""
6497
"\n"
6498
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6499
" mkdir -p -m 700 ~/.euca\n"
6500
" touch ~/.euca/mykey.priv\n"
6501
" chmod 0600 ~/.euca/mykey.priv\n"
6502
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6503
"fi\n"
6504
msgstr ""
6505
6506
#: serverguide/C/virtualization.xml:1876(para)
6507
msgid ""
6508
"You can call your key whatever you like (in this example, the key is called "
6509
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6510
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6511
"a list of created keys stored in the system."
6512
msgstr ""
6513
6514
#: serverguide/C/virtualization.xml:1883(para)
6515
msgid "You must also allow access to port 22 in your instances:"
6516
msgstr ""
6517
6518
#: serverguide/C/virtualization.xml:1887(command)
6519
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6520
msgstr ""
6521
6522
#: serverguide/C/virtualization.xml:1891(para)
6523
msgid "Next, you can create instances of your registered image:"
6524
msgstr ""
6525
6526
#: serverguide/C/virtualization.xml:1895(command)
6527
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6528
msgstr ""
6529
6530
#: serverguide/C/virtualization.xml:1898(para)
6531
msgid ""
6532
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6533
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6534
"on the <emphasis>Store</emphasis> page to see the sample command."
6535
msgstr ""
6536
6537
#: serverguide/C/virtualization.xml:1905(para)
6538
msgid ""
6539
"The first time you run an instance, the system will be setting up caches for "
6540
"the image from which it will be created. This can often take some time the "
6541
"first time an instance is run given that VM images are usually quite large."
6542
msgstr ""
6543
6544
#: serverguide/C/virtualization.xml:1909(para)
6545
msgid "To monitor the state of your instance, run:"
6546
msgstr ""
6547
6548
#: serverguide/C/virtualization.xml:1913(command)
6549
msgid "watch -n5 euca-describe-instances"
6550
msgstr ""
6551
6552
#: serverguide/C/virtualization.xml:1915(para)
6553
msgid ""
6554
"In the output, you should see information about the instance, including its "
6555
"state. While first-time caching is being performed, the instance's state "
6556
"will be <emphasis>'pending'</emphasis>."
6557
msgstr ""
6558
6559
#: serverguide/C/virtualization.xml:1921(para)
6560
msgid ""
6561
"When the instance is fully started, the above state will become "
6562
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6563
"instance in the output, then connect to it:"
6564
msgstr ""
6565
6566
#: serverguide/C/virtualization.xml:1926(command)
6567
msgid ""
6568
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6569
"'{print $4}')"
6570
msgstr ""
6571
6572
#: serverguide/C/virtualization.xml:1927(command)
6573
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6574
msgstr ""
6575
6576
#: serverguide/C/virtualization.xml:1931(para)
6577
msgid ""
6578
"And when you are done with this instance, exit your SSH connection, then "
6579
"terminate your instance:"
6580
msgstr ""
6581
6582
#: serverguide/C/virtualization.xml:1935(command)
6583
msgid ""
6584
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6585
"awk '{print $2}')"
6586
msgstr ""
6587
6588
#: serverguide/C/virtualization.xml:1936(command)
6589
msgid "euca-terminate-instances $INSTANCEID"
6590
msgstr ""
6591
6592
#: serverguide/C/virtualization.xml:1944(para)
6593
msgid ""
6594
"The <application>cloud-init</application> package provides \"first boot\" "
6595
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6596
"generic filesystem image that is booting and customizing it for this "
6597
"particular instance. That includes things like:"
6598
msgstr ""
6599
6600
#: serverguide/C/virtualization.xml:1952(para)
6601
msgid "Setting the hostname."
6602
msgstr ""
6603
6604
#: serverguide/C/virtualization.xml:1957(para)
6605
msgid ""
6606
"Putting the provided ssh public keys into "
6607
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6608
msgstr ""
6609
6610
#: serverguide/C/virtualization.xml:1962(para)
6611
msgid "Running a user provided script, or otherwise modifying the image."
6612
msgstr ""
6613
6614
#: serverguide/C/virtualization.xml:1968(para)
6615
msgid ""
6616
"Setting hostname and configuring a system so the person who launched it can "
6617
"actually log into it are not terribly interesting. The interesting things "
6618
"that can be done with <application>cloud-init</application> are made "
6619
"possible by data provided at launch time called <ulink "
6620
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6621
"85\">user-data</ulink>."
6622
msgstr ""
6623
6624
#: serverguide/C/virtualization.xml:1974(para)
6625
msgid "First, install the <application>cloud-init</application> package:"
6626
msgstr ""
6627
6628
#: serverguide/C/virtualization.xml:1979(command)
6629
msgid "sudo apt-get install cloud-init"
6630
msgstr ""
6631
6632
#: serverguide/C/virtualization.xml:1982(para)
6633
msgid ""
6634
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6635
"stored and executed as root late in the boot process of the instance's first "
6636
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6637
"directed to the console."
6638
msgstr ""
6639
6640
#: serverguide/C/virtualization.xml:1987(para)
6641
msgid ""
6642
"For example, create a file named <filename>ud.txt</filename> containing:"
6643
msgstr ""
6644
6645
#: serverguide/C/virtualization.xml:1991(programlisting)
6646
#, no-wrap
6647
msgid ""
6648
"\n"
6649
"#!/bin/sh\n"
6650
"echo ========== Hello World: $(date) ==========\n"
6651
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6652
msgstr ""
6653
6654
#: serverguide/C/virtualization.xml:1997(para)
6655
msgid ""
6656
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6657
msgstr ""
6658
6659
#: serverguide/C/virtualization.xml:2002(command)
6660
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6661
msgstr ""
6662
6663
#: serverguide/C/virtualization.xml:2005(para)
6664
msgid ""
6665
"Wait now for the system to come up and console to be available. To see the "
6666
"result of the data file commands enter:"
6667
msgstr ""
6668
6669
#: serverguide/C/virtualization.xml:2010(command)
6670
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6671
msgstr ""
6672
6673
#: serverguide/C/virtualization.xml:2011(computeroutput)
6674
#, no-wrap
6675
msgid ""
6676
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6677
"I have been up for 28.26 sec"
6678
msgstr ""
6679
6680
#: serverguide/C/virtualization.xml:2016(para)
6681
msgid "Your output may vary."
6682
msgstr ""
6683
6684
#: serverguide/C/virtualization.xml:2021(para)
6685
msgid ""
6686
"The simple approach shown above gives a great deal of power. The user-data "
6687
"can contain a script in any language where an interpreter already exists in "
6688
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6689
")."
6690
msgstr ""
6691
6692
#: serverguide/C/virtualization.xml:2026(para)
6693
msgid ""
6694
"For many cases, the user may not be interested in writing a program. For "
6695
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6696
"configuration based approach towards customization. To utilize the cloud-"
6697
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6698
"config'</emphasis>."
6699
msgstr ""
6700
6701
#: serverguide/C/virtualization.xml:2031(para)
6702
msgid ""
6703
"For example, create a text file named <filename>clout-config.txt</filename> "
6704
"containing:"
6705
msgstr ""
6706
6707
#: serverguide/C/virtualization.xml:2035(programlisting)
6708
#, no-wrap
6709
msgid ""
6710
"\n"
6711
"#cloud-config\n"
6712
"apt_upgrade: true\n"
6713
"apt_sources:\n"
6714
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6715
"\n"
6716
"packages:\n"
6717
"- build-essential\n"
6718
"- pastebinit\n"
6719
"\n"
6720
"runcmd:\n"
6721
"- echo ======= Hello World =====\n"
6722
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6723
msgstr ""
6724
6725
#: serverguide/C/virtualization.xml:2050(para)
6726
msgid "Create a new instance:"
6727
msgstr ""
6728
6729
#: serverguide/C/virtualization.xml:2055(command)
6730
msgid ""
6731
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6732
"config.txt"
6733
msgstr ""
6734
6735
#: serverguide/C/virtualization.xml:2058(para)
6736
msgid "Now, when the above system is booted, it will have:"
6737
msgstr ""
6738
6739
#: serverguide/C/virtualization.xml:2063(para)
6740
msgid "Added the Apache Edgers PPA."
6741
msgstr ""
6742
6743
#: serverguide/C/virtualization.xml:2064(para)
6744
msgid "Run an upgrade to get all updates available"
6745
msgstr ""
6746
6747
#: serverguide/C/virtualization.xml:2065(para)
6748
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6749
msgstr ""
6750
6751
#: serverguide/C/virtualization.xml:2066(para)
6752
msgid "Printed a similar message to the script above"
6753
msgstr ""
6754
6755
#: serverguide/C/virtualization.xml:2070(para)
6756
msgid ""
6757
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6758
"the latest version of Apache from upstream source repositories. Package "
6759
"versions in the PPA are unsupported, and depending on your situation, this "
6760
"may or may not be desirable. See the <ulink "
6761
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6762
"Edgers</ulink> web page for more details."
6763
msgstr ""
6764
6765
#: serverguide/C/virtualization.xml:2077(para)
6766
msgid ""
6767
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6768
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6769
"It is present to allow you to get the full power of a scripting language if "
6770
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6771
msgstr ""
6772
6773
#: serverguide/C/virtualization.xml:2082(para)
6774
msgid ""
6775
"For more information on what kinds of things can be done with "
6776
"<application>cloud-config</application>, see <ulink "
6777
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6778
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6779
msgstr ""
6780
6781
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6782
msgid "More Information"
6783
msgstr ""
6784
6785
#: serverguide/C/virtualization.xml:2093(para)
6786
msgid ""
6787
"How to use the <ulink "
6788
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6789
"Controller</ulink>"
6790
msgstr ""
6791
6792
#: serverguide/C/virtualization.xml:2097(para)
6793
msgid "Controlling eucalyptus services:"
6794
msgstr ""
6795
6796
#: serverguide/C/virtualization.xml:2102(para)
6797
msgid ""
6798
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6799
msgstr ""
6800
6801
#: serverguide/C/virtualization.xml:2103(para)
6802
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6803
msgstr ""
6804
6805
#: serverguide/C/virtualization.xml:2106(para)
6806
msgid "Locations of some important files:"
6807
msgstr ""
6808
6809
#: serverguide/C/virtualization.xml:2113(emphasis)
6810
msgid "Log files:"
6811
msgstr ""
6812
6813
#: serverguide/C/virtualization.xml:2116(para)
6814
msgid "/var/log/eucalyptus"
6815
msgstr ""
6816
6817
#: serverguide/C/virtualization.xml:2121(emphasis)
6818
msgid "Configuration files:"
6819
msgstr ""
6820
6821
#: serverguide/C/virtualization.xml:2124(para)
6822
msgid "/etc/eucalyptus"
6823
msgstr ""
6824
6825
#: serverguide/C/virtualization.xml:2129(emphasis)
6826
msgid "Database:"
6827
msgstr ""
6828
6829
#: serverguide/C/virtualization.xml:2132(para)
6830
msgid "/var/lib/eucalyptus/db"
6831
msgstr ""
6832
6833
#: serverguide/C/virtualization.xml:2137(emphasis)
6834
msgid "Keys:"
6835
msgstr ""
6836
6837
#: serverguide/C/virtualization.xml:2140(para)
6838
msgid "/var/lib/eucalyptus"
6839
msgstr ""
6840
6841
#: serverguide/C/virtualization.xml:2141(para)
6842
msgid "/var/lib/eucalyptus/.ssh"
6843
msgstr ""
6844
6845
#: serverguide/C/virtualization.xml:2147(para)
6846
msgid ""
6847
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6848
"running the client tools."
6849
msgstr ""
6850
6851
#: serverguide/C/virtualization.xml:2158(para)
6852
msgid ""
6853
"For information on loading instances see the <ulink "
6854
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6855
"page."
6856
msgstr ""
6857
6858
#: serverguide/C/virtualization.xml:2163(para)
6859
msgid ""
6860
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6861
"documentation, downloads)</ulink>."
6862
msgstr ""
6863
6864
#: serverguide/C/virtualization.xml:2168(para)
6865
msgid ""
6866
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6867
"(bugs, code)</ulink>."
6868
msgstr ""
6869
6870
#: serverguide/C/virtualization.xml:2173(para)
6871
msgid ""
6872
"<ulink "
6873
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6874
"ptus Troubleshooting (1.5)</ulink>."
6875
msgstr ""
6876
6877
#: serverguide/C/virtualization.xml:2178(para)
6878
msgid ""
6879
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6880
"Cloud_Infrastructures/Eucalyptus/03-"
6881
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6882
"RightScale</ulink>."
6883
msgstr ""
6884
6885
#: serverguide/C/virtualization.xml:2184(para)
6886
msgid ""
6887
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6888
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6889
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6890
msgstr ""
6891
6892
#: serverguide/C/virtualization.xml:2193(title)
6893
msgid "Glossary"
6894
msgstr ""
6895
6896
#: serverguide/C/virtualization.xml:2195(para)
6897
msgid ""
6898
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6899
"unfamiliar to some readers. This page is intended to provide a glossary of "
6900
"such terms and acronyms."
6901
msgstr ""
6902
6903
#: serverguide/C/virtualization.xml:2202(para)
6904
msgid ""
6905
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6906
"computing resources through virtual machines, provisioned and recollected "
6907
"dynamically."
6908
msgstr ""
6909
6910
#: serverguide/C/virtualization.xml:2208(para)
6911
msgid ""
6912
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6913
"provides the web UI (an https server on port 8443), and implements the "
6914
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6915
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6916
"cloud</application> package."
6917
msgstr ""
6918
6919
#: serverguide/C/virtualization.xml:2215(para)
6920
msgid ""
6921
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6922
"Cluster Controller. There can be more than one Cluster in an installation of "
6923
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6924
"floor2, floor2)."
6925
msgstr ""
6926
6927
#: serverguide/C/virtualization.xml:2221(para)
6928
msgid ""
6929
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6930
"manages collections of node resources. This service is provided by the "
6931
"Ubuntu <application>eucalyptus-cc</application> package."
6932
msgstr ""
6933
6934
#: serverguide/C/virtualization.xml:2227(para)
6935
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6936
msgstr ""
6937
6938
#: serverguide/C/virtualization.xml:2232(para)
6939
msgid ""
6940
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6941
"pay-by-the-gigabyte public cloud computing offering."
6942
msgstr ""
6943
6944
#: serverguide/C/virtualization.xml:2237(para)
6945
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6946
msgstr ""
6947
6948
#: serverguide/C/virtualization.xml:2242(para)
6949
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6950
msgstr ""
6951
6952
#: serverguide/C/virtualization.xml:2247(para)
6953
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6954
msgstr ""
6955
6956
#: serverguide/C/virtualization.xml:2252(para)
6957
msgid ""
6958
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6959
"Linking Your Programs To Useful Systems. An open source project originally "
6960
"from the University of California at Santa Barbara, now supported by "
6961
"Eucalyptus Systems, a Canonical Partner."
6962
msgstr ""
6963
6964
#: serverguide/C/virtualization.xml:2259(para)
6965
msgid ""
6966
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6967
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6968
"cluster controller)."
6969
msgstr ""
6970
6971
#: serverguide/C/virtualization.xml:2265(para)
6972
msgid ""
6973
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6974
"running virtual machines, running a node controller. Within Ubuntu, this "
6975
"generally means that the CPU has VT extensions, and can run the KVM "
6976
"hypervisor."
6977
msgstr ""
6978
6979
#: serverguide/C/virtualization.xml:2271(para)
6980
msgid ""
6981
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6982
"on nodes which host the virtual machines that comprise the cloud. This "
6983
"service is provided by the Ubuntu package <application>eucalyptus-"
6984
"nc</application>."
6985
msgstr ""
6986
6987
#: serverguide/C/virtualization.xml:2277(para)
6988
msgid ""
6989
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6990
"gigabyte persistent storage solution for EC2."
6991
msgstr ""
6992
6993
#: serverguide/C/virtualization.xml:2282(para)
6994
msgid ""
6995
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6996
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6997
"installation can have its own Storage Controller. This component is provided "
6998
"by the <application>eucalyptus-sc</application> package."
6999
msgstr ""
7000
7001
#: serverguide/C/virtualization.xml:2289(para)
7002
msgid ""
7003
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
7004
"solution, based on Eucalyptus."
7005
msgstr ""
7006
7007
#: serverguide/C/virtualization.xml:2294(para)
7008
msgid "<emphasis>VM</emphasis> - Virtual Machine."
7009
msgstr ""
7010
7011
#: serverguide/C/virtualization.xml:2299(para)
7012
msgid ""
7013
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
7014
"some modern CPUs, allowing for accelerated virtual machine hosting."
7015
msgstr ""
7016
7017
#: serverguide/C/virtualization.xml:2304(para)
7018
msgid ""
7019
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
7020
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
7021
"put/get abstractions."
7022
msgstr ""
7023
7024
#: serverguide/C/vcs.xml:13(title)
7025
msgid "Version Control System"
7026
msgstr ""
7027
7028
#: serverguide/C/vcs.xml:14(para)
7029
msgid ""
7030
"Version control is the art of managing changes to information. It has long "
7031
"been a critical tool for programmers, who typically spend their time making "
7032
"small changes to software and then undoing those changes the next day. But "
7033
"the usefulness of version control software extends far beyond the bounds of "
7034
"the software development world. Anywhere you can find people using computers "
7035
"to manage information that changes often, there is room for version control."
7036
msgstr ""
7037
7038
#: serverguide/C/vcs.xml:17(title)
7039
msgid "Bazaar"
7040
msgstr ""
7041
7042
#: serverguide/C/vcs.xml:18(para)
7043
msgid ""
7044
"Bazaar is a new version control system sponsored by Canonical, the "
7045
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
7046
"support a central repository model, Bazaar also supports "
7047
"<emphasis>distributed version control</emphasis>, giving people the ability "
7048
"to collaborate more efficiently. In particular, Bazaar is designed to "
7049
"maximize the level of community participation in open source projects."
7050
msgstr ""
7051
7052
#: serverguide/C/vcs.xml:29(para)
7053
msgid ""
7054
"At a terminal prompt, enter the following command to install "
7055
"<application>bzr</application>: <screen>\n"
7056
"<command>sudo apt-get install bzr</command>\n"
7057
"</screen>"
7058
msgstr ""
7059
7060
#: serverguide/C/vcs.xml:40(para)
7061
msgid ""
7062
"To introduce yourself to <application>bzr</application>, use the "
7063
"<emphasis>whoami</emphasis> command like this: <screen>\n"
7064
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7065
"</screen>"
7066
msgstr ""
7067
7068
#: serverguide/C/vcs.xml:49(title)
7069
msgid "Learning Bazaar"
7070
msgstr ""
7071
7072
#: serverguide/C/vcs.xml:50(para)
7073
msgid ""
7074
"Bazaar comes with bundled documentation installed into "
7075
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
7076
"is a good place to start. The <application>bzr</application> command also "
7077
"comes with built-in help: <screen>\n"
7078
"<command>$ bzr help</command>\n"
7079
"</screen>"
7080
msgstr ""
7081
7082
#: serverguide/C/vcs.xml:60(para)
7083
msgid ""
7084
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
7085
"<command>$ bzr help foo</command>\n"
7086
"</screen>"
7087
msgstr ""
7088
7089
#: serverguide/C/vcs.xml:68(title)
7090
msgid "Launchpad Integration"
7091
msgstr ""
7092
7093
#: serverguide/C/vcs.xml:69(para)
7094
msgid ""
7095
"While highly useful as a stand-alone system, Bazaar has good, optional "
7096
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
7097
"the collaborative development system used by Canonical and the broader open "
7098
"source community to manage and extend Ubuntu itself. For information on how "
7099
"Bazaar can be used with Launchpad to collaborate on open source projects, "
7100
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
7101
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
7102
msgstr ""
7103
7104
#: serverguide/C/vcs.xml:81(title)
7105
msgid "Subversion"
7106
msgstr ""
7107
7108
#: serverguide/C/vcs.xml:82(para)
7109
msgid ""
7110
"Subversion is an open source version control system. Using Subversion, you "
7111
"can record the history of source files and documents. It manages files and "
7112
"directories over time. A tree of files is placed into a central repository. "
7113
"The repository is much like an ordinary file server, except that it "
7114
"remembers every change ever made to files and directories."
7115
msgstr ""
7116
7117
#: serverguide/C/vcs.xml:87(para)
7118
msgid ""
7119
"To access Subversion repository using the HTTP protocol, you must install "
7120
"and configure a web server. Apache2 is proven to work with Subversion. "
7121
"Please refer to the HTTP subsection in the Apache2 section to install and "
7122
"configure Apache2. To access the Subversion repository using the HTTPS "
7123
"protocol, you must install and configure a digital certificate in your "
7124
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
7125
"section to install and configure the digital certificate."
7126
msgstr ""
7127
7128
#: serverguide/C/vcs.xml:96(para)
7129
msgid ""
7130
"To install Subversion, run the following command from a terminal prompt:"
7131
msgstr ""
7132
7133
#: serverguide/C/vcs.xml:101(command)
7134
msgid "sudo apt-get install subversion libapache2-svn"
7135
msgstr ""
7136
7137
#: serverguide/C/vcs.xml:108(para)
7138
msgid ""
7139
"This step assumes you have installed above mentioned packages on your "
7140
"system. This section explains how to create a Subversion repository and "
7141
"access the project."
7142
msgstr ""
7143
7144
#: serverguide/C/vcs.xml:111(title)
7145
msgid "Create Subversion Repository"
7146
msgstr ""
7147
7148
#: serverguide/C/vcs.xml:112(para)
7149
msgid ""
7150
"The Subversion repository can be created using the following command from a "
7151
"terminal prompt:"
7152
msgstr ""
7153
7154
#: serverguide/C/vcs.xml:116(command)
7155
msgid "svnadmin create /path/to/repos/project"
7156
msgstr ""
7157
7158
#: serverguide/C/vcs.xml:121(title)
7159
msgid "Importing Files"
7160
msgstr ""
7161
7162
#: serverguide/C/vcs.xml:122(para)
7163
msgid ""
7164
"Once you create the repository you can <emphasis>import</emphasis> files "
7165
"into the repository. To import a directory, enter the following from a "
7166
"terminal prompt: <screen>\n"
7167
"<command>svn import /path/to/import/directory "
7168
"file:///path/to/repos/project</command>\n"
7169
"</screen>"
7170
msgstr ""
7171
7172
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
7173
msgid "Access Methods"
7174
msgstr ""
7175
7176
#: serverguide/C/vcs.xml:135(para)
7177
msgid ""
7178
"Subversion repositories can be accessed (checked out) through many different "
7179
"methods --on local disk, or through various network protocols. A repository "
7180
"location, however, is always a URL. The table describes how different URL "
7181
"schemes map to the available access methods."
7182
msgstr ""
7183
7184
#: serverguide/C/vcs.xml:146(para)
7185
msgid "Schema"
7186
msgstr ""
7187
7188
#: serverguide/C/vcs.xml:147(para)
7189
msgid "Access Method"
7190
msgstr ""
7191
7192
#: serverguide/C/vcs.xml:152(para)
7193
msgid "file://"
7194
msgstr ""
7195
7196
#: serverguide/C/vcs.xml:153(para)
7197
msgid "direct repository access (on local disk)"
7198
msgstr ""
7199
7200
#: serverguide/C/vcs.xml:156(para)
7201
msgid "http://"
7202
msgstr ""
7203
7204
#: serverguide/C/vcs.xml:157(para)
7205
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
7206
msgstr ""
7207
7208
#: serverguide/C/vcs.xml:160(para)
7209
msgid "https://"
7210
msgstr ""
7211
7212
#: serverguide/C/vcs.xml:161(para)
7213
msgid "Same as http://, but with SSL encryption"
7214
msgstr ""
7215
7216
#: serverguide/C/vcs.xml:164(para)
7217
msgid "svn://"
7218
msgstr ""
7219
7220
#: serverguide/C/vcs.xml:165(para)
7221
msgid "Access via custom protocol to an svnserve server"
7222
msgstr ""
7223
7224
#: serverguide/C/vcs.xml:168(para)
7225
msgid "svn+ssh://"
7226
msgstr ""
7227
7228
#: serverguide/C/vcs.xml:169(para)
7229
msgid "Same as svn://, but through an SSH tunnel"
7230
msgstr ""
7231
7232
#: serverguide/C/vcs.xml:175(para)
7233
msgid ""
7234
"In this section, we will see how to configure Subversion for all these "
7235
"access methods. Here, we cover the basics. For more advanced usage details, "
7236
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
7237
msgstr ""
7238
7239
#: serverguide/C/vcs.xml:182(title)
7240
msgid "Direct repository access (file://)"
7241
msgstr ""
7242
7243
#: serverguide/C/vcs.xml:183(para)
7244
msgid ""
7245
"This is the simplest of all access methods. It does not require any "
7246
"Subversion server process to be running. This access method is used to "
7247
"access Subversion from the same machine. The syntax of the command, entered "
7248
"at a terminal prompt, is as follows:"
7249
msgstr ""
7250
7251
#: serverguide/C/vcs.xml:190(command)
7252
msgid "svn co file:///path/to/repos/project"
7253
msgstr ""
7254
7255
#: serverguide/C/vcs.xml:193(para)
7256
msgid "or"
7257
msgstr ""
7258
7259
#: serverguide/C/vcs.xml:196(command)
7260
msgid "svn co file://localhost/path/to/repos/project"
7261
msgstr ""
7262
7263
#: serverguide/C/vcs.xml:200(para)
7264
msgid ""
7265
"If you do not specify the hostname, there are three forward slashes (///) -- "
7266
"two for the protocol (file, in this case) plus the leading slash in the "
7267
"path. If you specify the hostname, you must use two forward slashes (//)."
7268
msgstr ""
7269
7270
#: serverguide/C/vcs.xml:202(para)
7271
msgid ""
7272
"The repository permissions depend on filesystem permissions. If the user has "
7273
"read/write permission, he can checkout from and commit to the repository."
7274
msgstr ""
7275
7276
#: serverguide/C/vcs.xml:205(title)
7277
msgid "Access via WebDAV protocol (http://)"
7278
msgstr ""
7279
7280
#: serverguide/C/vcs.xml:206(para)
7281
msgid ""
7282
"To access the Subversion repository via WebDAV protocol, you must configure "
7283
"your Apache 2 web server. Add the following snippet between the "
7284
"<emphasis><VirtualHost></emphasis> and "
7285
"<emphasis></VirtualHost></emphasis> elements in "
7286
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7287
"VirtualHost file:"
7288
msgstr ""
7289
7290
#: serverguide/C/vcs.xml:212(programlisting)
7291
#, no-wrap
7292
msgid ""
7293
"\n"
7294
" <Location /svn>\n"
7295
" DAV svn\n"
7296
" SVNPath /home/svn\n"
7297
" AuthType Basic\n"
7298
" AuthName \"Your repository name\"\n"
7299
" AuthUserFile /etc/subversion/passwd\n"
7300
" Require valid-user\n"
7301
" </Location> \n"
7302
msgstr ""
7303
7304
#: serverguide/C/vcs.xml:223(para)
7305
msgid ""
7306
"The above configuration snippet assumes that Subversion repositories are "
7307
"created under <filename>/home/svn/</filename> directory using "
7308
"<command>svnadmin</command> command. They can be accessible using "
7309
"<command>http://hostname/svn/repos_name</command> url."
7310
msgstr ""
7311
7312
#: serverguide/C/vcs.xml:229(para)
7313
msgid ""
7314
"To import or commit files to your Subversion repository over HTTP, the "
7315
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7316
"HTTP user is <command>www-data</command>. To change the ownership of the "
7317
"repository files enter the following command from terminal prompt:"
7318
msgstr ""
7319
7320
#: serverguide/C/vcs.xml:238(command)
7321
msgid "sudo chown -R www-data:www-data /path/to/repos"
7322
msgstr ""
7323
7324
#: serverguide/C/vcs.xml:241(para)
7325
msgid ""
7326
"By changing the ownership of repository as <command>www-data</command> you "
7327
"will not be able to import or commit files into the repository by running "
7328
"<command>svn import file:///</command> command as any user other than "
7329
"<command>www-data</command>."
7330
msgstr ""
7331
7332
#: serverguide/C/vcs.xml:250(para)
7333
msgid ""
7334
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7335
"that will contain user authentication details. To create a file issue the "
7336
"following command at a command prompt (which will create the file and add "
7337
"the first user):"
7338
msgstr ""
7339
7340
#: serverguide/C/vcs.xml:256(command)
7341
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7342
msgstr ""
7343
7344
#: serverguide/C/vcs.xml:259(para)
7345
msgid ""
7346
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7347
"option replaces the old file. Instead use this form:"
7348
msgstr ""
7349
7350
#: serverguide/C/vcs.xml:264(command)
7351
msgid "sudo htpasswd /etc/subversion/password user_name"
7352
msgstr ""
7353
7354
#: serverguide/C/vcs.xml:268(para)
7355
msgid ""
7356
"This command will prompt you to enter the password. Once you enter the "
7357
"password, the user is added. Now, to access the repository you can run the "
7358
"following command:"
7359
msgstr ""
7360
7361
#: serverguide/C/vcs.xml:269(command)
7362
msgid "svn co http://servername/svn"
7363
msgstr ""
7364
7365
#: serverguide/C/vcs.xml:271(para)
7366
msgid ""
7367
"The password is transmitted as plain text. If you are worried about password "
7368
"snooping, you are advised to use SSL encryption. For details, please refer "
7369
"next section."
7370
msgstr ""
7371
7372
#: serverguide/C/vcs.xml:277(title)
7373
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7374
msgstr ""
7375
7376
#: serverguide/C/vcs.xml:278(para)
7377
msgid ""
7378
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7379
"(https://) is similar to http:// except that you must install and configure "
7380
"the digital certificate in your Apache2 web server. To use SSL with "
7381
"Subversion add the above Apache2 configuration to "
7382
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7383
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7384
"configuration\"/>."
7385
msgstr ""
7386
7387
#: serverguide/C/vcs.xml:287(para)
7388
msgid ""
7389
"You can install a digital certificate issued by a signing authority. "
7390
"Alternatively, you can install your own self-signed certificate."
7391
msgstr ""
7392
7393
#: serverguide/C/vcs.xml:292(para)
7394
msgid ""
7395
"This step assumes you have installed and configured a digital certificate in "
7396
"your Apache 2 web server. Now, to access the Subversion repository, please "
7397
"refer to the above section! The access methods are exactly the same, except "
7398
"the protocol. You must use https:// to access the Subversion repository."
7399
msgstr ""
7400
7401
#: serverguide/C/vcs.xml:302(title)
7402
msgid "Access via custom protocol (svn://)"
7403
msgstr ""
7404
7405
#: serverguide/C/vcs.xml:303(para)
7406
msgid ""
7407
"Once the Subversion repository is created, you can configure the access "
7408
"control. You can edit the <filename> "
7409
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7410
"access control. For example, to set up authentication, you can uncomment the "
7411
"following lines in the configuration file:"
7412
msgstr ""
7413
7414
#: serverguide/C/vcs.xml:310(programlisting)
7415
#, no-wrap
7416
msgid ""
7417
"# [general]\n"
7418
"# password-db = passwd"
7419
msgstr ""
7420
7421
#: serverguide/C/vcs.xml:313(para)
7422
msgid ""
7423
"After uncommenting the above lines, you can maintain the user list in the "
7424
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7425
"directory and add the new user. The syntax is as follows:"
7426
msgstr ""
7427
7428
#: serverguide/C/vcs.xml:319(programlisting)
7429
#, no-wrap
7430
msgid "username = password"
7431
msgstr ""
7432
7433
#: serverguide/C/vcs.xml:320(para)
7434
msgid "For more details, please refer to the file."
7435
msgstr ""
7436
7437
#: serverguide/C/vcs.xml:324(para)
7438
msgid ""
7439
"Now, to access Subversion via the svn:// custom protocol, either from the "
7440
"same machine or a different machine, you can run svnserver using svnserve "
7441
"command. The syntax is as follows:"
7442
msgstr ""
7443
7444
#: serverguide/C/vcs.xml:329(programlisting)
7445
#, no-wrap
7446
msgid ""
7447
"$ svnserve -d --foreground -r /path/to/repos\n"
7448
"# -d -- daemon mode\n"
7449
"# --foreground -- run in foreground (useful for debugging)\n"
7450
"# -r -- root of directory to serve\n"
7451
"\n"
7452
"For more usage details, please refer to:\n"
7453
"$ svnserve --help"
7454
msgstr ""
7455
7456
#: serverguide/C/vcs.xml:337(para)
7457
msgid ""
7458
"Once you run this command, Subversion starts listening on default port "
7459
"(3690). To access the project repository, you must run the following command "
7460
"from a terminal prompt:"
7461
msgstr ""
7462
7463
#: serverguide/C/vcs.xml:340(command)
7464
msgid "svn co svn://hostname/project project --username user_name"
7465
msgstr ""
7466
7467
#: serverguide/C/vcs.xml:343(para)
7468
msgid ""
7469
"Based on server configuration, it prompts for password. Once you are "
7470
"authenticated, it checks out the code from Subversion repository. To "
7471
"synchronize the project repository with the local copy, you can run the "
7472
"<command>update</command> sub-command. The syntax of the command, entered at "
7473
"a terminal prompt, is as follows:"
7474
msgstr ""
7475
7476
#: serverguide/C/vcs.xml:351(command)
7477
msgid "cd project_dir ; svn update"
7478
msgstr ""
7479
7480
#: serverguide/C/vcs.xml:354(para)
7481
msgid ""
7482
"For more details about using each Subversion sub-command, you can refer to "
7483
"the manual. For example, to learn more about the co (checkout) command, "
7484
"please run the following command from a terminal prompt:"
7485
msgstr ""
7486
7487
#: serverguide/C/vcs.xml:358(command)
7488
msgid "svn co help"
7489
msgstr ""
7490
7491
#: serverguide/C/vcs.xml:362(title)
7492
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7493
msgstr ""
7494
7495
#: serverguide/C/vcs.xml:363(para)
7496
msgid ""
7497
"The configuration and server process is same as in the svn:// method. For "
7498
"details, please refer to the above section. This step assumes you have "
7499
"followed the above step and started the Subversion server using "
7500
"<application>svnserve</application> command."
7501
msgstr ""
7502
7503
#: serverguide/C/vcs.xml:369(para)
7504
msgid ""
7505
"It is also assumed that the ssh server is running on that machine and that "
7506
"it is allowing incoming connections. To confirm, please try to login to that "
7507
"machine using ssh. If you can login, everything is perfect. If you cannot "
7508
"login, please address it before continuing further."
7509
msgstr ""
7510
7511
#: serverguide/C/vcs.xml:375(para)
7512
msgid ""
7513
"The svn+ssh:// protocol is used to access the Subversion repository using "
7514
"SSL encryption. The data transfer is encrypted using this method. To access "
7515
"the project repository (for example with a checkout), you must use the "
7516
"following command syntax:"
7517
msgstr ""
7518
7519
#: serverguide/C/vcs.xml:382(command)
7520
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7521
msgstr ""
7522
7523
#: serverguide/C/vcs.xml:386(para)
7524
msgid ""
7525
"You must use the full path (/path/to/repos/project) to access the Subversion "
7526
"repository using this access method."
7527
msgstr ""
7528
7529
#: serverguide/C/vcs.xml:389(para)
7530
msgid ""
7531
"Based on server configuration, it prompts for password. You must enter the "
7532
"password you use to login via ssh. Once you are authenticated, it checks out "
7533
"the code from the Subversion repository."
7534
msgstr ""
7535
7536
#: serverguide/C/vcs.xml:399(title)
7537
msgid "CVS Server"
7538
msgstr ""
7539
7540
#: serverguide/C/vcs.xml:400(para)
7541
msgid ""
7542
"CVS is a version control system. You can use it to record the history of "
7543
"source files."
7544
msgstr ""
7545
7546
#: serverguide/C/vcs.xml:406(para)
7547
msgid ""
7548
"To install <application>CVS</application>, run the following command from a "
7549
"terminal prompt: <screen>\n"
7550
"<command>sudo apt-get install cvs</command>\n"
7551
"</screen> After you install <application>cvs</application>, you should "
7552
"install <application>xinetd</application> to start/stop the cvs server. At "
7553
"the prompt, enter the following command to install "
7554
"<application>xinetd</application>: <screen>\n"
7555
"<command>sudo apt-get install xinetd</command>\n"
7556
"</screen>"
7557
msgstr ""
7558
7559
#: serverguide/C/vcs.xml:439(programlisting)
7560
#, no-wrap
7561
msgid ""
7562
"\n"
7563
"service cvspserver\n"
7564
"{\n"
7565
" port = 2401\n"
7566
" socket_type = stream\n"
7567
" protocol = tcp\n"
7568
" user = root\n"
7569
" wait = no\n"
7570
" type = UNLISTED\n"
7571
" server = /usr/bin/cvs\n"
7572
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7573
" disable = no\n"
7574
"}\n"
7575
msgstr ""
7576
7577
#: serverguide/C/vcs.xml:455(para)
7578
msgid ""
7579
"Be sure to edit the repository if you have changed the default repository "
7580
"(<application>/var/lib/cvs</application>) directory."
7581
msgstr ""
7582
7583
#: serverguide/C/vcs.xml:424(para)
7584
msgid ""
7585
"Once you install cvs, the repository will be automatically initialized. By "
7586
"default, the repository resides under the "
7587
"<application>/var/lib/cvs</application> directory. You can change this path "
7588
"by running following command: <screen>\n"
7589
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7590
"</screen> Once the initial repository is set up, you can configure "
7591
"<application>xinetd</application> to start the CVS server. You can copy the "
7592
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7593
"<placeholder-1/><placeholder-2/> Once you have configured "
7594
"<application>xinetd</application> you can start the cvs server by running "
7595
"following command: <screen>\n"
7596
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7597
"</screen>"
7598
msgstr ""
7599
7600
#: serverguide/C/vcs.xml:468(para)
7601
msgid ""
7602
"You can confirm that the CVS server is running by issuing the following "
7603
"command:"
7604
msgstr ""
7605
7606
#: serverguide/C/vcs.xml:475(command)
7607
msgid "sudo netstat -tap | grep cvs"
7608
msgstr ""
7609
7610
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7611
msgid ""
7612
"When you run this command, you should see the following line or something "
7613
"similar:"
7614
msgstr ""
7615
7616
#: serverguide/C/vcs.xml:484(programlisting)
7617
#, no-wrap
7618
msgid ""
7619
"\n"
7620
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7621
msgstr ""
7622
7623
#: serverguide/C/vcs.xml:488(para)
7624
msgid ""
7625
"From here you can continue to add users, add new projects, and manage the "
7626
"CVS server."
7627
msgstr ""
7628
7629
#: serverguide/C/vcs.xml:493(para)
7630
msgid ""
7631
"CVS allows the user to add users independently of the underlying OS "
7632
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7633
"although it has potential security issues. Please refer to the CVS manual "
7634
"for details."
7635
msgstr ""
7636
7637
#: serverguide/C/vcs.xml:503(title)
7638
msgid "Add Projects"
7639
msgstr ""
7640
7641
#: serverguide/C/vcs.xml:515(para)
7642
msgid ""
7643
"You can use the CVSROOT environment variable to store the CVS root "
7644
"directory. Once you export the CVSROOT environment variable, you can avoid "
7645
"using -d option in the above cvs command."
7646
msgstr ""
7647
7648
#: serverguide/C/vcs.xml:527(para)
7649
msgid ""
7650
"When you add a new project, the CVS user you use must have write access to "
7651
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7652
"the <application>src</application> group has write access to the CVS "
7653
"repository. So, you can add the user to this group, and he can then add and "
7654
"manage projects in the CVS repository."
7655
msgstr ""
7656
7657
#: serverguide/C/vcs.xml:504(para)
7658
msgid ""
7659
"This section explains how to add new project to the CVS repository. Create "
7660
"the directory and add necessary document and source files to the directory. "
7661
"Now, run the following command to add this project to CVS repository: "
7662
"<screen>\n"
7663
"<command>cd your/project</command>\n"
7664
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7665
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7666
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7667
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7668
"purpose in this context, but since CVS requires them, they must be present. "
7669
"<placeholder-2/>"
7670
msgstr ""
7671
7672
#: serverguide/C/vcs.xml:540(ulink)
7673
msgid "Bazaar Home Page"
7674
msgstr ""
7675
7676
#: serverguide/C/vcs.xml:541(ulink)
7677
msgid "Launchpad"
7678
msgstr ""
7679
7680
#: serverguide/C/vcs.xml:542(ulink)
7681
msgid "Subversion Home Page"
7682
msgstr ""
7683
7684
#: serverguide/C/vcs.xml:543(ulink)
7685
msgid "Subversion Book"
7686
msgstr ""
7687
7688
#: serverguide/C/vcs.xml:545(ulink)
7689
msgid "CVS Manual"
7690
msgstr ""
7691
7692
#: serverguide/C/vcs.xml:546(ulink)
7693
msgid "Easy Bazaar Ubuntu Wiki page"
7694
msgstr ""
7695
7696
#: serverguide/C/vcs.xml:547(ulink)
7697
msgid "Ubuntu Wiki Subversion page"
7698
msgstr ""
7699
7700
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7701
msgid "Credits and License"
7702
msgstr ""
7703
7704
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7705
msgid ""
7706
"This document is maintained by the Ubuntu documentation team "
7707
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7708
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7709
msgstr ""
7710
7711
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7712
msgid ""
7713
"This document is made available under the Creative Commons ShareAlike 2.5 "
7714
"License (CC-BY-SA)."
7715
msgstr ""
7716
7717
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7718
msgid ""
7719
"You are free to modify, extend, and improve the Ubuntu documentation source "
7720
"code under the terms of this license. All derivative works must be released "
7721
"under this license."
7722
msgstr ""
7723
7724
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7725
msgid ""
7726
"This documentation is distributed in the hope that it will be useful, but "
7727
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7728
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7729
msgstr ""
7730
7731
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7732
msgid ""
7733
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7734
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7735
msgstr ""
7736
7737
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7738
msgid "2010"
7739
msgstr ""
7740
7741
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7742
msgid "Ubuntu Documentation Project"
7743
msgstr ""
7744
7745
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7746
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7747
msgstr ""
7748
7749
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7750
msgid "The Ubuntu Documentation Project"
7751
msgstr ""
7752
7753
#: serverguide/C/serverguide.xml:17(para)
7754
msgid ""
7755
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7756
"information on how to install and configure various server applications on "
7757
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7758
"guide for configuring and customizing your system."
7759
msgstr ""
7760
7761
#: serverguide/C/security.xml:13(title)
7762
msgid "Security"
7763
msgstr ""
7764
7765
#: serverguide/C/security.xml:14(para)
7766
msgid ""
7767
"Security should always be considered when installing, deploying, and using "
7768
"any type of computer system. Although a fresh installation of Ubuntu is "
7769
"relatively safe for immediate use on the Internet, it is important to have a "
7770
"balanced understanding of your systems security posture based on how it will "
7771
"be used after deployment."
7772
msgstr ""
7773
7774
#: serverguide/C/security.xml:17(para)
7775
msgid ""
7776
"This chapter provides an overview of security related topics as they pertain "
7777
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7778
"protect your server and network from any number of potential security "
7779
"threats."
7780
msgstr ""
7781
7782
#: serverguide/C/security.xml:21(title)
7783
msgid "User Management"
7784
msgstr ""
7785
7786
#: serverguide/C/security.xml:22(para)
7787
msgid ""
7788
"User management is a critical part of maintaining a secure system. "
7789
"Ineffective user and privilege management often lead many systems into being "
7790
"compromised. Therefore, it is important that you understand how you can "
7791
"protect your server through simple and effective user account management "
7792
"techniques."
7793
msgstr ""
7794
7795
#: serverguide/C/security.xml:26(title)
7796
msgid "Where is root?"
7797
msgstr ""
7798
7799
#: serverguide/C/security.xml:27(para)
7800
msgid ""
7801
"Ubuntu developers made a conscientious decision to disable the "
7802
"administrative root account by default in all Ubuntu installations. This "
7803
"does not mean that the root account has been deleted or that it may not be "
7804
"accessed. It merely has been given a password which matches no possible "
7805
"encrypted value, therefore may not log in directly by itself."
7806
msgstr ""
7807
7808
#: serverguide/C/security.xml:30(para)
7809
msgid ""
7810
"Instead, users are encouraged to make use of a tool by the name of "
7811
"<application>sudo</application> to carry out system administrative duties. "
7812
"<application>Sudo</application> allows an authorized user to temporarily "
7813
"elevate their privileges using their own password instead of having to know "
7814
"the password belonging to the root account. This simple yet effective "
7815
"methodology provides accountability for all user actions, and gives the "
7816
"administrator granular control over which actions a user can perform with "
7817
"said privileges."
7818
msgstr ""
7819
7820
#: serverguide/C/security.xml:35(para)
7821
msgid ""
7822
"If for some reason you wish to enable the root account, simply give it a "
7823
"password:"
7824
msgstr ""
7825
7826
#: serverguide/C/security.xml:39(command)
7827
msgid "sudo passwd"
7828
msgstr ""
7829
7830
#: serverguide/C/security.xml:41(para)
7831
msgid ""
7832
"Sudo will prompt you for your password, and then ask you to supply a new "
7833
"password for root as shown below:"
7834
msgstr ""
7835
7836
#: serverguide/C/security.xml:44(userinput)
7837
#, no-wrap
7838
msgid "(enter your own password)"
7839
msgstr ""
7840
7841
#: serverguide/C/security.xml:45(userinput)
7842
#, no-wrap
7843
msgid "(enter a new password for root)"
7844
msgstr ""
7845
7846
#: serverguide/C/security.xml:46(userinput)
7847
#, no-wrap
7848
msgid "(repeat new password for root)"
7849
msgstr ""
7850
7851
#: serverguide/C/security.xml:44(computeroutput)
7852
#, no-wrap
7853
msgid ""
7854
"[sudo] password for username: <placeholder-1/>\n"
7855
"Enter new UNIX password: <placeholder-2/>\n"
7856
"Retype new UNIX password: <placeholder-3/>\n"
7857
"passwd: password updated successfully"
7858
msgstr ""
7859
7860
#: serverguide/C/security.xml:51(para)
7861
msgid "To disable the root account, use the following passwd syntax:"
7862
msgstr ""
7863
7864
#: serverguide/C/security.xml:55(command)
7865
msgid "sudo passwd -l root"
7866
msgstr ""
7867
7868
#: serverguide/C/security.xml:59(para)
7869
msgid ""
7870
"You should read more on <application>Sudo</application> by checking out it's "
7871
"man page:"
7872
msgstr ""
7873
7874
#: serverguide/C/security.xml:63(command)
7875
msgid "man sudo"
7876
msgstr ""
7877
7878
#: serverguide/C/security.xml:67(para)
7879
msgid ""
7880
"By default, the initial user created by the Ubuntu installer is a member of "
7881
"the group \"admin\" which is added to the file "
7882
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7883
"give any other account full root access through "
7884
"<application>sudo</application>, simply add them to the admin group."
7885
msgstr ""
7886
7887
#: serverguide/C/security.xml:73(title)
7888
msgid "Adding and Deleting Users"
7889
msgstr ""
7890
7891
#: serverguide/C/security.xml:74(para)
7892
msgid ""
7893
"The process for managing local users and groups is straight forward and "
7894
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7895
"other Debian based distributions, encourage the use of the \"adduser\" "
7896
"package for account management."
7897
msgstr ""
7898
7899
#: serverguide/C/security.xml:79(para)
7900
msgid ""
7901
"To add a user account, use the following syntax, and follow the prompts to "
7902
"give the account a password and identifiable characteristics such as a full "
7903
"name, phone number, etc."
7904
msgstr ""
7905
7906
#: serverguide/C/security.xml:83(command)
7907
msgid "sudo adduser username"
7908
msgstr ""
7909
7910
#: serverguide/C/security.xml:87(para)
7911
msgid ""
7912
"To delete a user account and its primary group, use the following syntax:"
7913
msgstr ""
7914
7915
#: serverguide/C/security.xml:91(command)
7916
msgid "sudo deluser username"
7917
msgstr ""
7918
7919
#: serverguide/C/security.xml:93(para)
7920
msgid ""
7921
"Deleting an account does not remove their respective home folder. It is up "
7922
"to you whether or not you wish to delete the folder manually or keep it "
7923
"according to your desired retention policies."
7924
msgstr ""
7925
7926
#: serverguide/C/security.xml:96(para)
7927
msgid ""
7928
"Remember, any user added later on with the same UID/GID as the previous "
7929
"owner will now have access to this folder if you have not taken the "
7930
"necessary precautions."
7931
msgstr ""
7932
7933
#: serverguide/C/security.xml:99(para)
7934
msgid ""
7935
"You may want to change these UID/GID values to something more appropriate, "
7936
"such as the root account, and perhaps even relocate the folder to avoid "
7937
"future conflicts:"
7938
msgstr ""
7939
7940
#: serverguide/C/security.xml:103(command)
7941
msgid "sudo chown -R root:root /home/username/"
7942
msgstr ""
7943
7944
#: serverguide/C/security.xml:104(command)
7945
msgid "sudo mkdir /home/archived_users/"
7946
msgstr ""
7947
7948
#: serverguide/C/security.xml:105(command)
7949
msgid "sudo mv /home/username /home/archived_users/"
7950
msgstr ""
7951
7952
#: serverguide/C/security.xml:109(para)
7953
msgid ""
7954
"To temporarily lock or unlock a user account, use the following syntax, "
7955
"respectively:"
7956
msgstr ""
7957
7958
#: serverguide/C/security.xml:113(command)
7959
msgid "sudo passwd -l username"
7960
msgstr ""
7961
7962
#: serverguide/C/security.xml:114(command)
7963
msgid "sudo passwd -u username"
7964
msgstr ""
7965
7966
#: serverguide/C/security.xml:118(para)
7967
msgid ""
7968
"To add or delete a personalized group, use the following syntax, "
7969
"respectively:"
7970
msgstr ""
7971
7972
#: serverguide/C/security.xml:122(command)
7973
msgid "sudo addgroup groupname"
7974
msgstr ""
7975
7976
#: serverguide/C/security.xml:123(command)
7977
msgid "sudo delgroup groupname"
7978
msgstr ""
7979
7980
#: serverguide/C/security.xml:127(para)
7981
msgid "To add a user to a group, use the following syntax:"
7982
msgstr ""
7983
7984
#: serverguide/C/security.xml:131(command)
7985
msgid "sudo adduser username groupname"
7986
msgstr ""
7987
7988
#: serverguide/C/security.xml:138(title)
7989
msgid "User Profile Security"
7990
msgstr ""
7991
7992
#: serverguide/C/security.xml:139(para)
7993
msgid ""
7994
"When a new user is created, the adduser utility creates a brand new home "
7995
"directory named <filename class=\"directory\">/home/username</filename>, "
7996
"respectively. The default profile is modeled after the contents found in the "
7997
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7998
"includes all profile basics."
7999
msgstr ""
8000
8001
#: serverguide/C/security.xml:142(para)
8002
msgid ""
8003
"If your server will be home to multiple users, you should pay close "
8004
"attention to the user home directory permissions to ensure confidentiality. "
8005
"By default, user home directories in Ubuntu are created with world "
8006
"read/execute permissions. This means that all users can browse and access "
8007
"the contents of other users home directories. This may not be suitable for "
8008
"your environment."
8009
msgstr ""
8010
8011
#: serverguide/C/security.xml:147(para)
8012
msgid ""
8013
"To verify your current users home directory permissions, use the following "
8014
"syntax:"
8015
msgstr ""
8016
8017
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
8018
msgid "ls -ld /home/username"
8019
msgstr ""
8020
8021
#: serverguide/C/security.xml:153(para)
8022
msgid ""
8023
"The following output shows that the directory <filename "
8024
"class=\"directory\">/home/username</filename> has world readable permissions:"
8025
msgstr ""
8026
8027
#: serverguide/C/security.xml:156(computeroutput)
8028
#, no-wrap
8029
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8030
msgstr ""
8031
8032
#: serverguide/C/security.xml:160(para)
8033
msgid ""
8034
"You can remove the world readable permissions using the following syntax:"
8035
msgstr ""
8036
8037
#: serverguide/C/security.xml:164(command)
8038
msgid "sudo chmod 0750 /home/username"
8039
msgstr ""
8040
8041
#: serverguide/C/security.xml:167(para)
8042
msgid ""
8043
"Some people tend to use the recursive option (-R) indiscriminately which "
8044
"modifies all child folders and files, but this is not necessary, and may "
8045
"yield other undesirable results. The parent directory alone is sufficient "
8046
"for preventing unauthorized access to anything below the parent."
8047
msgstr ""
8048
8049
#: serverguide/C/security.xml:171(para)
8050
msgid ""
8051
"A much more efficient approach to the matter would be to modify the "
8052
"<application>adduser</application> global default permissions when creating "
8053
"user home folders. Simply edit the file "
8054
"<filename>/etc/adduser.conf</filename> and modify the "
8055
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
8056
"new home directories will receive the correct permissions."
8057
msgstr ""
8058
8059
#: serverguide/C/security.xml:174(programlisting)
8060
#, no-wrap
8061
msgid ""
8062
"\n"
8063
"DIR_MODE=0750\n"
8064
msgstr ""
8065
8066
#: serverguide/C/security.xml:179(para)
8067
msgid ""
8068
"After correcting the directory permissions using any of the previously "
8069
"mentioned techniques, verify the results using the following syntax:"
8070
msgstr ""
8071
8072
#: serverguide/C/security.xml:185(para)
8073
msgid ""
8074
"The results below show that world readable permissions have been removed:"
8075
msgstr ""
8076
8077
#: serverguide/C/security.xml:188(computeroutput)
8078
#, no-wrap
8079
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8080
msgstr ""
8081
8082
#: serverguide/C/security.xml:195(title)
8083
msgid "Password Policy"
8084
msgstr ""
8085
8086
#: serverguide/C/security.xml:196(para)
8087
msgid ""
8088
"A strong password policy is one of the most important aspects of your "
8089
"security posture. Many successful security breaches involve simple brute "
8090
"force and dictionary attacks against weak passwords. If you intend to offer "
8091
"any form of remote access involving your local password system, make sure "
8092
"you adequately address minimum password complexity requirements, maximum "
8093
"password lifetimes, and frequent audits of your authentication systems."
8094
msgstr ""
8095
8096
#: serverguide/C/security.xml:200(title)
8097
msgid "Minimum Password Length"
8098
msgstr ""
8099
8100
#: serverguide/C/security.xml:201(para)
8101
msgid ""
8102
"By default, Ubuntu requires a minimum password length of 6 characters, as "
8103
"well as some basic entropy checks. These values are controlled in the file "
8104
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
8105
msgstr ""
8106
8107
#: serverguide/C/security.xml:204(programlisting)
8108
#, no-wrap
8109
msgid ""
8110
"\n"
8111
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
8112
msgstr ""
8113
8114
#: serverguide/C/security.xml:207(para)
8115
msgid ""
8116
"If you would like to adjust the minimum length to 8 characters, change the "
8117
"appropriate variable to min=8. The modification is outlined below."
8118
msgstr ""
8119
8120
#: serverguide/C/security.xml:210(programlisting)
8121
#, no-wrap
8122
msgid ""
8123
"\n"
8124
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
8125
"min=8\n"
8126
msgstr ""
8127
8128
#: serverguide/C/security.xml:215(title)
8129
msgid "Password Expiration"
8130
msgstr ""
8131
8132
#: serverguide/C/security.xml:216(para)
8133
msgid ""
8134
"When creating user accounts, you should make it a policy to have a minimum "
8135
"and maximum password age forcing users to change their passwords when they "
8136
"expire."
8137
msgstr ""
8138
8139
#: serverguide/C/security.xml:221(para)
8140
msgid ""
8141
"To easily view the current status of a user account, use the following "
8142
"syntax:"
8143
msgstr ""
8144
8145
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
8146
msgid "sudo chage -l username"
8147
msgstr ""
8148
8149
#: serverguide/C/security.xml:227(para)
8150
msgid ""
8151
"The output below shows interesting facts about the user account, namely that "
8152
"there are no policies applied:"
8153
msgstr ""
8154
8155
#: serverguide/C/security.xml:230(computeroutput)
8156
#, no-wrap
8157
msgid ""
8158
"Last password change : Jan 20, 2008\n"
8159
"Password expires : never\n"
8160
"Password inactive : never\n"
8161
"Account expires : never\n"
8162
"Minimum number of days between password change : 0\n"
8163
"Maximum number of days between password change : 99999\n"
8164
"Number of days of warning before password expires : 7"
8165
msgstr ""
8166
8167
#: serverguide/C/security.xml:240(para)
8168
msgid ""
8169
"To set any of these values, simply use the following syntax, and follow the "
8170
"interactive prompts:"
8171
msgstr ""
8172
8173
#: serverguide/C/security.xml:244(command)
8174
msgid "sudo chage username"
8175
msgstr ""
8176
8177
#: serverguide/C/security.xml:246(para)
8178
msgid ""
8179
"The following is also an example of how you can manually change the explicit "
8180
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
8181
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
8182
"password expiration, and a warning time period (-W) of 14 days before "
8183
"password expiration."
8184
msgstr ""
8185
8186
#: serverguide/C/security.xml:250(command)
8187
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
8188
msgstr ""
8189
8190
#: serverguide/C/security.xml:254(para)
8191
msgid "To verify changes, use the same syntax as mentioned previously:"
8192
msgstr ""
8193
8194
#: serverguide/C/security.xml:260(para)
8195
msgid ""
8196
"The output below shows the new policies that have been established for the "
8197
"account:"
8198
msgstr ""
8199
8200
#: serverguide/C/security.xml:263(computeroutput)
8201
#, no-wrap
8202
msgid ""
8203
"Last password change : Jan 20, 2008\n"
8204
"Password expires : Apr 19, 2008\n"
8205
"Password inactive : May 19, 2008\n"
8206
"Account expires : Jan 31, 2008\n"
8207
"Minimum number of days between password change : 5\n"
8208
"Maximum number of days between password change : 90\n"
8209
"Number of days of warning before password expires : 14"
8210
msgstr ""
8211
8212
#: serverguide/C/security.xml:279(title)
8213
msgid "Other Security Considerations"
8214
msgstr ""
8215
8216
#: serverguide/C/security.xml:280(para)
8217
msgid ""
8218
"Many applications use alternate authentication mechanisms that can be easily "
8219
"overlooked by even experienced system administrators. Therefore, it is "
8220
"important to understand and control how users authenticate and gain access "
8221
"to services and applications on your server."
8222
msgstr ""
8223
8224
#: serverguide/C/security.xml:285(title)
8225
msgid "SSH Access by Disabled Users"
8226
msgstr ""
8227
8228
#: serverguide/C/security.xml:286(para)
8229
msgid ""
8230
"Simply disabling/locking a user account will not prevent a user from logging "
8231
"into your server remotely if they have previously set up RSA public key "
8232
"authentication. They will still be able to gain shell access to the server, "
8233
"without the need for any password. Remember to check the users home "
8234
"directory for files that will allow for this type of authenticated SSH "
8235
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
8236
msgstr ""
8237
8238
#: serverguide/C/security.xml:289(para)
8239
msgid ""
8240
"Remove or rename the directory <filename "
8241
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
8242
"further SSH authentication capabilities."
8243
msgstr ""
8244
8245
#: serverguide/C/security.xml:292(para)
8246
msgid ""
8247
"Be sure to check for any established SSH connections by the disabled user, "
8248
"as it is possible they may have existing inbound or outbound connections. "
8249
"Kill any that are found."
8250
msgstr ""
8251
8252
#: serverguide/C/security.xml:295(para)
8253
msgid ""
8254
"Restrict SSH access to only user accounts that should have it. For example, "
8255
"you may create a group called \"sshlogin\" and add the group name as the "
8256
"value associated with the <varname>AllowGroups</varname> variable located in "
8257
"the file <filename>/etc/ssh/sshd_config</filename>."
8258
msgstr ""
8259
8260
#: serverguide/C/security.xml:298(programlisting)
8261
#, no-wrap
8262
msgid ""
8263
"\n"
8264
"AllowGroups sshlogin\n"
8265
msgstr ""
8266
8267
#: serverguide/C/security.xml:301(para)
8268
msgid ""
8269
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8270
"SSH service."
8271
msgstr ""
8272
8273
#: serverguide/C/security.xml:305(command)
8274
msgid "sudo adduser username sshlogin"
8275
msgstr ""
8276
8277
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
8278
msgid "sudo /etc/init.d/ssh restart"
8279
msgstr ""
8280
8281
#: serverguide/C/security.xml:310(title)
8282
msgid "External User Database Authentication"
8283
msgstr ""
8284
8285
#: serverguide/C/security.xml:311(para)
8286
msgid ""
8287
"Most enterprise networks require centralized authentication and access "
8288
"controls for all system resources. If you have configured your server to "
8289
"authenticate users against external databases, be sure to disable the user "
8290
"accounts both externally and locally, this way you ensure that local "
8291
"fallback authentication is not possible."
8292
msgstr ""
8293
8294
#: serverguide/C/security.xml:320(title)
8295
msgid "Console Security"
8296
msgstr ""
8297
8298
#: serverguide/C/security.xml:321(para)
8299
msgid ""
8300
"As with any other security barrier you put in place to protect your server, "
8301
"it is pretty tough to defend against untold damage caused by someone with "
8302
"physical access to your environment, for example, theft of hard drives, "
8303
"power or service disruption and so on. Therefore, console security should be "
8304
"addressed merely as one component of your overall physical security "
8305
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8306
"very least slow down a determined one, so it is still advisable to perform "
8307
"basic precautions with regard to console security."
8308
msgstr ""
8309
8310
#: serverguide/C/security.xml:324(para)
8311
msgid ""
8312
"The following instructions will help defend your server against issues that "
8313
"could otherwise yield very serious consequences."
8314
msgstr ""
8315
8316
#: serverguide/C/security.xml:329(title)
8317
msgid "Disable Ctrl+Alt+Delete"
8318
msgstr ""
8319
8320
#: serverguide/C/security.xml:330(para)
8321
msgid ""
8322
"First and foremost, anyone that has physical access to the keyboard can "
8323
"simply use the "
8324
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8325
"eycombo> key combination to reboot the server without having to log on. "
8326
"Sure, someone could simply unplug the power source, but you should still "
8327
"prevent the use of this key combination on a production server. This forces "
8328
"an attacker to take more drastic measures to reboot the server, and will "
8329
"prevent accidental reboots at the same time."
8330
msgstr ""
8331
8332
#: serverguide/C/security.xml:335(para)
8333
msgid ""
8334
"To disable the reboot action taken by pressing the "
8335
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8336
"eycombo> key combination, comment out the following line in the file "
8337
"<filename>/etc/init/control-alt-delete.conf</filename>."
8338
msgstr ""
8339
8340
#: serverguide/C/security.xml:338(programlisting)
8341
#, no-wrap
8342
msgid ""
8343
"\n"
8344
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8345
msgstr ""
8346
8347
#: serverguide/C/security.xml:347(title)
8348
msgid "Firewall"
8349
msgstr ""
8350
8351
#: serverguide/C/security.xml:350(para)
8352
msgid ""
8353
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8354
"which is used to manipulate or decide the fate of network traffic headed "
8355
"into or through your server. All modern Linux firewall solutions use this "
8356
"system for packet filtering."
8357
msgstr ""
8358
8359
#: serverguide/C/security.xml:355(para)
8360
msgid ""
8361
"The kernel's packet filtering system would be of little use to "
8362
"administrators without a userspace interface to manage it. This is the "
8363
"purpose of iptables. When a packet reaches your server, it will be handed "
8364
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8365
"based on the rules supplied to it from userspace via iptables. Thus, "
8366
"iptables is all you need to manage your firewall if you're familiar with it, "
8367
"but many frontends are available to simplify the task."
8368
msgstr ""
8369
8370
#: serverguide/C/security.xml:365(title)
8371
msgid "ufw - Uncomplicated Firewall"
8372
msgstr ""
8373
8374
#: serverguide/C/security.xml:366(para)
8375
msgid ""
8376
"The default firewall configuration tool for Ubuntu is "
8377
"<application>ufw</application>. Developed to ease iptables firewall "
8378
"configuration, <application>ufw</application> provides a user friendly way "
8379
"to create an IPv4 or IPv6 host-based firewall."
8380
msgstr ""
8381
8382
#: serverguide/C/security.xml:370(para)
8383
msgid ""
8384
"<application>ufw</application> by default is initially disabled. From the "
8385
"<application>ufw</application> man page:"
8386
msgstr ""
8387
8388
#: serverguide/C/security.xml:374(quote)
8389
msgid ""
8390
"ufw is not intended to provide complete firewall functionality via its "
8391
"command interface, but instead provides an easy way to add or remove simple "
8392
"rules. It is currently mainly used for host-based firewalls."
8393
msgstr ""
8394
8395
#: serverguide/C/security.xml:378(para)
8396
msgid ""
8397
"The following are some examples of how to use <application>ufw</application>:"
8398
msgstr ""
8399
8400
#: serverguide/C/security.xml:383(para)
8401
msgid ""
8402
"First, <application>ufw</application> needs to be enabled. From a terminal "
8403
"prompt enter:"
8404
msgstr ""
8405
8406
#: serverguide/C/security.xml:387(command)
8407
msgid "sudo ufw enable"
8408
msgstr ""
8409
8410
#: serverguide/C/security.xml:391(para)
8411
msgid "To open a port (ssh in this example):"
8412
msgstr ""
8413
8414
#: serverguide/C/security.xml:395(command)
8415
msgid "sudo ufw allow 22"
8416
msgstr ""
8417
8418
#: serverguide/C/security.xml:399(para)
8419
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8420
msgstr ""
8421
8422
#: serverguide/C/security.xml:403(command)
8423
msgid "sudo ufw insert 1 allow 80"
8424
msgstr ""
8425
8426
#: serverguide/C/security.xml:407(para)
8427
msgid "Similarly, to close an opened port:"
8428
msgstr ""
8429
8430
#: serverguide/C/security.xml:411(command)
8431
msgid "sudo ufw deny 22"
8432
msgstr ""
8433
8434
#: serverguide/C/security.xml:415(para)
8435
msgid "To remove a rule, use delete followed by the rule:"
8436
msgstr ""
8437
8438
#: serverguide/C/security.xml:419(command)
8439
msgid "sudo ufw delete deny 22"
8440
msgstr ""
8441
8442
#: serverguide/C/security.xml:423(para)
8443
msgid ""
8444
"It is also possible to allow access from specific hosts or networks to a "
8445
"port. The following example allows ssh access from host 192.168.0.2 to any "
8446
"ip address on this host:"
8447
msgstr ""
8448
8449
#: serverguide/C/security.xml:428(command)
8450
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8451
msgstr ""
8452
8453
#: serverguide/C/security.xml:430(para)
8454
msgid ""
8455
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8456
"subnet."
8457
msgstr ""
8458
8459
#: serverguide/C/security.xml:436(para)
8460
msgid ""
8461
"Adding the <emphasis>--dry-run</emphasis> option to a "
8462
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8463
"apply them. For example, the following is what would be applied if opening "
8464
"the HTTP port:"
8465
msgstr ""
8466
8467
#: serverguide/C/security.xml:442(command)
8468
msgid "sudo ufw --dry-run allow http"
8469
msgstr ""
8470
8471
#: serverguide/C/security.xml:446(computeroutput)
8472
#, no-wrap
8473
msgid ""
8474
"*filter\n"
8475
":ufw-user-input - [0:0]\n"
8476
":ufw-user-output - [0:0]\n"
8477
":ufw-user-forward - [0:0]\n"
8478
":ufw-user-limit - [0:0]\n"
8479
":ufw-user-limit-accept - [0:0]\n"
8480
"### RULES ###\n"
8481
"\n"
8482
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8483
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
8484
"\n"
8485
"### END RULES ###\n"
8486
"-A ufw-user-input -j RETURN\n"
8487
"-A ufw-user-output -j RETURN\n"
8488
"-A ufw-user-forward -j RETURN\n"
8489
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
8490
"LIMIT]: \"\n"
8491
"-A ufw-user-limit -j REJECT\n"
8492
"-A ufw-user-limit-accept -j ACCEPT\n"
8493
"COMMIT\n"
8494
"Rules updated"
8495
msgstr ""
8496
8497
#: serverguide/C/security.xml:470(para)
8498
msgid "<application>ufw</application> can be disabled by:"
8499
msgstr ""
8500
8501
#: serverguide/C/security.xml:474(command)
8502
msgid "sudo ufw disable"
8503
msgstr ""
8504
8505
#: serverguide/C/security.xml:478(para)
8506
msgid "To see the firewall status, enter:"
8507
msgstr ""
8508
8509
#: serverguide/C/security.xml:482(command)
8510
msgid "sudo ufw status"
8511
msgstr ""
8512
8513
#: serverguide/C/security.xml:486(para)
8514
msgid "And for more verbose status information use:"
8515
msgstr ""
8516
8517
#: serverguide/C/security.xml:490(command)
8518
msgid "sudo ufw status verbose"
8519
msgstr ""
8520
8521
#: serverguide/C/security.xml:494(para)
8522
msgid "To view the <emphasis>numbered</emphasis> format:"
8523
msgstr ""
8524
8525
#: serverguide/C/security.xml:498(command)
8526
msgid "sudo ufw status numbered"
8527
msgstr ""
8528
8529
#: serverguide/C/security.xml:503(para)
8530
msgid ""
8531
"If the port you want to open or close is defined in "
8532
"<filename>/etc/services</filename>, you can use the port name instead of the "
8533
"number. In the above examples, replace <emphasis>22</emphasis> with "
8534
"<emphasis>ssh</emphasis>."
8535
msgstr ""
8536
8537
#: serverguide/C/security.xml:509(para)
8538
msgid ""
8539
"This is a quick introduction to using <application>ufw</application>. Please "
8540
"refer to the <application>ufw</application> man page for more information."
8541
msgstr ""
8542
8543
#: serverguide/C/security.xml:515(title)
8544
msgid "ufw Application Integration"
8545
msgstr ""
8546
8547
#: serverguide/C/security.xml:517(para)
8548
msgid ""
8549
"Applications that open ports can include an <application>ufw</application> "
8550
"profile, which details the ports needed for the application to function "
8551
"properly. The profiles are kept in <filename "
8552
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8553
"the default ports have been changed."
8554
msgstr ""
8555
8556
#: serverguide/C/security.xml:526(para)
8557
msgid ""
8558
"To view which applications have installed a profile, enter the following in "
8559
"a terminal:"
8560
msgstr ""
8561
8562
#: serverguide/C/security.xml:531(command)
8563
msgid "sudo ufw app list"
8564
msgstr ""
8565
8566
#: serverguide/C/security.xml:537(para)
8567
msgid ""
8568
"Similar to allowing traffic to a port, using an application profile is "
8569
"accomplished by entering:"
8570
msgstr ""
8571
8572
#: serverguide/C/security.xml:542(command)
8573
msgid "sudo ufw allow Samba"
8574
msgstr ""
8575
8576
#: serverguide/C/security.xml:548(para)
8577
msgid "An extended syntax is available as well:"
8578
msgstr ""
8579
8580
#: serverguide/C/security.xml:553(command)
8581
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8582
msgstr ""
8583
8584
#: serverguide/C/security.xml:556(para)
8585
msgid ""
8586
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8587
"with the application profile you are using and the IP range for your network."
8588
msgstr ""
8589
8590
#: serverguide/C/security.xml:562(para)
8591
msgid ""
8592
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8593
"application, because that information is detailed in the profile. Also, note "
8594
"that the <emphasis>app</emphasis> name replaces the "
8595
"<emphasis>port</emphasis> number."
8596
msgstr ""
8597
8598
#: serverguide/C/security.xml:571(para)
8599
msgid ""
8600
"To view details about which ports, protocols, etc are defined for an "
8601
"application, enter:"
8602
msgstr ""
8603
8604
#: serverguide/C/security.xml:576(command)
8605
msgid "sudo ufw app info Samba"
8606
msgstr ""
8607
8608
#: serverguide/C/security.xml:582(para)
8609
msgid ""
8610
"Not all applications that require opening a network port come with "
8611
"<application>ufw</application> profiles, but if you have profiled an "
8612
"application and want the file to be included with the package, please file a "
8613
"bug against the package in <ulink "
8614
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8615
msgstr ""
8616
8617
#: serverguide/C/security.xml:591(title)
8618
msgid "IP Masquerading"
8619
msgstr ""
8620
8621
#: serverguide/C/security.xml:592(para)
8622
msgid ""
8623
"The purpose of IP Masquerading is to allow machines with private, non-"
8624
"routable IP addresses on your network to access the Internet through the "
8625
"machine doing the masquerading. Traffic from your private network destined "
8626
"for the Internet must be manipulated for replies to be routable back to the "
8627
"machine that made the request. To do this, the kernel must modify the "
8628
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8629
"be routed back to it, rather than to the private IP address that made the "
8630
"request, which is impossible over the Internet. Linux uses "
8631
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8632
"connections belong to which machines and reroute each return packet "
8633
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8634
"having originated from your Ubuntu gateway machine. This process is referred "
8635
"to in Microsoft documentation as Internet Connection Sharing."
8636
msgstr ""
8637
8638
#: serverguide/C/security.xml:608(title)
8639
msgid "ufw Masquerading"
8640
msgstr ""
8641
8642
#: serverguide/C/security.xml:609(para)
8643
msgid ""
8644
"IP Masquerading can be achieved using custom <application>ufw</application> "
8645
"rules. This is possible because the current back-end for "
8646
"<application>ufw</application> is <application>iptables-"
8647
"restore</application> with the rules files located in "
8648
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8649
"legacy iptables rules used without <application>ufw</application>, and rules "
8650
"that are more network gateway or bridge related."
8651
msgstr ""
8652
8653
#: serverguide/C/security.xml:615(para)
8654
msgid ""
8655
"The rules are split into two different files, rules that should be executed "
8656
"before <application>ufw</application> command line rules, and rules that are "
8657
"executed after <application>ufw</application> command line rules."
8658
msgstr ""
8659
8660
#: serverguide/C/security.xml:621(para)
8661
msgid ""
8662
"First, packet forwarding needs to be enabled in "
8663
"<application>ufw</application>. Two configuration files will need to be "
8664
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8665
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8666
msgstr ""
8667
8668
#: serverguide/C/security.xml:625(programlisting)
8669
#, no-wrap
8670
msgid ""
8671
"\n"
8672
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8673
msgstr ""
8674
8675
#: serverguide/C/security.xml:628(para)
8676
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8677
msgstr ""
8678
8679
#: serverguide/C/security.xml:631(programlisting)
8680
#, no-wrap
8681
msgid ""
8682
"\n"
8683
"net/ipv4/ip_forward=1\n"
8684
msgstr ""
8685
8686
#: serverguide/C/security.xml:634(para)
8687
msgid "Similarly, for IPv6 forwarding uncomment:"
8688
msgstr ""
8689
8690
#: serverguide/C/security.xml:637(programlisting)
8691
#, no-wrap
8692
msgid ""
8693
"\n"
8694
"net/ipv6/conf/default/forwarding=1\n"
8695
msgstr ""
8696
8697
#: serverguide/C/security.xml:642(para)
8698
msgid ""
8699
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8700
"file. The default rules only configure the <emphasis>filter</emphasis> "
8701
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8702
"need to be configured. Add the following to the top of the file just after "
8703
"the header comments:"
8704
msgstr ""
8705
8706
#: serverguide/C/security.xml:647(programlisting)
8707
#, no-wrap
8708
msgid ""
8709
"\n"
8710
"# nat Table rules\n"
8711
"*nat\n"
8712
":POSTROUTING ACCEPT [0:0]\n"
8713
"\n"
8714
"# Forward traffic from eth1 through eth0.\n"
8715
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8716
"\n"
8717
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8718
"processed\n"
8719
"COMMIT\n"
8720
msgstr ""
8721
8722
#: serverguide/C/security.xml:658(para)
8723
msgid ""
8724
"The comments are not strictly necessary, but it is considered good practice "
8725
"to document your configuration. Also, when modifying any of the "
8726
"<emphasis>rules</emphasis> files in <filename "
8727
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8728
"line for each table modified:"
8729
msgstr ""
8730
8731
#: serverguide/C/security.xml:664(programlisting)
8732
#, no-wrap
8733
msgid ""
8734
"\n"
8735
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8736
"COMMIT\n"
8737
msgstr ""
8738
8739
#: serverguide/C/security.xml:669(para)
8740
msgid ""
8741
"For each <emphasis>Table</emphasis> a corresponding "
8742
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8743
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8744
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8745
"<emphasis>mangle</emphasis> tables."
8746
msgstr ""
8747
8748
#: serverguide/C/security.xml:676(para)
8749
msgid ""
8750
"In the above example replace <emphasis>eth0</emphasis>, "
8751
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8752
"appropriate interfaces and IP range for your network."
8753
msgstr ""
8754
8755
#: serverguide/C/security.xml:684(para)
8756
msgid ""
8757
"Finally, disable and re-enable <application>ufw</application> to apply the "
8758
"changes:"
8759
msgstr ""
8760
8761
#: serverguide/C/security.xml:688(command)
8762
msgid "sudo ufw disable && sudo ufw enable"
8763
msgstr ""
8764
8765
#: serverguide/C/security.xml:692(para)
8766
msgid ""
8767
"IP Masquerading should now be enabled. You can also add any additional "
8768
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8769
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8770
"forward</emphasis> chain."
8771
msgstr ""
8772
8773
#: serverguide/C/security.xml:699(title)
8774
msgid "iptables Masquerading"
8775
msgstr ""
8776
8777
#: serverguide/C/security.xml:700(para)
8778
msgid ""
8779
"<application>iptables</application> can also be used to enable masquerading."
8780
msgstr ""
8781
8782
#: serverguide/C/security.xml:705(para)
8783
msgid ""
8784
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8785
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8786
"uncomment the following line"
8787
msgstr ""
8788
8789
#: serverguide/C/security.xml:709(programlisting)
8790
#, no-wrap
8791
msgid ""
8792
"\n"
8793
"net.ipv4.ip_forward=1\n"
8794
msgstr ""
8795
8796
#: serverguide/C/security.xml:712(para)
8797
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8798
msgstr ""
8799
8800
#: serverguide/C/security.xml:715(programlisting)
8801
#, no-wrap
8802
msgid ""
8803
"\n"
8804
"net.ipv6.conf.default.forwarding=1\n"
8805
msgstr ""
8806
8807
#: serverguide/C/security.xml:720(para)
8808
msgid ""
8809
"Next, execute the <application>sysctl</application> command to enable the "
8810
"new settings in the configuration file:"
8811
msgstr ""
8812
8813
#: serverguide/C/security.xml:724(command)
8814
msgid "sudo sysctl -p"
8815
msgstr ""
8816
8817
#: serverguide/C/security.xml:728(para)
8818
msgid ""
8819
"IP Masquerading can now be accomplished with a single iptables rule, which "
8820
"may differ slightly based on your network configuration:"
8821
msgstr ""
8822
8823
#: serverguide/C/security.xml:731(screen)
8824
#, no-wrap
8825
msgid ""
8826
"\n"
8827
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8828
msgstr ""
8829
8830
#: serverguide/C/security.xml:734(para)
8831
msgid ""
8832
"The above command assumes that your private address space is 192.168.0.0/16 "
8833
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8834
"follows:"
8835
msgstr ""
8836
8837
#: serverguide/C/security.xml:739(para)
8838
msgid "-t nat -- the rule is to go into the nat table"
8839
msgstr ""
8840
8841
#: serverguide/C/security.xml:740(para)
8842
msgid ""
8843
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8844
msgstr ""
8845
8846
#: serverguide/C/security.xml:741(para)
8847
msgid ""
8848
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8849
"specified address space"
8850
msgstr ""
8851
8852
#: serverguide/C/security.xml:742(para)
8853
msgid ""
8854
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8855
"specified network device"
8856
msgstr ""
8857
8858
#: serverguide/C/security.xml:744(para)
8859
msgid ""
8860
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8861
"MASQUERADE target to be manipulated as described above"
8862
msgstr ""
8863
8864
#: serverguide/C/security.xml:752(para)
8865
msgid ""
8866
"Also, each chain in the filter table (the default table, and where most or "
8867
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8868
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8869
"you may have set the policies to DROP or REJECT, in which case your "
8870
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8871
"above rule to work:"
8872
msgstr ""
8873
8874
#: serverguide/C/security.xml:759(screen)
8875
#, no-wrap
8876
msgid ""
8877
"\n"
8878
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8879
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8880
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8881
msgstr ""
8882
8883
#: serverguide/C/security.xml:763(para)
8884
msgid ""
8885
"The above commands will allow all connections from your local network to the "
8886
"Internet and all traffic related to those connections to return to the "
8887
"machine that initiated them."
8888
msgstr ""
8889
8890
#: serverguide/C/security.xml:770(para)
8891
msgid ""
8892
"If you want masquerading to be enabled on reboot, which you probably do, "
8893
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8894
"example add the first command with no filtering:"
8895
msgstr ""
8896
8897
#: serverguide/C/security.xml:774(screen)
8898
#, no-wrap
8899
msgid ""
8900
"\n"
8901
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8902
msgstr ""
8903
8904
#: serverguide/C/security.xml:782(title)
8905
msgid "Logs"
8906
msgstr ""
8907
8908
#: serverguide/C/security.xml:783(para)
8909
msgid ""
8910
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8911
"firewall rules, and noticing unusual activity on your network. You must "
8912
"include logging rules in your firewall for them to be generated, though, and "
8913
"logging rules must come before any applicable terminating rule (a rule with "
8914
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8915
"REJECT)."
8916
msgstr ""
8917
8918
#: serverguide/C/security.xml:790(para)
8919
msgid ""
8920
"If you are using <application>ufw</application>, you can turn on logging by "
8921
"entering the following in a terminal:"
8922
msgstr ""
8923
8924
#: serverguide/C/security.xml:794(command)
8925
msgid "sudo ufw logging on"
8926
msgstr ""
8927
8928
#: serverguide/C/security.xml:796(para)
8929
msgid ""
8930
"To turn logging off in <application>ufw</application>, simply replace "
8931
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8932
"role=\"italic\">off</emphasis> in the above command."
8933
msgstr ""
8934
8935
#: serverguide/C/security.xml:799(para)
8936
msgid ""
8937
"If using <application>iptables</application> instead of "
8938
"<application>ufw</application>, enter:"
8939
msgstr ""
8940
8941
#: serverguide/C/security.xml:802(screen)
8942
#, no-wrap
8943
msgid ""
8944
"\n"
8945
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8946
"prefix \"NEW_HTTP_CONN: \"\n"
8947
msgstr ""
8948
8949
#: serverguide/C/security.xml:805(para)
8950
msgid ""
8951
"A request on port 80 from the local machine, then, would generate a log in "
8952
"dmesg that looks like this:"
8953
msgstr ""
8954
8955
#: serverguide/C/security.xml:810(programlisting)
8956
#, no-wrap
8957
msgid ""
8958
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8959
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8960
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8961
"WINDOW=32767 RES=0x00 SYN URGP=0"
8962
msgstr ""
8963
8964
#: serverguide/C/security.xml:812(para)
8965
msgid ""
8966
"The above log will also appear in <filename>/var/log/messages</filename>, "
8967
"<filename>/var/log/syslog</filename>, and "
8968
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8969
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8970
"and configuring <application>ulogd</application> and using the ULOG target "
8971
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8972
"server that listens for logging instructions from the kernel specifically "
8973
"for firewalls, and can log to any file you like, or even to a "
8974
"<application>PostgreSQL</application> or <application>MySQL</application> "
8975
"database. Making sense of your firewall logs can be simplified by using a "
8976
"log analyzing tool such as <application>fwanalog</application>, "
8977
"<application> fwlogwatch</application>, or <application>lire</application>."
8978
msgstr ""
8979
8980
#: serverguide/C/security.xml:827(title)
8981
msgid "Other Tools"
8982
msgstr ""
8983
8984
#: serverguide/C/security.xml:828(para)
8985
msgid ""
8986
"There are many tools available to help you construct a complete firewall "
8987
"without intimate knowledge of iptables. For the GUI-inclined:"
8988
msgstr ""
8989
8990
#: serverguide/C/security.xml:834(para)
8991
msgid ""
8992
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8993
"popular and easy to use."
8994
msgstr ""
8995
8996
#: serverguide/C/security.xml:839(para)
8997
msgid ""
8998
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8999
"and will look familiar to an administrator who has used a commercial "
9000
"firewall utility such as <application>Checkpoint FireWall-1</application>."
9001
msgstr ""
9002
9003
#: serverguide/C/security.xml:845(para)
9004
msgid ""
9005
"If you prefer a command-line tool with plain-text configuration files:"
9006
msgstr ""
9007
9008
#: serverguide/C/security.xml:850(para)
9009
msgid ""
9010
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
9011
"powerful solution to help you configure an advanced firewall for any network."
9012
msgstr ""
9013
9014
#: serverguide/C/security.xml:856(para)
9015
msgid ""
9016
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
9017
"a working firewall \"out of the box\" with zero configuration, and will "
9018
"allow you to easily set up a more advanced firewall by editing simple, well-"
9019
"documented configuration files."
9020
msgstr ""
9021
9022
#: serverguide/C/security.xml:863(para)
9023
msgid ""
9024
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
9025
"designed to be a desktop firewall application. It is made up of a server "
9026
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
9027
"like many popular interactive firewall applications for Windows."
9028
msgstr ""
9029
9030
#: serverguide/C/security.xml:875(para)
9031
msgid ""
9032
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9033
"Firewall</ulink> wiki page contains information on the development of "
9034
"<application>ufw</application>."
9035
msgstr ""
9036
9037
#: serverguide/C/security.xml:881(para)
9038
msgid ""
9039
"Also, the <application>ufw</application> manual page contains some very "
9040
"useful information: <command>man ufw</command>."
9041
msgstr ""
9042
9043
#: serverguide/C/security.xml:886(para)
9044
msgid ""
9045
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
9046
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
9047
"on using <application>iptables</application>."
9048
msgstr ""
9049
9050
#: serverguide/C/security.xml:892(para)
9051
msgid ""
9052
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9053
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
9054
msgstr ""
9055
9056
#: serverguide/C/security.xml:898(para)
9057
msgid ""
9058
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
9059
"HowTo</ulink> in the Ubuntu wiki is a great resource."
9060
msgstr ""
9061
9062
#: serverguide/C/security.xml:906(title)
9063
msgid "AppArmor"
9064
msgstr ""
9065
9066
#: serverguide/C/security.xml:907(para)
9067
msgid ""
9068
"<application>AppArmor</application> is a Linux Security Module "
9069
"implementation of name-based mandatory access controls. AppArmor confines "
9070
"individual programs to a set of listed files and posix 1003.1e draft "
9071
"capabilities."
9072
msgstr ""
9073
9074
#: serverguide/C/security.xml:911(para)
9075
msgid ""
9076
"<application>AppArmor</application> is installed and loaded by default. It "
9077
"uses <emphasis>profiles</emphasis> of an application to determine what files "
9078
"and permissions the application requires. Some packages will install their "
9079
"own profiles, and additional profiles can be found in the "
9080
"<application>apparmor-profiles</application> package."
9081
msgstr ""
9082
9083
#: serverguide/C/security.xml:916(para)
9084
msgid ""
9085
"To install the <application>apparmor-profiles</application> package from a "
9086
"terminal prompt:"
9087
msgstr ""
9088
9089
#: serverguide/C/security.xml:922(para)
9090
msgid "AppArmor profiles have two modes of execution:"
9091
msgstr ""
9092
9093
#: serverguide/C/security.xml:927(para)
9094
msgid ""
9095
"Complaining/Learning: profile violations are permitted and logged. Useful "
9096
"for testing and developing new profiles."
9097
msgstr ""
9098
9099
#: serverguide/C/security.xml:932(para)
9100
msgid ""
9101
"Enforced/Confined: enforces profile policy as well as logging the violation."
9102
msgstr ""
9103
9104
#: serverguide/C/security.xml:938(title)
9105
msgid "Using AppArmor"
9106
msgstr ""
9107
9108
#: serverguide/C/security.xml:939(para)
9109
msgid ""
9110
"The <application>apparmor-utils</application> package contains command line "
9111
"utilities that you can use to change the <application>AppArmor</application> "
9112
"execution mode, find the status of a profile, create new profiles, etc."
9113
msgstr ""
9114
9115
#: serverguide/C/security.xml:945(para)
9116
msgid ""
9117
"<application>apparmor_status</application> is used to view the current "
9118
"status of AppArmor profiles."
9119
msgstr ""
9120
9121
#: serverguide/C/security.xml:949(command)
9122
msgid "sudo apparmor_status"
9123
msgstr ""
9124
9125
#: serverguide/C/security.xml:953(para)
9126
msgid ""
9127
"<application>aa-complain</application> places a profile into "
9128
"<emphasis>complain</emphasis> mode."
9129
msgstr ""
9130
9131
#: serverguide/C/security.xml:957(command)
9132
msgid "sudo aa-complain /path/to/bin"
9133
msgstr ""
9134
9135
#: serverguide/C/security.xml:961(para)
9136
msgid ""
9137
"<application>aa-enforce</application> places a profile into "
9138
"<emphasis>enforce</emphasis> mode."
9139
msgstr ""
9140
9141
#: serverguide/C/security.xml:965(command)
9142
msgid "sudo aa-enforce /path/to/bin"
9143
msgstr ""
9144
9145
#: serverguide/C/security.xml:969(para)
9146
msgid ""
9147
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
9148
"profiles are located. It can be used to manipulate the "
9149
"<emphasis>mode</emphasis> of all profiles."
9150
msgstr ""
9151
9152
#: serverguide/C/security.xml:973(para)
9153
msgid "Enter the following to place all profiles into complain mode:"
9154
msgstr ""
9155
9156
#: serverguide/C/security.xml:977(command)
9157
msgid "sudo aa-complain /etc/apparmor.d/*"
9158
msgstr ""
9159
9160
#: serverguide/C/security.xml:979(para)
9161
msgid "To place all profiles in enforce mode:"
9162
msgstr ""
9163
9164
#: serverguide/C/security.xml:983(command)
9165
msgid "sudo aa-enforce /etc/apparmor.d/*"
9166
msgstr ""
9167
9168
#: serverguide/C/security.xml:987(para)
9169
msgid ""
9170
"<application>apparmor_parser</application> is used to load a profile into "
9171
"the kernel. It can also be used to reload a currently loaded profile using "
9172
"the <emphasis>-r</emphasis> option. To load a profile:"
9173
msgstr ""
9174
9175
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
9176
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9177
msgstr ""
9178
9179
#: serverguide/C/security.xml:994(para)
9180
msgid "To reload a profile:"
9181
msgstr ""
9182
9183
#: serverguide/C/security.xml:998(command)
9184
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9185
msgstr ""
9186
9187
#: serverguide/C/security.xml:1002(para)
9188
msgid ""
9189
"<filename>/etc/init.d/apparmor</filename> can be used to "
9190
"<emphasis>reload</emphasis> all profiles:"
9191
msgstr ""
9192
9193
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
9194
msgid "sudo /etc/init.d/apparmor reload"
9195
msgstr ""
9196
9197
#: serverguide/C/security.xml:1010(para)
9198
msgid ""
9199
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
9200
"with the <application>apparmor_parser -R</application> option to "
9201
"<emphasis>disable</emphasis> a profile."
9202
msgstr ""
9203
9204
#: serverguide/C/security.xml:1015(command)
9205
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9206
msgstr ""
9207
9208
#: serverguide/C/security.xml:1016(command)
9209
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9210
msgstr ""
9211
9212
#: serverguide/C/security.xml:1018(para)
9213
msgid ""
9214
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
9215
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
9216
"load the profile using the <emphasis>-a</emphasis> option."
9217
msgstr ""
9218
9219
#: serverguide/C/security.xml:1023(command)
9220
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
9221
msgstr ""
9222
9223
#: serverguide/C/security.xml:1028(para)
9224
msgid ""
9225
"<application>AppArmor</application> can be disabled, and the kernel module "
9226
"unloaded by entering the following:"
9227
msgstr ""
9228
9229
#: serverguide/C/security.xml:1032(command)
9230
msgid "sudo /etc/init.d/apparmor stop"
9231
msgstr ""
9232
9233
#: serverguide/C/security.xml:1033(command)
9234
msgid "sudo update-rc.d -f apparmor remove"
9235
msgstr ""
9236
9237
#: serverguide/C/security.xml:1037(para)
9238
msgid "To re-enable <application>AppArmor</application> enter:"
9239
msgstr ""
9240
9241
#: serverguide/C/security.xml:1041(command)
9242
msgid "sudo /etc/init.d/apparmor start"
9243
msgstr ""
9244
9245
#: serverguide/C/security.xml:1042(command)
9246
msgid "sudo update-rc.d apparmor defaults"
9247
msgstr ""
9248
9249
#: serverguide/C/security.xml:1047(para)
9250
msgid ""
9251
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9252
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9253
"the actual executable file path. For example for the "
9254
"<application>ping</application> command use <filename>/bin/ping</filename>"
9255
msgstr ""
9256
9257
#: serverguide/C/security.xml:1055(title)
9258
msgid "Profiles"
9259
msgstr ""
9260
9261
#: serverguide/C/security.xml:1056(para)
9262
msgid ""
9263
"<application>AppArmor</application> profiles are simple text files located "
9264
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9265
"path to the executable they profile replacing the \"/\" with \".\". For "
9266
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9267
"profile for the <filename>/bin/ping</filename> command."
9268
msgstr ""
9269
9270
#: serverguide/C/security.xml:1062(para)
9271
msgid "There are two main type of rules used in profiles:"
9272
msgstr ""
9273
9274
#: serverguide/C/security.xml:1067(para)
9275
msgid ""
9276
"<emphasis>Path entries:</emphasis> which detail which files an application "
9277
"can access in the file system."
9278
msgstr ""
9279
9280
#: serverguide/C/security.xml:1072(para)
9281
msgid ""
9282
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9283
"confined process is allowed to use."
9284
msgstr ""
9285
9286
#: serverguide/C/security.xml:1077(para)
9287
msgid ""
9288
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9289
msgstr ""
9290
9291
#: serverguide/C/security.xml:1080(programlisting)
9292
#, no-wrap
9293
msgid ""
9294
"\n"
9295
"#include <tunables/global>\n"
9296
"/bin/ping flags=(complain) {\n"
9297
" #include <abstractions/base>\n"
9298
" #include <abstractions/consoles>\n"
9299
" #include <abstractions/nameservice>\n"
9300
"\n"
9301
" capability net_raw,\n"
9302
" capability setuid,\n"
9303
" network inet raw,\n"
9304
" \n"
9305
" /bin/ping mixr,\n"
9306
" /etc/modules.conf r,\n"
9307
"}\n"
9308
msgstr ""
9309
9310
#: serverguide/C/security.xml:1097(para)
9311
msgid ""
9312
"<emphasis>#include <tunables/global>:</emphasis> include statements "
9313
"from other files. This allows statements pertaining to multiple applications "
9314
"to be placed in a common file."
9315
msgstr ""
9316
9317
#: serverguide/C/security.xml:1103(para)
9318
msgid ""
9319
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
9320
"program, also setting the mode to <emphasis>complain</emphasis>."
9321
msgstr ""
9322
9323
#: serverguide/C/security.xml:1109(para)
9324
msgid ""
9325
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
9326
"the CAP_NET_RAW Posix.1e capability."
9327
msgstr ""
9328
9329
#: serverguide/C/security.xml:1114(para)
9330
msgid ""
9331
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
9332
"execute access to the file."
9333
msgstr ""
9334
9335
#: serverguide/C/security.xml:1120(para)
9336
msgid ""
9337
"After editing a profile file the profile must be reloaded. See <xref "
9338
"linkend=\"apparmor-usage\"/> for details."
9339
msgstr ""
9340
9341
#: serverguide/C/security.xml:1125(title)
9342
msgid "Creating a Profile"
9343
msgstr ""
9344
9345
#: serverguide/C/security.xml:1128(para)
9346
msgid ""
9347
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
9348
"application should be exercised. The test plan should be divided into small "
9349
"test cases. Each test case should have a small description and list the "
9350
"steps to follow."
9351
msgstr ""
9352
9353
#: serverguide/C/security.xml:1132(para)
9354
msgid "Some standard test cases are:"
9355
msgstr ""
9356
9357
#: serverguide/C/security.xml:1137(para)
9358
msgid "Starting the program."
9359
msgstr ""
9360
9361
#: serverguide/C/security.xml:1142(para)
9362
msgid "Stopping the program."
9363
msgstr ""
9364
9365
#: serverguide/C/security.xml:1147(para)
9366
msgid "Reloading the program."
9367
msgstr ""
9368
9369
#: serverguide/C/security.xml:1152(para)
9370
msgid "Testing all the commands supported by the init script."
9371
msgstr ""
9372
9373
#: serverguide/C/security.xml:1159(para)
9374
msgid ""
9375
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
9376
"genprof</application> to generate a new profile. From a terminal:"
9377
msgstr ""
9378
9379
#: serverguide/C/security.xml:1164(command)
9380
msgid "sudo aa-genprof executable"
9381
msgstr ""
9382
9383
#: serverguide/C/security.xml:1166(para)
9384
msgid "For example:"
9385
msgstr ""
9386
9387
#: serverguide/C/security.xml:1170(command)
9388
msgid "sudo aa-genprof slapd"
9389
msgstr ""
9390
9391
#: serverguide/C/security.xml:1174(para)
9392
msgid ""
9393
"To get your new profile included in the <application>apparmor-"
9394
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
9395
"against the <ulink "
9396
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
9397
"/ulink> package:"
9398
msgstr ""
9399
9400
#: serverguide/C/security.xml:1181(para)
9401
msgid "Include your test plan and test cases."
9402
msgstr ""
9403
9404
#: serverguide/C/security.xml:1186(para)
9405
msgid "Attach your new profile to the bug."
9406
msgstr ""
9407
9408
#: serverguide/C/security.xml:1195(title)
9409
msgid "Updating Profiles"
9410
msgstr ""
9411
9412
#: serverguide/C/security.xml:1196(para)
9413
msgid ""
9414
"When the program is misbehaving, audit messages are sent to the log files. "
9415
"The program <application>aa-logprof</application> can be used to scan log "
9416
"files for <application>AppArmor</application> audit messages, review them "
9417
"and update the profiles. From a terminal:"
9418
msgstr ""
9419
9420
#: serverguide/C/security.xml:1201(command)
9421
msgid "sudo aa-logprof"
9422
msgstr ""
9423
9424
#: serverguide/C/security.xml:1209(para)
9425
msgid ""
9426
"See the <ulink "
9427
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9428
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
9429
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
9430
"configuration options."
9431
msgstr ""
9432
9433
#: serverguide/C/security.xml:1216(para)
9434
msgid ""
9435
"For details using AppArmor with other Ubuntu releases see the <ulink "
9436
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9437
"Wiki</ulink> page."
9438
msgstr ""
9439
9440
#: serverguide/C/security.xml:1224(para)
9441
msgid ""
9442
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
9443
"page is another introduction to AppArmor."
9444
msgstr ""
9445
9446
#: serverguide/C/security.xml:1231(para)
9447
msgid ""
9448
"A great place to ask for <application>AppArmor</application> assistance, and "
9449
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9450
"server</emphasis> IRC channel on <ulink "
9451
"url=\"http://freenode.net\">freenode</ulink>."
9452
msgstr ""
9453
9454
#: serverguide/C/security.xml:1241(title)
9455
msgid "Certificates"
9456
msgstr ""
9457
9458
#: serverguide/C/security.xml:1242(para)
9459
msgid ""
9460
"One of the most common forms of cryptography today is <emphasis>public-"
9461
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9462
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
9463
"system works by <emphasis>encrypting</emphasis> information using the public "
9464
"key. The information can then only be <emphasis>decrypted</emphasis> using "
9465
"the private key."
9466
msgstr ""
9467
9468
#: serverguide/C/security.xml:1248(para)
9469
msgid ""
9470
"A common use for public-key cryptography is encrypting application traffic "
9471
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9472
"connection. For example, configuring Apache to provide "
9473
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
9474
"encrypt traffic using a protocol that does not itself provide encryption."
9475
msgstr ""
9476
9477
#: serverguide/C/security.xml:1253(para)
9478
msgid ""
9479
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9480
"<emphasis>public key</emphasis> and other information about a server and the "
9481
"organization who is responsible for it. Certificates can be digitally signed "
9482
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
9483
"third party that has confirmed that the information contained in the "
9484
"certificate is accurate."
9485
msgstr ""
9486
9487
#: serverguide/C/security.xml:1260(title)
9488
msgid "Types of Certificates"
9489
msgstr ""
9490
9491
#: serverguide/C/security.xml:1261(para)
9492
msgid ""
9493
"To set up a secure server using public-key cryptography, in most cases, you "
9494
"send your certificate request (including your public key), proof of your "
9495
"company's identity, and payment to a CA. The CA verifies the certificate "
9496
"request and your identity, and then sends back a certificate for your secure "
9497
"server. Alternatively, you can create your own <emphasis>self-"
9498
"signed</emphasis> certificate."
9499
msgstr ""
9500
9501
#: serverguide/C/security.xml:1271(para)
9502
msgid ""
9503
"Note, that self-signed certificates should not be used in most production "
9504
"environments."
9505
msgstr ""
9506
9507
#: serverguide/C/security.xml:1275(para)
9508
msgid ""
9509
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9510
"capabilities that a self-signed certificate does not:"
9511
msgstr ""
9512
9513
#: serverguide/C/security.xml:1282(para)
9514
msgid ""
9515
"Browsers (usually) automatically recognize the certificate and allow a "
9516
"secure connection to be made without prompting the user."
9517
msgstr ""
9518
9519
#: serverguide/C/security.xml:1289(para)
9520
msgid ""
9521
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9522
"the organization that is providing the web pages to the browser."
9523
msgstr ""
9524
9525
#: serverguide/C/security.xml:1297(para)
9526
msgid ""
9527
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9528
"certificates they automatically accept. If a browser encounters a "
9529
"certificate whose authorizing CA is not in the list, the browser asks the "
9530
"user to either accept or decline the connection. Also, other applications "
9531
"may generate an error message when using a self-singed certificate."
9532
msgstr ""
9533
9534
#: serverguide/C/security.xml:1305(para)
9535
msgid ""
9536
"The process of getting a certificate from a CA is fairly easy. A quick "
9537
"overview is as follows:"
9538
msgstr ""
9539
9540
#: serverguide/C/security.xml:1312(para)
9541
msgid "Create a private and public encryption key pair."
9542
msgstr ""
9543
9544
#: serverguide/C/security.xml:1315(para)
9545
msgid ""
9546
"Create a certificate request based on the public key. The certificate "
9547
"request contains information about your server and the company hosting it."
9548
msgstr ""
9549
9550
#: serverguide/C/security.xml:1320(para)
9551
msgid ""
9552
"Send the certificate request, along with documents proving your identity, to "
9553
"a CA. We cannot tell you which certificate authority to choose. Your "
9554
"decision may be based on your past experiences, or on the experiences of "
9555
"your friends or colleagues, or purely on monetary factors."
9556
msgstr ""
9557
9558
#: serverguide/C/security.xml:1326(para)
9559
msgid ""
9560
"Once you have decided upon a CA, you need to follow the instructions they "
9561
"provide on how to obtain a certificate from them."
9562
msgstr ""
9563
9564
#: serverguide/C/security.xml:1331(para)
9565
msgid ""
9566
"When the CA is satisfied that you are indeed who you claim to be, they send "
9567
"you a digital certificate."
9568
msgstr ""
9569
9570
#: serverguide/C/security.xml:1335(para)
9571
msgid ""
9572
"Install this certificate on your secure server, and configure the "
9573
"appropriate applications to use the certificate."
9574
msgstr ""
9575
9576
#: serverguide/C/security.xml:1344(title)
9577
msgid "Generating a Certificate Signing Request (CSR)"
9578
msgstr ""
9579
9580
#: serverguide/C/security.xml:1346(para)
9581
msgid ""
9582
"Whether you are getting a certificate from a CA or generating your own self-"
9583
"signed certificate, the first step is to generate a key."
9584
msgstr ""
9585
9586
#: serverguide/C/security.xml:1351(para)
9587
msgid ""
9588
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9589
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9590
"passphrase allows the services to start without manual intervention, usually "
9591
"the preferred way to start a daemon."
9592
msgstr ""
9593
9594
#: serverguide/C/security.xml:1357(para)
9595
msgid ""
9596
"This section will cover generating a key with a passphrase, and one without. "
9597
"The non-passphrase key will then be used to generate a certificate that can "
9598
"be used with various service daemons."
9599
msgstr ""
9600
9601
#: serverguide/C/security.xml:1363(para)
9602
msgid ""
9603
"Running your secure service without a passphrase is convenient because you "
9604
"will not need to enter the passphrase every time you start your secure "
9605
"service. But it is insecure and a compromise of the key means a compromise "
9606
"of the server as well."
9607
msgstr ""
9608
9609
#: serverguide/C/security.xml:1370(para)
9610
msgid ""
9611
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9612
"Request (CSR) run the following command from a terminal prompt:"
9613
msgstr ""
9614
9615
#: serverguide/C/security.xml:1376(command)
9616
msgid "openssl genrsa -des3 -out server.key 1024"
9617
msgstr ""
9618
9619
#: serverguide/C/security.xml:1379(programlisting)
9620
#, no-wrap
9621
msgid ""
9622
"\n"
9623
"Generating RSA private key, 1024 bit long modulus\n"
9624
".....................++++++\n"
9625
".................++++++\n"
9626
"unable to write 'random state'\n"
9627
"e is 65537 (0x10001)\n"
9628
"Enter pass phrase for server.key:\n"
9629
msgstr ""
9630
9631
#: serverguide/C/security.xml:1388(para)
9632
msgid ""
9633
"You can now enter your passphrase. For best security, it should at least "
9634
"contain eight characters. The minimum length when specifying -des3 is four "
9635
"characters. It should include numbers and/or punctuation and not be a word "
9636
"in a dictionary. Also remember that your passphrase is case-sensitive."
9637
msgstr ""
9638
9639
#: serverguide/C/security.xml:1396(para)
9640
msgid ""
9641
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9642
"server key is generated and stored in the <filename>server.key</filename> "
9643
"file."
9644
msgstr ""
9645
9646
#: serverguide/C/security.xml:1402(para)
9647
msgid ""
9648
"Now create the insecure key, the one without a passphrase, and shuffle the "
9649
"key names:"
9650
msgstr ""
9651
9652
#: serverguide/C/security.xml:1408(command)
9653
msgid "openssl rsa -in server.key -out server.key.insecure"
9654
msgstr ""
9655
9656
#: serverguide/C/security.xml:1409(command)
9657
msgid "mv server.key server.key.secure"
9658
msgstr ""
9659
9660
#: serverguide/C/security.xml:1410(command)
9661
msgid "mv server.key.insecure server.key"
9662
msgstr ""
9663
9664
#: serverguide/C/security.xml:1413(para)
9665
msgid ""
9666
"The insecure key is now named <filename>server.key</filename>, and you can "
9667
"use this file to generate the CSR without passphrase."
9668
msgstr ""
9669
9670
#: serverguide/C/security.xml:1418(para)
9671
msgid "To create the CSR, run the following command at a terminal prompt:"
9672
msgstr ""
9673
9674
#: serverguide/C/security.xml:1423(command)
9675
msgid "openssl req -new -key server.key -out server.csr"
9676
msgstr ""
9677
9678
#: serverguide/C/security.xml:1426(para)
9679
msgid ""
9680
"It will prompt you enter the passphrase. If you enter the correct "
9681
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9682
"etc. Once you enter all these details, your CSR will be created and it will "
9683
"be stored in the <filename>server.csr</filename> file."
9684
msgstr ""
9685
9686
#: serverguide/C/security.xml:1434(para)
9687
msgid ""
9688
"You can now submit this CSR file to a CA for processing. The CA will use "
9689
"this CSR file and issue the certificate. On the other hand, you can create "
9690
"self-signed certificate using this CSR."
9691
msgstr ""
9692
9693
#: serverguide/C/security.xml:1442(title)
9694
msgid "Creating a Self-Signed Certificate"
9695
msgstr ""
9696
9697
#: serverguide/C/security.xml:1443(para)
9698
msgid ""
9699
"To create the self-signed certificate, run the following command at a "
9700
"terminal prompt:"
9701
msgstr ""
9702
9703
#: serverguide/C/security.xml:1448(command)
9704
msgid ""
9705
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9706
"server.crt"
9707
msgstr ""
9708
9709
#: serverguide/C/security.xml:1451(para)
9710
msgid ""
9711
"The above command will prompt you to enter the passphrase. Once you enter "
9712
"the correct passphrase, your certificate will be created and it will be "
9713
"stored in the <filename>server.crt</filename> file."
9714
msgstr ""
9715
9716
#: serverguide/C/security.xml:1456(para)
9717
msgid ""
9718
"If your secure server is to be used in a production environment, you "
9719
"probably need a CA-signed certificate. It is not recommended to use self-"
9720
"signed certificate."
9721
msgstr ""
9722
9723
#: serverguide/C/security.xml:1464(title)
9724
msgid "Installing the Certificate"
9725
msgstr ""
9726
9727
#: serverguide/C/security.xml:1466(para)
9728
msgid ""
9729
"You can install the key file <filename>server.key</filename> and certificate "
9730
"file <filename>server.crt</filename>, or the certificate file issued by your "
9731
"CA, by running following commands at a terminal prompt:"
9732
msgstr ""
9733
9734
#: serverguide/C/security.xml:1472(command)
9735
msgid "sudo cp server.crt /etc/ssl/certs"
9736
msgstr ""
9737
9738
#: serverguide/C/security.xml:1473(command)
9739
msgid "sudo cp server.key /etc/ssl/private"
9740
msgstr ""
9741
9742
#: serverguide/C/security.xml:1475(para)
9743
msgid ""
9744
"Now simply configure any applications, with the ability to use public-key "
9745
"cryptography, to use the <emphasis>certificate</emphasis> and "
9746
"<emphasis>key</emphasis> files. For example, "
9747
"<application>Apache</application> can provide HTTPS, "
9748
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9749
msgstr ""
9750
9751
#: serverguide/C/security.xml:1482(title)
9752
msgid "Certification Authority"
9753
msgstr ""
9754
9755
#: serverguide/C/security.xml:1484(para)
9756
msgid ""
9757
"If the services on your network require more than a few self-signed "
9758
"certificates it may be worth the additional effort to setup your own "
9759
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9760
"certificates signed by your own CA, allows the various services using the "
9761
"certificates to easily trust other services using certificates issued from "
9762
"the same CA."
9763
msgstr ""
9764
9765
#: serverguide/C/security.xml:1494(para)
9766
msgid ""
9767
"First, create the directories to hold the CA certificate and related files:"
9768
msgstr ""
9769
9770
#: serverguide/C/security.xml:1499(command)
9771
msgid "sudo mkdir /etc/ssl/CA"
9772
msgstr ""
9773
9774
#: serverguide/C/security.xml:1500(command)
9775
msgid "sudo mkdir /etc/ssl/newcerts"
9776
msgstr ""
9777
9778
#: serverguide/C/security.xml:1506(para)
9779
msgid ""
9780
"The CA needs a few additional files to operate, one to keep track of the "
9781
"last serial number used by the CA, each certificate must have a unique "
9782
"serial number, and another file to record which certificates have been "
9783
"issued:"
9784
msgstr ""
9785
9786
#: serverguide/C/security.xml:1513(command)
9787
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9788
msgstr ""
9789
9790
#: serverguide/C/security.xml:1514(command)
9791
msgid "sudo touch /etc/ssl/CA/index.txt"
9792
msgstr ""
9793
9794
#: serverguide/C/security.xml:1520(para)
9795
msgid ""
9796
"The third file is a CA configuration file. Though not strictly necessary, it "
9797
"is very convenient when issuing multiple certificates. Edit "
9798
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9799
"]</emphasis> change:"
9800
msgstr ""
9801
9802
#: serverguide/C/security.xml:1526(programlisting)
9803
#, no-wrap
9804
msgid ""
9805
"\n"
9806
"dir = /etc/ssl/ # Where everything is kept\n"
9807
"database = $dir/CA/index.txt # database index file.\n"
9808
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9809
"serial = $dir/CA/serial # The current serial number\n"
9810
"private_key = $dir/private/cakey.pem# The private key\n"
9811
msgstr ""
9812
9813
#: serverguide/C/security.xml:1537(para)
9814
msgid "Next, create the self-singed root certificate:"
9815
msgstr ""
9816
9817
#: serverguide/C/security.xml:1542(command)
9818
msgid ""
9819
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9820
"days 3650"
9821
msgstr ""
9822
9823
#: serverguide/C/security.xml:1545(para)
9824
msgid "You will then be asked to enter the details about the certificate."
9825
msgstr ""
9826
9827
#: serverguide/C/security.xml:1552(para)
9828
msgid "Now install the root certificate and key:"
9829
msgstr ""
9830
9831
#: serverguide/C/security.xml:1557(command)
9832
msgid "sudo mv cakey.pem /etc/ssl/private/"
9833
msgstr ""
9834
9835
#: serverguide/C/security.xml:1558(command)
9836
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9837
msgstr ""
9838
9839
#: serverguide/C/security.xml:1564(para)
9840
msgid ""
9841
"You are now ready to start signing certificates. The first item needed is a "
9842
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9843
"for details. Once you have a CSR, enter the following to generate a "
9844
"certificate signed by the CA:"
9845
msgstr ""
9846
9847
#: serverguide/C/security.xml:1571(command)
9848
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9849
msgstr ""
9850
9851
#: serverguide/C/security.xml:1574(para)
9852
msgid ""
9853
"After entering the password for the CA key, you will be prompted to sign the "
9854
"certificate, and again to commit the new certificate. You should then see a "
9855
"somewhat large amount of output related to the certificate creation."
9856
msgstr ""
9857
9858
#: serverguide/C/security.xml:1583(para)
9859
msgid ""
9860
"There should now be a new file, "
9861
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9862
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9863
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9864
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9865
"the server where the certificate will be installed. For example "
9866
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9867
msgstr ""
9868
9869
#: serverguide/C/security.xml:1591(para)
9870
msgid ""
9871
"Subsequent certificates will be named <filename>02.pem</filename>, "
9872
"<filename>03.pem</filename>, etc."
9873
msgstr ""
9874
9875
#: serverguide/C/security.xml:1596(para)
9876
msgid ""
9877
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9878
"name."
9879
msgstr ""
9880
9881
#: serverguide/C/security.xml:1604(para)
9882
msgid ""
9883
"Finally, copy the new certificate to the host that needs it, and configure "
9884
"the appropriate applications to use it. The default location to install "
9885
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9886
"enables multiple services to use the same certificate without overly "
9887
"complicated file permissions."
9888
msgstr ""
9889
9890
#: serverguide/C/security.xml:1610(para)
9891
msgid ""
9892
"For applications that can be configured to use a CA certificate, you should "
9893
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9894
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9895
"server."
9896
msgstr ""
9897
9898
#: serverguide/C/security.xml:1624(para)
9899
msgid ""
9900
"For more detailed instructions on using cryptography see the <ulink "
9901
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9902
"Certificates HOWTO</ulink> by tlpd.org"
9903
msgstr ""
9904
9905
#: serverguide/C/security.xml:1630(para)
9906
msgid ""
9907
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9908
"of Certificate Authorities."
9909
msgstr ""
9910
9911
#: serverguide/C/security.xml:1635(para)
9912
msgid ""
9913
"The Wikipedia <ulink "
9914
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9915
"information regarding HTTPS."
9916
msgstr ""
9917
9918
#: serverguide/C/security.xml:1640(para)
9919
msgid ""
9920
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9921
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9922
msgstr ""
9923
9924
#: serverguide/C/security.xml:1645(para)
9925
msgid ""
9926
"Also, O'Reilly's <ulink "
9927
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9928
"OpenSSL</ulink> is a good in depth reference."
9929
msgstr ""
9930
9931
#: serverguide/C/security.xml:1654(title)
9932
msgid "eCryptfs"
9933
msgstr ""
9934
9935
#: serverguide/C/security.xml:1656(para)
9936
msgid ""
9937
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9938
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9939
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9940
"filesystem, partition type, etc."
9941
msgstr ""
9942
9943
#: serverguide/C/security.xml:1662(para)
9944
msgid ""
9945
"During installation there is an option to encrypt the <filename "
9946
"role=\"directory\">/home</filename> partition. This will automatically "
9947
"configure everything needed to encrypt and mount the partition."
9948
msgstr ""
9949
9950
#: serverguide/C/security.xml:1667(para)
9951
msgid ""
9952
"As an example, this section will cover configuring <filename "
9953
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9954
msgstr ""
9955
9956
#: serverguide/C/security.xml:1672(title)
9957
msgid "Using eCryptfs"
9958
msgstr ""
9959
9960
#: serverguide/C/security.xml:1674(para)
9961
msgid "First, install the necessary packages. From a terminal prompt enter:"
9962
msgstr ""
9963
9964
#: serverguide/C/security.xml:1679(command)
9965
msgid "sudo apt-get install ecryptfs-utils"
9966
msgstr ""
9967
9968
#: serverguide/C/security.xml:1682(para)
9969
msgid "Now mount the partition to be encrypted:"
9970
msgstr ""
9971
9972
#: serverguide/C/security.xml:1687(command)
9973
msgid "sudo mount -t ecryptfs /srv /srv"
9974
msgstr ""
9975
9976
#: serverguide/C/security.xml:1690(para)
9977
msgid ""
9978
"You will then be prompted for some details on how "
9979
"<application>ecryptfs</application> should encrypt the data."
9980
msgstr ""
9981
9982
#: serverguide/C/security.xml:1694(para)
9983
msgid ""
9984
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9985
"copy the <filename>/etc/default</filename> folder to "
9986
"<filename>/srv</filename>:"
9987
msgstr ""
9988
9989
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9990
msgid "sudo cp -r /etc/default /srv"
9991
msgstr ""
9992
9993
#: serverguide/C/security.xml:1703(para)
9994
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9995
msgstr ""
9996
9997
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9998
msgid "sudo umount /srv"
9999
msgstr ""
10000
10001
#: serverguide/C/security.xml:1709(command)
10002
msgid "cat /srv/default/cron"
10003
msgstr ""
10004
10005
#: serverguide/C/security.xml:1712(para)
10006
msgid ""
10007
"Remounting <filename>/srv</filename> using "
10008
"<application>ecryptfs</application> will make the data viewable once again."
10009
msgstr ""
10010
10011
#: serverguide/C/security.xml:1718(title)
10012
msgid "Automatically Mounting Encrypted Partitions"
10013
msgstr ""
10014
10015
#: serverguide/C/security.xml:1720(para)
10016
msgid ""
10017
"There are a couple of ways to automatically mount an "
10018
"<application>ecryptfs</application> encrypted filesystem at boot. This "
10019
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
10020
"mount options, along with a passphrase file residing on a USB key."
10021
msgstr ""
10022
10023
#: serverguide/C/security.xml:1726(para)
10024
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
10025
msgstr ""
10026
10027
#: serverguide/C/security.xml:1730(programlisting)
10028
#, no-wrap
10029
msgid ""
10030
"\n"
10031
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10032
"ecryptfs_sig=5826dd62cf81c615\n"
10033
"ecryptfs_cipher=aes\n"
10034
"ecryptfs_key_bytes=16\n"
10035
"ecryptfs_passthrough=n\n"
10036
"ecryptfs_enable_filename_crypto=n\n"
10037
msgstr ""
10038
10039
#: serverguide/C/security.xml:1740(para)
10040
msgid ""
10041
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
10042
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
10043
msgstr ""
10044
10045
#: serverguide/C/security.xml:1745(para)
10046
msgid ""
10047
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
10048
"file:"
10049
msgstr ""
10050
10051
#: serverguide/C/security.xml:1749(programlisting)
10052
#, no-wrap
10053
msgid ""
10054
"\n"
10055
"passphrase_passwd=[secrets]\n"
10056
msgstr ""
10057
10058
#: serverguide/C/security.xml:1753(para)
10059
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
10060
msgstr ""
10061
10062
#: serverguide/C/security.xml:1757(programlisting)
10063
#, no-wrap
10064
msgid ""
10065
"\n"
10066
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10067
"/srv /srv ecryptfs defaults 0 0\n"
10068
msgstr ""
10069
10070
#: serverguide/C/security.xml:1762(para)
10071
msgid "Make sure the USB drive is mounted before the encrypted partition."
10072
msgstr ""
10073
10074
#: serverguide/C/security.xml:1766(para)
10075
msgid ""
10076
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
10077
"ecryptfs."
10078
msgstr ""
10079
10080
#: serverguide/C/security.xml:1774(para)
10081
msgid ""
10082
"The <application>ecryptfs-utils</application> package includes several other "
10083
"useful utilities:"
10084
msgstr ""
10085
10086
#: serverguide/C/security.xml:1780(para)
10087
msgid ""
10088
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
10089
"<filename>~/Private</filename> directory to contain encrypted information. "
10090
"This utility can be run by unprivileged users to keep data private from "
10091
"other users on the system."
10092
msgstr ""
10093
10094
#: serverguide/C/security.xml:1787(para)
10095
msgid ""
10096
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
10097
"will mount and unmount respectively, a users <filename>~/Private</filename> "
10098
"directory."
10099
msgstr ""
10100
10101
#: serverguide/C/security.xml:1793(para)
10102
msgid ""
10103
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
10104
"kernel keyring."
10105
msgstr ""
10106
10107
#: serverguide/C/security.xml:1798(para)
10108
msgid ""
10109
"<emphasis>ecryptfs-manager:</emphasis> manages "
10110
"<application>eCryptfs</application> objects such as keys."
10111
msgstr ""
10112
10113
#: serverguide/C/security.xml:1803(para)
10114
msgid ""
10115
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
10116
"<application>ecryptfs</application> meta information for a file."
10117
msgstr ""
10118
10119
#: serverguide/C/security.xml:1816(para)
10120
msgid ""
10121
"For more information on eCryptfs see the <ulink "
10122
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
10123
msgstr ""
10124
10125
#: serverguide/C/security.xml:1821(para)
10126
msgid ""
10127
"There is also a <ulink "
10128
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
10129
"article covering eCryptfs."
10130
msgstr ""
10131
10132
#: serverguide/C/security.xml:1826(para)
10133
msgid ""
10134
"Also, for more <application>ecryptfs</application> options see the <ulink "
10135
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
10136
"ecryptfs man page</ulink>."
10137
msgstr ""
10138
10139
#: serverguide/C/security.xml:1832(para)
10140
msgid ""
10141
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
10142
"Ubuntu Wiki</ulink> page also has more details."
10143
msgstr ""
10144
10145
#: serverguide/C/reporting-bugs.xml:13(title)
10146
msgid "Appendix"
10147
msgstr ""
10148
10149
#: serverguide/C/reporting-bugs.xml:16(title)
10150
msgid "Reporting Bugs in Ubuntu Server Edition"
10151
msgstr ""
10152
10153
#: serverguide/C/reporting-bugs.xml:18(para)
10154
msgid ""
10155
"While the Ubuntu Project attempts to release software with as few bugs as "
10156
"possible, they do occur. You can help fix these bugs by reporting ones that "
10157
"you find to the project. The Ubuntu Project uses <ulink "
10158
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
10159
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
10160
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
10161
"account</ulink>."
10162
msgstr ""
10163
10164
#: serverguide/C/reporting-bugs.xml:30(title)
10165
msgid "Reporting Bugs With ubuntu-bug"
10166
msgstr ""
10167
10168
#: serverguide/C/reporting-bugs.xml:32(para)
10169
msgid ""
10170
"The preferred way to report a bug is with the <application>ubuntu-"
10171
"bug</application> command. The ubuntu-bug tool gathers information about the "
10172
"system useful to developers in diagnosing the reported problem that will "
10173
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
10174
"need to be filed against a specific software package, thus the name of the "
10175
"package that the bug occurs in needs to be given to ubuntu-bug:"
10176
msgstr ""
10177
10178
#: serverguide/C/reporting-bugs.xml:43(command)
10179
msgid "ubuntu-bug PACKAGENAME"
10180
msgstr ""
10181
10182
#: serverguide/C/reporting-bugs.xml:46(para)
10183
msgid ""
10184
"For example, to file a bug against the openssh-server package, you would do:"
10185
msgstr ""
10186
10187
#: serverguide/C/reporting-bugs.xml:51(command)
10188
msgid "ubuntu-bug openssh-server"
10189
msgstr ""
10190
10191
#: serverguide/C/reporting-bugs.xml:54(para)
10192
msgid ""
10193
"You can specify either a binary package or the source package for ubuntu-"
10194
"bug. Again using openssh-server as an example, you could also generate the "
10195
"report against the source package for openssh-server, openssh:"
10196
msgstr ""
10197
10198
#: serverguide/C/reporting-bugs.xml:62(command)
10199
msgid "ubuntu-bug openssh"
10200
msgstr ""
10201
10202
#: serverguide/C/reporting-bugs.xml:66(para)
10203
msgid ""
10204
"See <xref linkend=\"package-management\"/> for more information about "
10205
"packages in Ubuntu."
10206
msgstr ""
10207
10208
#: serverguide/C/reporting-bugs.xml:72(para)
10209
msgid ""
10210
"The ubuntu-bug command will gather information about the system in question, "
10211
"possibly including information specific to the specified package, and then "
10212
"ask you what you would like to do with collected information:"
10213
msgstr ""
10214
10215
#: serverguide/C/reporting-bugs.xml:80(command)
10216
msgid "ubuntu-bug postgresql"
10217
msgstr ""
10218
10219
#: serverguide/C/reporting-bugs.xml:79(screen)
10220
#, no-wrap
10221
msgid ""
10222
"\n"
10223
"<placeholder-1/>\n"
10224
"\n"
10225
"*** Collecting problem information\n"
10226
"\n"
10227
"The collected information can be sent to the developers to improve the\n"
10228
"application. This might take a few minutes.\n"
10229
"..........\n"
10230
"\n"
10231
"*** Send problem report to the developers?\n"
10232
"\n"
10233
"After the problem report has been sent, please fill out the form in the\n"
10234
"automatically opened web browser.\n"
10235
"\n"
10236
"What would you like to do? Your options are:\n"
10237
" S: Send report (1.7 KiB)\n"
10238
" V: View report\n"
10239
" K: Keep report file for sending later or copying to somewhere else\n"
10240
" C: Cancel\n"
10241
"Please choose (S/V/K/C):\n"
10242
msgstr ""
10243
10244
#: serverguide/C/reporting-bugs.xml:101(para)
10245
msgid "The options available are:"
10246
msgstr ""
10247
10248
#: serverguide/C/reporting-bugs.xml:108(para)
10249
msgid ""
10250
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
10251
"the collected information to Launchpad as part of the the process of filing "
10252
"a bug report. You will be given the opportunity to describe the situation "
10253
"that led up to the occurrence of the bug."
10254
msgstr ""
10255
10256
#: serverguide/C/reporting-bugs.xml:115(screen)
10257
#, no-wrap
10258
msgid ""
10259
"\n"
10260
"*** Uploading problem information\n"
10261
"\n"
10262
"The collected information is being sent to the bug tracking system.\n"
10263
"This might take a few minutes.\n"
10264
"91%\n"
10265
"\n"
10266
"*** To continue, you must visit the following URL:\n"
10267
"\n"
10268
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
10269
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
10270
"\n"
10271
"You can launch a browser now, or copy this URL into a browser on another\n"
10272
"computer.\n"
10273
"\n"
10274
"Choices:\n"
10275
" 1: Launch a browser now\n"
10276
" C: Cancel\n"
10277
"Please choose (1/C):\n"
10278
msgstr ""
10279
10280
#: serverguide/C/reporting-bugs.xml:135(para)
10281
msgid ""
10282
"If you choose to start a browser, by default the text based web browser "
10283
"<application>w3m</application> will be used to finish filing the bug report. "
10284
"Alternately, you can copy the given URL to a currently running web browser."
10285
msgstr ""
10286
10287
#: serverguide/C/reporting-bugs.xml:144(para)
10288
msgid ""
10289
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
10290
"the collected information to be displayed to the terminal for review."
10291
msgstr ""
10292
10293
#: serverguide/C/reporting-bugs.xml:150(screen)
10294
#, no-wrap
10295
msgid ""
10296
"\n"
10297
"Package: postgresql 8.4.2-2\n"
10298
"PackageArchitecture: all\n"
10299
"Tags: lucid\n"
10300
"ProblemType: Bug\n"
10301
"ProcEnviron:\n"
10302
" LANG=en_US.UTF-8\n"
10303
" SHELL=/bin/bash\n"
10304
"Uname: Linux 2.6.32-16-server x86_64\n"
10305
"Dependencies:\n"
10306
" adduser 3.112ubuntu1\n"
10307
" base-files 5.0.0ubuntu10\n"
10308
" base-passwd 3.5.22\n"
10309
" coreutils 7.4-2ubuntu2\n"
10310
"...\n"
10311
msgstr ""
10312
10313
#: serverguide/C/reporting-bugs.xml:167(para)
10314
msgid ""
10315
"After viewing the report, you will be brought back to the same menu asking "
10316
"what you would like to do with the report."
10317
msgstr ""
10318
10319
#: serverguide/C/reporting-bugs.xml:174(para)
10320
msgid ""
10321
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
10322
"File causes the gathered information to be written to a file. This file can "
10323
"then be used to later file a bug report or transferred to a different Ubuntu "
10324
"system for reporting. To submit the report file, simply give it as an "
10325
"argument to the ubuntu-bug command:"
10326
msgstr ""
10327
10328
#: serverguide/C/reporting-bugs.xml:189(userinput)
10329
#, no-wrap
10330
msgid "k"
10331
msgstr ""
10332
10333
#: serverguide/C/reporting-bugs.xml:192(command)
10334
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
10335
msgstr ""
10336
10337
#: serverguide/C/reporting-bugs.xml:183(screen)
10338
#, no-wrap
10339
msgid ""
10340
"\n"
10341
"What would you like to do? Your options are:\n"
10342
" S: Send report (1.7 KiB)\n"
10343
" V: View report\n"
10344
" K: Keep report file for sending later or copying to somewhere else\n"
10345
" C: Cancel\n"
10346
"Please choose (S/V/K/C): <placeholder-1/>\n"
10347
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
10348
"\n"
10349
"<placeholder-2/>\n"
10350
"\n"
10351
"*** Send problem report to the developers?\n"
10352
"...\n"
10353
msgstr ""
10354
10355
#: serverguide/C/reporting-bugs.xml:200(para)
10356
msgid ""
10357
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
10358
"collected information to be discarded."
10359
msgstr ""
10360
10361
#: serverguide/C/reporting-bugs.xml:210(title)
10362
msgid "Reporting Application Crashes"
10363
msgstr ""
10364
10365
#: serverguide/C/reporting-bugs.xml:212(para)
10366
msgid ""
10367
"The software package that provides the ubuntu-bug utility, "
10368
"<application>apport</application>, can be configured to trigger when "
10369
"applications crash. This is disabled by default, as capturing a crash can be "
10370
"resource intensive depending on how much memory the application that crashed "
10371
"was using as apport captures and processes the core dump."
10372
msgstr ""
10373
10374
#: serverguide/C/reporting-bugs.xml:221(para)
10375
msgid ""
10376
"Configuring apport to capture information about crashing applications "
10377
"requires a couple of steps. First, <application>gdb</application> needs to "
10378
"be installed; it is not installed by default in Ubuntu Server Edition."
10379
msgstr ""
10380
10381
#: serverguide/C/reporting-bugs.xml:229(command)
10382
msgid "sudo apt-get install gdb"
10383
msgstr ""
10384
10385
#: serverguide/C/reporting-bugs.xml:232(para)
10386
msgid ""
10387
"See <xref linkend=\"package-management\"/> for more information about "
10388
"managing packages in Ubuntu."
10389
msgstr ""
10390
10391
#: serverguide/C/reporting-bugs.xml:237(para)
10392
msgid ""
10393
"Once you have ensured that gdb is installed, open the file "
10394
"<filename>/etc/default/apport</filename> in your text editor, and change the "
10395
"<emphasis>enabled</emphasis> setting to be <emphasis "
10396
"role=\"bold\">1</emphasis> like so:"
10397
msgstr ""
10398
10399
#: serverguide/C/reporting-bugs.xml:244(programlisting)
10400
#, no-wrap
10401
msgid ""
10402
"\n"
10403
"# set this to 0 to disable apport, or to 1 to enable it\n"
10404
"# you can temporarily override this with\n"
10405
"# sudo service apport start force_start=1\n"
10406
"enabled=<userinput>1</userinput>\n"
10407
"\n"
10408
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
10409
"maxsize=209715200\n"
10410
msgstr ""
10411
10412
#: serverguide/C/reporting-bugs.xml:254(para)
10413
msgid ""
10414
"Once you have completed editing <filename>/etc/default/apport</filename>, "
10415
"start the apport service:"
10416
msgstr ""
10417
10418
#: serverguide/C/reporting-bugs.xml:261(command)
10419
msgid "sudo start apport"
10420
msgstr ""
10421
10422
#: serverguide/C/reporting-bugs.xml:264(para)
10423
msgid ""
10424
"After an application crashes, use the <application>apport-cli</application> "
10425
"command to search for the existing saved crash report information:"
10426
msgstr ""
10427
10428
#: serverguide/C/reporting-bugs.xml:271(command)
10429
msgid "apport-cli"
10430
msgstr ""
10431
10432
#: serverguide/C/reporting-bugs.xml:270(screen)
10433
#, no-wrap
10434
msgid ""
10435
"\n"
10436
"<placeholder-1/>\n"
10437
"\n"
10438
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
10439
"\n"
10440
"If you were not doing anything confidential (entering passwords or other\n"
10441
"private information), you can help to improve the application by\n"
10442
"reporting\n"
10443
"the problem.\n"
10444
"\n"
10445
"What would you like to do? Your options are:\n"
10446
" R: Report Problem...\n"
10447
" I: Cancel and ignore future crashes of this program version\n"
10448
" C: Cancel\n"
10449
"Please choose (R/I/C):\n"
10450
msgstr ""
10451
10452
#: serverguide/C/reporting-bugs.xml:287(para)
10453
msgid ""
10454
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
10455
"steps as when using ubuntu-bug. One important difference is that a crash "
10456
"report will be marked as private when filed on Launchpad, meaning that it "
10457
"will be visible to only a limited set of bug triagers. These triagers will "
10458
"review the gathered data for private information before making the bug "
10459
"report publicly visible."
10460
msgstr ""
10461
10462
#: serverguide/C/reporting-bugs.xml:307(para)
10463
msgid ""
10464
"See the <ulink "
10465
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
10466
"Bugs</ulink> Ubuntu wiki page."
10467
msgstr ""
10468
10469
#: serverguide/C/reporting-bugs.xml:313(para)
10470
msgid ""
10471
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
10472
"has some useful information. Though some of it pertains to using a GUI."
10473
msgstr ""
10474
10475
#: serverguide/C/remote-administration.xml:13(title)
10476
msgid "Remote Administration"
10477
msgstr ""
10478
10479
#: serverguide/C/remote-administration.xml:14(para)
10480
msgid ""
10481
"There are many ways to remotely administer a Linux server. This chapter will "
10482
"cover one of the most popular <application>OpenSSH</application>."
10483
msgstr ""
10484
10485
#: serverguide/C/remote-administration.xml:22(para)
10486
msgid ""
10487
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10488
"tools for the remote control of networked computers and transfer of data "
10489
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10490
"also learn about some of the configuration settings possible with the "
10491
"OpenSSH server application and how to change them on your Ubuntu system."
10492
msgstr ""
10493
10494
#: serverguide/C/remote-administration.xml:29(para)
10495
msgid ""
10496
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10497
"family of tools for remotely controlling a computer or transferring files "
10498
"between computers. Traditional tools used to accomplish these functions, "
10499
"such as <application>telnet</application> or <application>rcp</application>, "
10500
"are insecure and transmit the user's password in cleartext when used. "
10501
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10502
"encrypted remote control and file transfer operations, effectively replacing "
10503
"the legacy tools."
10504
msgstr ""
10505
10506
#: serverguide/C/remote-administration.xml:38(para)
10507
msgid ""
10508
"The OpenSSH server component, <application>sshd</application>, listens "
10509
"continuously for client connections from any of the client tools. When a "
10510
"connection request occurs, <application>sshd</application> sets up the "
10511
"correct connection depending on the type of client tool connecting. For "
10512
"example, if the remote computer is connecting with the "
10513
"<application>ssh</application> client application, the OpenSSH server sets "
10514
"up a remote control session after authentication. If a remote user connects "
10515
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
10516
"daemon initiates a secure copy of files between the server and client after "
10517
"authentication. OpenSSH can use many authentication methods, including plain "
10518
"password, public key, and <application>Kerberos</application> tickets."
10519
msgstr ""
10520
10521
#: serverguide/C/remote-administration.xml:52(para)
10522
msgid ""
10523
"Installation of the OpenSSH client and server applications is simple. To "
10524
"install the OpenSSH client applications on your Ubuntu system, use this "
10525
"command at a terminal prompt:"
10526
msgstr ""
10527
10528
#: serverguide/C/remote-administration.xml:58(command)
10529
msgid "sudo apt-get install openssh-client"
10530
msgstr ""
10531
10532
#: serverguide/C/remote-administration.xml:60(para)
10533
msgid ""
10534
"To install the OpenSSH server application, and related support files, use "
10535
"this command at a terminal prompt:"
10536
msgstr ""
10537
10538
#: serverguide/C/remote-administration.xml:65(command)
10539
msgid "sudo apt-get install openssh-server"
10540
msgstr ""
10541
10542
#: serverguide/C/remote-administration.xml:67(para)
10543
msgid ""
10544
"The <application>openssh-server</application> package can also be selected "
10545
"to install during the Server Edition installation process."
10546
msgstr ""
10547
10548
#: serverguide/C/remote-administration.xml:74(para)
10549
msgid ""
10550
"You may configure the default behavior of the OpenSSH server application, "
10551
"<application>sshd</application>, by editing the file "
10552
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10553
"configuration directives used in this file, you may view the appropriate "
10554
"manual page with the following command, issued at a terminal prompt:"
10555
msgstr ""
10556
10557
#: serverguide/C/remote-administration.xml:82(command)
10558
msgid "man sshd_config"
10559
msgstr ""
10560
10561
#: serverguide/C/remote-administration.xml:84(para)
10562
msgid ""
10563
"There are many directives in the <application>sshd</application> "
10564
"configuration file controlling such things as communication settings and "
10565
"authentication modes. The following are examples of configuration directives "
10566
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10567
"file."
10568
msgstr ""
10569
10570
#: serverguide/C/remote-administration.xml:91(para)
10571
msgid ""
10572
"Prior to editing the configuration file, you should make a copy of the "
10573
"original file and protect it from writing so you will have the original "
10574
"settings as a reference and to reuse as necessary."
10575
msgstr ""
10576
10577
#: serverguide/C/remote-administration.xml:95(para)
10578
msgid ""
10579
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10580
"writing with the following commands, issued at a terminal prompt:"
10581
msgstr ""
10582
10583
#: serverguide/C/remote-administration.xml:100(command)
10584
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10585
msgstr ""
10586
10587
#: serverguide/C/remote-administration.xml:101(command)
10588
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10589
msgstr ""
10590
10591
#: serverguide/C/remote-administration.xml:103(para)
10592
msgid ""
10593
"The following are examples of configuration directives you may change:"
10594
msgstr ""
10595
10596
#: serverguide/C/remote-administration.xml:108(para)
10597
msgid ""
10598
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10599
"port 22, change the Port directive as such:"
10600
msgstr ""
10601
10602
#: serverguide/C/remote-administration.xml:112(para)
10603
msgid "Port 2222"
10604
msgstr ""
10605
10606
#: serverguide/C/remote-administration.xml:117(para)
10607
msgid ""
10608
"To have <application>sshd</application> allow public key-based login "
10609
"credentials, simply add or modify the line:"
10610
msgstr ""
10611
10612
#: serverguide/C/remote-administration.xml:121(para)
10613
msgid "PubkeyAuthentication yes"
10614
msgstr ""
10615
10616
#: serverguide/C/remote-administration.xml:124(para)
10617
msgid ""
10618
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10619
"present, ensure the line is not commented out."
10620
msgstr ""
10621
10622
#: serverguide/C/remote-administration.xml:130(para)
10623
msgid ""
10624
"To make your OpenSSH server display the contents of the "
10625
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10626
"or modify the line:"
10627
msgstr ""
10628
10629
#: serverguide/C/remote-administration.xml:135(para)
10630
msgid "Banner /etc/issue.net"
10631
msgstr ""
10632
10633
#: serverguide/C/remote-administration.xml:138(para)
10634
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10635
msgstr ""
10636
10637
#: serverguide/C/remote-administration.xml:143(para)
10638
msgid ""
10639
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10640
"save the file, and restart the <application>sshd</application> server "
10641
"application to effect the changes using the following command at a terminal "
10642
"prompt:"
10643
msgstr ""
10644
10645
#: serverguide/C/remote-administration.xml:152(para)
10646
msgid ""
10647
"Many other configuration directives for <application>sshd</application> are "
10648
"available for changing the server application's behavior to fit your needs. "
10649
"Be advised, however, if your only method of access to a server is "
10650
"<application>ssh</application>, and you make a mistake in configuring "
10651
"<application>sshd</application> via the "
10652
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10653
"out of the server upon restarting it, or that the "
10654
"<application>sshd</application> server refuses to start due to an incorrect "
10655
"configuration directive, so be extra careful when editing this file on a "
10656
"remote server."
10657
msgstr ""
10658
10659
#: serverguide/C/remote-administration.xml:167(title)
10660
msgid "SSH Keys"
10661
msgstr ""
10662
10663
#: serverguide/C/remote-administration.xml:168(para)
10664
msgid ""
10665
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10666
"the need of a password. SSH key authentication uses two keys a "
10667
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10668
msgstr ""
10669
10670
#: serverguide/C/remote-administration.xml:172(para)
10671
msgid "To generate the keys, from a terminal prompt enter:"
10672
msgstr ""
10673
10674
#: serverguide/C/remote-administration.xml:176(command)
10675
msgid "ssh-keygen -t dsa"
10676
msgstr ""
10677
10678
#: serverguide/C/remote-administration.xml:178(para)
10679
msgid ""
10680
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10681
"identity of the user. During the process you will be prompted for a "
10682
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10683
"key."
10684
msgstr ""
10685
10686
#: serverguide/C/remote-administration.xml:182(para)
10687
msgid ""
10688
"By default the <emphasis>public</emphasis> key is saved in the file "
10689
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10690
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10691
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10692
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10693
msgstr ""
10694
10695
#: serverguide/C/remote-administration.xml:188(command)
10696
msgid "ssh-copy-id username@remotehost"
10697
msgstr ""
10698
10699
#: serverguide/C/remote-administration.xml:190(para)
10700
msgid ""
10701
"Finally, double check the permissions on the "
10702
"<filename>authorized_keys</filename> file, only the authenticated user "
10703
"should have read and write permissions. If the permissions are not correct "
10704
"change them by:"
10705
msgstr ""
10706
10707
#: serverguide/C/remote-administration.xml:195(command)
10708
msgid "chmod 600 .ssh/authorized_keys"
10709
msgstr ""
10710
10711
#: serverguide/C/remote-administration.xml:197(para)
10712
msgid ""
10713
"You should now be able to SSH to the host without being prompted for a "
10714
"password."
10715
msgstr ""
10716
10717
#: serverguide/C/remote-administration.xml:206(para)
10718
msgid ""
10719
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10720
"page."
10721
msgstr ""
10722
10723
#: serverguide/C/remote-administration.xml:212(ulink)
10724
msgid "OpenSSH Website"
10725
msgstr ""
10726
10727
#: serverguide/C/remote-administration.xml:217(ulink)
10728
msgid "Advanced OpenSSH Wiki Page"
10729
msgstr ""
10730
10731
#: serverguide/C/package-management.xml:13(title)
10732
msgid "Package Management"
10733
msgstr ""
10734
10735
#: serverguide/C/package-management.xml:14(para)
10736
msgid ""
10737
"Ubuntu features a comprehensive package management system for the "
10738
"installation, upgrade, configuration, and removal of software. In addition "
10739
"to providing access to an organized base of over 24,000 software packages "
10740
"for your Ubuntu computer, the package management facilities also feature "
10741
"dependency resolution capabilities and software update checking."
10742
msgstr ""
10743
10744
#: serverguide/C/package-management.xml:16(para)
10745
msgid ""
10746
"Several tools are available for interacting with Ubuntu's package management "
10747
"system, from simple command-line utilities which may be easily automated by "
10748
"system administrators, to a simple graphical interface which is easy to use "
10749
"by those new to Ubuntu."
10750
msgstr ""
10751
10752
#: serverguide/C/package-management.xml:21(para)
10753
msgid ""
10754
"Ubuntu's package management system is derived from the same system used by "
10755
"the Debian GNU/Linux distribution. The package files contain all of the "
10756
"necessary files, meta-data, and instructions to implement a particular "
10757
"functionality or software application on your Ubuntu computer."
10758
msgstr ""
10759
10760
#: serverguide/C/package-management.xml:24(para)
10761
msgid ""
10762
"Debian package files typically have the extension '.deb', and typically "
10763
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10764
"collections of packages found on various media, such as CD-ROM discs, or "
10765
"online. Packages are normally of the pre-compiled binary format; thus "
10766
"installation is quick and requires no compiling of software."
10767
msgstr ""
10768
10769
#: serverguide/C/package-management.xml:27(para)
10770
msgid ""
10771
"Many complex packages use the concept of <emphasis "
10772
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10773
"packages required by the principal package in order to function properly. "
10774
"For example, the speech synthesis package "
10775
"<application>Festival</application> depends upon the package "
10776
"<application>libasound2</application>, which is a package supplying the "
10777
"<application>ALSA</application> sound library needed for audio playback. In "
10778
"order for <application>Festival</application> to function, it and all of its "
10779
"dependencies must be installed. The software management tools in Ubuntu will "
10780
"do this automatically."
10781
msgstr ""
10782
10783
#: serverguide/C/package-management.xml:32(title)
10784
msgid "dpkg"
10785
msgstr ""
10786
10787
#: serverguide/C/package-management.xml:34(para)
10788
msgid ""
10789
"<application>dpkg</application> is a package manager for "
10790
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10791
"packages, but unlike other package management system's it can not "
10792
"automatically download and install packages and their dependencies. This "
10793
"section covers using <application>dpkg</application> to manage locally "
10794
"installed packages:"
10795
msgstr ""
10796
10797
#: serverguide/C/package-management.xml:43(para)
10798
msgid ""
10799
"To list all packages installed on the system, from a terminal prompt enter:"
10800
msgstr ""
10801
10802
#: serverguide/C/package-management.xml:48(command)
10803
msgid "dpkg -l"
10804
msgstr ""
10805
10806
#: serverguide/C/package-management.xml:54(para)
10807
msgid ""
10808
"Depending on the amount of packages on your system, this can generate a "
10809
"large amount of output. Pipe the output through "
10810
"<application>grep</application> to see if a specific package is installed:"
10811
msgstr ""
10812
10813
#: serverguide/C/package-management.xml:60(command)
10814
msgid "dpkg -l | grep apache2"
10815
msgstr ""
10816
10817
#: serverguide/C/package-management.xml:63(para)
10818
msgid ""
10819
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10820
"package name, or other regular expression."
10821
msgstr ""
10822
10823
#: serverguide/C/package-management.xml:70(para)
10824
msgid ""
10825
"To list the files installed by a package, in this case the "
10826
"<application>ufw</application> package, enter:"
10827
msgstr ""
10828
10829
#: serverguide/C/package-management.xml:75(command)
10830
msgid "dpkg -L ufw"
10831
msgstr ""
10832
10833
#: serverguide/C/package-management.xml:81(para)
10834
msgid ""
10835
"If you are not sure which package installed a file, <application>dpkg -"
10836
"S</application> may be able to tell you. For example:"
10837
msgstr ""
10838
10839
#: serverguide/C/package-management.xml:87(command)
10840
msgid "dpkg -S /etc/host.conf"
10841
msgstr ""
10842
10843
#: serverguide/C/package-management.xml:88(computeroutput)
10844
#, no-wrap
10845
msgid "base-files: /etc/host.conf"
10846
msgstr ""
10847
10848
#: serverguide/C/package-management.xml:91(para)
10849
msgid ""
10850
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10851
"<application>base-files</application> package."
10852
msgstr ""
10853
10854
#: serverguide/C/package-management.xml:96(para)
10855
msgid ""
10856
"Many files are automatically generated during the package install process, "
10857
"and even though they are on the filesystem <command>dpkg -S</command> may "
10858
"not know which package they belong to."
10859
msgstr ""
10860
10861
#: serverguide/C/package-management.xml:105(para)
10862
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10863
msgstr ""
10864
10865
#: serverguide/C/package-management.xml:110(command)
10866
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10867
msgstr ""
10868
10869
#: serverguide/C/package-management.xml:113(para)
10870
msgid ""
10871
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10872
"the local .deb file."
10873
msgstr ""
10874
10875
#: serverguide/C/package-management.xml:120(para)
10876
msgid "Uninstalling a package can be accomplished by:"
10877
msgstr ""
10878
10879
#: serverguide/C/package-management.xml:125(command)
10880
msgid "sudo dpkg -r zip"
10881
msgstr ""
10882
10883
#: serverguide/C/package-management.xml:129(para)
10884
msgid ""
10885
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10886
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10887
"manager that handles dependencies, to ensure that the system is in a "
10888
"consistent state. For example using <command>dpkg -r</command> you can "
10889
"remove the <application>zip</application> package, but any packages that "
10890
"depend on it will still be installed and may no longer function correctly."
10891
msgstr ""
10892
10893
#: serverguide/C/package-management.xml:140(para)
10894
msgid ""
10895
"For more <application>dpkg</application> options see the man page: "
10896
"<command>man dpkg</command>."
10897
msgstr ""
10898
10899
#: serverguide/C/package-management.xml:146(title)
10900
msgid "Apt-Get"
10901
msgstr ""
10902
10903
#: serverguide/C/package-management.xml:147(para)
10904
msgid ""
10905
"The <application>apt-get</application> command is a powerful command-line "
10906
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10907
"(APT) performing such functions as installation of new software packages, "
10908
"upgrade of existing software packages, updating of the package list index, "
10909
"and even upgrading the entire Ubuntu system."
10910
msgstr ""
10911
10912
#: serverguide/C/package-management.xml:150(para)
10913
msgid ""
10914
"Being a simple command-line tool, <application>apt-get</application> has "
10915
"numerous advantages over other package management tools available in Ubuntu "
10916
"for server administrators. Some of these advantages include ease of use over "
10917
"simple terminal connections (SSH) and the ability to be used in system "
10918
"administration scripts, which can in turn be automated by the "
10919
"<application>cron</application> scheduling utility."
10920
msgstr ""
10921
10922
#: serverguide/C/package-management.xml:157(para)
10923
msgid ""
10924
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10925
"packages using the <application>apt-get</application> tool is quite simple. "
10926
"For example, to install the network scanner <emphasis "
10927
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10928
"<command>sudo apt-get install nmap</command>\n"
10929
"</screen>"
10930
msgstr ""
10931
10932
#: serverguide/C/package-management.xml:165(para)
10933
msgid ""
10934
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10935
"packages is also a straightforward and simple process. To remove the nmap "
10936
"package installed in the previous example, type the following: <screen>\n"
10937
"<command>sudo apt-get remove nmap</command>\n"
10938
"</screen>"
10939
msgstr ""
10940
10941
#: serverguide/C/package-management.xml:172(para)
10942
msgid ""
10943
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10944
"multiple packages to be installed or removed, separated by spaces."
10945
msgstr ""
10946
10947
#: serverguide/C/package-management.xml:175(para)
10948
msgid ""
10949
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10950
"remove</command> will remove the package configuration files as well. This "
10951
"may or may not be the desired effect so use with caution."
10952
msgstr ""
10953
10954
#: serverguide/C/package-management.xml:181(para)
10955
msgid ""
10956
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10957
"index is essentially a database of available packages from the repositories "
10958
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10959
"the local package index with the latest changes made in repositories, type "
10960
"the following: <screen>\n"
10961
"<command>sudo apt-get update</command>\n"
10962
"</screen>"
10963
msgstr ""
10964
10965
#: serverguide/C/package-management.xml:189(para)
10966
msgid ""
10967
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10968
"versions of packages currently installed on your computer may become "
10969
"available from the package repositories (for example security updates). To "
10970
"upgrade your system, first update your package index as outlined above, and "
10971
"then type: <screen>\n"
10972
"<command>sudo apt-get upgrade</command>\n"
10973
"</screen>"
10974
msgstr ""
10975
10976
#: serverguide/C/package-management.xml:195(para)
10977
msgid ""
10978
"For information on upgrading to a new Ubuntu release see <xref "
10979
"linkend=\"installing-upgrading\"/>."
10980
msgstr ""
10981
10982
#: serverguide/C/package-management.xml:153(para)
10983
msgid ""
10984
"Some examples of popular uses for the <application>apt-get</application> "
10985
"utility: <placeholder-1/>"
10986
msgstr ""
10987
10988
#: serverguide/C/package-management.xml:201(para)
10989
msgid ""
10990
"Actions of the <application>apt-get</application> command, such as "
10991
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10992
"log file."
10993
msgstr ""
10994
10995
#: serverguide/C/package-management.xml:204(para)
10996
msgid ""
10997
"For further information about the use of <application>APT</application>, "
10998
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10999
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
11000
"help</screen>"
11001
msgstr ""
11002
11003
#: serverguide/C/package-management.xml:208(title)
11004
msgid "Aptitude"
11005
msgstr ""
11006
11007
#: serverguide/C/package-management.xml:209(para)
11008
msgid ""
11009
"<application>Aptitude</application> is a menu-driven, text-based front-end "
11010
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
11011
"the common package management functions, such as installation, removal, and "
11012
"upgrade, are performed in <application>Aptitude</application> with single-"
11013
"key commands, which are typically lowercase letters."
11014
msgstr ""
11015
11016
#: serverguide/C/package-management.xml:212(para)
11017
msgid ""
11018
"<application>Aptitude</application> is best suited for use in a non-"
11019
"graphical terminal environment to ensure proper functioning of the command "
11020
"keys. You may start <application>Aptitude</application> as a normal user "
11021
"with the following command at a terminal prompt: <screen>\n"
11022
"<command>sudo aptitude</command>\n"
11023
"</screen>"
11024
msgstr ""
11025
11026
#: serverguide/C/package-management.xml:219(para)
11027
msgid ""
11028
"When <application>Aptitude</application> starts, you will see a menu bar at "
11029
"the top of the screen and two panes below the menu bar. The top pane "
11030
"contains package categories, such as <emphasis role=\"italics\">New "
11031
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
11032
"Packages</emphasis>. The bottom pane contains information related to the "
11033
"packages and package categories."
11034
msgstr ""
11035
11036
#: serverguide/C/package-management.xml:222(para)
11037
msgid ""
11038
"Using <application>Aptitude</application> for package management is "
11039
"relatively straightforward, and the user interface makes common tasks simple "
11040
"to perform. The following are examples of common package management "
11041
"functions as performed in <application>Aptitude</application>:"
11042
msgstr ""
11043
11044
#: serverguide/C/package-management.xml:226(para)
11045
msgid ""
11046
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
11047
"locate the package via the Not Installed Packages package category, for "
11048
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
11049
"key, and highlight the package you wish to install. After highlighting the "
11050
"package you wish to install, press the <keycap>+</keycap> key, and the "
11051
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
11052
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
11053
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
11054
"again, and you will be prompted to become root to complete the installation. "
11055
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
11056
"your user password to become root. Finally, press <keycap>g</keycap> once "
11057
"more and you'll be prompted to download the package. Press "
11058
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
11059
"prompt, and downloading and installation of the package will commence."
11060
msgstr ""
11061
11062
#: serverguide/C/package-management.xml:230(para)
11063
msgid ""
11064
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
11065
"locate the package via the Installed Packages package category, for example, "
11066
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
11067
"highlight the package you wish to remove. After highlighting the package you "
11068
"wish to install, press the <keycap>-</keycap> key, and the package entry "
11069
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
11070
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
11071
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
11072
"prompted to become root to complete the installation. Press "
11073
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
11074
"user password to become root. Finally, press <keycap>g</keycap> once more, "
11075
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
11076
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
11077
"the package will commence."
11078
msgstr ""
11079
11080
#: serverguide/C/package-management.xml:234(para)
11081
msgid ""
11082
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
11083
"package index, simply press the <keycap>u</keycap> key and you will be "
11084
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
11085
"which will result in a Password: prompt. Enter your user password to become "
11086
"root. Updating of the package index will commence. Press "
11087
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
11088
"presented to complete the process."
11089
msgstr ""
11090
11091
#: serverguide/C/package-management.xml:238(para)
11092
msgid ""
11093
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
11094
"perform the update of the package index as detailed above, and then press "
11095
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
11096
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
11097
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
11098
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
11099
"result in a Password: prompt. Enter your user password to become root. "
11100
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
11101
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
11102
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
11103
"will commence."
11104
msgstr ""
11105
11106
#: serverguide/C/package-management.xml:245(para)
11107
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11108
msgstr ""
11109
11110
#: serverguide/C/package-management.xml:250(para)
11111
msgid ""
11112
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11113
"configuration remains on system"
11114
msgstr ""
11115
11116
#: serverguide/C/package-management.xml:254(para)
11117
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11118
msgstr ""
11119
11120
#: serverguide/C/package-management.xml:258(para)
11121
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11122
msgstr ""
11123
11124
#: serverguide/C/package-management.xml:262(para)
11125
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11126
msgstr ""
11127
11128
#: serverguide/C/package-management.xml:266(para)
11129
msgid ""
11130
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11131
"configured"
11132
msgstr ""
11133
11134
#: serverguide/C/package-management.xml:270(para)
11135
msgid ""
11136
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11137
"and requires fix"
11138
msgstr ""
11139
11140
#: serverguide/C/package-management.xml:274(para)
11141
msgid ""
11142
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11143
"requires fix"
11144
msgstr ""
11145
11146
#: serverguide/C/package-management.xml:242(para)
11147
msgid ""
11148
"The first column of information displayed in the package list in the top "
11149
"pane, when actually viewing packages lists the current state of the package, "
11150
"and uses the following key to describe the state of the package: "
11151
"<placeholder-1/>"
11152
msgstr ""
11153
11154
#: serverguide/C/package-management.xml:280(para)
11155
msgid ""
11156
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11157
"wish to exit. Many other functions are available from the Aptitude menu by "
11158
"pressing the <keycap>F10</keycap> key."
11159
msgstr ""
11160
11161
#: serverguide/C/package-management.xml:285(title)
11162
msgid "Automatic Updates"
11163
msgstr ""
11164
11165
#: serverguide/C/package-management.xml:287(para)
11166
msgid ""
11167
"The <application>unattended-upgrades</application> package can be used to "
11168
"automatically install updated packages, and can be configured to update all "
11169
"packages or just install security updates. First, install the package by "
11170
"entering the following in a terminal:"
11171
msgstr ""
11172
11173
#: serverguide/C/package-management.xml:293(command)
11174
msgid "sudo apt-get install unattended-upgrades"
11175
msgstr ""
11176
11177
#: serverguide/C/package-management.xml:296(para)
11178
msgid ""
11179
"To configure <application>unattended-upgrades</application>, edit "
11180
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11181
"the following to fit your needs:"
11182
msgstr ""
11183
11184
#: serverguide/C/package-management.xml:301(programlisting)
11185
#, no-wrap
11186
msgid ""
11187
"\n"
11188
"Unattended-Upgrade::Allowed-Origins {\n"
11189
" \"Ubuntu maverick-security\";\n"
11190
"// \"Ubuntu maverick-updates\";\n"
11191
"};\n"
11192
msgstr ""
11193
11194
#: serverguide/C/package-management.xml:308(para)
11195
msgid ""
11196
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11197
"will not be automatically updated. To blacklist a package, add it to the "
11198
"list:"
11199
msgstr ""
11200
11201
#: serverguide/C/package-management.xml:313(programlisting)
11202
#, no-wrap
11203
msgid ""
11204
"\n"
11205
"Unattended-Upgrade::Package-Blacklist {\n"
11206
"// \"vim\";\n"
11207
"// \"libc6\";\n"
11208
"// \"libc6-dev\";\n"
11209
"// \"libc6-i686\";\n"
11210
"};\n"
11211
msgstr ""
11212
11213
#: serverguide/C/package-management.xml:323(para)
11214
msgid ""
11215
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11216
"whatever follows \"//\" will not be evaluated."
11217
msgstr ""
11218
11219
#: serverguide/C/package-management.xml:328(para)
11220
msgid ""
11221
"To enable automatic updates, edit "
11222
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11223
"<application>apt</application> configuration options:"
11224
msgstr ""
11225
11226
#: serverguide/C/package-management.xml:332(programlisting)
11227
#, no-wrap
11228
msgid ""
11229
"\n"
11230
"APT::Periodic::Update-Package-Lists \"1\";\n"
11231
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
11232
"APT::Periodic::AutocleanInterval \"7\";\n"
11233
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11234
msgstr ""
11235
11236
#: serverguide/C/package-management.xml:339(para)
11237
msgid ""
11238
"The above configuration updates the package list, downloads, and installs "
11239
"available upgrades every day. The local download archive is cleaned every "
11240
"week."
11241
msgstr ""
11242
11243
#: serverguide/C/package-management.xml:345(para)
11244
msgid ""
11245
"You can read more about <application>apt</application> Periodic "
11246
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11247
"header."
11248
msgstr ""
11249
11250
#: serverguide/C/package-management.xml:350(para)
11251
msgid ""
11252
"The results of <application>unattended-upgrades</application> will be logged "
11253
"to <filename>/var/log/unattended-upgrades</filename>."
11254
msgstr ""
11255
11256
#: serverguide/C/package-management.xml:355(title)
11257
msgid "Notifications"
11258
msgstr ""
11259
11260
#: serverguide/C/package-management.xml:357(para)
11261
msgid ""
11262
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11263
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11264
"<application>unattended-upgrades</application> to email an administrator "
11265
"detailing any packages that need upgrading or have problems."
11266
msgstr ""
11267
11268
#: serverguide/C/package-management.xml:362(para)
11269
msgid ""
11270
"Another useful package is <application>apticron</application>. "
11271
"<application>apticron</application> will configure a "
11272
"<application>cron</application> job to email an administrator information "
11273
"about any packages on the system that have updates available, as well as a "
11274
"summary of changes in each package."
11275
msgstr ""
11276
11277
#: serverguide/C/package-management.xml:368(para)
11278
msgid ""
11279
"To install the <application>apticron</application> package, in a terminal "
11280
"enter:"
11281
msgstr ""
11282
11283
#: serverguide/C/package-management.xml:373(command)
11284
msgid "sudo apt-get install apticron"
11285
msgstr ""
11286
11287
#: serverguide/C/package-management.xml:376(para)
11288
msgid ""
11289
"Once the package is installed edit "
11290
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11291
"and other options:"
11292
msgstr ""
11293
11294
#: serverguide/C/package-management.xml:380(programlisting)
11295
#, no-wrap
11296
msgid ""
11297
"\n"
11298
"EMAIL=\"root@example.com\"\n"
11299
msgstr ""
11300
11301
#: serverguide/C/package-management.xml:389(para)
11302
msgid ""
11303
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11304
"system repositories is stored in the /etc/apt/sources.list configuration "
11305
"file. An example of this file is referenced here, along with information on "
11306
"adding or removing repository references from the file."
11307
msgstr ""
11308
11309
#: serverguide/C/package-management.xml:395(para)
11310
msgid ""
11311
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11312
"typical <filename>/etc/apt/sources.list</filename> file."
11313
msgstr ""
11314
11315
#: serverguide/C/package-management.xml:399(para)
11316
msgid ""
11317
"You may edit the file to enable repositories or disable them. For example, "
11318
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11319
"operations occur, simply comment out the appropriate line for the CD-ROM, "
11320
"which appears at the top of the file:"
11321
msgstr ""
11322
11323
#: serverguide/C/package-management.xml:404(screen)
11324
#, no-wrap
11325
msgid ""
11326
"\n"
11327
"# no more prompting for CD-ROM please\n"
11328
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
11329
"main restricted\n"
11330
msgstr ""
11331
11332
#: serverguide/C/package-management.xml:410(title)
11333
msgid "Extra Repositories"
11334
msgstr ""
11335
11336
#: serverguide/C/package-management.xml:411(para)
11337
msgid ""
11338
"In addition to the officially supported package repositories available for "
11339
"Ubuntu, there exist additional community-maintained repositories which add "
11340
"thousands more potential packages for installation. Two of the most popular "
11341
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11342
"repositories. These repositories are not officially supported by Ubuntu, but "
11343
"because they are maintained by the community they generally provide packages "
11344
"which are safe for use with your Ubuntu computer."
11345
msgstr ""
11346
11347
#: serverguide/C/package-management.xml:414(para)
11348
msgid ""
11349
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11350
"licensing issues that prevent them from being distributed with a free "
11351
"operating system, and they may be illegal in your locality."
11352
msgstr ""
11353
11354
#: serverguide/C/package-management.xml:416(para)
11355
msgid ""
11356
"Be advised that neither the <emphasis>Universe</emphasis> or "
11357
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11358
"packages. In particular, there may not be security updates for these "
11359
"packages."
11360
msgstr ""
11361
11362
#: serverguide/C/package-management.xml:420(para)
11363
msgid ""
11364
"Many other package sources are available, sometimes even offering only one "
11365
"package, as in the case of package sources provided by the developer of a "
11366
"single application. You should always be very careful and cautious when "
11367
"using non-standard package sources, however. Research the source and "
11368
"packages carefully before performing any installation, as some package "
11369
"sources and their packages could render your system unstable or non-"
11370
"functional in some respects."
11371
msgstr ""
11372
11373
#: serverguide/C/package-management.xml:423(para)
11374
msgid ""
11375
"By default, the <emphasis>Universe</emphasis> and "
11376
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11377
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
11378
"comment the following lines:"
11379
msgstr ""
11380
11381
#: serverguide/C/package-management.xml:430(programlisting)
11382
#, no-wrap
11383
msgid ""
11384
"\n"
11385
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11386
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11387
"\n"
11388
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11389
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11390
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11391
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11392
"\n"
11393
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11394
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11395
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11396
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11397
"\n"
11398
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
11399
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
11400
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11401
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11402
msgstr ""
11403
11404
#: serverguide/C/package-management.xml:456(para)
11405
msgid ""
11406
"Most of the material covered in this chapter is available in "
11407
"<application>man</application> pages, many of which are available online."
11408
msgstr ""
11409
11410
#: serverguide/C/package-management.xml:463(para)
11411
msgid ""
11412
"The <ulink "
11413
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11414
"re</ulink> Ubuntu wiki page has more information."
11415
msgstr ""
11416
11417
#: serverguide/C/package-management.xml:468(para)
11418
msgid ""
11419
"For more <application>dpkg</application> details see the <ulink "
11420
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
11421
" man page</ulink>."
11422
msgstr ""
11423
11424
#: serverguide/C/package-management.xml:474(para)
11425
msgid ""
11426
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11427
"HOWTO</ulink> and <ulink "
11428
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
11429
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
11430
"<application>apt-get</application> usage."
11431
msgstr ""
11432
11433
#: serverguide/C/package-management.xml:481(para)
11434
msgid ""
11435
"See the <ulink "
11436
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
11437
"itude man page</ulink> for more <application>aptitude</application> options."
11438
msgstr ""
11439
11440
#: serverguide/C/package-management.xml:487(para)
11441
msgid ""
11442
"The <ulink "
11443
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11444
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11445
"adding repositories."
11446
msgstr ""
11447
11448
#: serverguide/C/other-apps.xml:13(title)
11449
msgid "Other Useful Applications"
11450
msgstr ""
11451
11452
#: serverguide/C/other-apps.xml:15(para)
11453
msgid ""
11454
"There are many very useful applications developed by the Ubuntu Server Team, "
11455
"and others that are well integrated with Ubuntu Server Edition, that might "
11456
"not be well known. This chapter will showcase some useful applications that "
11457
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11458
"easier."
11459
msgstr ""
11460
11461
#: serverguide/C/other-apps.xml:23(title)
11462
msgid "pam_motd"
11463
msgstr ""
11464
11465
#: serverguide/C/other-apps.xml:25(para)
11466
msgid ""
11467
"When logging into an Ubuntu server you may have noticed the informative "
11468
"Message Of The Day (MOTD). This information is obtained and displayed using "
11469
"a couple of packages:"
11470
msgstr ""
11471
11472
#: serverguide/C/other-apps.xml:32(para)
11473
msgid ""
11474
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11475
"<application>landscape-client</application>, which can be used to manage "
11476
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11477
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
11478
"utility which is used to gather the information displayed in the MOTD."
11479
msgstr ""
11480
11481
#: serverguide/C/other-apps.xml:40(para)
11482
msgid ""
11483
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11484
"the MOTD via <application>pam_motd</application> module."
11485
msgstr ""
11486
11487
#: serverguide/C/other-apps.xml:46(para)
11488
msgid ""
11489
"<application>pam_motd</application> executes the scripts in "
11490
"<filename>/etc/update-motd.d</filename> in order based on the number "
11491
"prepended to the script. The output of the scripts is written to "
11492
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11493
"concatenated with <filename>/etc/motd.tail</filename>."
11494
msgstr ""
11495
11496
#: serverguide/C/other-apps.xml:52(para)
11497
msgid ""
11498
"You can add your own dynamic information to the MOTD. For example, to add "
11499
"local weather information:"
11500
msgstr ""
11501
11502
#: serverguide/C/other-apps.xml:58(para)
11503
msgid "First, install the <application>weather-util</application> package:"
11504
msgstr ""
11505
11506
#: serverguide/C/other-apps.xml:63(command)
11507
msgid "sudo apt-get install weather-util"
11508
msgstr ""
11509
11510
#: serverguide/C/other-apps.xml:68(para)
11511
msgid ""
11512
"The <application>weather</application> utility uses METAR data from the "
11513
"National Oceanic and Atmospheric Administration and forecasts from the "
11514
"National Weather Service. In order to find local information you will need "
11515
"the 4-character ICAO location indicator. This can be determined by browsing "
11516
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11517
"Weather Service</ulink> site."
11518
msgstr ""
11519
11520
#: serverguide/C/other-apps.xml:75(para)
11521
msgid ""
11522
"Although the National Weather Service is a United States government agency "
11523
"there are weather stations available world wide. However, local weather "
11524
"information for all locations outside the U.S. may not be available."
11525
msgstr ""
11526
11527
#: serverguide/C/other-apps.xml:81(para)
11528
msgid ""
11529
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11530
"script to use <application>weather</application> with your local ICAO "
11531
"indicator:"
11532
msgstr ""
11533
11534
#: serverguide/C/other-apps.xml:86(programlisting)
11535
#, no-wrap
11536
msgid ""
11537
"\n"
11538
"#!/bin/sh\n"
11539
"#\n"
11540
"#\n"
11541
"# Prints the local weather information for the MOTD.\n"
11542
"#\n"
11543
"#\n"
11544
"\n"
11545
"# Replace KINT with your local weather station.\n"
11546
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11547
"\n"
11548
"echo\n"
11549
"weather -i KINT\n"
11550
"echo\n"
11551
"\n"
11552
msgstr ""
11553
11554
#: serverguide/C/other-apps.xml:104(para)
11555
msgid "Make the script executable:"
11556
msgstr ""
11557
11558
#: serverguide/C/other-apps.xml:109(command)
11559
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11560
msgstr ""
11561
11562
#: serverguide/C/other-apps.xml:113(para)
11563
msgid ""
11564
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11565
"weather</filename>:"
11566
msgstr ""
11567
11568
#: serverguide/C/other-apps.xml:118(command)
11569
msgid ""
11570
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11571
msgstr ""
11572
11573
#: serverguide/C/other-apps.xml:122(para)
11574
msgid "Finally, exit the server and re-login to view the new MOTD."
11575
msgstr ""
11576
11577
#: serverguide/C/other-apps.xml:128(para)
11578
msgid ""
11579
"You should now be greeted with some useful information, and some information "
11580
"about the local weather that may not be quite so useful. Hopefully the "
11581
"<application>local-weather</application> example demonstrates the "
11582
"flexibility of <application>pam_motd</application>."
11583
msgstr ""
11584
11585
#: serverguide/C/other-apps.xml:136(title)
11586
msgid "etckeeper"
11587
msgstr ""
11588
11589
#: serverguide/C/other-apps.xml:138(para)
11590
msgid ""
11591
"<application>etckeeper</application> allows the contents of <filename "
11592
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11593
"System (VCS) repository. It hooks into <application>apt</application> to "
11594
"automatically commit changes to <filename>/etc</filename> when packages are "
11595
"installed or upgraded. Placing <filename>/etc</filename> under version "
11596
"control is considered an industry best practice, and the goal of "
11597
"<application>etckeeper</application> is to make this process as painless as "
11598
"possible."
11599
msgstr ""
11600
11601
#: serverguide/C/other-apps.xml:146(para)
11602
msgid ""
11603
"Install <application>etckeeper</application> by entering the following in a "
11604
"terminal:"
11605
msgstr ""
11606
11607
#: serverguide/C/other-apps.xml:151(command)
11608
msgid "sudo apt-get install etckeeper"
11609
msgstr ""
11610
11611
#: serverguide/C/other-apps.xml:154(para)
11612
msgid ""
11613
"The main configuration file, "
11614
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11615
"main option is which VCS to use. By default "
11616
"<application>etckeeper</application> is configured to use "
11617
"<application>bzr</application> for version control. The repository is "
11618
"automatically initialized (and committed for the first time) during package "
11619
"installation. It is possible to undo this by entering the following command:"
11620
msgstr ""
11621
11622
#: serverguide/C/other-apps.xml:164(command)
11623
msgid "sudo etckeeper uninit"
11624
msgstr ""
11625
11626
#: serverguide/C/other-apps.xml:167(para)
11627
msgid ""
11628
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11629
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11630
"It will also automatically commit changes before and after package "
11631
"installation. For a more precise tracking of changes, it is recommended to "
11632
"commit your changes manually, together with a commit message, using:"
11633
msgstr ""
11634
11635
#: serverguide/C/other-apps.xml:176(command)
11636
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11637
msgstr ""
11638
11639
#: serverguide/C/other-apps.xml:179(para)
11640
msgid ""
11641
"Using the VCS commands you can view log information about files in "
11642
"<filename>/etc</filename>:"
11643
msgstr ""
11644
11645
#: serverguide/C/other-apps.xml:184(command)
11646
msgid "sudo bzr log /etc/passwd"
11647
msgstr ""
11648
11649
#: serverguide/C/other-apps.xml:187(para)
11650
msgid ""
11651
"To demonstrate the integration with the package management system, install "
11652
"<application>postfix</application>:"
11653
msgstr ""
11654
11655
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11656
msgid "sudo apt-get install postfix"
11657
msgstr ""
11658
11659
#: serverguide/C/other-apps.xml:195(para)
11660
msgid ""
11661
"When the installation is finished, all the "
11662
"<application>postfix</application> configuration files should be committed "
11663
"to the repository:"
11664
msgstr ""
11665
11666
#: serverguide/C/other-apps.xml:201(computeroutput)
11667
#, no-wrap
11668
msgid ""
11669
"Committing to: /etc/\n"
11670
"added aliases.db\n"
11671
"modified group\n"
11672
"modified group-\n"
11673
"modified gshadow\n"
11674
"modified gshadow-\n"
11675
"modified passwd\n"
11676
"modified passwd-\n"
11677
"added postfix\n"
11678
"added resolvconf\n"
11679
"added rsyslog.d\n"
11680
"modified shadow\n"
11681
"modified shadow-\n"
11682
"added init.d/postfix\n"
11683
"added network/if-down.d/postfix\n"
11684
"added network/if-up.d/postfix\n"
11685
"added postfix/dynamicmaps.cf\n"
11686
"added postfix/main.cf\n"
11687
"added postfix/master.cf\n"
11688
"added postfix/post-install\n"
11689
"added postfix/postfix-files\n"
11690
"added postfix/postfix-script\n"
11691
"added postfix/sasl\n"
11692
"added ppp/ip-down.d\n"
11693
"added ppp/ip-down.d/postfix\n"
11694
"added ppp/ip-up.d/postfix\n"
11695
"added rc0.d/K20postfix\n"
11696
"added rc1.d/K20postfix\n"
11697
"added rc2.d/S20postfix\n"
11698
"added rc3.d/S20postfix\n"
11699
"added rc4.d/S20postfix\n"
11700
"added rc5.d/S20postfix\n"
11701
"added rc6.d/K20postfix\n"
11702
"added resolvconf/update-libc.d\n"
11703
"added resolvconf/update-libc.d/postfix\n"
11704
"added rsyslog.d/postfix.conf\n"
11705
"added ufw/applications.d/postfix\n"
11706
"Committed revision 2."
11707
msgstr ""
11708
11709
#: serverguide/C/other-apps.xml:241(para)
11710
msgid ""
11711
"For an example of how <application>etckeeper</application> tracks manual "
11712
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11713
"<application>bzr</application> you can see which files have been modified:"
11714
msgstr ""
11715
11716
#: serverguide/C/other-apps.xml:247(command)
11717
msgid "sudo bzr status /etc/"
11718
msgstr ""
11719
11720
#: serverguide/C/other-apps.xml:248(computeroutput)
11721
#, no-wrap
11722
msgid ""
11723
"modified:\n"
11724
" hosts"
11725
msgstr ""
11726
11727
#: serverguide/C/other-apps.xml:252(para)
11728
msgid "Now commit the changes:"
11729
msgstr ""
11730
11731
#: serverguide/C/other-apps.xml:257(command)
11732
msgid "sudo etckeeper commit \"new host\""
11733
msgstr ""
11734
11735
#: serverguide/C/other-apps.xml:260(para)
11736
msgid ""
11737
"For more information on <application>bzr</application> see <xref "
11738
"linkend=\"bazaar\"/>."
11739
msgstr ""
11740
11741
#: serverguide/C/other-apps.xml:266(title)
11742
msgid "Byobu"
11743
msgstr ""
11744
11745
#: serverguide/C/other-apps.xml:268(para)
11746
msgid ""
11747
"One of the most useful applications for any system administrator is "
11748
"<application>screen</application>. It allows the execution of multiple "
11749
"shells in one terminal. To make some of the advanced "
11750
"<application>screen</application> features more user friendly, and provide "
11751
"some useful information about the system, the "
11752
"<application>byobu</application> package was created."
11753
msgstr ""
11754
11755
#: serverguide/C/other-apps.xml:275(para)
11756
msgid ""
11757
"When executing <application>byobu</application> pressing the "
11758
"<emphasis>F9</emphasis> key will bring up the "
11759
"<application>Configuration</application> menu. This menu will allow you to:"
11760
msgstr ""
11761
11762
#: serverguide/C/other-apps.xml:281(para)
11763
msgid "View the Help menu"
11764
msgstr ""
11765
11766
#: serverguide/C/other-apps.xml:282(para)
11767
msgid "Change Byobu's background color"
11768
msgstr ""
11769
11770
#: serverguide/C/other-apps.xml:283(para)
11771
msgid "Change Byobu's foreground color"
11772
msgstr ""
11773
11774
#: serverguide/C/other-apps.xml:284(para)
11775
msgid "Toggle status notifications"
11776
msgstr ""
11777
11778
#: serverguide/C/other-apps.xml:285(para)
11779
msgid "Change the key binding set"
11780
msgstr ""
11781
11782
#: serverguide/C/other-apps.xml:286(para)
11783
msgid "Change the escape sequence"
11784
msgstr ""
11785
11786
#: serverguide/C/other-apps.xml:287(para)
11787
msgid "Create new windows"
11788
msgstr ""
11789
11790
#: serverguide/C/other-apps.xml:288(para)
11791
msgid "Manage the default windows"
11792
msgstr ""
11793
11794
#: serverguide/C/other-apps.xml:289(para)
11795
msgid "Byobu currently does not launch at login (toggle on)"
11796
msgstr ""
11797
11798
#: serverguide/C/other-apps.xml:292(para)
11799
msgid ""
11800
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11801
"sequence, new window, change window, etc. There are two key binding sets to "
11802
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11803
"keys</emphasis>. If you wish to use the original key bindings choose the "
11804
"<emphasis>none</emphasis> set."
11805
msgstr ""
11806
11807
#: serverguide/C/other-apps.xml:298(para)
11808
msgid ""
11809
"<application>byobu</application> provides a menu which displays the Ubuntu "
11810
"release, processor information, memory information, and the time and date. "
11811
"The effect is similar to a desktop menu."
11812
msgstr ""
11813
11814
#: serverguide/C/other-apps.xml:303(para)
11815
msgid ""
11816
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11817
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11818
"executed any time a terminal is opened. Changes made to "
11819
"<application>byobu</application> are on a per user basis, and will not "
11820
"affect other users on the system."
11821
msgstr ""
11822
11823
#: serverguide/C/other-apps.xml:309(para)
11824
msgid ""
11825
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11826
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11827
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11828
"commands. Here is a quick list of movement commands:"
11829
msgstr ""
11830
11831
#: serverguide/C/other-apps.xml:316(para)
11832
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11833
msgstr ""
11834
11835
#: serverguide/C/other-apps.xml:317(para)
11836
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11837
msgstr ""
11838
11839
#: serverguide/C/other-apps.xml:318(para)
11840
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11841
msgstr ""
11842
11843
#: serverguide/C/other-apps.xml:319(para)
11844
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11845
msgstr ""
11846
11847
#: serverguide/C/other-apps.xml:320(para)
11848
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11849
msgstr ""
11850
11851
#: serverguide/C/other-apps.xml:321(para)
11852
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11853
msgstr ""
11854
11855
#: serverguide/C/other-apps.xml:322(para)
11856
msgid ""
11857
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11858
"the buffer)"
11859
msgstr ""
11860
11861
#: serverguide/C/other-apps.xml:323(para)
11862
msgid "<emphasis>/</emphasis> - Search forward"
11863
msgstr ""
11864
11865
#: serverguide/C/other-apps.xml:324(para)
11866
msgid "<emphasis>?</emphasis> - Search backward"
11867
msgstr ""
11868
11869
#: serverguide/C/other-apps.xml:325(para)
11870
msgid ""
11871
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11872
msgstr ""
11873
11874
#: serverguide/C/other-apps.xml:334(para)
11875
msgid ""
11876
"See the <ulink "
11877
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11878
"motd.1.html\">update-motd man page</ulink> for more options available to "
11879
"<application>update-motd</application>."
11880
msgstr ""
11881
11882
#: serverguide/C/other-apps.xml:340(para)
11883
msgid ""
11884
"The Debian Package of the Day <ulink "
11885
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11886
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11887
"details about using the <application>weather</application>utility."
11888
msgstr ""
11889
11890
#: serverguide/C/other-apps.xml:347(para)
11891
msgid ""
11892
"See the <ulink "
11893
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11894
"more details on using <application>etckeeper</application>."
11895
msgstr ""
11896
11897
#: serverguide/C/other-apps.xml:353(para)
11898
msgid ""
11899
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11900
"Ubuntu Wiki</ulink> page."
11901
msgstr ""
11902
11903
#: serverguide/C/other-apps.xml:358(para)
11904
msgid ""
11905
"For the latest news and information about <application>bzr</application> see "
11906
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11907
msgstr ""
11908
11909
#: serverguide/C/other-apps.xml:363(para)
11910
msgid ""
11911
"For more information on <application>screen</application> see the <ulink "
11912
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11913
msgstr ""
11914
11915
#: serverguide/C/other-apps.xml:368(para)
11916
msgid ""
11917
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11918
"screen</ulink> page."
11919
msgstr ""
11920
11921
#: serverguide/C/other-apps.xml:373(para)
11922
msgid ""
11923
"Also, see the <application>byobu</application><ulink "
11924
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11925
"information."
11926
msgstr ""
11927
11928
#: serverguide/C/network-config.xml:14(para)
11929
msgid ""
11930
"Networks consist of two or more devices, such as computer systems, printers, "
11931
"and related equipment which are connected by either physical cabling or "
11932
"wireless links for the purpose of sharing and distributing information among "
11933
"the connected devices."
11934
msgstr ""
11935
11936
#: serverguide/C/network-config.xml:20(para)
11937
msgid ""
11938
"This section provides general and specific information pertaining to "
11939
"networking, including an overview of network concepts and detailed "
11940
"discussion of popular network protocols."
11941
msgstr ""
11942
11943
#: serverguide/C/network-config.xml:27(title)
11944
msgid "Network Configuration"
11945
msgstr ""
11946
11947
#: serverguide/C/network-config.xml:28(para)
11948
msgid ""
11949
"Ubuntu ships with a number of graphical utilities to configure your network "
11950
"devices. This document is geared toward server administrators and will focus "
11951
"on managing your network on the command line."
11952
msgstr ""
11953
11954
#: serverguide/C/network-config.xml:35(title)
11955
msgid "Ethernet Interfaces"
11956
msgstr ""
11957
11958
#: serverguide/C/network-config.xml:36(para)
11959
msgid ""
11960
"Ethernet interfaces are identified by the system using the naming convention "
11961
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11962
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11963
"interface is typically identified as <emphasis "
11964
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11965
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11966
"order."
11967
msgstr ""
11968
11969
#: serverguide/C/network-config.xml:46(title)
11970
msgid "Identify Ethernet Interfaces"
11971
msgstr ""
11972
11973
#: serverguide/C/network-config.xml:47(para)
11974
msgid ""
11975
"To quickly identify all available Ethernet interfaces, you can use the "
11976
"<application>ifconfig</application> command as shown below."
11977
msgstr ""
11978
11979
#: serverguide/C/network-config.xml:52(userinput)
11980
#, no-wrap
11981
msgid "ifconfig -a | grep eth"
11982
msgstr ""
11983
11984
#: serverguide/C/network-config.xml:51(screen)
11985
#, no-wrap
11986
msgid ""
11987
"\n"
11988
"<placeholder-1/>\n"
11989
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11990
msgstr ""
11991
11992
#: serverguide/C/network-config.xml:55(para)
11993
msgid ""
11994
"Another application that can help identify all network interfaces available "
11995
"to your system is the <application>lshw</application> command. In the "
11996
"example below, <application>lshw</application> shows a single Ethernet "
11997
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11998
"along with bus information, driver details and all supported capabilities."
11999
msgstr ""
12000
12001
#: serverguide/C/network-config.xml:62(userinput)
12002
#, no-wrap
12003
msgid "sudo lshw -class network"
12004
msgstr ""
12005
12006
#: serverguide/C/network-config.xml:61(screen)
12007
#, no-wrap
12008
msgid ""
12009
"\n"
12010
"<placeholder-1/>\n"
12011
" *-network\n"
12012
" description: Ethernet interface\n"
12013
" product: BCM4401-B0 100Base-TX\n"
12014
" vendor: Broadcom Corporation\n"
12015
" physical id: 0\n"
12016
" bus info: pci@0000:03:00.0\n"
12017
" logical name: eth0\n"
12018
" version: 02\n"
12019
" serial: 00:15:c5:4a:16:5a\n"
12020
" size: 10MB/s\n"
12021
" capacity: 100MB/s\n"
12022
" width: 32 bits\n"
12023
" clock: 33MHz\n"
12024
" capabilities: (snipped for brevity)\n"
12025
" configuration: (snipped for brevity)\n"
12026
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
12027
msgstr ""
12028
12029
#: serverguide/C/network-config.xml:83(title)
12030
msgid "Ethernet Interface Logical Names"
12031
msgstr ""
12032
12033
#: serverguide/C/network-config.xml:84(para)
12034
msgid ""
12035
"Interface logical names are configured in the file "
12036
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
12037
"like control which interface receives a particular logical name, find the "
12038
"line matching the interfaces physical MAC address and modify the value of "
12039
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
12040
"Reboot the system to commit your changes."
12041
msgstr ""
12042
12043
#: serverguide/C/network-config.xml:92(programlisting)
12044
#, no-wrap
12045
msgid ""
12046
"\n"
12047
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12048
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
12049
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
12050
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12051
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
12052
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
12053
msgstr ""
12054
12055
#: serverguide/C/network-config.xml:99(title)
12056
msgid "Ethernet Interface Settings"
12057
msgstr ""
12058
12059
#: serverguide/C/network-config.xml:100(para)
12060
msgid ""
12061
"<application>ethtool</application> is a program that displays and changes "
12062
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
12063
"and Wake-on-LAN. It is not installed by default, but is available for "
12064
"installation in the repositories."
12065
msgstr ""
12066
12067
#: serverguide/C/network-config.xml:106(userinput)
12068
#, no-wrap
12069
msgid "sudo apt-get install ethtool"
12070
msgstr ""
12071
12072
#: serverguide/C/network-config.xml:108(para)
12073
msgid ""
12074
"The following is an example of how to view supported features and configured "
12075
"settings of an Ethernet interface."
12076
msgstr ""
12077
12078
#: serverguide/C/network-config.xml:113(userinput)
12079
#, no-wrap
12080
msgid "sudo ethtool eth0"
12081
msgstr ""
12082
12083
#: serverguide/C/network-config.xml:112(screen)
12084
#, no-wrap
12085
msgid ""
12086
"\n"
12087
"<placeholder-1/>\n"
12088
"Settings for eth0:\n"
12089
" Supported ports: [ TP ]\n"
12090
" Supported link modes: 10baseT/Half 10baseT/Full \n"
12091
" 100baseT/Half 100baseT/Full \n"
12092
" 1000baseT/Half 1000baseT/Full \n"
12093
" Supports auto-negotiation: Yes\n"
12094
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
12095
" 100baseT/Half 100baseT/Full \n"
12096
" 1000baseT/Half 1000baseT/Full \n"
12097
" Advertised auto-negotiation: Yes\n"
12098
" Speed: 1000Mb/s\n"
12099
" Duplex: Full\n"
12100
" Port: Twisted Pair\n"
12101
" PHYAD: 1\n"
12102
" Transceiver: internal\n"
12103
" Auto-negotiation: on\n"
12104
" Supports Wake-on: g\n"
12105
" Wake-on: d\n"
12106
" Current message level: 0x000000ff (255)\n"
12107
" Link detected: yes\n"
12108
msgstr ""
12109
12110
#: serverguide/C/network-config.xml:135(para)
12111
msgid ""
12112
"Changes made with the <application>ethtool</application> command are "
12113
"temporary and will be lost after a reboot. If you would like to retain "
12114
"settings, simply add the desired <application>ethtool</application> command "
12115
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
12116
"configuration file <filename>/etc/network/interfaces</filename>."
12117
msgstr ""
12118
12119
#: serverguide/C/network-config.xml:141(para)
12120
msgid ""
12121
"The following is an example of how the interface identified as <emphasis "
12122
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
12123
"speed of 1000Mb/s running in full duplex mode."
12124
msgstr ""
12125
12126
#: serverguide/C/network-config.xml:145(programlisting)
12127
#, no-wrap
12128
msgid ""
12129
"\n"
12130
"auto eth0\n"
12131
"iface eth0 inet static\n"
12132
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
12133
msgstr ""
12134
12135
#: serverguide/C/network-config.xml:151(para)
12136
msgid ""
12137
"Although the example above shows the interface configured to use the "
12138
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
12139
"other methods as well, such as DHCP. The example is meant to demonstrate "
12140
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
12141
"statement in relation to the rest of the interface configuration."
12142
msgstr ""
12143
12144
#: serverguide/C/network-config.xml:163(title)
12145
msgid "IP Addressing"
12146
msgstr ""
12147
12148
#: serverguide/C/network-config.xml:164(para)
12149
msgid ""
12150
"The following section describes the process of configuring your systems IP "
12151
"address and default gateway needed for communicating on a local area network "
12152
"and the Internet."
12153
msgstr ""
12154
12155
#: serverguide/C/network-config.xml:171(title)
12156
msgid "Temporary IP Address Assignment"
12157
msgstr ""
12158
12159
#: serverguide/C/network-config.xml:172(para)
12160
msgid ""
12161
"For temporary network configurations, you can use standard commands such as "
12162
"<application>ip</application>, <application>ifconfig</application> and "
12163
"<application>route</application>, which are also found on most other "
12164
"GNU/Linux operating systems. These commands allow you to configure settings "
12165
"which take effect immediately, however they are not persistent and will be "
12166
"lost after a reboot."
12167
msgstr ""
12168
12169
#: serverguide/C/network-config.xml:180(para)
12170
msgid ""
12171
"To temporarily configure an IP address, you can use the "
12172
"<application>ifconfig</application> command in the following manner. Just "
12173
"modify the IP address and subnet mask to match your network requirements."
12174
msgstr ""
12175
12176
#: serverguide/C/network-config.xml:186(userinput)
12177
#, no-wrap
12178
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
12179
msgstr ""
12180
12181
#: serverguide/C/network-config.xml:188(para)
12182
msgid ""
12183
"To verify the IP address configuration of <application>eth0</application>, "
12184
"you can use the <application>ifconfig</application> command in the following "
12185
"manner."
12186
msgstr ""
12187
12188
#: serverguide/C/network-config.xml:193(userinput)
12189
#, no-wrap
12190
msgid "ifconfig eth0"
12191
msgstr ""
12192
12193
#: serverguide/C/network-config.xml:192(screen)
12194
#, no-wrap
12195
msgid ""
12196
"\n"
12197
"<placeholder-1/>\n"
12198
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
12199
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
12200
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
12201
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
12202
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
12203
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
12204
" collisions:0 txqueuelen:1000 \n"
12205
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
12206
" Interrupt:16 \n"
12207
msgstr ""
12208
12209
#: serverguide/C/network-config.xml:204(para)
12210
msgid ""
12211
"To configure a default gateway, you can use the "
12212
"<application>route</application> command in the following manner. Modify the "
12213
"default gateway address to match your network requirements."
12214
msgstr ""
12215
12216
#: serverguide/C/network-config.xml:210(userinput)
12217
#, no-wrap
12218
msgid "sudo route add default gw 10.0.0.1 eth0"
12219
msgstr ""
12220
12221
#: serverguide/C/network-config.xml:212(para)
12222
msgid ""
12223
"To verify your default gateway configuration, you can use the "
12224
"<application>route</application> command in the following manner."
12225
msgstr ""
12226
12227
#: serverguide/C/network-config.xml:217(userinput)
12228
#, no-wrap
12229
msgid "route -n"
12230
msgstr ""
12231
12232
#: serverguide/C/network-config.xml:216(screen)
12233
#, no-wrap
12234
msgid ""
12235
"\n"
12236
"<placeholder-1/>\n"
12237
"Kernel IP routing table\n"
12238
"Destination Gateway Genmask Flags Metric Ref Use "
12239
"Iface\n"
12240
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
12241
"eth0\n"
12242
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
12243
"eth0\n"
12244
msgstr ""
12245
12246
#: serverguide/C/network-config.xml:223(para)
12247
msgid ""
12248
"If you require DNS for your temporary network configuration, you can add DNS "
12249
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
12250
"example below shows how to enter two DNS servers to "
12251
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
12252
"appropriate for your network. A more lengthy description of DNS client "
12253
"configuration is in a following section."
12254
msgstr ""
12255
12256
#: serverguide/C/network-config.xml:230(programlisting)
12257
#, no-wrap
12258
msgid ""
12259
"\n"
12260
"nameserver 8.8.8.8\n"
12261
"nameserver 8.8.4.4\n"
12262
msgstr ""
12263
12264
#: serverguide/C/network-config.xml:234(para)
12265
msgid ""
12266
"If you no longer need this configuration and wish to purge all IP "
12267
"configuration from an interface, you can use the "
12268
"<application>ip</application> command with the flush option as shown below."
12269
msgstr ""
12270
12271
#: serverguide/C/network-config.xml:240(userinput)
12272
#, no-wrap
12273
msgid "ip addr flush eth0"
12274
msgstr ""
12275
12276
#: serverguide/C/network-config.xml:243(para)
12277
msgid ""
12278
"Flushing the IP configuration using the <application>ip</application> "
12279
"command does not clear the contents of "
12280
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
12281
"entries manually."
12282
msgstr ""
12283
12284
#: serverguide/C/network-config.xml:251(title)
12285
msgid "Dynamic IP Address Assignment (DHCP Client)"
12286
msgstr ""
12287
12288
#: serverguide/C/network-config.xml:252(para)
12289
msgid ""
12290
"To configure your server to use DHCP for dynamic address assignment, add the "
12291
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12292
"statement for the appropriate interface in the file "
12293
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12294
"are configuring your first Ethernet interface identified as <emphasis "
12295
"role=\"italic\">eth0</emphasis>."
12296
msgstr ""
12297
12298
#: serverguide/C/network-config.xml:259(programlisting)
12299
#, no-wrap
12300
msgid ""
12301
"\n"
12302
"auto eth0\n"
12303
"iface eth0 inet dhcp\n"
12304
msgstr ""
12305
12306
#: serverguide/C/network-config.xml:263(para)
12307
msgid ""
12308
"By adding an interface configuration as shown above, you can manually enable "
12309
"the interface through the <application>ifup</application> command which "
12310
"initiates the DHCP process via <application>dhclient</application>."
12311
msgstr ""
12312
12313
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12314
#, no-wrap
12315
msgid "sudo ifup eth0"
12316
msgstr ""
12317
12318
#: serverguide/C/network-config.xml:271(para)
12319
msgid ""
12320
"To manually disable the interface, you can use the "
12321
"<application>ifdown</application> command, which in turn will initiate the "
12322
"DHCP release process and shut down the interface."
12323
msgstr ""
12324
12325
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12326
#, no-wrap
12327
msgid "sudo ifdown eth0"
12328
msgstr ""
12329
12330
#: serverguide/C/network-config.xml:282(title)
12331
msgid "Static IP Address Assignment"
12332
msgstr ""
12333
12334
#: serverguide/C/network-config.xml:283(para)
12335
msgid ""
12336
"To configure your system to use a static IP address assignment, add the "
12337
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12338
"family statement for the appropriate interface in the file "
12339
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12340
"are configuring your first Ethernet interface identified as <emphasis "
12341
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12342
"role=\"italic\">address</emphasis>, <emphasis "
12343
"role=\"italic\">netmask</emphasis>, and <emphasis "
12344
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12345
"network."
12346
msgstr ""
12347
12348
#: serverguide/C/network-config.xml:292(programlisting)
12349
#, no-wrap
12350
msgid ""
12351
"\n"
12352
"auto eth0\n"
12353
"iface eth0 inet static\n"
12354
"address 10.0.0.100\n"
12355
"netmask 255.255.255.0\n"
12356
"gateway 10.0.0.1\n"
12357
msgstr ""
12358
12359
#: serverguide/C/network-config.xml:299(para)
12360
msgid ""
12361
"By adding an interface configuration as shown above, you can manually enable "
12362
"the interface through the <application>ifup</application> command."
12363
msgstr ""
12364
12365
#: serverguide/C/network-config.xml:306(para)
12366
msgid ""
12367
"To manually disable the interface, you can use the "
12368
"<application>ifdown</application> command."
12369
msgstr ""
12370
12371
#: serverguide/C/network-config.xml:316(title)
12372
msgid "Loopback Interface"
12373
msgstr ""
12374
12375
#: serverguide/C/network-config.xml:317(para)
12376
msgid ""
12377
"The loopback interface is identified by the system as <emphasis "
12378
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12379
"can be viewed using the ifconfig command."
12380
msgstr ""
12381
12382
#: serverguide/C/network-config.xml:322(userinput)
12383
#, no-wrap
12384
msgid "ifconfig lo"
12385
msgstr ""
12386
12387
#: serverguide/C/network-config.xml:321(screen)
12388
#, no-wrap
12389
msgid ""
12390
"\n"
12391
"<placeholder-1/>\n"
12392
"lo Link encap:Local Loopback \n"
12393
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12394
" inet6 addr: ::1/128 Scope:Host\n"
12395
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12396
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12397
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12398
" collisions:0 txqueuelen:0 \n"
12399
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12400
msgstr ""
12401
12402
#: serverguide/C/network-config.xml:332(para)
12403
msgid ""
12404
"By default, there should be two lines in "
12405
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12406
"configuring your loopback interface. It is recommended that you keep the "
12407
"default settings unless you have a specific purpose for changing them. An "
12408
"example of the two default lines are shown below."
12409
msgstr ""
12410
12411
#: serverguide/C/network-config.xml:338(programlisting)
12412
#, no-wrap
12413
msgid ""
12414
"\n"
12415
"auto lo\n"
12416
"iface lo inet loopback\n"
12417
msgstr ""
12418
12419
#: serverguide/C/network-config.xml:347(title)
12420
msgid "Name Resolution"
12421
msgstr ""
12422
12423
#: serverguide/C/network-config.xml:348(para)
12424
msgid ""
12425
"Name resolution as it relates to IP networking is the process of mapping IP "
12426
"addresses to hostnames, making it easier to identify resources on a network. "
12427
"The following section will explain how to properly configure your system for "
12428
"name resolution using DNS and static hostname records."
12429
msgstr ""
12430
12431
#: serverguide/C/network-config.xml:356(title)
12432
msgid "DNS Client Configuration"
12433
msgstr ""
12434
12435
#: serverguide/C/network-config.xml:357(para)
12436
msgid ""
12437
"To configure your system to use DNS for name resolution, add the IP "
12438
"addresses of the DNS servers that are appropriate for your network in the "
12439
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12440
"suffix search-lists to match your network domain names."
12441
msgstr ""
12442
12443
#: serverguide/C/network-config.xml:362(para)
12444
msgid ""
12445
"Below is an example of a typical configuration of "
12446
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12447
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12448
msgstr ""
12449
12450
#: serverguide/C/network-config.xml:367(programlisting)
12451
#, no-wrap
12452
msgid ""
12453
"\n"
12454
"search example.com\n"
12455
"nameserver 8.8.8.8\n"
12456
"nameserver 8.8.4.4\n"
12457
msgstr ""
12458
12459
#: serverguide/C/network-config.xml:372(para)
12460
msgid ""
12461
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12462
"multiple domain names so that DNS queries will be appended in the order in "
12463
"which they are entered. For example, your network may have multiple sub-"
12464
"domains to search; a parent domain of <emphasis "
12465
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12466
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12467
"role=\"italic\">dev.example.com</emphasis>."
12468
msgstr ""
12469
12470
#: serverguide/C/network-config.xml:380(para)
12471
msgid ""
12472
"If you have multiple domains you wish to search, your configuration might "
12473
"look like the following."
12474
msgstr ""
12475
12476
#: serverguide/C/network-config.xml:383(programlisting)
12477
#, no-wrap
12478
msgid ""
12479
"\n"
12480
"search example.com sales.example.com dev.example.com\n"
12481
"nameserver 8.8.8.8\n"
12482
"nameserver 8.8.4.4\n"
12483
msgstr ""
12484
12485
#: serverguide/C/network-config.xml:388(para)
12486
msgid ""
12487
"If you try to ping a host with the name of <emphasis "
12488
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12489
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12490
msgstr ""
12491
12492
#: serverguide/C/network-config.xml:394(para)
12493
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12494
msgstr ""
12495
12496
#: serverguide/C/network-config.xml:399(para)
12497
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12498
msgstr ""
12499
12500
#: serverguide/C/network-config.xml:404(para)
12501
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12502
msgstr ""
12503
12504
#: serverguide/C/network-config.xml:409(para)
12505
msgid ""
12506
"If no matches are found, the DNS server will provide a result of <emphasis "
12507
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12508
msgstr ""
12509
12510
#: serverguide/C/network-config.xml:416(title)
12511
msgid "Static Hostnames"
12512
msgstr ""
12513
12514
#: serverguide/C/network-config.xml:417(para)
12515
msgid ""
12516
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12517
"file <filename>/etc/hosts</filename>. Entries in the "
12518
"<filename>hosts</filename> file will have precedence over DNS by default. "
12519
"This means that if your system tries to resolve a hostname and it matches an "
12520
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12521
"some configurations, especially when Internet access is not required, "
12522
"servers that communicate with a limited number of resources can be "
12523
"conveniently set to use static hostnames instead of DNS."
12524
msgstr ""
12525
12526
#: serverguide/C/network-config.xml:424(para)
12527
msgid ""
12528
"The following is an example of a <filename>hosts</filename> file where a "
12529
"number of local servers have been identified by simple hostnames, aliases "
12530
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12531
msgstr ""
12532
12533
#: serverguide/C/network-config.xml:428(programlisting)
12534
#, no-wrap
12535
msgid ""
12536
"\n"
12537
"127.0.0.1\tlocalhost\n"
12538
"127.0.1.1\tubuntu-server\n"
12539
"10.0.0.11\tserver1 vpn server1.example.com\n"
12540
"10.0.0.12\tserver2 mail server2.example.com\n"
12541
"10.0.0.13\tserver3 www server3.example.com\n"
12542
"10.0.0.14\tserver4 file server4.example.com\n"
12543
msgstr ""
12544
12545
#: serverguide/C/network-config.xml:437(para)
12546
msgid ""
12547
"In the above example, notice that each of the servers have been given "
12548
"aliases in addition to their proper names and FQDN's. <emphasis "
12549
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12550
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12551
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12552
"role=\"italic\">server3</emphasis> as <emphasis "
12553
"role=\"italic\">www</emphasis>, and <emphasis "
12554
"role=\"italic\">server4</emphasis> as <emphasis "
12555
"role=\"italic\">file</emphasis>."
12556
msgstr ""
12557
12558
#: serverguide/C/network-config.xml:449(title)
12559
msgid "Name Service Switch Configuration"
12560
msgstr ""
12561
12562
#: serverguide/C/network-config.xml:450(para)
12563
msgid ""
12564
"The order in which your system selects a method of resolving hostnames to IP "
12565
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12566
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12567
"section, typically static hostnames defined in the systems "
12568
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12569
"from DNS. The following is an example of the line responsible for this order "
12570
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12571
msgstr ""
12572
12573
#: serverguide/C/network-config.xml:458(programlisting)
12574
#, no-wrap
12575
msgid ""
12576
"\n"
12577
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12578
msgstr ""
12579
12580
#: serverguide/C/network-config.xml:464(para)
12581
msgid ""
12582
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12583
"hostnames located in <filename>/etc/hosts</filename>."
12584
msgstr ""
12585
12586
#: serverguide/C/network-config.xml:470(para)
12587
msgid ""
12588
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12589
"name using Multicast DNS."
12590
msgstr ""
12591
12592
#: serverguide/C/network-config.xml:475(para)
12593
msgid ""
12594
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12595
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12596
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12597
"authoritative and that the system should not try to continue hunting for an "
12598
"answer."
12599
msgstr ""
12600
12601
#: serverguide/C/network-config.xml:483(para)
12602
msgid ""
12603
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12604
msgstr ""
12605
12606
#: serverguide/C/network-config.xml:488(para)
12607
msgid ""
12608
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12609
msgstr ""
12610
12611
#: serverguide/C/network-config.xml:494(para)
12612
msgid ""
12613
"To modify the order of the above mentioned name resolution methods, you can "
12614
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12615
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12616
"versus Multicast DNS, you can change the string in "
12617
"<filename>/etc/nsswitch.conf</filename> as shown below."
12618
msgstr ""
12619
12620
#: serverguide/C/network-config.xml:501(programlisting)
12621
#, no-wrap
12622
msgid ""
12623
"\n"
12624
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12625
msgstr ""
12626
12627
#: serverguide/C/network-config.xml:508(title)
12628
msgid "Bridging"
12629
msgstr ""
12630
12631
#: serverguide/C/network-config.xml:510(para)
12632
msgid ""
12633
"Bridging multiple interfaces is a more advanced configuration, but is very "
12634
"useful in multiple scenarios. One scenario is setting up a bridge with "
12635
"multiple network interfaces, then using a firewall to filter traffic between "
12636
"two network segments. Another scenario is using bridge on a system with one "
12637
"interface to allow virtual machines direct access to the outside network. "
12638
"The following example covers the latter scenario."
12639
msgstr ""
12640
12641
#: serverguide/C/network-config.xml:517(para)
12642
msgid ""
12643
"Before configuring a bridge you will need to install the <application>bridge-"
12644
"utils</application> package. To install the package, in a terminal enter:"
12645
msgstr ""
12646
12647
#: serverguide/C/network-config.xml:523(command)
12648
msgid "sudo apt-get install bridge-utils"
12649
msgstr ""
12650
12651
#: serverguide/C/network-config.xml:526(para)
12652
msgid ""
12653
"Next, configure the bridge by editing "
12654
"<filename>/etc/network/interfaces</filename>:"
12655
msgstr ""
12656
12657
#: serverguide/C/network-config.xml:530(programlisting)
12658
#, no-wrap
12659
msgid ""
12660
"\n"
12661
"auto lo\n"
12662
"iface lo inet loopback\n"
12663
"\n"
12664
"auto br0\n"
12665
"iface br0 inet static\n"
12666
" address 192.168.0.10\n"
12667
" network 192.168.0.0\n"
12668
" netmask 255.255.255.0\n"
12669
" broadcast 192.168.0.255\n"
12670
" gateway 192.168.0.1\n"
12671
" bridge_ports eth0\n"
12672
" bridge_fd 9\n"
12673
" bridge_hello 2\n"
12674
" bridge_maxage 12\n"
12675
" bridge_stp off\n"
12676
msgstr ""
12677
12678
#: serverguide/C/network-config.xml:549(para)
12679
msgid "Enter the appropriate values for your physical interface and network."
12680
msgstr ""
12681
12682
#: serverguide/C/network-config.xml:554(para)
12683
msgid "Now restart networking to enable the bridge interface:"
12684
msgstr ""
12685
12686
#: serverguide/C/network-config.xml:561(para)
12687
msgid ""
12688
"The new bridge interface should now be up and running. The "
12689
"<application>brctl</application> provides useful information about the state "
12690
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12691
"<command>man brctl</command> for more information."
12692
msgstr ""
12693
12694
#: serverguide/C/network-config.xml:577(para)
12695
msgid ""
12696
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12697
"Network page</ulink> has links to articles covering more advanced network "
12698
"configuration."
12699
msgstr ""
12700
12701
#: serverguide/C/network-config.xml:583(para)
12702
msgid ""
12703
"The <ulink "
12704
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12705
"\">interfaces man page</ulink> has details on more options for "
12706
"<filename>/etc/network/interfaces</filename>."
12707
msgstr ""
12708
12709
#: serverguide/C/network-config.xml:589(para)
12710
msgid ""
12711
"The <ulink "
12712
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12713
"dhclient man page</ulink> has details on more options for configuring DHCP "
12714
"client settings."
12715
msgstr ""
12716
12717
#: serverguide/C/network-config.xml:595(para)
12718
msgid ""
12719
"For more information on DNS client configuration see the <ulink "
12720
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12721
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12722
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12723
"Administrator's Guide</ulink> is a good source of resolver and name service "
12724
"configuration information."
12725
msgstr ""
12726
12727
#: serverguide/C/network-config.xml:603(para)
12728
msgid ""
12729
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12730
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12731
"tl man page</ulink> and the Linux Foundation's <ulink "
12732
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12733
msgstr ""
12734
12735
#: serverguide/C/network-config.xml:614(title)
12736
msgid "TCP/IP"
12737
msgstr ""
12738
12739
#: serverguide/C/network-config.xml:615(para)
12740
msgid ""
12741
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12742
"standard set of protocols developed in the late 1970s by the Defense "
12743
"Advanced Research Projects Agency (DARPA) as a means of communication "
12744
"between different types of computers and computer networks. TCP/IP is the "
12745
"driving force of the Internet, and thus it is the most popular set of "
12746
"network protocols on Earth."
12747
msgstr ""
12748
12749
#: serverguide/C/network-config.xml:623(title)
12750
msgid "TCP/IP Introduction"
12751
msgstr ""
12752
12753
#: serverguide/C/network-config.xml:624(para)
12754
msgid ""
12755
"The two protocol components of TCP/IP deal with different aspects of "
12756
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12757
"TCP/IP is a connectionless protocol which deals only with network packet "
12758
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12759
"basic unit of networking information. The IP Datagram consists of a header "
12760
"followed by a message. The <emphasis> Transmission Control "
12761
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12762
"establish connections which may be used to exchange data streams. TCP also "
12763
"guarantees that the data between connections is delivered and that it "
12764
"arrives at one network host in the same order as sent from another network "
12765
"host."
12766
msgstr ""
12767
12768
#: serverguide/C/network-config.xml:637(title)
12769
msgid "TCP/IP Configuration"
12770
msgstr ""
12771
12772
#: serverguide/C/network-config.xml:638(para)
12773
msgid ""
12774
"The TCP/IP protocol configuration consists of several elements which must be "
12775
"set by editing the appropriate configuration files, or deploying solutions "
12776
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12777
"can be configured to provide the proper TCP/IP configuration settings to "
12778
"network clients automatically. These configuration values must be set "
12779
"correctly in order to facilitate the proper network operation of your Ubuntu "
12780
"system."
12781
msgstr ""
12782
12783
#: serverguide/C/network-config.xml:650(para)
12784
msgid ""
12785
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12786
"identifying string expressed as four decimal numbers ranging from zero (0) "
12787
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12788
"four numbers representing eight (8) bits of the address for a total length "
12789
"of thirty-two (32) bits for the whole address. This format is called "
12790
"<emphasis>dotted quad notation</emphasis>."
12791
msgstr ""
12792
12793
#: serverguide/C/network-config.xml:660(para)
12794
msgid ""
12795
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12796
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12797
"separate the portions of an IP address significant to the network from the "
12798
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12799
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12800
"three bytes of the IP address and allows the last byte of the IP address to "
12801
"remain available for specifying hosts on the subnetwork."
12802
msgstr ""
12803
12804
#: serverguide/C/network-config.xml:671(para)
12805
msgid ""
12806
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12807
"represents the bytes comprising the network portion of an IP address. For "
12808
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12809
"network address, where twelve (12) represents the first byte of the IP "
12810
"address, (the network part) and zeroes (0) in all of the remaining three "
12811
"bytes to represent the potential host values. A network host using the "
12812
"private IP address 192.168.1.100 would in turn use a Network Address of "
12813
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12814
"network and a zero (0) for all the possible hosts on the network."
12815
msgstr ""
12816
12817
#: serverguide/C/network-config.xml:684(para)
12818
msgid ""
12819
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12820
"is an IP address which allows network data to be sent simultaneously to all "
12821
"hosts on a given subnetwork rather than specifying a particular host. The "
12822
"standard general broadcast address for IP networks is 255.255.255.255, but "
12823
"this broadcast address cannot be used to send a broadcast message to every "
12824
"host on the Internet because routers block it. A more appropriate broadcast "
12825
"address is set to match a specific subnetwork. For example, on the private "
12826
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12827
"Broadcast messages are typically produced by network protocols such as the "
12828
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12829
msgstr ""
12830
12831
#: serverguide/C/network-config.xml:697(para)
12832
msgid ""
12833
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12834
"IP address through which a particular network, or host on a network, may be "
12835
"reached. If one network host wishes to communicate with another network "
12836
"host, and that host is not located on the same network, then a "
12837
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12838
"Address will be that of a router on the same network, which will in turn "
12839
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12840
"value of the Gateway Address setting must be correct, or your system will "
12841
"not be able to reach any hosts beyond those on the same network."
12842
msgstr ""
12843
12844
#: serverguide/C/network-config.xml:708(para)
12845
msgid ""
12846
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12847
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12848
"resolve network hostnames into IP addresses. There are three levels of "
12849
"Nameserver Addresses, which may be specified in order of precedence: The "
12850
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12851
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12852
"your system to be able to resolve network hostnames into their corresponding "
12853
"IP addresses, you must specify valid Nameserver Addresses which you are "
12854
"authorized to use in your system's TCP/IP configuration. In many cases these "
12855
"addresses can and will be provided by your network service provider, but "
12856
"many free and publicly accessible nameservers are available for use, such as "
12857
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12858
msgstr ""
12859
12860
#: serverguide/C/network-config.xml:722(para)
12861
msgid ""
12862
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12863
"Address are typically specified via the appropriate directives in the file "
12864
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12865
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12866
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12867
"system manual page for <filename>interfaces</filename> or "
12868
"<filename>resolv.conf</filename> respectively, with the following commands "
12869
"typed at a terminal prompt:"
12870
msgstr ""
12871
12872
#: serverguide/C/network-config.xml:729(para)
12873
msgid ""
12874
"Access the system manual page for <filename>interfaces</filename> with the "
12875
"following command:"
12876
msgstr ""
12877
12878
#: serverguide/C/network-config.xml:734(command)
12879
msgid "man interfaces"
12880
msgstr ""
12881
12882
#: serverguide/C/network-config.xml:737(para)
12883
msgid ""
12884
"Access the system manual page for <filename>resolv.conf</filename> with the "
12885
"following command:"
12886
msgstr ""
12887
12888
#: serverguide/C/network-config.xml:741(command)
12889
msgid "man resolv.conf"
12890
msgstr ""
12891
12892
#: serverguide/C/network-config.xml:646(para)
12893
msgid ""
12894
"The common configuration elements of TCP/IP and their purposes are as "
12895
"follows: <placeholder-1/>"
12896
msgstr ""
12897
12898
#: serverguide/C/network-config.xml:748(title)
12899
msgid "IP Routing"
12900
msgstr ""
12901
12902
#: serverguide/C/network-config.xml:749(para)
12903
msgid ""
12904
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12905
"network along which network data may be sent. Routing uses a set of "
12906
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12907
"packets from their source to the destination, often via many intermediary "
12908
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12909
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12910
"<emphasis>Dynamic Routing.</emphasis>"
12911
msgstr ""
12912
12913
#: serverguide/C/network-config.xml:758(para)
12914
msgid ""
12915
"Static routing involves manually adding IP routes to the system's routing "
12916
"table, and this is usually done by manipulating the routing table with the "
12917
"<application>route</application> command. Static routing enjoys many "
12918
"advantages over dynamic routing, such as simplicity of implementation on "
12919
"smaller networks, predictability (the routing table is always computed in "
12920
"advance, and thus the route is precisely the same each time it is used), and "
12921
"low overhead on other routers and network links due to the lack of a dynamic "
12922
"routing protocol. However, static routing does present some disadvantages as "
12923
"well. For example, static routing is limited to small networks and does not "
12924
"scale well. Static routing also fails completely to adapt to network outages "
12925
"and failures along the route due to the fixed nature of the route."
12926
msgstr ""
12927
12928
#: serverguide/C/network-config.xml:768(para)
12929
msgid ""
12930
"Dynamic routing depends on large networks with multiple possible IP routes "
12931
"from a source to a destination and makes use of special routing protocols, "
12932
"such as the Router Information Protocol (RIP), which handle the automatic "
12933
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12934
"routing has several advantages over static routing, such as superior "
12935
"scalability and the ability to adapt to failures and outages along network "
12936
"routes. Additionally, there is less manual configuration of the routing "
12937
"tables, since routers learn from one another about their existence and "
12938
"available routes. This trait also eliminates the possibility of introducing "
12939
"mistakes in the routing tables via human error. Dynamic routing is not "
12940
"perfect, however, and presents disadvantages such as heightened complexity "
12941
"and additional network overhead from router communications, which does not "
12942
"immediately benefit the end users, but still consumes network bandwidth."
12943
msgstr ""
12944
12945
#: serverguide/C/network-config.xml:782(title)
12946
msgid "TCP and UDP"
12947
msgstr ""
12948
12949
#: serverguide/C/network-config.xml:783(para)
12950
msgid ""
12951
"TCP is a connection-based protocol, offering error correction and guaranteed "
12952
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12953
"Flow control determines when the flow of a data stream needs to be stopped, "
12954
"and previously sent data packets should to be re-sent due to problems such "
12955
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12956
"accurate delivery of the data. TCP is typically used in the exchange of "
12957
"important information such as database transactions."
12958
msgstr ""
12959
12960
#: serverguide/C/network-config.xml:791(para)
12961
msgid ""
12962
"The User Datagram Protocol (UDP), on the other hand, is a "
12963
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12964
"transmission of important data because it lacks flow control or any other "
12965
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12966
"applications as audio and video streaming, where it is considerably faster "
12967
"than TCP due to the lack of error correction and flow control, and where the "
12968
"loss of a few packets is not generally catastrophic."
12969
msgstr ""
12970
12971
#: serverguide/C/network-config.xml:801(title)
12972
msgid "ICMP"
12973
msgstr ""
12974
12975
#: serverguide/C/network-config.xml:802(para)
12976
msgid ""
12977
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12978
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12979
"supports network packets containing control, error, and informational "
12980
"messages. ICMP is used by such network applications as the "
12981
"<application>ping</application> utility, which can determine the "
12982
"availability of a network host or device. Examples of some error messages "
12983
"returned by ICMP which are useful to both network hosts and devices such as "
12984
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12985
"<emphasis>Time Exceeded</emphasis>."
12986
msgstr ""
12987
12988
#: serverguide/C/network-config.xml:812(title)
12989
msgid "Daemons"
12990
msgstr ""
12991
12992
#: serverguide/C/network-config.xml:813(para)
12993
msgid ""
12994
"Daemons are special system applications which typically execute continuously "
12995
"in the background and await requests for the functions they provide from "
12996
"other applications. Many daemons are network-centric; that is, a large "
12997
"number of daemons executing in the background on an Ubuntu system may "
12998
"provide network-related functionality. Some examples of such network daemons "
12999
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
13000
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
13001
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
13002
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
13003
"Daemon</emphasis> (imapd), which provides E-Mail services."
13004
msgstr ""
13005
13006
#: serverguide/C/network-config.xml:828(para)
13007
msgid ""
13008
"There are man pages for <ulink "
13009
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
13010
"ulink> and <ulink "
13011
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
13012
"> that contain more useful information."
13013
msgstr ""
13014
13015
#: serverguide/C/network-config.xml:834(para)
13016
msgid ""
13017
"Also, see the <ulink "
13018
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13019
"and Technical Overview</ulink> IBM Redbook."
13020
msgstr ""
13021
13022
#: serverguide/C/network-config.xml:840(para)
13023
msgid ""
13024
"Another resource is O'Reilly's <ulink "
13025
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13026
"Administration</ulink>."
13027
msgstr ""
13028
13029
#: serverguide/C/network-config.xml:849(title)
13030
msgid "Dynamic Host Configuration Protocol (DHCP)"
13031
msgstr ""
13032
13033
#: serverguide/C/network-config.xml:850(para)
13034
msgid ""
13035
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13036
"enables host computers to be automatically assigned settings from a server "
13037
"as opposed to manually configuring each network host. Computers configured "
13038
"to be DHCP clients have no control over the settings they receive from the "
13039
"DHCP server, and the configuration is transparent to the computer's user."
13040
msgstr ""
13041
13042
#: serverguide/C/network-config.xml:857(para)
13043
msgid ""
13044
"The most common settings provided by a DHCP server to DHCP clients include:"
13045
msgstr ""
13046
13047
#: serverguide/C/network-config.xml:862(para)
13048
msgid "IP-Address and Netmask"
13049
msgstr ""
13050
13051
#: serverguide/C/network-config.xml:865(para)
13052
msgid "DNS"
13053
msgstr ""
13054
13055
#: serverguide/C/network-config.xml:868(para)
13056
msgid "WINS"
13057
msgstr ""
13058
13059
#: serverguide/C/network-config.xml:871(para)
13060
msgid ""
13061
"However, a DHCP server can also supply configuration properties such as:"
13062
msgstr ""
13063
13064
#: serverguide/C/network-config.xml:876(para)
13065
msgid "Host Name"
13066
msgstr ""
13067
13068
#: serverguide/C/network-config.xml:879(para)
13069
msgid "Domain Name"
13070
msgstr ""
13071
13072
#: serverguide/C/network-config.xml:882(para)
13073
msgid "Default Gateway"
13074
msgstr ""
13075
13076
#: serverguide/C/network-config.xml:885(para)
13077
msgid "Time Server"
13078
msgstr ""
13079
13080
#: serverguide/C/network-config.xml:888(para)
13081
msgid "Print Server"
13082
msgstr ""
13083
13084
#: serverguide/C/network-config.xml:891(para)
13085
msgid ""
13086
"The advantage of using DHCP is that changes to the network, for example a "
13087
"change in the address of the DNS server, need only be changed at the DHCP "
13088
"server, and all network hosts will be reconfigured the next time their DHCP "
13089
"clients poll the DHCP server. As an added advantage, it is also easier to "
13090
"integrate new computers into the network, as there is no need to check for "
13091
"the availability of an IP address. Conflicts in IP address allocation are "
13092
"also reduced."
13093
msgstr ""
13094
13095
#: serverguide/C/network-config.xml:899(para)
13096
msgid "A DHCP server can provide configuration settings using two methods:"
13097
msgstr ""
13098
13099
#: serverguide/C/network-config.xml:904(term)
13100
msgid "MAC Address"
13101
msgstr ""
13102
13103
#: serverguide/C/network-config.xml:906(para)
13104
msgid ""
13105
"This method entails using DHCP to identify the unique hardware address of "
13106
"each network card connected to the network and then continually supplying a "
13107
"constant configuration each time the DHCP client makes a request to the DHCP "
13108
"server using that network device."
13109
msgstr ""
13110
13111
#: serverguide/C/network-config.xml:915(term)
13112
msgid "Address Pool"
13113
msgstr ""
13114
13115
#: serverguide/C/network-config.xml:917(para)
13116
msgid ""
13117
"This method entails defining a pool (sometimes also called a range or scope) "
13118
"of IP addresses from which DHCP clients are supplied their configuration "
13119
"properties dynamically and on a \"first come, first served\" basis. When a "
13120
"DHCP client is no longer on the network for a specified period, the "
13121
"configuration is expired and released back to the address pool for use by "
13122
"other DHCP Clients."
13123
msgstr ""
13124
13125
#: serverguide/C/network-config.xml:928(para)
13126
msgid ""
13127
"Ubuntu is shipped with both DHCP server and client. The server is "
13128
"<application>dhcpd</application> (dynamic host configuration protocol "
13129
"daemon). The client provided with Ubuntu is "
13130
"<application>dhclient</application> and should be installed on all computers "
13131
"required to be automatically configured. Both programs are easy to install "
13132
"and configure and will be automatically started at system boot."
13133
msgstr ""
13134
13135
#: serverguide/C/network-config.xml:938(para)
13136
msgid ""
13137
"At a terminal prompt, enter the following command to install "
13138
"<application>dhcpd</application>:"
13139
msgstr ""
13140
13141
#: serverguide/C/network-config.xml:943(command)
13142
msgid "sudo apt-get install dhcp3-server"
13143
msgstr ""
13144
13145
#: serverguide/C/network-config.xml:945(para)
13146
msgid ""
13147
"You will probably need to change the default configuration by editing "
13148
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
13149
msgstr ""
13150
13151
#: serverguide/C/network-config.xml:949(para)
13152
msgid ""
13153
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
13154
"dhcpd should listen to. By default it listens to eth0."
13155
msgstr ""
13156
13157
#: serverguide/C/network-config.xml:953(para)
13158
msgid ""
13159
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13160
"messages."
13161
msgstr ""
13162
13163
#: serverguide/C/network-config.xml:960(para)
13164
msgid ""
13165
"The error message the installation ends with might be a little confusing, "
13166
"but the following steps will help you configure the service:"
13167
msgstr ""
13168
13169
#: serverguide/C/network-config.xml:964(para)
13170
msgid ""
13171
"Most commonly, what you want to do is assign an IP address randomly. This "
13172
"can be done with settings as follows:"
13173
msgstr ""
13174
13175
#: serverguide/C/network-config.xml:968(programlisting)
13176
#, no-wrap
13177
msgid ""
13178
"\n"
13179
"# Sample /etc/dhcpd.conf\n"
13180
"# (add your comments here) \n"
13181
"default-lease-time 600;\n"
13182
"max-lease-time 7200;\n"
13183
"option subnet-mask 255.255.255.0;\n"
13184
"option broadcast-address 192.168.1.255;\n"
13185
"option routers 192.168.1.254;\n"
13186
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
13187
"option domain-name \"mydomain.example\";\n"
13188
"\n"
13189
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
13190
"range 192.168.1.10 192.168.1.100;\n"
13191
"range 192.168.1.150 192.168.1.200;\n"
13192
"} \n"
13193
msgstr ""
13194
13195
#: serverguide/C/network-config.xml:984(para)
13196
msgid ""
13197
"This will result in the DHCP server giving a client an IP address from the "
13198
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
13199
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
13200
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
13201
"server will also \"advise\" the client that it should use 255.255.255.0 as "
13202
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
13203
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
13204
msgstr ""
13205
13206
#: serverguide/C/network-config.xml:993(para)
13207
msgid ""
13208
"If you need to specify a WINS server for your Windows clients, you will need "
13209
"to include the netbios-name-servers option, e.g."
13210
msgstr ""
13211
13212
#: serverguide/C/network-config.xml:997(programlisting)
13213
#, no-wrap
13214
msgid ""
13215
"\n"
13216
"option netbios-name-servers 192.168.1.1; \n"
13217
msgstr ""
13218
13219
#: serverguide/C/network-config.xml:1000(para)
13220
msgid ""
13221
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
13222
"be found <ulink "
13223
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
13224
msgstr ""
13225
13226
#: serverguide/C/network-config.xml:1010(para)
13227
msgid ""
13228
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13229
"server Ubuntu Wiki</ulink> page has more information."
13230
msgstr ""
13231
13232
#: serverguide/C/network-config.xml:1015(para)
13233
msgid ""
13234
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
13235
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
13236
"\">dhcpd.conf man page</ulink>."
13237
msgstr ""
13238
13239
#: serverguide/C/network-config.xml:1021(para)
13240
msgid ""
13241
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
13242
"FAQ</ulink>"
13243
msgstr ""
13244
13245
#: serverguide/C/network-config.xml:1031(title)
13246
msgid "Time Synchronisation with NTP"
13247
msgstr ""
13248
13249
#: serverguide/C/network-config.xml:1032(para)
13250
msgid ""
13251
"This page describes methods for keeping your computer's time accurate. This "
13252
"is useful for servers, but is not necessary (or desirable) for desktop "
13253
"machines."
13254
msgstr ""
13255
13256
#: serverguide/C/network-config.xml:1035(para)
13257
msgid ""
13258
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13259
"client requests the current time from a server, and uses it to set its own "
13260
"clock."
13261
msgstr ""
13262
13263
#: serverguide/C/network-config.xml:1038(para)
13264
msgid ""
13265
"Behind this simple description, there is a lot of complexity - there are "
13266
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13267
"clocks (often via GPS), and tier two and three servers spreading the load of "
13268
"actually handling requests across the Internet. Also the client software is "
13269
"a lot more complex than you might think - it has to factor out communication "
13270
"delays, and adjust the time in a way that does not upset all the other "
13271
"processes that run on the server. But luckily all that complexity is hidden "
13272
"from you!"
13273
msgstr ""
13274
13275
#: serverguide/C/network-config.xml:1041(para)
13276
msgid ""
13277
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
13278
msgstr ""
13279
13280
#: serverguide/C/network-config.xml:1046(title)
13281
msgid "ntpdate"
13282
msgstr ""
13283
13284
#: serverguide/C/network-config.xml:1047(para)
13285
msgid ""
13286
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13287
"set up your time according to Ubuntu's NTP server. However, a server's clock "
13288
"is likely to drift considerably between reboots, so it makes sense to "
13289
"correct the time occasionally. The easiest way to do this is to get cron to "
13290
"run ntpdate every day. With your favorite editor, as root, create a file "
13291
"<code>/etc/cron.daily/ntpdate</code> containing:"
13292
msgstr ""
13293
13294
#: serverguide/C/network-config.xml:1052(screen)
13295
#, no-wrap
13296
msgid "ntpdate ntp.ubuntu.com\n"
13297
msgstr ""
13298
13299
#: serverguide/C/network-config.xml:1054(para)
13300
msgid ""
13301
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
13302
msgstr ""
13303
13304
#: serverguide/C/network-config.xml:1057(screen)
13305
#, no-wrap
13306
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13307
msgstr ""
13308
13309
#: serverguide/C/network-config.xml:1061(title)
13310
msgid "ntpd"
13311
msgstr ""
13312
13313
#: serverguide/C/network-config.xml:1062(para)
13314
msgid ""
13315
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13316
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13317
"calculates the drift of your system clock and continuously adjusts it, so "
13318
"there are no large corrections that could lead to inconsistent logs for "
13319
"instance. The cost is a little processing power and memory, but for a modern "
13320
"server this is negligible."
13321
msgstr ""
13322
13323
#: serverguide/C/network-config.xml:1065(para)
13324
msgid "To set up ntpd:"
13325
msgstr ""
13326
13327
#: serverguide/C/network-config.xml:1066(screen)
13328
#, no-wrap
13329
msgid "sudo apt-get install ntp\n"
13330
msgstr ""
13331
13332
#: serverguide/C/network-config.xml:1071(title)
13333
msgid "Changing Time Servers"
13334
msgstr ""
13335
13336
#: serverguide/C/network-config.xml:1072(para)
13337
msgid ""
13338
"In both cases above, your system will use Ubuntu's NTP server at "
13339
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13340
"use several servers to increase accuracy and resilience, and you may want to "
13341
"use time servers that are geographically closer to you. to do this for "
13342
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13343
msgstr ""
13344
13345
#: serverguide/C/network-config.xml:1079(screen)
13346
#, no-wrap
13347
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13348
msgstr ""
13349
13350
#: serverguide/C/network-config.xml:1081(para)
13351
msgid ""
13352
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13353
"lines:"
13354
msgstr ""
13355
13356
#: serverguide/C/network-config.xml:1086(screen)
13357
#, no-wrap
13358
msgid ""
13359
"server ntp.ubuntu.com\n"
13360
"server pool.ntp.org\n"
13361
msgstr ""
13362
13363
#: serverguide/C/network-config.xml:1089(para)
13364
msgid ""
13365
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13366
"really good idea which uses round-robin DNS to return an NTP server from a "
13367
"pool, spreading the load between several different servers. Even better, "
13368
"they have pools for different regions - for instance, if you are in New "
13369
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13370
"<code>pool.ntp.org</code> . Look at <ulink "
13371
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13372
"details."
13373
msgstr ""
13374
13375
#: serverguide/C/network-config.xml:1100(para)
13376
msgid ""
13377
"You can also Google for NTP servers in your region, and add these to your "
13378
"configuration. To test that a server works, just type <code>sudo ntpdate "
13379
"ntp.server.name</code> and see what happens."
13380
msgstr ""
13381
13382
#: serverguide/C/network-config.xml:1111(para)
13383
msgid ""
13384
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13385
"Time</ulink> wiki page for more information."
13386
msgstr ""
13387
13388
#: serverguide/C/network-config.xml:1117(ulink)
13389
msgid "NTP Support"
13390
msgstr ""
13391
13392
#: serverguide/C/network-config.xml:1122(ulink)
13393
msgid "The NTP FAQ and HOWTO"
13394
msgstr ""
13395
13396
#: serverguide/C/network-auth.xml:13(title)
13397
msgid "Network Authentication"
13398
msgstr ""
13399
13400
#: serverguide/C/network-auth.xml:15(para)
13401
msgid "This section explains various Network Authentication protocols."
13402
msgstr ""
13403
13404
#: serverguide/C/network-auth.xml:19(title)
13405
msgid "OpenLDAP Server"
13406
msgstr ""
13407
13408
#: serverguide/C/network-auth.xml:20(para)
13409
msgid ""
13410
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13411
"simplified version of the X.500 protocol. The directory setup in this "
13412
"section will be used for authentication. Nevertheless, LDAP can be used in "
13413
"numerous ways: authentication, shared directory (for mail clients), address "
13414
"book, etc."
13415
msgstr ""
13416
13417
#: serverguide/C/network-auth.xml:28(para)
13418
msgid ""
13419
"To describe LDAP quickly, all information is stored in a tree structure. "
13420
"With <application>OpenLDAP</application> you have freedom to determine the "
13421
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13422
"We will begin with a basic tree containing two nodes below the root:"
13423
msgstr ""
13424
13425
#: serverguide/C/network-auth.xml:37(para)
13426
msgid "\"People\" node where your users will be stored"
13427
msgstr ""
13428
13429
#: serverguide/C/network-auth.xml:40(para)
13430
msgid "\"Groups\" node where your groups will be stored"
13431
msgstr ""
13432
13433
#: serverguide/C/network-auth.xml:44(para)
13434
msgid ""
13435
"Before beginning, you should determine what the root of your LDAP directory "
13436
"will be. By default, your tree will be determined by your Fully Qualified "
13437
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13438
"example), your root node will be dc=example,dc=com."
13439
msgstr ""
13440
13441
#: serverguide/C/network-auth.xml:54(para)
13442
msgid ""
13443
"First, install the <application>OpenLDAP</application> server daemon "
13444
"<application>slapd</application> and <application>ldap-utils</application>, "
13445
"a package containing LDAP management utilities:"
13446
msgstr ""
13447
13448
#: serverguide/C/network-auth.xml:60(command)
13449
msgid "sudo apt-get install slapd ldap-utils"
13450
msgstr ""
13451
13452
#: serverguide/C/network-auth.xml:63(para)
13453
msgid ""
13454
"By default <application>slapd</application> is configured with minimal "
13455
"options needed to run the <application>slapd</application> daemon."
13456
msgstr ""
13457
13458
#: serverguide/C/network-auth.xml:68(para)
13459
msgid ""
13460
"The configuration example in the following sections will match the domain "
13461
"name of the server. For example, if the machine's Fully Qualified Domain "
13462
"Name (FQDN) is ldap.example.com, the default suffix will be "
13463
"<emphasis>dc=example,dc=com</emphasis>."
13464
msgstr ""
13465
13466
#: serverguide/C/network-auth.xml:76(title)
13467
msgid "Populating LDAP"
13468
msgstr ""
13469
13470
#: serverguide/C/network-auth.xml:78(para)
13471
msgid ""
13472
"<application>OpenLDAP</application> uses a separate directory which contains "
13473
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13474
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13475
"<application>slapd</application> daemon, allowing the modification of schema "
13476
"definitions, indexes, ACLs, etc without stopping the service."
13477
msgstr ""
13478
13479
#: serverguide/C/network-auth.xml:86(para)
13480
msgid ""
13481
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13482
"configuration and will need additional configuration options in order to "
13483
"populate the frontend directory. The frontend will be populated with a "
13484
"\"classical\" scheme that will be compatible with address book applications "
13485
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13486
"various applications, such as web applications, email Mail Transfer Agent "
13487
"(MTA) applications, etc."
13488
msgstr ""
13489
13490
#: serverguide/C/network-auth.xml:95(para)
13491
msgid ""
13492
"For external applications to authenticate using LDAP they will each need to "
13493
"be specifically configured to do so. Refer to the individual application "
13494
"documentation for details."
13495
msgstr ""
13496
13497
#: serverguide/C/network-auth.xml:103(para)
13498
msgid ""
13499
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13500
"examples to match your LDAP configuration."
13501
msgstr ""
13502
13503
#: serverguide/C/network-auth.xml:108(para)
13504
msgid ""
13505
"First, some additional schema files need to be loaded. In a terminal enter:"
13506
msgstr ""
13507
13508
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13509
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13510
msgstr ""
13511
13512
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13513
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13514
msgstr ""
13515
13516
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13517
msgid ""
13518
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13519
msgstr ""
13520
13521
#: serverguide/C/network-auth.xml:118(para)
13522
msgid ""
13523
"Next, copy the following example LDIF file, naming it "
13524
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13525
msgstr ""
13526
13527
#: serverguide/C/network-auth.xml:123(programlisting)
13528
#, no-wrap
13529
msgid ""
13530
"\n"
13531
"# Load dynamic backend modules\n"
13532
"dn: cn=module,cn=config\n"
13533
"objectClass: olcModuleList\n"
13534
"cn: module\n"
13535
"olcModulepath: /usr/lib/ldap\n"
13536
"olcModuleload: back_hdb\n"
13537
"\n"
13538
"# Database settings\n"
13539
"dn: olcDatabase=hdb,cn=config\n"
13540
"objectClass: olcDatabaseConfig\n"
13541
"objectClass: olcHdbConfig\n"
13542
"olcDatabase: {1}hdb\n"
13543
"olcSuffix: dc=example,dc=com\n"
13544
"olcDbDirectory: /var/lib/ldap\n"
13545
"olcRootDN: cn=admin,dc=example,dc=com\n"
13546
"olcRootPW: secret\n"
13547
"olcDbConfig: set_cachesize 0 2097152 0\n"
13548
"olcDbConfig: set_lk_max_objects 1500\n"
13549
"olcDbConfig: set_lk_max_locks 1500\n"
13550
"olcDbConfig: set_lk_max_lockers 1500\n"
13551
"olcDbIndex: objectClass eq\n"
13552
"olcLastMod: TRUE\n"
13553
"olcDbCheckpoint: 512 30\n"
13554
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13555
"by anonymous auth by self write by * none\n"
13556
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13557
"olcAccess: to dn.base=\"\" by * read\n"
13558
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13559
"\n"
13560
msgstr ""
13561
13562
#: serverguide/C/network-auth.xml:155(para)
13563
msgid ""
13564
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13565
msgstr ""
13566
13567
#: serverguide/C/network-auth.xml:160(para)
13568
msgid "Now add the LDIF to the directory:"
13569
msgstr ""
13570
13571
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13572
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13573
msgstr ""
13574
13575
#: serverguide/C/network-auth.xml:168(para)
13576
msgid ""
13577
"The frontend directory is now ready to be populated. Create a "
13578
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13579
msgstr ""
13580
13581
#: serverguide/C/network-auth.xml:173(programlisting)
13582
#, no-wrap
13583
msgid ""
13584
"\n"
13585
"# Create top-level object in domain\n"
13586
"dn: dc=example,dc=com\n"
13587
"objectClass: top\n"
13588
"objectClass: dcObject\n"
13589
"objectclass: organization\n"
13590
"o: Example Organization\n"
13591
"dc: Example\n"
13592
"description: LDAP Example \n"
13593
"\n"
13594
"# Admin user.\n"
13595
"dn: cn=admin,dc=example,dc=com\n"
13596
"objectClass: simpleSecurityObject\n"
13597
"objectClass: organizationalRole\n"
13598
"cn: admin\n"
13599
"description: LDAP administrator\n"
13600
"userPassword: secret\n"
13601
"\n"
13602
"dn: ou=people,dc=example,dc=com\n"
13603
"objectClass: organizationalUnit\n"
13604
"ou: people\n"
13605
"\n"
13606
"dn: ou=groups,dc=example,dc=com\n"
13607
"objectClass: organizationalUnit\n"
13608
"ou: groups\n"
13609
"\n"
13610
"dn: uid=john,ou=people,dc=example,dc=com\n"
13611
"objectClass: inetOrgPerson\n"
13612
"objectClass: posixAccount\n"
13613
"objectClass: shadowAccount\n"
13614
"uid: john\n"
13615
"sn: Doe\n"
13616
"givenName: John\n"
13617
"cn: John Doe\n"
13618
"displayName: John Doe\n"
13619
"uidNumber: 1000\n"
13620
"gidNumber: 10000\n"
13621
"userPassword: password\n"
13622
"gecos: John Doe\n"
13623
"loginShell: /bin/bash\n"
13624
"homeDirectory: /home/john\n"
13625
"shadowExpire: -1\n"
13626
"shadowFlag: 0\n"
13627
"shadowWarning: 7\n"
13628
"shadowMin: 8\n"
13629
"shadowMax: 999999\n"
13630
"shadowLastChange: 10877\n"
13631
"mail: john.doe@example.com\n"
13632
"postalCode: 31000\n"
13633
"l: Toulouse\n"
13634
"o: Example\n"
13635
"mobile: +33 (0)6 xx xx xx xx\n"
13636
"homePhone: +33 (0)5 xx xx xx xx\n"
13637
"title: System Administrator\n"
13638
"postalAddress: \n"
13639
"initials: JD\n"
13640
"\n"
13641
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13642
"objectClass: posixGroup\n"
13643
"cn: example\n"
13644
"gidNumber: 10000\n"
13645
msgstr ""
13646
13647
#: serverguide/C/network-auth.xml:236(para)
13648
msgid ""
13649
"In this example the directory structure, a user, and a group have been "
13650
"setup. In other examples you might see the <emphasis>objectClass: "
13651
"top</emphasis> added in every entry, but that is the default behaviour so "
13652
"you do not have to add it explicitly."
13653
msgstr ""
13654
13655
#: serverguide/C/network-auth.xml:243(para)
13656
msgid "Add the entries to the LDAP directory:"
13657
msgstr ""
13658
13659
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13660
msgid ""
13661
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13662
msgstr ""
13663
13664
#: serverguide/C/network-auth.xml:252(para)
13665
msgid ""
13666
"We can check that the content has been correctly added with the "
13667
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13668
"directory:"
13669
msgstr ""
13670
13671
#: serverguide/C/network-auth.xml:258(command)
13672
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13673
msgstr ""
13674
13675
#: serverguide/C/network-auth.xml:259(computeroutput)
13676
#, no-wrap
13677
msgid ""
13678
"\n"
13679
"dn: uid=john,ou=people,dc=example,dc=com\n"
13680
"cn: John Doe\n"
13681
"sn: Doe\n"
13682
"givenName: John\n"
13683
msgstr ""
13684
13685
#: serverguide/C/network-auth.xml:267(para)
13686
msgid "Just a quick explanation:"
13687
msgstr ""
13688
13689
#: serverguide/C/network-auth.xml:273(para)
13690
msgid ""
13691
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13692
"the default."
13693
msgstr ""
13694
13695
#: serverguide/C/network-auth.xml:279(para)
13696
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13697
msgstr ""
13698
13699
#: serverguide/C/network-auth.xml:287(title)
13700
msgid "Further Configuration"
13701
msgstr ""
13702
13703
#: serverguide/C/network-auth.xml:290(para)
13704
msgid ""
13705
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13706
"utilities in the <application>ldap-utils</application> package. For example:"
13707
msgstr ""
13708
13709
#: serverguide/C/network-auth.xml:298(para)
13710
msgid ""
13711
"Use <application>ldapsearch</application> to view the tree, entering the "
13712
"admin password set during installation or reconfiguration:"
13713
msgstr ""
13714
13715
#: serverguide/C/network-auth.xml:304(command)
13716
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13717
msgstr ""
13718
13719
#: serverguide/C/network-auth.xml:308(computeroutput)
13720
#, no-wrap
13721
msgid ""
13722
"\n"
13723
"SASL/EXTERNAL authentication started\n"
13724
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13725
"SASL SSF: 0\n"
13726
"dn: cn=config\n"
13727
"\n"
13728
"dn: cn=module{0},cn=config\n"
13729
"\n"
13730
"dn: cn=schema,cn=config\n"
13731
"\n"
13732
"dn: cn={0}core,cn=schema,cn=config\n"
13733
"\n"
13734
"dn: cn={1}cosine,cn=schema,cn=config\n"
13735
"\n"
13736
"dn: cn={2}nis,cn=schema,cn=config\n"
13737
"\n"
13738
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13739
"\n"
13740
"dn: olcDatabase={-1}frontend,cn=config\n"
13741
"\n"
13742
"dn: olcDatabase={0}config,cn=config\n"
13743
"\n"
13744
"dn: olcDatabase={1}hdb,cn=config\n"
13745
msgstr ""
13746
13747
#: serverguide/C/network-auth.xml:334(para)
13748
msgid ""
13749
"The output above is the current configuration options for the "
13750
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13751
msgstr ""
13752
13753
#: serverguide/C/network-auth.xml:342(para)
13754
msgid ""
13755
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13756
"another attribute to the index list using "
13757
"<application>ldapmodify</application>:"
13758
msgstr ""
13759
13760
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13761
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13762
msgstr ""
13763
13764
#: serverguide/C/network-auth.xml:356(userinput)
13765
#, no-wrap
13766
msgid ""
13767
"dn: olcDatabase={1}hdb,cn=config\n"
13768
"add: olcDbIndex\n"
13769
"olcDbIndex: uidNumber eq"
13770
msgstr ""
13771
13772
#: serverguide/C/network-auth.xml:352(computeroutput)
13773
#, no-wrap
13774
msgid ""
13775
"\n"
13776
"SASL/EXTERNAL authentication started\n"
13777
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13778
"SASL SSF: 0\n"
13779
"<placeholder-1/>\n"
13780
"\n"
13781
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13782
msgstr ""
13783
13784
#: serverguide/C/network-auth.xml:364(para)
13785
msgid ""
13786
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13787
"exit the utility."
13788
msgstr ""
13789
13790
#: serverguide/C/network-auth.xml:371(para)
13791
msgid ""
13792
"<application>ldapmodify</application> can also read the changes from a file. "
13793
"Copy and paste the following into a file named "
13794
"<filename>uid_index.ldif</filename>:"
13795
msgstr ""
13796
13797
#: serverguide/C/network-auth.xml:376(programlisting)
13798
#, no-wrap
13799
msgid ""
13800
"\n"
13801
"dn: olcDatabase={1}hdb,cn=config\n"
13802
"add: olcDbIndex\n"
13803
"olcDbIndex: uid eq,pres,sub\n"
13804
msgstr ""
13805
13806
#: serverguide/C/network-auth.xml:382(para)
13807
msgid "Then execute <application>ldapmodify</application>:"
13808
msgstr ""
13809
13810
#: serverguide/C/network-auth.xml:387(command)
13811
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13812
msgstr ""
13813
13814
#: serverguide/C/network-auth.xml:391(computeroutput)
13815
#, no-wrap
13816
msgid ""
13817
"\n"
13818
"SASL/EXTERNAL authentication started\n"
13819
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13820
"SASL SSF: 0\n"
13821
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13822
msgstr ""
13823
13824
#: serverguide/C/network-auth.xml:399(para)
13825
msgid "The file method is very useful for large changes."
13826
msgstr ""
13827
13828
#: serverguide/C/network-auth.xml:406(para)
13829
msgid ""
13830
"Adding additional <emphasis>schemas</emphasis> to "
13831
"<application>slapd</application> requires the schema to be converted to LDIF "
13832
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13833
"directory contains some schema files already converted to LDIF format as "
13834
"demonstrated in the previous section. Fortunately, the "
13835
"<application>slapd</application> program can be used to automate the "
13836
"conversion. The following example will add the "
13837
"<emphasis>dyngroup.schema</emphasis>:"
13838
msgstr ""
13839
13840
#: serverguide/C/network-auth.xml:416(para)
13841
msgid ""
13842
"First, create a conversion <filename>schema_convert.conf</filename> file "
13843
"containing the following lines:"
13844
msgstr ""
13845
13846
#: serverguide/C/network-auth.xml:421(programlisting)
13847
#, no-wrap
13848
msgid ""
13849
"\n"
13850
"include /etc/ldap/schema/core.schema\n"
13851
"include /etc/ldap/schema/collective.schema\n"
13852
"include /etc/ldap/schema/corba.schema\n"
13853
"include /etc/ldap/schema/cosine.schema\n"
13854
"include /etc/ldap/schema/duaconf.schema\n"
13855
"include /etc/ldap/schema/dyngroup.schema\n"
13856
"include /etc/ldap/schema/inetorgperson.schema\n"
13857
"include /etc/ldap/schema/java.schema\n"
13858
"include /etc/ldap/schema/misc.schema\n"
13859
"include /etc/ldap/schema/nis.schema\n"
13860
"include /etc/ldap/schema/openldap.schema\n"
13861
"include /etc/ldap/schema/ppolicy.schema\n"
13862
msgstr ""
13863
13864
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13865
msgid "Next, create a temporary directory to hold the output:"
13866
msgstr ""
13867
13868
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13869
msgid "mkdir /tmp/ldif_output"
13870
msgstr ""
13871
13872
#: serverguide/C/network-auth.xml:450(para)
13873
msgid ""
13874
"Now using <application>slapcat</application> convert the schema files to "
13875
"LDIF:"
13876
msgstr ""
13877
13878
#: serverguide/C/network-auth.xml:455(command)
13879
msgid ""
13880
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13881
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13882
msgstr ""
13883
13884
#: serverguide/C/network-auth.xml:458(para)
13885
msgid ""
13886
"Adjust the configuration file name and temporary directory names if yours "
13887
"are different. Also, it may be worthwhile to keep the "
13888
"<filename>ldif_output</filename> directory around in case you want to add "
13889
"additional schemas in the future."
13890
msgstr ""
13891
13892
#: serverguide/C/network-auth.xml:467(para)
13893
msgid ""
13894
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13895
"following attributes:"
13896
msgstr ""
13897
13898
#: serverguide/C/network-auth.xml:471(programlisting)
13899
#, no-wrap
13900
msgid ""
13901
"\n"
13902
"dn: cn=dyngroup,cn=schema,cn=config\n"
13903
"...\n"
13904
"cn: dyngroup\n"
13905
msgstr ""
13906
13907
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13908
msgid "And remove the following lines from the bottom of the file:"
13909
msgstr ""
13910
13911
#: serverguide/C/network-auth.xml:481(programlisting)
13912
#, no-wrap
13913
msgid ""
13914
"\n"
13915
"structuralObjectClass: olcSchemaConfig\n"
13916
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13917
"creatorsName: cn=config\n"
13918
"createTimestamp: 20080826021140Z\n"
13919
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13920
"modifiersName: cn=config\n"
13921
"modifyTimestamp: 20080826021140Z\n"
13922
msgstr ""
13923
13924
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13925
msgid ""
13926
"The attribute values will vary, just be sure the attributes are removed."
13927
msgstr ""
13928
13929
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13930
msgid ""
13931
"Finally, using the <application>ldapadd</application> utility, add the new "
13932
"schema to the directory:"
13933
msgstr ""
13934
13935
#: serverguide/C/network-auth.xml:506(command)
13936
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13937
msgstr ""
13938
13939
#: serverguide/C/network-auth.xml:512(para)
13940
msgid ""
13941
"There should now be a <emphasis>dn: "
13942
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13943
msgstr ""
13944
13945
#: serverguide/C/network-auth.xml:522(title)
13946
msgid "LDAP Replication"
13947
msgstr ""
13948
13949
#: serverguide/C/network-auth.xml:524(para)
13950
msgid ""
13951
"LDAP often quickly becomes a highly critical service to the network. "
13952
"Multiple systems will come to depend on LDAP for authentication, "
13953
"authorization, configuration, etc. It is a good idea to setup a redundant "
13954
"system through replication."
13955
msgstr ""
13956
13957
#: serverguide/C/network-auth.xml:530(para)
13958
msgid ""
13959
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13960
"Syncrepl allows the changes to be synced using a "
13961
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13962
"provider sends directory changes to consumers."
13963
msgstr ""
13964
13965
#: serverguide/C/network-auth.xml:537(title)
13966
msgid "Provider Configuration"
13967
msgstr ""
13968
13969
#: serverguide/C/network-auth.xml:539(para)
13970
msgid ""
13971
"The following is an example of a <emphasis>Single-Master</emphasis> "
13972
"configuration. In this configuration one OpenLDAP server is configured as a "
13973
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13974
msgstr ""
13975
13976
#: serverguide/C/network-auth.xml:547(para)
13977
msgid ""
13978
"First, configure the provider server. Copy the following to a file named "
13979
"<filename>provider_sync.ldif</filename>:"
13980
msgstr ""
13981
13982
#: serverguide/C/network-auth.xml:552(programlisting)
13983
#, no-wrap
13984
msgid ""
13985
"\n"
13986
"# Add indexes to the frontend db.\n"
13987
"dn: olcDatabase={1}hdb,cn=config\n"
13988
"changetype: modify\n"
13989
"add: olcDbIndex\n"
13990
"olcDbIndex: entryCSN eq\n"
13991
"-\n"
13992
"add: olcDbIndex\n"
13993
"olcDbIndex: entryUUID eq\n"
13994
"\n"
13995
"#Load the syncprov and accesslog modules.\n"
13996
"dn: cn=module{0},cn=config\n"
13997
"changetype: modify\n"
13998
"add: olcModuleLoad\n"
13999
"olcModuleLoad: syncprov\n"
14000
"-\n"
14001
"add: olcModuleLoad\n"
14002
"olcModuleLoad: accesslog\n"
14003
"\n"
14004
"# Accesslog database definitions\n"
14005
"dn: olcDatabase={2}hdb,cn=config\n"
14006
"objectClass: olcDatabaseConfig\n"
14007
"objectClass: olcHdbConfig\n"
14008
"olcDatabase: {2}hdb\n"
14009
"olcDbDirectory: /var/lib/ldap/accesslog\n"
14010
"olcSuffix: cn=accesslog\n"
14011
"olcRootDN: cn=admin,dc=example,dc=com\n"
14012
"olcDbIndex: default eq\n"
14013
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
14014
"\n"
14015
"# Accesslog db syncprov.\n"
14016
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
14017
"changetype: add\n"
14018
"objectClass: olcOverlayConfig\n"
14019
"objectClass: olcSyncProvConfig\n"
14020
"olcOverlay: syncprov\n"
14021
"olcSpNoPresent: TRUE\n"
14022
"olcSpReloadHint: TRUE\n"
14023
"\n"
14024
"# syncrepl Provider for primary db\n"
14025
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
14026
"changetype: add\n"
14027
"objectClass: olcOverlayConfig\n"
14028
"objectClass: olcSyncProvConfig\n"
14029
"olcOverlay: syncprov\n"
14030
"olcSpNoPresent: TRUE\n"
14031
"\n"
14032
"# accesslog overlay definitions for primary db\n"
14033
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
14034
"objectClass: olcOverlayConfig\n"
14035
"objectClass: olcAccessLogConfig\n"
14036
"olcOverlay: accesslog\n"
14037
"olcAccessLogDB: cn=accesslog\n"
14038
"olcAccessLogOps: writes\n"
14039
"olcAccessLogSuccess: TRUE\n"
14040
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
14041
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14042
msgstr ""
14043
14044
#: serverguide/C/network-auth.xml:614(para)
14045
msgid ""
14046
"The <application>AppArmor</application> profile for "
14047
"<application>slapd</application> will need to be adjusted for the accesslog "
14048
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
14049
"adding:"
14050
msgstr ""
14051
14052
#: serverguide/C/network-auth.xml:619(programlisting)
14053
#, no-wrap
14054
msgid ""
14055
"\n"
14056
" /var/lib/ldap/accesslog/ r,\n"
14057
" /var/lib/ldap/accesslog/** rwk,\n"
14058
msgstr ""
14059
14060
#: serverguide/C/network-auth.xml:624(para)
14061
msgid ""
14062
"Then create the directory, reload the <application>apparmor</application> "
14063
"profile, and copy the <filename>DB_CONFIG</filename> file:"
14064
msgstr ""
14065
14066
#: serverguide/C/network-auth.xml:630(command)
14067
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14068
msgstr ""
14069
14070
#: serverguide/C/network-auth.xml:631(command)
14071
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
14072
msgstr ""
14073
14074
#: serverguide/C/network-auth.xml:636(para)
14075
msgid ""
14076
"Using the <emphasis>-u openldap</emphasis> option with the "
14077
"<application>sudo</application> commands above removes the need to adjust "
14078
"permissions for the new directory later."
14079
msgstr ""
14080
14081
#: serverguide/C/network-auth.xml:645(para)
14082
msgid ""
14083
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
14084
"directory:"
14085
msgstr ""
14086
14087
#: serverguide/C/network-auth.xml:649(programlisting)
14088
#, no-wrap
14089
msgid ""
14090
"\n"
14091
"olcRootDN: cn=admin,dc=example,dc=com\n"
14092
msgstr ""
14093
14094
#: serverguide/C/network-auth.xml:657(para)
14095
msgid ""
14096
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
14097
msgstr ""
14098
14099
#: serverguide/C/network-auth.xml:662(command)
14100
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14101
msgstr ""
14102
14103
#: serverguide/C/network-auth.xml:669(para)
14104
msgid "Restart <application>slapd</application>:"
14105
msgstr ""
14106
14107
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
14108
msgid "sudo /etc/init.d/slapd restart"
14109
msgstr ""
14110
14111
#: serverguide/C/network-auth.xml:680(para)
14112
msgid ""
14113
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
14114
"to configure a <emphasis>Consumer</emphasis> server."
14115
msgstr ""
14116
14117
#: serverguide/C/network-auth.xml:687(title)
14118
msgid "Consumer Configuration"
14119
msgstr ""
14120
14121
#: serverguide/C/network-auth.xml:692(para)
14122
msgid ""
14123
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
14124
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
14125
"configuration steps."
14126
msgstr ""
14127
14128
#: serverguide/C/network-auth.xml:697(para)
14129
msgid "Add the additional schema files:"
14130
msgstr ""
14131
14132
#: serverguide/C/network-auth.xml:707(para)
14133
msgid ""
14134
"Also, create, or copy from the provider server, the "
14135
"<filename>backend.example.com.ldif</filename>"
14136
msgstr ""
14137
14138
#: serverguide/C/network-auth.xml:711(programlisting)
14139
#, no-wrap
14140
msgid ""
14141
"\n"
14142
"# Load dynamic backend modules\n"
14143
"dn: cn=module,cn=config\n"
14144
"objectClass: olcModuleList\n"
14145
"cn: module\n"
14146
"olcModulepath: /usr/lib/ldap\n"
14147
"olcModuleload: back_hdb\n"
14148
"\n"
14149
"# Database settings\n"
14150
"dn: olcDatabase=hdb,cn=config\n"
14151
"objectClass: olcDatabaseConfig\n"
14152
"objectClass: olcHdbConfig\n"
14153
"olcDatabase: {1}hdb\n"
14154
"olcSuffix: dc=example,dc=com\n"
14155
"olcDbDirectory: /var/lib/ldap\n"
14156
"olcRootDN: cn=admin,dc=example,dc=com\n"
14157
"olcRootPW: secret\n"
14158
"olcDbConfig: set_cachesize 0 2097152 0\n"
14159
"olcDbConfig: set_lk_max_objects 1500\n"
14160
"olcDbConfig: set_lk_max_locks 1500\n"
14161
"olcDbConfig: set_lk_max_lockers 1500\n"
14162
"olcDbIndex: objectClass eq\n"
14163
"olcLastMod: TRUE\n"
14164
"olcDbCheckpoint: 512 30\n"
14165
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14166
"by anonymous auth by self write by * none\n"
14167
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14168
"olcAccess: to dn.base=\"\" by * read\n"
14169
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14170
msgstr ""
14171
14172
#: serverguide/C/network-auth.xml:741(para)
14173
msgid "And add the LDIF by entering:"
14174
msgstr ""
14175
14176
#: serverguide/C/network-auth.xml:752(para)
14177
msgid ""
14178
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
14179
"listed above, and add it:"
14180
msgstr ""
14181
14182
#: serverguide/C/network-auth.xml:760(para)
14183
msgid ""
14184
"The two severs should now have the same configuration except for the "
14185
"<emphasis>Syncrepl</emphasis> options."
14186
msgstr ""
14187
14188
#: serverguide/C/network-auth.xml:768(para)
14189
msgid ""
14190
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
14191
msgstr ""
14192
14193
#: serverguide/C/network-auth.xml:772(programlisting)
14194
#, no-wrap
14195
msgid ""
14196
"\n"
14197
"#Load the syncprov module.\n"
14198
"dn: cn=module{0},cn=config\n"
14199
"changetype: modify\n"
14200
"add: olcModuleLoad\n"
14201
"olcModuleLoad: syncprov\n"
14202
"\n"
14203
"# syncrepl specific indices\n"
14204
"dn: olcDatabase={1}hdb,cn=config\n"
14205
"changetype: modify\n"
14206
"add: olcDbIndex\n"
14207
"olcDbIndex: entryUUID eq\n"
14208
"-\n"
14209
"add: olcSyncRepl\n"
14210
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14211
"binddn=\"cn=admin,dc=example,dc=com\" \n"
14212
" credentials=secret searchbase=\"dc=example,dc=com\" "
14213
"logbase=\"cn=accesslog\" \n"
14214
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
14215
"schemachecking=on \n"
14216
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
14217
"-\n"
14218
"add: olcUpdateRef\n"
14219
"olcUpdateRef: ldap://ldap01.example.com\n"
14220
msgstr ""
14221
14222
#: serverguide/C/network-auth.xml:795(para)
14223
msgid "You will probably want to change the following attributes:"
14224
msgstr ""
14225
14226
#: serverguide/C/network-auth.xml:800(para)
14227
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
14228
msgstr ""
14229
14230
#: serverguide/C/network-auth.xml:801(emphasis)
14231
msgid "binddn"
14232
msgstr ""
14233
14234
#: serverguide/C/network-auth.xml:802(emphasis)
14235
msgid "credentials"
14236
msgstr ""
14237
14238
#: serverguide/C/network-auth.xml:803(emphasis)
14239
msgid "searchbase"
14240
msgstr ""
14241
14242
#: serverguide/C/network-auth.xml:804(emphasis)
14243
msgid "olcUpdateRef:"
14244
msgstr ""
14245
14246
#: serverguide/C/network-auth.xml:810(para)
14247
msgid "Add the LDIF file to the configuration tree:"
14248
msgstr ""
14249
14250
#: serverguide/C/network-auth.xml:815(command)
14251
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14252
msgstr ""
14253
14254
#: serverguide/C/network-auth.xml:821(para)
14255
msgid ""
14256
"The frontend database should now sync between servers. You can add "
14257
"additional servers using the steps above as the need arises."
14258
msgstr ""
14259
14260
#: serverguide/C/network-auth.xml:831(programlisting)
14261
#, no-wrap
14262
msgid "127.0.0.1\tldap01.example.com ldap01"
14263
msgstr ""
14264
14265
#: serverguide/C/network-auth.xml:827(para)
14266
msgid ""
14267
"The <application>slapd</application> daemon will send log information to "
14268
"<filename>/var/log/syslog</filename> by default. So if all does "
14269
"<emphasis>not</emphasis> go well check there for errors and other "
14270
"troubleshooting information. Also, be sure that each server knows it's Fully "
14271
"Qualified Domain Name (FQDN). This is configured in "
14272
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
14273
msgstr ""
14274
14275
#: serverguide/C/network-auth.xml:839(title)
14276
msgid "Setting up ACL"
14277
msgstr ""
14278
14279
#: serverguide/C/network-auth.xml:841(para)
14280
msgid ""
14281
"Authentication requires access to the password field, that should be not "
14282
"accessible by default. Also, in order for users to change their own "
14283
"password, using <command>passwd</command> or other utilities, "
14284
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
14285
"authenticated."
14286
msgstr ""
14287
14288
#: serverguide/C/network-auth.xml:848(para)
14289
msgid ""
14290
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
14291
"tree, use the <application>ldapsearch</application> utility:"
14292
msgstr ""
14293
14294
#: serverguide/C/network-auth.xml:854(command)
14295
msgid ""
14296
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14297
"olcDatabase=config olcAccess"
14298
msgstr ""
14299
14300
#: serverguide/C/network-auth.xml:858(computeroutput)
14301
#, no-wrap
14302
msgid ""
14303
"SASL/EXTERNAL authentication started\n"
14304
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14305
"SASL SSF: 0\n"
14306
"dn: olcDatabase={0}config,cn=config\n"
14307
"olcAccess: {0}to * by "
14308
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
14309
" ,cn=auth manage by * break\n"
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:867(para)
14313
msgid "To see the ACL for the frontend tree enter:"
14314
msgstr ""
14315
14316
#: serverguide/C/network-auth.xml:872(command)
14317
msgid ""
14318
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14319
"olcDatabase={1}hdb olcAccess"
14320
msgstr ""
14321
14322
#: serverguide/C/network-auth.xml:878(title)
14323
msgid "TLS and SSL"
14324
msgstr ""
14325
14326
#: serverguide/C/network-auth.xml:880(para)
14327
msgid ""
14328
"When authenticating to an OpenLDAP server it is best to do so using an "
14329
"encrypted session. This can be accomplished using Transport Layer Security "
14330
"(TLS) and/or Secure Sockets Layer (SSL)."
14331
msgstr ""
14332
14333
#: serverguide/C/network-auth.xml:885(para)
14334
msgid ""
14335
"The first step in the process is to obtain or create a "
14336
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14337
"is compiled using the <application>gnutls</application> library, the "
14338
"<application>certtool</application> utility will be used to create "
14339
"certificates."
14340
msgstr ""
14341
14342
#: serverguide/C/network-auth.xml:894(para)
14343
msgid ""
14344
"First, install <application>gnutls-bin</application> by entering the "
14345
"following in a terminal:"
14346
msgstr ""
14347
14348
#: serverguide/C/network-auth.xml:899(command)
14349
msgid "sudo apt-get install gnutls-bin"
14350
msgstr ""
14351
14352
#: serverguide/C/network-auth.xml:905(para)
14353
msgid ""
14354
"Next, create a private key for the <emphasis>Certificate "
14355
"Authority</emphasis> (CA):"
14356
msgstr ""
14357
14358
#: serverguide/C/network-auth.xml:910(command)
14359
msgid ""
14360
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14361
msgstr ""
14362
14363
#: serverguide/C/network-auth.xml:916(para)
14364
msgid ""
14365
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14366
"CA certificate containing:"
14367
msgstr ""
14368
14369
#: serverguide/C/network-auth.xml:920(programlisting)
14370
#, no-wrap
14371
msgid ""
14372
"\n"
14373
"cn = Example Company\n"
14374
"ca\n"
14375
"cert_signing_key\n"
14376
msgstr ""
14377
14378
#: serverguide/C/network-auth.xml:929(para)
14379
msgid "Now create the self-signed CA certificate:"
14380
msgstr ""
14381
14382
#: serverguide/C/network-auth.xml:934(command)
14383
msgid ""
14384
"sudo certtool --generate-self-signed --load-privkey "
14385
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
14386
"/etc/ssl/certs/cacert.pem"
14387
msgstr ""
14388
14389
#: serverguide/C/network-auth.xml:941(para)
14390
msgid "Make a private key for the server:"
14391
msgstr ""
14392
14393
#: serverguide/C/network-auth.xml:946(command)
14394
msgid ""
14395
"sudo sh -c \"certtool --generate-privkey > "
14396
"/etc/ssl/private/ldap01_slapd_key.pem\""
14397
msgstr ""
14398
14399
#: serverguide/C/network-auth.xml:950(para)
14400
msgid ""
14401
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14402
"hostname. Naming the certificate and key for the host and service that will "
14403
"be using them will help keep filenames and paths straight."
14404
msgstr ""
14405
14406
#: serverguide/C/network-auth.xml:959(para)
14407
msgid ""
14408
"To sign the server's certificate with the CA, create the "
14409
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14410
msgstr ""
14411
14412
#: serverguide/C/network-auth.xml:963(programlisting)
14413
#, no-wrap
14414
msgid ""
14415
"\n"
14416
"organization = Example Company\n"
14417
"cn = ldap01.example.com\n"
14418
"tls_www_server\n"
14419
"encryption_key\n"
14420
"signing_key\n"
14421
msgstr ""
14422
14423
#: serverguide/C/network-auth.xml:974(para)
14424
msgid "Create the server's certificate:"
14425
msgstr ""
14426
14427
#: serverguide/C/network-auth.xml:979(command)
14428
msgid ""
14429
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14430
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14431
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14432
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14433
msgstr ""
14434
14435
#: serverguide/C/network-auth.xml:987(para)
14436
msgid ""
14437
"Once you have a certificate, key, and CA cert installed, use "
14438
"<application>ldapmodify</application> to add the new configuration options:"
14439
msgstr ""
14440
14441
#: serverguide/C/network-auth.xml:998(userinput)
14442
#, no-wrap
14443
msgid ""
14444
"dn: cn=config\n"
14445
"add: olcTLSCACertificateFile\n"
14446
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14447
"-\n"
14448
"add: olcTLSCertificateFile\n"
14449
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14450
"-\n"
14451
"add: olcTLSCertificateKeyFile\n"
14452
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14453
msgstr ""
14454
14455
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
14456
#, no-wrap
14457
msgid ""
14458
"Enter LDAP Password:\n"
14459
"<placeholder-1/>\n"
14460
"\n"
14461
"modifying entry \"cn=config\"\n"
14462
msgstr ""
14463
14464
#: serverguide/C/network-auth.xml:1013(para)
14465
msgid ""
14466
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14467
"<filename>ldap01_slapd_key.pem</filename>, and "
14468
"<filename>cacert.pem</filename> names if yours are different."
14469
msgstr ""
14470
14471
#: serverguide/C/network-auth.xml:1019(para)
14472
msgid ""
14473
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14474
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14475
msgstr ""
14476
14477
#: serverguide/C/network-auth.xml:1023(programlisting)
14478
#, no-wrap
14479
msgid ""
14480
"\n"
14481
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14482
msgstr ""
14483
14484
#: serverguide/C/network-auth.xml:1027(para)
14485
msgid ""
14486
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14487
msgstr ""
14488
14489
#: serverguide/C/network-auth.xml:1032(command)
14490
msgid "sudo adduser openldap ssl-cert"
14491
msgstr ""
14492
14493
#: serverguide/C/network-auth.xml:1033(command)
14494
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14495
msgstr ""
14496
14497
#: serverguide/C/network-auth.xml:1034(command)
14498
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14499
msgstr ""
14500
14501
#: serverguide/C/network-auth.xml:1038(para)
14502
msgid ""
14503
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14504
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14505
"adjust the commands appropriately."
14506
msgstr ""
14507
14508
#: serverguide/C/network-auth.xml:1044(para)
14509
msgid "Finally, restart <application>slapd</application>:"
14510
msgstr ""
14511
14512
#: serverguide/C/network-auth.xml:1052(para)
14513
msgid ""
14514
"The <application>slapd</application> daemon should now be listening for "
14515
"LDAPS connections and be able to use STARTTLS during authentication."
14516
msgstr ""
14517
14518
#: serverguide/C/network-auth.xml:1058(para)
14519
msgid ""
14520
"If you run into troubles with the server not starting, check the "
14521
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14522
"it is likely there is a configuration problem. Check that the certificate is "
14523
"signed by the authority from in the files configured, and that the ssl-cert "
14524
"group has read permissions on the private key."
14525
msgstr ""
14526
14527
#: serverguide/C/network-auth.xml:1070(title)
14528
msgid "TLS Replication"
14529
msgstr ""
14530
14531
#: serverguide/C/network-auth.xml:1072(para)
14532
msgid ""
14533
"If you have setup <application>Syncrepl</application> between servers, it is "
14534
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14535
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14536
"linkend=\"openldap-server-replication\"/>."
14537
msgstr ""
14538
14539
#: serverguide/C/network-auth.xml:1078(para)
14540
msgid ""
14541
"Assuming you have followed the above instructions and created a CA "
14542
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14543
"server. Follow the following instructions to create a certificate and key "
14544
"for the <emphasis>Consumer</emphasis> server."
14545
msgstr ""
14546
14547
#: serverguide/C/network-auth.xml:1087(para)
14548
msgid "Create a new key for the Consumer server:"
14549
msgstr ""
14550
14551
#: serverguide/C/network-auth.xml:1092(command)
14552
msgid "mkdir ldap02-ssl"
14553
msgstr ""
14554
14555
#: serverguide/C/network-auth.xml:1093(command)
14556
msgid "cd ldap02-ssl"
14557
msgstr ""
14558
14559
#: serverguide/C/network-auth.xml:1094(command)
14560
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14561
msgstr ""
14562
14563
#: serverguide/C/network-auth.xml:1098(para)
14564
msgid ""
14565
"Creating a new directory is not strictly necessary, but it will help keep "
14566
"things organized and make it easier to copy the files to the Consumer server."
14567
msgstr ""
14568
14569
#: serverguide/C/network-auth.xml:1107(para)
14570
msgid ""
14571
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14572
"server, changing the attributes to match your locality and server:"
14573
msgstr ""
14574
14575
#: serverguide/C/network-auth.xml:1112(programlisting)
14576
#, no-wrap
14577
msgid ""
14578
"\n"
14579
"country = US\n"
14580
"state = North Carolina\n"
14581
"locality = Winston-Salem\n"
14582
"organization = Example Company\n"
14583
"cn = ldap02.salem.edu\n"
14584
"tls_www_client\n"
14585
"encryption_key\n"
14586
"signing_key\n"
14587
msgstr ""
14588
14589
#: serverguide/C/network-auth.xml:1126(para)
14590
msgid "Create the certificate:"
14591
msgstr ""
14592
14593
#: serverguide/C/network-auth.xml:1131(command)
14594
msgid ""
14595
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14596
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14597
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14598
"ldap02_slapd_cert.pem"
14599
msgstr ""
14600
14601
#: serverguide/C/network-auth.xml:1139(para)
14602
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14603
msgstr ""
14604
14605
#: serverguide/C/network-auth.xml:1144(command)
14606
msgid "cp /etc/ssl/certs/cacert.pem ."
14607
msgstr ""
14608
14609
#: serverguide/C/network-auth.xml:1150(para)
14610
msgid ""
14611
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14612
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14613
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14614
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14615
"<filename>/etc/ssl/private</filename>."
14616
msgstr ""
14617
14618
#: serverguide/C/network-auth.xml:1159(para)
14619
msgid ""
14620
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14621
"by entering:"
14622
msgstr ""
14623
14624
#: serverguide/C/network-auth.xml:1169(userinput)
14625
#, no-wrap
14626
msgid ""
14627
"dn: cn=config\n"
14628
"add: olcTLSCACertificateFile\n"
14629
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14630
"-\n"
14631
"add: olcTLSCertificateFile\n"
14632
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14633
"-\n"
14634
"add: olcTLSCertificateKeyFile\n"
14635
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14636
msgstr ""
14637
14638
#: serverguide/C/network-auth.xml:1186(para)
14639
msgid ""
14640
"As with the Provider you can now edit "
14641
"<filename>/etc/default/slapd</filename> and add the "
14642
"<emphasis>ldaps:///</emphasis> parameter to the "
14643
"<emphasis>SLAPD_SERVICES</emphasis> option."
14644
msgstr ""
14645
14646
#: serverguide/C/network-auth.xml:1194(para)
14647
msgid ""
14648
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14649
"modify the <emphasis>Consumer</emphasis> server's "
14650
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14651
msgstr ""
14652
14653
#: serverguide/C/network-auth.xml:1207(userinput)
14654
#, no-wrap
14655
msgid ""
14656
"\n"
14657
"dn: olcDatabase={1}hdb,cn=config\n"
14658
"replace: olcSyncrepl\n"
14659
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14660
"binddn=\"cn=ad\n"
14661
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14662
"logbas\n"
14663
" e=\"cn=accesslog\" "
14664
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14665
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14666
"starttls=yes"
14667
msgstr ""
14668
14669
#: serverguide/C/network-auth.xml:1204(computeroutput)
14670
#, no-wrap
14671
msgid ""
14672
"SASL/EXTERNAL authentication started\n"
14673
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14674
"SASL SSF: 0\n"
14675
"<placeholder-1/>\n"
14676
"\n"
14677
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14678
msgstr ""
14679
14680
#: serverguide/C/network-auth.xml:1219(para)
14681
msgid ""
14682
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14683
"(FQDN) in the certificate, you may have to edit "
14684
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14685
msgstr ""
14686
14687
#: serverguide/C/network-auth.xml:1224(programlisting)
14688
#, no-wrap
14689
msgid ""
14690
"\n"
14691
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14692
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14693
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14694
msgstr ""
14695
14696
#: serverguide/C/network-auth.xml:1231(para)
14697
msgid ""
14698
"Finally, restart <application>slapd</application> on each of the servers:"
14699
msgstr ""
14700
14701
#: serverguide/C/network-auth.xml:1244(title)
14702
msgid "LDAP Authentication"
14703
msgstr ""
14704
14705
#: serverguide/C/network-auth.xml:1246(para)
14706
msgid ""
14707
"Once you have a working LDAP server, the <application>auth-client-"
14708
"config</application> and <application>libnss-ldap</application> packages "
14709
"take the pain out of configuring an Ubuntu client to authenticate using "
14710
"LDAP. To install the packages from, a terminal prompt enter:"
14711
msgstr ""
14712
14713
#: serverguide/C/network-auth.xml:1253(command)
14714
msgid "sudo apt-get install libnss-ldap"
14715
msgstr ""
14716
14717
#: serverguide/C/network-auth.xml:1256(para)
14718
msgid ""
14719
"During the install a menu dialog will ask you connection details about your "
14720
"LDAP server."
14721
msgstr ""
14722
14723
#: serverguide/C/network-auth.xml:1260(para)
14724
msgid ""
14725
"If you make a mistake when entering your information you can execute the "
14726
"dialog again using:"
14727
msgstr ""
14728
14729
#: serverguide/C/network-auth.xml:1265(command)
14730
msgid "sudo dpkg-reconfigure ldap-auth-config"
14731
msgstr ""
14732
14733
#: serverguide/C/network-auth.xml:1268(para)
14734
msgid ""
14735
"The results of the dialog can be seen in "
14736
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14737
"covered in the menu edit this file accordingly."
14738
msgstr ""
14739
14740
#: serverguide/C/network-auth.xml:1273(para)
14741
msgid ""
14742
"Now that <application>libnss-ldap</application> is configured enable the "
14743
"<application>auth-client-config</application> LDAP profile by entering:"
14744
msgstr ""
14745
14746
#: serverguide/C/network-auth.xml:1279(command)
14747
msgid "sudo auth-client-config -t nss -p lac_ldap"
14748
msgstr ""
14749
14750
#: serverguide/C/network-auth.xml:1284(para)
14751
msgid ""
14752
"<emphasis>-t:</emphasis> only modifies "
14753
"<filename>/etc/nsswitch.conf</filename>."
14754
msgstr ""
14755
14756
#: serverguide/C/network-auth.xml:1289(para)
14757
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14758
msgstr ""
14759
14760
#: serverguide/C/network-auth.xml:1294(para)
14761
msgid ""
14762
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14763
"config</application> profile that is part of the <application>ldap-auth-"
14764
"config</application> package."
14765
msgstr ""
14766
14767
#: serverguide/C/network-auth.xml:1301(para)
14768
msgid ""
14769
"Using the <application>pam-auth-update</application> utility, configure the "
14770
"system to use LDAP for authentication:"
14771
msgstr ""
14772
14773
#: serverguide/C/network-auth.xml:1306(command)
14774
msgid "sudo pam-auth-update"
14775
msgstr ""
14776
14777
#: serverguide/C/network-auth.xml:1309(para)
14778
msgid ""
14779
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14780
"any other authentication mechanisms you need."
14781
msgstr ""
14782
14783
#: serverguide/C/network-auth.xml:1313(para)
14784
msgid ""
14785
"You should now be able to login using user credentials stored in the LDAP "
14786
"directory."
14787
msgstr ""
14788
14789
#: serverguide/C/network-auth.xml:1318(para)
14790
msgid ""
14791
"If you are going to use LDAP to store Samba users you will need to configure "
14792
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14793
"for details."
14794
msgstr ""
14795
14796
#: serverguide/C/network-auth.xml:1326(title)
14797
msgid "User and Group Management"
14798
msgstr ""
14799
14800
#: serverguide/C/network-auth.xml:1328(para)
14801
msgid ""
14802
"The <application>ldap-utils</application> package comes with multiple "
14803
"utilities to manage the directory, but the long string of options needed, "
14804
"can make them a burden to use. The <application>ldapscripts</application> "
14805
"package contains configurable scripts to easily manage LDAP users and groups."
14806
msgstr ""
14807
14808
#: serverguide/C/network-auth.xml:1334(para)
14809
msgid "To install the package, from a terminal enter:"
14810
msgstr ""
14811
14812
#: serverguide/C/network-auth.xml:1339(command)
14813
msgid "sudo apt-get install ldapscripts"
14814
msgstr ""
14815
14816
#: serverguide/C/network-auth.xml:1342(para)
14817
msgid ""
14818
"Next, edit the config file "
14819
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14820
"changing the following to match your environment:"
14821
msgstr ""
14822
14823
#: serverguide/C/network-auth.xml:1347(programlisting)
14824
#, no-wrap
14825
msgid ""
14826
"\n"
14827
"SERVER=localhost\n"
14828
"BINDDN='cn=admin,dc=example,dc=com'\n"
14829
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14830
"SUFFIX='dc=example,dc=com'\n"
14831
"GSUFFIX='ou=Groups'\n"
14832
"USUFFIX='ou=People'\n"
14833
"MSUFFIX='ou=Computers'\n"
14834
"GIDSTART=10000\n"
14835
"UIDSTART=10000\n"
14836
"MIDSTART=10000\n"
14837
msgstr ""
14838
14839
#: serverguide/C/network-auth.xml:1360(para)
14840
msgid ""
14841
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14842
"authenticated access to the directory:"
14843
msgstr ""
14844
14845
#: serverguide/C/network-auth.xml:1365(command)
14846
msgid ""
14847
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14848
msgstr ""
14849
14850
#: serverguide/C/network-auth.xml:1366(command)
14851
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14852
msgstr ""
14853
14854
#: serverguide/C/network-auth.xml:1370(para)
14855
msgid ""
14856
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14857
"user."
14858
msgstr ""
14859
14860
#: serverguide/C/network-auth.xml:1375(para)
14861
msgid ""
14862
"The <application>ldapscripts</application> are now ready to help manage your "
14863
"directory. The following are some examples of how to use the scripts:"
14864
msgstr ""
14865
14866
#: serverguide/C/network-auth.xml:1382(para)
14867
msgid "Create a new user:"
14868
msgstr ""
14869
14870
#: serverguide/C/network-auth.xml:1386(command)
14871
msgid "sudo ldapadduser george example"
14872
msgstr ""
14873
14874
#: serverguide/C/network-auth.xml:1388(para)
14875
msgid ""
14876
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14877
"and set the user's primary group (gid) to <emphasis "
14878
"role=\"italic\">example</emphasis>"
14879
msgstr ""
14880
14881
#: serverguide/C/network-auth.xml:1394(para)
14882
msgid "Change a user's password:"
14883
msgstr ""
14884
14885
#: serverguide/C/network-auth.xml:1398(command)
14886
msgid "sudo ldapsetpasswd george"
14887
msgstr ""
14888
14889
#: serverguide/C/network-auth.xml:1399(computeroutput)
14890
#, no-wrap
14891
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14892
msgstr ""
14893
14894
#: serverguide/C/network-auth.xml:1400(userinput)
14895
#, no-wrap
14896
msgid "New Password: "
14897
msgstr ""
14898
14899
#: serverguide/C/network-auth.xml:1401(userinput)
14900
#, no-wrap
14901
msgid "New Password (verify): "
14902
msgstr ""
14903
14904
#: serverguide/C/network-auth.xml:1405(para)
14905
msgid "Delete a user:"
14906
msgstr ""
14907
14908
#: serverguide/C/network-auth.xml:1409(command)
14909
msgid "sudo ldapdeleteuser george"
14910
msgstr ""
14911
14912
#: serverguide/C/network-auth.xml:1414(para)
14913
msgid "Add a group:"
14914
msgstr ""
14915
14916
#: serverguide/C/network-auth.xml:1418(command)
14917
msgid "sudo ldapaddgroup qa"
14918
msgstr ""
14919
14920
#: serverguide/C/network-auth.xml:1422(para)
14921
msgid "Delete a group:"
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:1426(command)
14925
msgid "sudo ldapdeletegroup qa"
14926
msgstr ""
14927
14928
#: serverguide/C/network-auth.xml:1430(para)
14929
msgid "Add a user to a group:"
14930
msgstr ""
14931
14932
#: serverguide/C/network-auth.xml:1434(command)
14933
msgid "sudo ldapaddusertogroup george qa"
14934
msgstr ""
14935
14936
#: serverguide/C/network-auth.xml:1436(para)
14937
msgid ""
14938
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14939
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14940
"role=\"italic\">george</emphasis>."
14941
msgstr ""
14942
14943
#: serverguide/C/network-auth.xml:1442(para)
14944
msgid "Remove a user from a group:"
14945
msgstr ""
14946
14947
#: serverguide/C/network-auth.xml:1446(command)
14948
msgid "sudo ldapdeleteuserfromgroup george qa"
14949
msgstr ""
14950
14951
#: serverguide/C/network-auth.xml:1448(para)
14952
msgid ""
14953
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14954
"<emphasis role=\"italic\">qa</emphasis> group."
14955
msgstr ""
14956
14957
#: serverguide/C/network-auth.xml:1454(para)
14958
msgid ""
14959
"The <application>ldapmodifyuser</application> script allows you to add, "
14960
"remove, or replace a user's attributes. The script uses the same syntax as "
14961
"the <application>ldapmodify</application> utility. For example:"
14962
msgstr ""
14963
14964
#: serverguide/C/network-auth.xml:1459(command)
14965
msgid "sudo ldapmodifyuser george"
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:1460(computeroutput)
14969
#, no-wrap
14970
msgid ""
14971
"# About to modify the following entry :\n"
14972
"dn: uid=george,ou=People,dc=example,dc=com\n"
14973
"objectClass: account\n"
14974
"objectClass: posixAccount\n"
14975
"cn: george\n"
14976
"uid: george\n"
14977
"uidNumber: 1001\n"
14978
"gidNumber: 1001\n"
14979
"homeDirectory: /home/george\n"
14980
"loginShell: /bin/bash\n"
14981
"gecos: george\n"
14982
"description: User account\n"
14983
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14984
"\n"
14985
"# Enter your modifications here, end with CTRL-D.\n"
14986
"dn: uid=george,ou=People,dc=example,dc=com"
14987
msgstr ""
14988
14989
#: serverguide/C/network-auth.xml:1476(userinput)
14990
#, no-wrap
14991
msgid ""
14992
"replace: gecos\n"
14993
"gecos: George Carlin"
14994
msgstr ""
14995
14996
#: serverguide/C/network-auth.xml:1479(para)
14997
msgid ""
14998
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14999
"Carlin</quote>."
15000
msgstr ""
15001
15002
#: serverguide/C/network-auth.xml:1484(para)
15003
msgid ""
15004
"Another great feature of <application>ldapscripts</application>, is the "
15005
"template system. Templates allow you to customize the attributes of user, "
15006
"group, and machine objectes. For example, to enable the "
15007
"<emphasis>user</emphasis> template edit "
15008
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
15009
msgstr ""
15010
15011
#: serverguide/C/network-auth.xml:1491(programlisting)
15012
#, no-wrap
15013
msgid ""
15014
"\n"
15015
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15016
msgstr ""
15017
15018
#: serverguide/C/network-auth.xml:1495(para)
15019
msgid ""
15020
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15021
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15022
"<filename>ldapadduser.template.sample</filename> file to "
15023
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15024
msgstr ""
15025
15026
#: serverguide/C/network-auth.xml:1502(command)
15027
msgid ""
15028
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
15029
"/etc/ldapscripts/ldapadduser.template"
15030
msgstr ""
15031
15032
#: serverguide/C/network-auth.xml:1505(para)
15033
msgid ""
15034
"Edit the new template to add the desired attributes. The following will "
15035
"create new user's as with an <emphasis>objectClass</emphasis> of "
15036
"<emphasis>inetOrgPerson</emphasis>:"
15037
msgstr ""
15038
15039
#: serverguide/C/network-auth.xml:1510(programlisting)
15040
#, no-wrap
15041
msgid ""
15042
"\n"
15043
"dn: uid=<user>,<usuffix>,<suffix>\n"
15044
"objectClass: inetOrgPerson\n"
15045
"objectClass: posixAccount\n"
15046
"cn: <user>\n"
15047
"sn: <ask>\n"
15048
"uid: <user>\n"
15049
"uidNumber: <uid>\n"
15050
"gidNumber: <gid>\n"
15051
"homeDirectory: <home>\n"
15052
"loginShell: <shell>\n"
15053
"gecos: <user>\n"
15054
"description: User account\n"
15055
"title: Employee\n"
15056
msgstr ""
15057
15058
#: serverguide/C/network-auth.xml:1526(para)
15059
msgid ""
15060
"Notice the <emphasis><ask></emphasis> option used for the "
15061
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
15062
"<application>ldapadduser</application> to prompt you for the attribute value "
15063
"during user creation."
15064
msgstr ""
15065
15066
#: serverguide/C/network-auth.xml:1534(para)
15067
msgid ""
15068
"There are more useful scripts in the package, to see a full list enter: "
15069
"<command>dpkg -L ldapscripts | grep bin</command>"
15070
msgstr ""
15071
15072
#: serverguide/C/network-auth.xml:1543(para)
15073
msgid ""
15074
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15075
"Ubuntu Wiki</ulink> page has more details."
15076
msgstr ""
15077
15078
#: serverguide/C/network-auth.xml:1548(para)
15079
msgid ""
15080
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
15081
"Home Page</ulink>"
15082
msgstr ""
15083
15084
#: serverguide/C/network-auth.xml:1553(para)
15085
msgid ""
15086
"Though starting to show it's age, a great source for in depth LDAP "
15087
"information is O'Reilly's <ulink "
15088
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15089
"Administration</ulink>"
15090
msgstr ""
15091
15092
#: serverguide/C/network-auth.xml:1559(para)
15093
msgid ""
15094
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15095
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
15096
"newer versions of OpenLDAP."
15097
msgstr ""
15098
15099
#: serverguide/C/network-auth.xml:1565(para)
15100
msgid ""
15101
"For more information on <application>auth-client-config</application> see "
15102
"the man page: <command>man auth-client-config</command>."
15103
msgstr ""
15104
15105
#: serverguide/C/network-auth.xml:1570(para)
15106
msgid ""
15107
"For more details regarding the <application>ldapscripts</application> "
15108
"package see the man pages: <command>man ldapscripts</command>, <command>man "
15109
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
15110
msgstr ""
15111
15112
#: serverguide/C/network-auth.xml:1580(title)
15113
msgid "Samba and LDAP"
15114
msgstr ""
15115
15116
#: serverguide/C/network-auth.xml:1582(para)
15117
msgid ""
15118
"This section covers configuring Samba to use LDAP for user, group, and "
15119
"machine account information and authentication. The assumption is, you "
15120
"already have a working OpenLDAP directory installed and the server is "
15121
"configured to use it for authentication. See <xref linkend=\"openldap-"
15122
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
15123
"setting up OpenLDAP. For more information on installing and configuring "
15124
"Samba see <xref linkend=\"windows-networking\"/>."
15125
msgstr ""
15126
15127
#: serverguide/C/network-auth.xml:1592(para)
15128
msgid ""
15129
"There are three packages needed when integrating Samba with LDAP. "
15130
"<application>samba</application>, <application>samba-doc</application>, and "
15131
"<application>smbldap-tools</application> packages . To install the packages, "
15132
"from a terminal enter:"
15133
msgstr ""
15134
15135
#: serverguide/C/network-auth.xml:1598(command)
15136
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15137
msgstr ""
15138
15139
#: serverguide/C/network-auth.xml:1601(para)
15140
msgid ""
15141
"Strictly speaking the <application>smbldap-tools</application> package isn't "
15142
"needed, but unless you have another package or custom scripts, a method of "
15143
"managing users, groups, and computer accounts is needed."
15144
msgstr ""
15145
15146
#: serverguide/C/network-auth.xml:1608(title)
15147
msgid "OpenLDAP Configuration"
15148
msgstr ""
15149
15150
#: serverguide/C/network-auth.xml:1610(para)
15151
msgid ""
15152
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
15153
"the user objects in the directory will need additional attributes. This "
15154
"section assumes you want Samba to be configured as a Windows NT domain "
15155
"controller, and will add the necessary LDAP objects and attributes."
15156
msgstr ""
15157
15158
#: serverguide/C/network-auth.xml:1618(para)
15159
msgid ""
15160
"The Samba attributes are defined in the <filename>samba.schema</filename> "
15161
"file which is part of the <application>samba-doc</application> package. The "
15162
"schema file needs to be unzipped and copied to "
15163
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
15164
msgstr ""
15165
15166
#: serverguide/C/network-auth.xml:1625(command)
15167
msgid ""
15168
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15169
"/etc/ldap/schema/"
15170
msgstr ""
15171
15172
#: serverguide/C/network-auth.xml:1626(command)
15173
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15174
msgstr ""
15175
15176
#: serverguide/C/network-auth.xml:1632(para)
15177
msgid ""
15178
"The <emphasis>samba</emphasis> schema needs to be added to the "
15179
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15180
"<application>slapd</application> is also detailed in <xref "
15181
"linkend=\"openldap-configuration\"/>."
15182
msgstr ""
15183
15184
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
15185
msgid ""
15186
"First, create a configuration file named "
15187
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
15188
"containing the following lines:"
15189
msgstr ""
15190
15191
#: serverguide/C/network-auth.xml:1645(programlisting)
15192
#, no-wrap
15193
msgid ""
15194
"\n"
15195
"include /etc/ldap/schema/core.schema\n"
15196
"include /etc/ldap/schema/collective.schema\n"
15197
"include /etc/ldap/schema/corba.schema\n"
15198
"include /etc/ldap/schema/cosine.schema\n"
15199
"include /etc/ldap/schema/duaconf.schema\n"
15200
"include /etc/ldap/schema/dyngroup.schema\n"
15201
"include /etc/ldap/schema/inetorgperson.schema\n"
15202
"include /etc/ldap/schema/java.schema\n"
15203
"include /etc/ldap/schema/misc.schema\n"
15204
"include /etc/ldap/schema/nis.schema\n"
15205
"include /etc/ldap/schema/openldap.schema\n"
15206
"include /etc/ldap/schema/ppolicy.schema\n"
15207
"include /etc/ldap/schema/samba.schema\n"
15208
msgstr ""
15209
15210
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
15211
msgid ""
15212
"Now use <application>slapcat</application> to convert the schema files:"
15213
msgstr ""
15214
15215
#: serverguide/C/network-auth.xml:1680(command)
15216
msgid ""
15217
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15218
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
15219
msgstr ""
15220
15221
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
15222
msgid ""
15223
"Change the above file and path names to match your own if they are different."
15224
msgstr ""
15225
15226
#: serverguide/C/network-auth.xml:1690(para)
15227
msgid ""
15228
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
15229
"the following attributes:"
15230
msgstr ""
15231
15232
#: serverguide/C/network-auth.xml:1694(programlisting)
15233
#, no-wrap
15234
msgid ""
15235
"\n"
15236
"dn: cn=samba,cn=schema,cn=config\n"
15237
"...\n"
15238
"cn: samba\n"
15239
msgstr ""
15240
15241
#: serverguide/C/network-auth.xml:1704(programlisting)
15242
#, no-wrap
15243
msgid ""
15244
"\n"
15245
"structuralObjectClass: olcSchemaConfig\n"
15246
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
15247
"creatorsName: cn=config\n"
15248
"createTimestamp: 20080827045234Z\n"
15249
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
15250
"modifiersName: cn=config\n"
15251
"modifyTimestamp: 20080827045234Z\n"
15252
msgstr ""
15253
15254
#: serverguide/C/network-auth.xml:1729(command)
15255
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
15256
msgstr ""
15257
15258
#: serverguide/C/network-auth.xml:1735(para)
15259
msgid ""
15260
"There should now be a <emphasis>dn: "
15261
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
15262
"sequential schema, entry in the cn=config tree."
15263
msgstr ""
15264
15265
#: serverguide/C/network-auth.xml:1743(para)
15266
msgid ""
15267
"Copy and paste the following into a file named "
15268
"<filename>samba_indexes.ldif</filename>:"
15269
msgstr ""
15270
15271
#: serverguide/C/network-auth.xml:1747(programlisting)
15272
#, no-wrap
15273
msgid ""
15274
"\n"
15275
"dn: olcDatabase={1}hdb,cn=config\n"
15276
"changetype: modify\n"
15277
"add: olcDbIndex\n"
15278
"olcDbIndex: uidNumber eq\n"
15279
"olcDbIndex: gidNumber eq\n"
15280
"olcDbIndex: loginShell eq\n"
15281
"olcDbIndex: uid eq,pres,sub\n"
15282
"olcDbIndex: memberUid eq,pres,sub\n"
15283
"olcDbIndex: uniqueMember eq,pres\n"
15284
"olcDbIndex: sambaSID eq\n"
15285
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15286
"olcDbIndex: sambaGroupType eq\n"
15287
"olcDbIndex: sambaSIDList eq\n"
15288
"olcDbIndex: sambaDomainName eq\n"
15289
"olcDbIndex: default sub\n"
15290
msgstr ""
15291
15292
#: serverguide/C/network-auth.xml:1765(para)
15293
msgid ""
15294
"Using the <application>ldapmodify</application> utility load the new indexes:"
15295
msgstr ""
15296
15297
#: serverguide/C/network-auth.xml:1770(command)
15298
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15299
msgstr ""
15300
15301
#: serverguide/C/network-auth.xml:1772(para)
15302
msgid ""
15303
"If all went well you should see the new indexes using "
15304
"<application>ldapsearch</application>:"
15305
msgstr ""
15306
15307
#: serverguide/C/network-auth.xml:1777(command)
15308
msgid ""
15309
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15310
msgstr ""
15311
15312
#: serverguide/C/network-auth.xml:1783(para)
15313
msgid ""
15314
"Next, configure the <application>smbldap-tools</application> package to "
15315
"match your environment. The package comes with a configuration script that "
15316
"will ask questions about the needed options. To run the script enter:"
15317
msgstr ""
15318
15319
#: serverguide/C/network-auth.xml:1789(command)
15320
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15321
msgstr ""
15322
15323
#: serverguide/C/network-auth.xml:1790(command)
15324
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15325
msgstr ""
15326
15327
#: serverguide/C/network-auth.xml:1793(para)
15328
msgid ""
15329
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
15330
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15331
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15332
"configure script, so if you made any mistakes while executing the script it "
15333
"may be simpler to edit the file appropriately."
15334
msgstr ""
15335
15336
#: serverguide/C/network-auth.xml:1803(para)
15337
msgid ""
15338
"The <application>smbldap-populate</application> script will add the "
15339
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15340
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15341
"<application>slapcat</application> before executing the command:"
15342
msgstr ""
15343
15344
#: serverguide/C/network-auth.xml:1810(command)
15345
msgid "sudo slapcat -l backup.ldif"
15346
msgstr ""
15347
15348
#: serverguide/C/network-auth.xml:1816(para)
15349
msgid ""
15350
"Once you have a current backup execute <application>smbldap-"
15351
"populate</application> by entering:"
15352
msgstr ""
15353
15354
#: serverguide/C/network-auth.xml:1821(command)
15355
msgid "sudo smbldap-populate"
15356
msgstr ""
15357
15358
#: serverguide/C/network-auth.xml:1825(para)
15359
msgid ""
15360
"You can create an LDIF file containing the new Samba objects by executing "
15361
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15362
"look over the changes making sure everything is correct."
15363
msgstr ""
15364
15365
#: serverguide/C/network-auth.xml:1833(para)
15366
msgid ""
15367
"Your LDAP directory now has the necessary domain information to authenticate "
15368
"Samba users."
15369
msgstr ""
15370
15371
#: serverguide/C/network-auth.xml:1839(title)
15372
msgid "Samba Configuration"
15373
msgstr ""
15374
15375
#: serverguide/C/network-auth.xml:1841(para)
15376
msgid ""
15377
"There a multiple ways to configure Samba for details on some common "
15378
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15379
"Samba to use LDAP, edit the main Samba configuration file "
15380
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15381
"backend</emphasis> option and adding the following:"
15382
msgstr ""
15383
15384
#: serverguide/C/network-auth.xml:1847(programlisting)
15385
#, no-wrap
15386
msgid ""
15387
"\n"
15388
"# passdb backend = tdbsam\n"
15389
"\n"
15390
"# LDAP Settings\n"
15391
" passdb backend = ldapsam:ldap://hostname\n"
15392
" ldap suffix = dc=example,dc=com\n"
15393
" ldap user suffix = ou=People\n"
15394
" ldap group suffix = ou=Groups\n"
15395
" ldap machine suffix = ou=Computers\n"
15396
" ldap idmap suffix = ou=Idmap\n"
15397
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15398
" ldap ssl = start tls\n"
15399
" ldap passwd sync = yes\n"
15400
"...\n"
15401
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15402
msgstr ""
15403
15404
#: serverguide/C/network-auth.xml:1864(para)
15405
msgid "Restart <application>samba</application> to enable the new settings:"
15406
msgstr ""
15407
15408
#: serverguide/C/network-auth.xml:1873(para)
15409
msgid ""
15410
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15411
"enter:"
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:1878(command)
15415
msgid "sudo smbpasswd -w secret"
15416
msgstr ""
15417
15418
#: serverguide/C/network-auth.xml:1882(para)
15419
msgid ""
15420
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15421
"password."
15422
msgstr ""
15423
15424
#: serverguide/C/network-auth.xml:1887(para)
15425
msgid ""
15426
"If you currently have users in LDAP, and you want them to authenticate using "
15427
"Samba, they will need some Samba attributes defined in the "
15428
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15429
"users using the <application>smbpasswd</application> utility, replacing "
15430
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15431
msgstr ""
15432
15433
#: serverguide/C/network-auth.xml:1895(command)
15434
msgid "sudo smbpasswd -a username"
15435
msgstr ""
15436
15437
#: serverguide/C/network-auth.xml:1898(para)
15438
msgid "You will then be asked to enter the user's password."
15439
msgstr ""
15440
15441
#: serverguide/C/network-auth.xml:1902(para)
15442
msgid ""
15443
"To add new user, group, and machine accounts use the utilities from the "
15444
"<application>smbldap-tools</application> package. Here are some examples:"
15445
msgstr ""
15446
15447
#: serverguide/C/network-auth.xml:1909(para)
15448
msgid ""
15449
"To add a new user to LDAP with Samba attributes enter the following, "
15450
"replacing username with an actual username:"
15451
msgstr ""
15452
15453
#: serverguide/C/network-auth.xml:1913(command)
15454
msgid "sudo smbldap-useradd -a -P username"
15455
msgstr ""
15456
15457
#: serverguide/C/network-auth.xml:1915(para)
15458
msgid ""
15459
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15460
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15461
"passwd</application> utility after the user is created allowing you to enter "
15462
"a password for the user."
15463
msgstr ""
15464
15465
#: serverguide/C/network-auth.xml:1921(para)
15466
msgid "To remove a user from the directory enter:"
15467
msgstr ""
15468
15469
#: serverguide/C/network-auth.xml:1925(command)
15470
msgid "sudo smbldap-userdel username"
15471
msgstr ""
15472
15473
#: serverguide/C/network-auth.xml:1927(para)
15474
msgid ""
15475
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15476
"r</emphasis> option to remove the user's home directory."
15477
msgstr ""
15478
15479
#: serverguide/C/network-auth.xml:1932(para)
15480
msgid ""
15481
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15482
"groupname with an appropriate group:"
15483
msgstr ""
15484
15485
#: serverguide/C/network-auth.xml:1936(command)
15486
msgid "sudo smbldap-groupadd -a groupname"
15487
msgstr ""
15488
15489
#: serverguide/C/network-auth.xml:1938(para)
15490
msgid ""
15491
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
15492
"a</emphasis> adds the Samba attributes."
15493
msgstr ""
15494
15495
#: serverguide/C/network-auth.xml:1943(para)
15496
msgid ""
15497
"To add a user to a group use <application>smbldap-groupmod</application>:"
15498
msgstr ""
15499
15500
#: serverguide/C/network-auth.xml:1947(command)
15501
msgid "sudo smbldap-groupmod -m username groupname"
15502
msgstr ""
15503
15504
#: serverguide/C/network-auth.xml:1949(para)
15505
msgid ""
15506
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15507
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15508
"listing them in <emphasis>comma separated</emphasis> format."
15509
msgstr ""
15510
15511
#: serverguide/C/network-auth.xml:1955(para)
15512
msgid ""
15513
"<application>smbldap-groupmod</application> can also be used to remove a "
15514
"user from a group:"
15515
msgstr ""
15516
15517
#: serverguide/C/network-auth.xml:1959(command)
15518
msgid "sudo smbldap-groupmod -x username groupname"
15519
msgstr ""
15520
15521
#: serverguide/C/network-auth.xml:1963(para)
15522
msgid ""
15523
"Additionally, the <application>smbldap-useradd</application> utility can add "
15524
"Samba machine accounts:"
15525
msgstr ""
15526
15527
#: serverguide/C/network-auth.xml:1967(command)
15528
msgid "sudo smbldap-useradd -t 0 -w username"
15529
msgstr ""
15530
15531
#: serverguide/C/network-auth.xml:1969(para)
15532
msgid ""
15533
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15534
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15535
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15536
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15537
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15538
"<application>smbldap-useradd</application>."
15539
msgstr ""
15540
15541
#: serverguide/C/network-auth.xml:1978(para)
15542
msgid ""
15543
"There are more useful utilities and options in the <application>smbldap-"
15544
"tools</application> package. The man page for each utility provides more "
15545
"details."
15546
msgstr ""
15547
15548
#: serverguide/C/network-auth.xml:1989(para)
15549
msgid ""
15550
"There are multiple places where LDAP and Samba is documented in the <ulink "
15551
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15552
"Collection</ulink>."
15553
msgstr ""
15554
15555
#: serverguide/C/network-auth.xml:1995(para)
15556
msgid ""
15557
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15558
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15559
msgstr ""
15560
15561
#: serverguide/C/network-auth.xml:2001(para)
15562
msgid ""
15563
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15564
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15565
msgstr ""
15566
15567
#: serverguide/C/network-auth.xml:2007(para)
15568
msgid ""
15569
"Again, for more information on <application>smbldap-tools</application> see "
15570
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15571
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:2014(para)
15575
msgid ""
15576
"Also, there is a list of <ulink "
15577
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15578
"wiki</ulink> articles with more information."
15579
msgstr ""
15580
15581
#: serverguide/C/network-auth.xml:2023(title)
15582
msgid "Kerberos"
15583
msgstr ""
15584
15585
#: serverguide/C/network-auth.xml:2025(para)
15586
msgid ""
15587
"<application>Kerberos</application> is a network authentication system based "
15588
"on the principal of a trusted third party. The other two parties being the "
15589
"user and the service the user wishes to authenticate to. Not all services "
15590
"and applications can use Kerberos, but for those that can, it brings the "
15591
"network environment one step closer to being Single Sign On (SSO)."
15592
msgstr ""
15593
15594
#: serverguide/C/network-auth.xml:2031(para)
15595
msgid ""
15596
"This section covers installation and configuration of a Kerberos server, and "
15597
"some example client configurations."
15598
msgstr ""
15599
15600
#: serverguide/C/network-auth.xml:2038(para)
15601
msgid ""
15602
"If you are new to Kerberos there are a few terms that are good to understand "
15603
"before setting up a Kerberos server. Most of the terms will relate to things "
15604
"you may be familiar with in other environments:"
15605
msgstr ""
15606
15607
#: serverguide/C/network-auth.xml:2045(para)
15608
msgid ""
15609
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15610
"by servers need to be defined as Kerberos Principals."
15611
msgstr ""
15612
15613
#: serverguide/C/network-auth.xml:2050(para)
15614
msgid ""
15615
"<emphasis>Instances:</emphasis> are used for service principals and special "
15616
"administrative principals."
15617
msgstr ""
15618
15619
#: serverguide/C/network-auth.xml:2055(para)
15620
msgid ""
15621
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15622
"Kerberos installation. Usually the DNS domain converted to uppercase "
15623
"(EXAMPLE.COM)."
15624
msgstr ""
15625
15626
#: serverguide/C/network-auth.xml:2061(para)
15627
msgid ""
15628
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15629
"a database of all principals, the authentication server, and the ticket "
15630
"granting server. For each realm there must be at least one KDC."
15631
msgstr ""
15632
"<emphasis>Key Distribution Centre:</emphasis> (KDC) consist of three parts, "
15633
"a database of all principals, the authentication server, and the ticket "
15634
"granting server. For each realm there must be at least one KDC."
15635
15636
#: serverguide/C/network-auth.xml:2067(para)
15637
msgid ""
15638
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15639
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15640
"password which is known only to the user and the KDC."
15641
msgstr ""
15642
15643
#: serverguide/C/network-auth.xml:2073(para)
15644
msgid ""
15645
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15646
"clients upon request."
15647
msgstr ""
15648
15649
#: serverguide/C/network-auth.xml:2078(para)
15650
msgid ""
15651
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15652
"One principal being a user and the other a service requested by the user. "
15653
"Tickets establish an encryption key used for secure communication during the "
15654
"authenticated session."
15655
msgstr ""
15656
15657
#: serverguide/C/network-auth.xml:2084(para)
15658
msgid ""
15659
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15660
"principal database and contain the encryption key for a service or host."
15661
msgstr ""
15662
15663
#: serverguide/C/network-auth.xml:2091(para)
15664
msgid ""
15665
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15666
"redundancy, which contains a database of Principals. When a user principal "
15667
"logs into a workstation, configured for Kerberos authentication, the KDC "
15668
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15669
"match, the user is authenticated and can then request tickets for Kerberized "
15670
"services from the Ticket Granting Server (TGS). The service tickets allow "
15671
"the user to authenticate to the service without entering another username "
15672
"and password."
15673
msgstr ""
15674
15675
#: serverguide/C/network-auth.xml:2100(title)
15676
msgid "Kerberos Server"
15677
msgstr ""
15678
15679
#: serverguide/C/network-auth.xml:2104(para)
15680
msgid ""
15681
"Before installing the Kerberos server a properly configured DNS server is "
15682
"needed for your domain. Since the Kerberos Realm by convention matches the "
15683
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15684
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15685
msgstr ""
15686
15687
#: serverguide/C/network-auth.xml:2110(para)
15688
msgid ""
15689
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15690
"between a client machine and the server differs by more than five minutes "
15691
"(by default), the workstation will not be able to authenticate. To correct "
15692
"the problem all hosts should have their time synchronized using the "
15693
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15694
"NTP see <xref linkend=\"NTP\"/>."
15695
msgstr ""
15696
15697
#: serverguide/C/network-auth.xml:2117(para)
15698
msgid ""
15699
"The first step in installing a Kerberos Realm is to install the "
15700
"<application>krb5-kdc</application> and <application>krb5-admin-"
15701
"server</application> packages. From a terminal enter:"
15702
msgstr ""
15703
15704
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15705
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15706
msgstr ""
15707
15708
#: serverguide/C/network-auth.xml:2126(para)
15709
msgid ""
15710
"You will be asked at the end of the install to supply a name for the "
15711
"Kerberos and Admin servers, which may or may not be the same server, for the "
15712
"realm."
15713
msgstr ""
15714
15715
#: serverguide/C/network-auth.xml:2131(para)
15716
msgid ""
15717
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15718
"utility:"
15719
msgstr ""
15720
15721
#: serverguide/C/network-auth.xml:2136(command)
15722
msgid "sudo krb5_newrealm"
15723
msgstr ""
15724
15725
#: serverguide/C/network-auth.xml:2143(para)
15726
msgid ""
15727
"The questions asked during installation are used to configure the "
15728
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15729
"Distribution Center (KDC) settings simply edit the file and restart the "
15730
"<application>krb5-kdc</application> daemon."
15731
msgstr ""
15732
"The questions asked during installation are used to configure the "
15733
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15734
"Distribution Centre (KDC) settings simply edit the file and restart the "
15735
"<application>krb5-kdc</application> daemon."
15736
15737
#: serverguide/C/network-auth.xml:2151(para)
15738
msgid ""
15739
"Now that the KDC running an admin user is needed. It is recommended to use a "
15740
"different username from your everyday username. Using the "
15741
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15742
msgstr ""
15743
15744
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15745
msgid "sudo kadmin.local"
15746
msgstr ""
15747
15748
#: serverguide/C/network-auth.xml:2158(computeroutput)
15749
#, no-wrap
15750
msgid ""
15751
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15752
"kadmin.local:"
15753
msgstr ""
15754
15755
#: serverguide/C/network-auth.xml:2159(userinput)
15756
#, no-wrap
15757
msgid " addprinc steve/admin"
15758
msgstr ""
15759
15760
#: serverguide/C/network-auth.xml:2160(computeroutput)
15761
#, no-wrap
15762
msgid ""
15763
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15764
"policy\n"
15765
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15766
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15767
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15768
"kadmin.local:"
15769
msgstr ""
15770
15771
#: serverguide/C/network-auth.xml:2164(userinput)
15772
#, no-wrap
15773
msgid " quit"
15774
msgstr ""
15775
15776
#: serverguide/C/network-auth.xml:2167(para)
15777
msgid ""
15778
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15779
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15780
"is an <emphasis>Instance</emphasis>, and <emphasis "
15781
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15782
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15783
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15784
"rights."
15785
msgstr ""
15786
15787
#: serverguide/C/network-auth.xml:2175(para)
15788
msgid ""
15789
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15790
"your Realm and admin username."
15791
msgstr ""
15792
15793
#: serverguide/C/network-auth.xml:2183(para)
15794
msgid ""
15795
"Next, the new admin user needs to have the appropriate Access Control List "
15796
"(ACL) permissions. The permissions are configured in the "
15797
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15798
msgstr ""
15799
15800
#: serverguide/C/network-auth.xml:2188(programlisting)
15801
#, no-wrap
15802
msgid ""
15803
"\n"
15804
"steve/admin@EXAMPLE.COM *\n"
15805
msgstr ""
15806
15807
#: serverguide/C/network-auth.xml:2192(para)
15808
msgid ""
15809
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15810
"any operation on all principals in the realm."
15811
msgstr ""
15812
15813
#: serverguide/C/network-auth.xml:2199(para)
15814
msgid ""
15815
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15816
"to take affect:"
15817
msgstr ""
15818
15819
#: serverguide/C/network-auth.xml:2204(command)
15820
msgid "sudo /etc/init.d/krb5-admin-server restart"
15821
msgstr ""
15822
15823
#: serverguide/C/network-auth.xml:2210(para)
15824
msgid ""
15825
"The new user principal can be tested using the <application>kinit "
15826
"utility</application>:"
15827
msgstr ""
15828
15829
#: serverguide/C/network-auth.xml:2215(command)
15830
msgid "kinit steve/admin"
15831
msgstr ""
15832
15833
#: serverguide/C/network-auth.xml:2216(computeroutput)
15834
#, no-wrap
15835
msgid "steve/admin@EXAMPLE.COM's Password:"
15836
msgstr ""
15837
15838
#: serverguide/C/network-auth.xml:2219(para)
15839
msgid ""
15840
"After entering the password, use the <application>klist</application> "
15841
"utility to view information about the Ticket Granting Ticket (TGT):"
15842
msgstr ""
15843
15844
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15845
msgid "klist"
15846
msgstr ""
15847
15848
#: serverguide/C/network-auth.xml:2226(computeroutput)
15849
#, no-wrap
15850
msgid ""
15851
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15852
" Principal: steve/admin@EXAMPLE.COM\n"
15853
"\n"
15854
" Issued Expires Principal\n"
15855
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15856
msgstr ""
15857
15858
#: serverguide/C/network-auth.xml:2233(para)
15859
msgid ""
15860
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15861
"the KDC. For example:"
15862
msgstr ""
15863
15864
#: serverguide/C/network-auth.xml:2237(programlisting)
15865
#, no-wrap
15866
msgid ""
15867
"\n"
15868
"192.168.0.1 kdc01.example.com kdc01\n"
15869
msgstr ""
15870
15871
#: serverguide/C/network-auth.xml:2241(para)
15872
msgid ""
15873
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15874
msgstr ""
15875
15876
#: serverguide/C/network-auth.xml:2248(para)
15877
msgid ""
15878
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15879
"are needed. Add the following to "
15880
"<filename>/etc/named/db.example.com</filename>:"
15881
msgstr ""
15882
15883
#: serverguide/C/network-auth.xml:2253(programlisting)
15884
#, no-wrap
15885
msgid ""
15886
"\n"
15887
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15888
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15889
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15890
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15891
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15892
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15893
msgstr ""
15894
15895
#: serverguide/C/network-auth.xml:2263(para)
15896
msgid ""
15897
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15898
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15899
"KDC."
15900
msgstr ""
15901
15902
#: serverguide/C/network-auth.xml:2269(para)
15903
msgid ""
15904
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15905
msgstr ""
15906
15907
#: serverguide/C/network-auth.xml:2276(para)
15908
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15909
msgstr ""
15910
15911
#: serverguide/C/network-auth.xml:2283(title)
15912
msgid "Secondary KDC"
15913
msgstr ""
15914
15915
#: serverguide/C/network-auth.xml:2285(para)
15916
msgid ""
15917
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15918
"practice to have a Secondary KDC in case the primary becomes unavailable."
15919
msgstr ""
15920
"Once you have one Key Distribution Centre (KDC) on your network, it is good "
15921
"practice to have a Secondary KDC in case the primary becomes unavailable."
15922
15923
#: serverguide/C/network-auth.xml:2293(para)
15924
msgid ""
15925
"First, install the packages, and when asked for the Kerberos and Admin "
15926
"server names enter the name of the Primary KDC:"
15927
msgstr ""
15928
15929
#: serverguide/C/network-auth.xml:2304(para)
15930
msgid ""
15931
"Once you have the packages installed, create the Secondary KDC's host "
15932
"principal. From a terminal prompt, enter:"
15933
msgstr ""
15934
15935
#: serverguide/C/network-auth.xml:2309(command)
15936
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15937
msgstr ""
15938
15939
#: serverguide/C/network-auth.xml:2313(para)
15940
msgid ""
15941
"After, issuing any <application>kadmin</application> commands you will be "
15942
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15943
"password."
15944
msgstr ""
15945
15946
#: serverguide/C/network-auth.xml:2322(para)
15947
msgid "Extract the <emphasis>keytab</emphasis> file:"
15948
msgstr ""
15949
15950
#: serverguide/C/network-auth.xml:2327(command)
15951
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15952
msgstr ""
15953
15954
#: serverguide/C/network-auth.xml:2333(para)
15955
msgid ""
15956
"There should now be a <filename>keytab.kdc02</filename> in the current "
15957
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15958
msgstr ""
15959
15960
#: serverguide/C/network-auth.xml:2339(command)
15961
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15962
msgstr ""
15963
15964
#: serverguide/C/network-auth.xml:2343(para)
15965
msgid ""
15966
"If the path to the <filename>keytab.kdc02</filename> file is different "
15967
"adjust accordingly."
15968
msgstr ""
15969
15970
#: serverguide/C/network-auth.xml:2348(para)
15971
msgid ""
15972
"Also, you can list the principals in a Keytab file, which can be useful when "
15973
"troubleshooting, using the <application>klist</application> utility:"
15974
msgstr ""
15975
15976
#: serverguide/C/network-auth.xml:2354(command)
15977
msgid "sudo klist -k /etc/krb5.keytab"
15978
msgstr ""
15979
15980
#: serverguide/C/network-auth.xml:2360(para)
15981
msgid ""
15982
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15983
"that lists all KDCs for the Realm. For example, on both primary and "
15984
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15985
msgstr ""
15986
15987
#: serverguide/C/network-auth.xml:2365(programlisting)
15988
#, no-wrap
15989
msgid ""
15990
"\n"
15991
"host/kdc01.example.com@EXAMPLE.COM\n"
15992
"host/kdc02.example.com@EXAMPLE.COM\n"
15993
msgstr ""
15994
15995
#: serverguide/C/network-auth.xml:2373(para)
15996
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15997
msgstr ""
15998
15999
#: serverguide/C/network-auth.xml:2378(command)
16000
msgid "sudo kdb5_util -s create"
16001
msgstr ""
16002
16003
#: serverguide/C/network-auth.xml:2384(para)
16004
msgid ""
16005
"Now start the <application>kpropd</application> daemon, which listens for "
16006
"connections from the <application>kprop</application> utility. "
16007
"<application>kprop</application> is used to transfer dump files:"
16008
msgstr ""
16009
16010
#: serverguide/C/network-auth.xml:2391(command)
16011
msgid "sudo kpropd -S"
16012
msgstr ""
16013
16014
#: serverguide/C/network-auth.xml:2397(para)
16015
msgid ""
16016
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16017
"of the principal database:"
16018
msgstr ""
16019
16020
#: serverguide/C/network-auth.xml:2402(command)
16021
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16022
msgstr ""
16023
16024
#: serverguide/C/network-auth.xml:2408(para)
16025
msgid ""
16026
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16027
"<filename>/etc/krb5.keytab</filename>:"
16028
msgstr ""
16029
16030
#: serverguide/C/network-auth.xml:2413(command)
16031
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16032
msgstr ""
16033
16034
#: serverguide/C/network-auth.xml:2414(command)
16035
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16036
msgstr ""
16037
16038
#: serverguide/C/network-auth.xml:2418(para)
16039
msgid ""
16040
"Make sure there is a <emphasis>host</emphasis> for "
16041
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16042
msgstr ""
16043
16044
#: serverguide/C/network-auth.xml:2426(para)
16045
msgid ""
16046
"Using the <application>kprop</application> utility push the database to the "
16047
"Secondary KDC:"
16048
msgstr ""
16049
16050
#: serverguide/C/network-auth.xml:2431(command)
16051
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16052
msgstr ""
16053
16054
#: serverguide/C/network-auth.xml:2435(para)
16055
msgid ""
16056
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16057
"worked. If there is an error message check "
16058
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
16059
"information."
16060
msgstr ""
16061
16062
#: serverguide/C/network-auth.xml:2441(para)
16063
msgid ""
16064
"You may also want to create a <application>cron</application> job to "
16065
"periodically update the database on the Secondary KDC. For example, the "
16066
"following will push the database every hour:"
16067
msgstr ""
16068
16069
#: serverguide/C/network-auth.xml:2446(programlisting)
16070
#, no-wrap
16071
msgid ""
16072
"\n"
16073
"# m h dom mon dow command\n"
16074
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
16075
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16076
msgstr ""
16077
16078
#: serverguide/C/network-auth.xml:2454(para)
16079
msgid ""
16080
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16081
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16082
msgstr ""
16083
16084
#: serverguide/C/network-auth.xml:2460(command)
16085
msgid "sudo kdb5_util stash"
16086
msgstr ""
16087
16088
#: serverguide/C/network-auth.xml:2466(para)
16089
msgid ""
16090
"Finally, start the <application>krb5-kdc</application> daemon on the "
16091
"Secondary KDC:"
16092
msgstr ""
16093
16094
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
16095
msgid "sudo /etc/init.d/krb5-kdc start"
16096
msgstr ""
16097
16098
#: serverguide/C/network-auth.xml:2477(para)
16099
msgid ""
16100
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16101
"for the Realm. You can test this by stopping the <application>krb5-"
16102
"kdc</application> daemon on the Primary KDC, then use "
16103
"<application>kinit</application> to request a ticket. If all goes well you "
16104
"should receive a ticket from the Secondary KDC."
16105
msgstr ""
16106
16107
#: serverguide/C/network-auth.xml:2485(title)
16108
msgid "Kerberos Linux Client"
16109
msgstr ""
16110
16111
#: serverguide/C/network-auth.xml:2487(para)
16112
msgid ""
16113
"This section covers configuring a Linux system as a "
16114
"<application>Kerberos</application> client. This will allow access to any "
16115
"kerberized services once a user has successfully logged into the system."
16116
msgstr ""
16117
16118
#: serverguide/C/network-auth.xml:2495(para)
16119
msgid ""
16120
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16121
"user</application> and <application>libpam-krb5</application> packages are "
16122
"needed, along with a few others that are not strictly necessary but make "
16123
"life easier. To install the packages enter the following in a terminal "
16124
"prompt:"
16125
msgstr ""
16126
16127
#: serverguide/C/network-auth.xml:2502(command)
16128
msgid ""
16129
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16130
msgstr ""
16131
16132
#: serverguide/C/network-auth.xml:2505(para)
16133
msgid ""
16134
"The <application>auth-client-config</application> package allows simple "
16135
"configuration of PAM for authentication from multiple sources, and the "
16136
"<application>libpam-ccreds</application> will cache authentication "
16137
"credentials allowing you to login in case the Key Distribution Center (KDC) "
16138
"is unavailable. This package is also useful for laptops that may "
16139
"authenticate using Kerberos while on the corporate network, but will need to "
16140
"be accessed off the network as well."
16141
msgstr ""
16142
"The <application>auth-client-config</application> package allows simple "
16143
"configuration of PAM for authentication from multiple sources, and the "
16144
"<application>libpam-ccreds</application> will cache authentication "
16145
"credentials allowing you to login in case the Key Distribution Centre (KDC) "
16146
"is unavailable. This package is also useful for laptops that may "
16147
"authenticate using Kerberos while on the corporate network, but will need to "
16148
"be accessed off the network as well."
16149
16150
#: serverguide/C/network-auth.xml:2516(para)
16151
msgid "To configure the client in a terminal enter:"
16152
msgstr ""
16153
16154
#: serverguide/C/network-auth.xml:2521(command)
16155
msgid "sudo dpkg-reconfigure krb5-config"
16156
msgstr ""
16157
16158
#: serverguide/C/network-auth.xml:2524(para)
16159
msgid ""
16160
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16161
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16162
"records, the menu will prompt you for the hostname of the Key Distribution "
16163
"Center (KDC) and Realm Administration server."
16164
msgstr ""
16165
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16166
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16167
"records, the menu will prompt you for the hostname of the Key Distribution "
16168
"Centre (KDC) and Realm Administration server."
16169
16170
#: serverguide/C/network-auth.xml:2530(para)
16171
msgid ""
16172
"The <application>dpkg-reconfigure</application> adds entries to the "
16173
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16174
"entries similar to the following:"
16175
msgstr ""
16176
16177
#: serverguide/C/network-auth.xml:2535(programlisting)
16178
#, no-wrap
16179
msgid ""
16180
"\n"
16181
"[libdefaults]\n"
16182
" default_realm = EXAMPLE.COM\n"
16183
"...\n"
16184
"[realms]\n"
16185
" EXAMPLE.COM = } \n"
16186
" kdc = 192.168.0.1 \n"
16187
" admin_server = 192.168.0.1\n"
16188
" }\n"
16189
msgstr ""
16190
16191
#: serverguide/C/network-auth.xml:2546(para)
16192
msgid ""
16193
"You can test the configuration by requesting a ticket using the "
16194
"<application>kinit</application> utility. For example:"
16195
msgstr ""
16196
16197
#: serverguide/C/network-auth.xml:2551(command)
16198
msgid "kinit steve@EXAMPLE.COM"
16199
msgstr ""
16200
16201
#: serverguide/C/network-auth.xml:2552(computeroutput)
16202
#, no-wrap
16203
msgid "Password for steve@EXAMPLE.COM:"
16204
msgstr ""
16205
16206
#: serverguide/C/network-auth.xml:2555(para)
16207
msgid ""
16208
"When a ticket has been granted, the details can be viewed using "
16209
"<application>klist</application>:"
16210
msgstr ""
16211
16212
#: serverguide/C/network-auth.xml:2561(computeroutput)
16213
#, no-wrap
16214
msgid ""
16215
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
16216
"Default principal: steve@EXAMPLE.COM\n"
16217
"\n"
16218
"Valid starting Expires Service principal\n"
16219
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
16220
" renew until 07/25/08 05:18:57\n"
16221
"\n"
16222
"\n"
16223
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
16224
"klist: You have no tickets cached"
16225
msgstr ""
16226
16227
#: serverguide/C/network-auth.xml:2573(para)
16228
msgid ""
16229
"Next, use the <application>auth-client-config</application> to configure the "
16230
"<application>libpam-krb5</application> module to request a ticket during "
16231
"login:"
16232
msgstr ""
16233
16234
#: serverguide/C/network-auth.xml:2579(command)
16235
msgid "sudo auth-client-config -a -p kerberos_example"
16236
msgstr ""
16237
16238
#: serverguide/C/network-auth.xml:2582(para)
16239
msgid ""
16240
"You will should now receive a ticket upon successful login authentication."
16241
msgstr ""
16242
16243
#: serverguide/C/network-auth.xml:2593(para)
16244
msgid ""
16245
"For more information on Kerberos see the <ulink "
16246
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
16247
msgstr ""
16248
16249
#: serverguide/C/network-auth.xml:2598(para)
16250
msgid ""
16251
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
16252
"Kerberos</ulink> page has more details."
16253
msgstr ""
16254
16255
#: serverguide/C/network-auth.xml:2603(para)
16256
msgid ""
16257
"O'Reilly's <ulink "
16258
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
16259
"Guide</ulink> is a great reference when setting up Kerberos."
16260
msgstr ""
16261
16262
#: serverguide/C/network-auth.xml:2609(para)
16263
msgid ""
16264
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
16265
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
16266
"Kerberos questions."
16267
msgstr ""
16268
16269
#: serverguide/C/network-auth.xml:2619(title)
16270
msgid "Kerberos and LDAP"
16271
msgstr ""
16272
16273
#: serverguide/C/network-auth.xml:2621(para)
16274
msgid ""
16275
"Replicating a Kerberos principal database between two servers can be "
16276
"complicated, and adds an additional user database to your network. "
16277
"Fortunately, MIT Kerberos can be configured to use an "
16278
"<application>LDAP</application> directory as a principal database. This "
16279
"section covers configuring a primary and secondary kerberos server to use "
16280
"<application>OpenLDAP</application> for the principal database."
16281
msgstr ""
16282
16283
#: serverguide/C/network-auth.xml:2629(title)
16284
msgid "Configuring OpenLDAP"
16285
msgstr ""
16286
16287
#: serverguide/C/network-auth.xml:2631(para)
16288
msgid ""
16289
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
16290
"<application>OpenLDAP</application> server that has network connectivity to "
16291
"the Primary and Secondary KDCs. The rest of this section assumes that you "
16292
"also have LDAP replication configured between at least two servers. For "
16293
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
16294
msgstr ""
16295
16296
#: serverguide/C/network-auth.xml:2638(para)
16297
msgid ""
16298
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
16299
"that traffic between the KDC and LDAP server is encrypted. See <xref "
16300
"linkend=\"openldap-tls\"/> for details."
16301
msgstr ""
16302
16303
#: serverguide/C/network-auth.xml:2645(para)
16304
msgid ""
16305
"To load the schema into LDAP, on the LDAP server install the "
16306
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
16307
msgstr ""
16308
16309
#: serverguide/C/network-auth.xml:2651(command)
16310
msgid "sudo apt-get install krb5-kdc-ldap"
16311
msgstr ""
16312
16313
#: serverguide/C/network-auth.xml:2656(para)
16314
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
16315
msgstr ""
16316
16317
#: serverguide/C/network-auth.xml:2661(command)
16318
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16319
msgstr ""
16320
16321
#: serverguide/C/network-auth.xml:2662(command)
16322
msgid ""
16323
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16324
msgstr ""
16325
16326
#: serverguide/C/network-auth.xml:2668(para)
16327
msgid ""
16328
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16329
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16330
"<application>slapd</application> is also detailed in <xref "
16331
"linkend=\"openldap-configuration\"/>."
16332
msgstr ""
16333
16334
#: serverguide/C/network-auth.xml:2681(programlisting)
16335
#, no-wrap
16336
msgid ""
16337
"\n"
16338
"include /etc/ldap/schema/core.schema\n"
16339
"include /etc/ldap/schema/collective.schema\n"
16340
"include /etc/ldap/schema/corba.schema\n"
16341
"include /etc/ldap/schema/cosine.schema\n"
16342
"include /etc/ldap/schema/duaconf.schema\n"
16343
"include /etc/ldap/schema/dyngroup.schema\n"
16344
"include /etc/ldap/schema/inetorgperson.schema\n"
16345
"include /etc/ldap/schema/java.schema\n"
16346
"include /etc/ldap/schema/misc.schema\n"
16347
"include /etc/ldap/schema/nis.schema\n"
16348
"include /etc/ldap/schema/openldap.schema\n"
16349
"include /etc/ldap/schema/ppolicy.schema\n"
16350
"include /etc/ldap/schema/kerberos.schema\n"
16351
msgstr ""
16352
16353
#: serverguide/C/network-auth.xml:2701(para)
16354
msgid "Create a temporary directory to hold the LDIF files:"
16355
msgstr ""
16356
16357
#: serverguide/C/network-auth.xml:2716(command)
16358
msgid ""
16359
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16360
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16361
msgstr ""
16362
16363
#: serverguide/C/network-auth.xml:2726(para)
16364
msgid ""
16365
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16366
"changing the following attributes:"
16367
msgstr ""
16368
16369
#: serverguide/C/network-auth.xml:2730(programlisting)
16370
#, no-wrap
16371
msgid ""
16372
"\n"
16373
"dn: cn=kerberos,cn=schema,cn=config\n"
16374
"...\n"
16375
"cn: kerberos\n"
16376
msgstr ""
16377
16378
#: serverguide/C/network-auth.xml:2736(para)
16379
msgid "And remove the following lines from the end of the file:"
16380
msgstr ""
16381
16382
#: serverguide/C/network-auth.xml:2740(programlisting)
16383
#, no-wrap
16384
msgid ""
16385
"\n"
16386
"structuralObjectClass: olcSchemaConfig\n"
16387
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16388
"creatorsName: cn=config\n"
16389
"createTimestamp: 20090111203515Z\n"
16390
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16391
"modifiersName: cn=config\n"
16392
"modifyTimestamp: 20090111203515Z\n"
16393
msgstr ""
16394
16395
#: serverguide/C/network-auth.xml:2759(para)
16396
msgid "Load the new schema with <application>ldapadd</application>:"
16397
msgstr ""
16398
16399
#: serverguide/C/network-auth.xml:2764(command)
16400
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16401
msgstr ""
16402
16403
#: serverguide/C/network-auth.xml:2770(para)
16404
msgid ""
16405
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16406
msgstr ""
16407
16408
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
16409
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16410
msgstr ""
16411
16412
#: serverguide/C/network-auth.xml:2777(userinput)
16413
#, no-wrap
16414
msgid ""
16415
"dn: olcDatabase={1}hdb,cn=config\n"
16416
"add: olcDbIndex\n"
16417
"olcDbIndex: krbPrincipalName eq,pres,sub"
16418
msgstr ""
16419
16420
#: serverguide/C/network-auth.xml:2776(computeroutput)
16421
#, no-wrap
16422
msgid ""
16423
"Enter LDAP Password:\n"
16424
"<placeholder-1/>\n"
16425
"\n"
16426
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16427
msgstr ""
16428
16429
#: serverguide/C/network-auth.xml:2787(para)
16430
msgid "Finally, update the Access Control Lists (ACL):"
16431
msgstr ""
16432
16433
#: serverguide/C/network-auth.xml:2794(userinput)
16434
#, no-wrap
16435
msgid ""
16436
"dn: olcDatabase={1}hdb,cn=config\n"
16437
"replace: olcAccess\n"
16438
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16439
"dn=\"cn=admin,dc=exampl\n"
16440
" e,dc=com\" write by anonymous auth by self write by * none\n"
16441
"-\n"
16442
"add: olcAccess\n"
16443
"olcAccess: to dn.base=\"\" by * read\n"
16444
"-\n"
16445
"add: olcAccess\n"
16446
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16447
msgstr ""
16448
16449
#: serverguide/C/network-auth.xml:2793(computeroutput)
16450
#, no-wrap
16451
msgid ""
16452
"Enter LDAP Password: \n"
16453
"<placeholder-1/>\n"
16454
"\n"
16455
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16456
msgstr ""
16457
16458
#: serverguide/C/network-auth.xml:2814(para)
16459
msgid ""
16460
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16461
"database."
16462
msgstr ""
16463
16464
#: serverguide/C/network-auth.xml:2820(title)
16465
msgid "Primary KDC Configuration"
16466
msgstr ""
16467
16468
#: serverguide/C/network-auth.xml:2822(para)
16469
msgid ""
16470
"With <application>OpenLDAP</application> configured it is time to configure "
16471
"the KDC."
16472
msgstr ""
16473
16474
#: serverguide/C/network-auth.xml:2828(para)
16475
msgid "First, install the necessary packages, from a terminal enter:"
16476
msgstr ""
16477
16478
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
16479
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16480
msgstr ""
16481
16482
#: serverguide/C/network-auth.xml:2839(para)
16483
msgid ""
16484
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16485
"under the appropriate sections:"
16486
msgstr ""
16487
16488
#: serverguide/C/network-auth.xml:2843(programlisting)
16489
#, no-wrap
16490
msgid ""
16491
"\n"
16492
"[libdefaults]\n"
16493
" default_realm = EXAMPLE.COM\n"
16494
"\n"
16495
"...\n"
16496
"\n"
16497
"[realms]\n"
16498
" EXAMPLE.COM = {\n"
16499
" kdc = kdc01.example.com\n"
16500
" kdc = kdc02.example.com\n"
16501
" admin_server = kdc01.example.com\n"
16502
" admin_server = kdc02.example.com\n"
16503
" default_domain = example.com\n"
16504
" database_module = openldap_ldapconf\n"
16505
" }\n"
16506
"\n"
16507
"...\n"
16508
"\n"
16509
"[domain_realm]\n"
16510
" .example.com = EXAMPLE.COM\n"
16511
"\n"
16512
"\n"
16513
"...\n"
16514
"\n"
16515
"[dbdefaults]\n"
16516
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16517
"\n"
16518
"[dbmodules]\n"
16519
" openldap_ldapconf = {\n"
16520
" db_library = kldap\n"
16521
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16522
"\n"
16523
" # this object needs to have read rights on\n"
16524
" # the realm container, principal container and realm sub-"
16525
"trees\n"
16526
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16527
"\n"
16528
" # this object needs to have read and write rights on\n"
16529
" # the realm container, principal container and realm sub-"
16530
"trees\n"
16531
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16532
" ldap_servers = ldaps://ldap01.example.com "
16533
"ldaps://ldap02.example.com\n"
16534
" ldap_conns_per_server = 5\n"
16535
" }\n"
16536
msgstr ""
16537
16538
#: serverguide/C/network-auth.xml:2888(para)
16539
msgid ""
16540
"Change <emphasis>example.com</emphasis>, "
16541
"<emphasis>dc=example,dc=com</emphasis>, "
16542
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16543
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16544
"object, and LDAP server for your network."
16545
msgstr ""
16546
16547
#: serverguide/C/network-auth.xml:2897(para)
16548
msgid ""
16549
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16550
"the realm:"
16551
msgstr ""
16552
16553
#: serverguide/C/network-auth.xml:2902(command)
16554
msgid ""
16555
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16556
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16557
msgstr ""
16558
16559
#: serverguide/C/network-auth.xml:2908(para)
16560
msgid ""
16561
"Create a stash of the password used to bind to the LDAP server. This "
16562
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16563
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16564
"<filename>/etc/krb5.conf</filename>:"
16565
msgstr ""
16566
16567
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
16568
msgid ""
16569
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16570
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16571
msgstr ""
16572
16573
#: serverguide/C/network-auth.xml:2920(para)
16574
msgid "Copy the CA certificate from the LDAP server:"
16575
msgstr ""
16576
16577
#: serverguide/C/network-auth.xml:2925(command)
16578
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16579
msgstr ""
16580
16581
#: serverguide/C/network-auth.xml:2926(command)
16582
msgid "sudo cp cacert.pem /etc/ssl/certs"
16583
msgstr ""
16584
16585
#: serverguide/C/network-auth.xml:2929(para)
16586
msgid ""
16587
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16588
msgstr ""
16589
16590
#: serverguide/C/network-auth.xml:2933(programlisting)
16591
#, no-wrap
16592
msgid ""
16593
"\n"
16594
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16595
msgstr ""
16596
16597
#: serverguide/C/network-auth.xml:2938(para)
16598
msgid ""
16599
"The certificate will also need to be copied to the Secondary KDC, to allow "
16600
"the connection to the LDAP servers using LDAPS."
16601
msgstr ""
16602
16603
#: serverguide/C/network-auth.xml:2947(para)
16604
msgid ""
16605
"You can now add Kerberos principals to the LDAP database, and they will be "
16606
"copied to any other LDAP servers configured for replication. To add a "
16607
"principal using the <application>kadmin.local</application> utility enter:"
16608
msgstr ""
16609
16610
#: serverguide/C/network-auth.xml:2955(userinput)
16611
#, no-wrap
16612
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16613
msgstr ""
16614
16615
#: serverguide/C/network-auth.xml:2954(computeroutput)
16616
#, no-wrap
16617
msgid ""
16618
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16619
"kadmin.local: <placeholder-1/>\n"
16620
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16621
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16622
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16623
"Principal \"steve@EXAMPLE.COM\" created."
16624
msgstr ""
16625
16626
#: serverguide/C/network-auth.xml:2962(para)
16627
msgid ""
16628
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16629
"krbExtraData attributes added to the "
16630
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16631
"the <application>kinit</application> and <application>klist</application> "
16632
"utilities to test that the user is indeed issued a ticket."
16633
msgstr ""
16634
16635
#: serverguide/C/network-auth.xml:2969(para)
16636
msgid ""
16637
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16638
"option is needed to add the Kerberos attributes. Otherwise a new "
16639
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16640
msgstr ""
16641
16642
#: serverguide/C/network-auth.xml:2977(title)
16643
msgid "Secondary KDC Configuration"
16644
msgstr ""
16645
16646
#: serverguide/C/network-auth.xml:2979(para)
16647
msgid ""
16648
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16649
"one using the normal Kerberos database."
16650
msgstr ""
16651
16652
#: serverguide/C/network-auth.xml:2985(para)
16653
msgid "First, install the necessary packages. In a terminal enter:"
16654
msgstr ""
16655
16656
#: serverguide/C/network-auth.xml:2996(para)
16657
msgid ""
16658
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16659
msgstr ""
16660
16661
#: serverguide/C/network-auth.xml:3000(programlisting)
16662
#, no-wrap
16663
msgid ""
16664
"\n"
16665
"[libdefaults]\n"
16666
" default_realm = EXAMPLE.COM\n"
16667
"\n"
16668
"...\n"
16669
"\n"
16670
"[realms]\n"
16671
" EXAMPLE.COM = {\n"
16672
" kdc = kdc01.example.com\n"
16673
" kdc = kdc02.example.com\n"
16674
" admin_server = kdc01.example.com\n"
16675
" admin_server = kdc02.example.com\n"
16676
" default_domain = example.com\n"
16677
" database_module = openldap_ldapconf\n"
16678
" }\n"
16679
"\n"
16680
"...\n"
16681
"\n"
16682
"[domain_realm]\n"
16683
" .example.com = EXAMPLE.COM\n"
16684
"\n"
16685
"...\n"
16686
"\n"
16687
"[dbdefaults]\n"
16688
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16689
"\n"
16690
"[dbmodules]\n"
16691
" openldap_ldapconf = {\n"
16692
" db_library = kldap\n"
16693
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16694
"\n"
16695
" # this object needs to have read rights on\n"
16696
" # the realm container, principal container and realm sub-"
16697
"trees\n"
16698
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16699
"\n"
16700
" # this object needs to have read and write rights on\n"
16701
" # the realm container, principal container and realm sub-"
16702
"trees\n"
16703
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16704
" ldap_servers = ldaps://ldap01.example.com "
16705
"ldaps://ldap02.example.com\n"
16706
" ldap_conns_per_server = 5\n"
16707
" }\n"
16708
msgstr ""
16709
16710
#: serverguide/C/network-auth.xml:3047(para)
16711
msgid "Create the stash for the LDAP bind password:"
16712
msgstr ""
16713
16714
#: serverguide/C/network-auth.xml:3058(para)
16715
msgid ""
16716
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16717
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16718
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16719
"encrypted connection such as <application>scp</application>, or on physical "
16720
"media."
16721
msgstr ""
16722
16723
#: serverguide/C/network-auth.xml:3065(command)
16724
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16725
msgstr ""
16726
16727
#: serverguide/C/network-auth.xml:3066(command)
16728
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16729
msgstr ""
16730
16731
#: serverguide/C/network-auth.xml:3070(para)
16732
msgid ""
16733
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16734
msgstr ""
16735
16736
#: serverguide/C/network-auth.xml:3078(para)
16737
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16738
msgstr ""
16739
16740
#: serverguide/C/network-auth.xml:3089(para)
16741
msgid ""
16742
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16743
"you should be able to continue to authenticate users if one LDAP server, one "
16744
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16745
msgstr ""
16746
16747
#: serverguide/C/network-auth.xml:3101(para)
16748
msgid ""
16749
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16750
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16751
"Guide</ulink> has some additional details."
16752
msgstr ""
16753
16754
#: serverguide/C/network-auth.xml:3107(para)
16755
msgid ""
16756
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16757
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16758
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16759
"5.6</ulink> and the <ulink "
16760
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16761
"tml\">kdb5_ldap_util man page</ulink>."
16762
msgstr ""
16763
16764
#: serverguide/C/network-auth.xml:3115(para)
16765
msgid ""
16766
"Another useful link is the <ulink "
16767
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16768
">krb5.conf man page</ulink>."
16769
msgstr ""
16770
16771
#: serverguide/C/network-auth.xml:3120(para)
16772
msgid ""
16773
"Also, see the <ulink "
16774
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16775
"and LDAP</ulink> Ubuntu wiki page."
16776
msgstr ""
16777
16778
#: serverguide/C/monitoring.xml:13(title)
16779
msgid "Monitoring"
16780
msgstr ""
16781
16782
#: serverguide/C/monitoring.xml:17(para)
16783
msgid ""
16784
"The monitoring of essential servers and services is an important part of "
16785
"system administration. Most network services are monitored for performance, "
16786
"availability, or both. This section will cover installation and "
16787
"configuration of <application>Nagios</application> for availability "
16788
"monitoring, and <application>Munin</application> for performance monitoring."
16789
msgstr ""
16790
16791
#: serverguide/C/monitoring.xml:24(para)
16792
msgid ""
16793
"The examples in this section will use two servers with hostnames "
16794
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16795
"<emphasis>Server01</emphasis> will be configured with "
16796
"<application>Nagios</application> to monitor services on itself and "
16797
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16798
"<application>munin</application> package to gather information from the "
16799
"network. Using the <application>munin-node</application> package, "
16800
"<emphasis>server02</emphasis> will be configured to send information to "
16801
"<emphasis>server01</emphasis>."
16802
msgstr ""
16803
16804
#: serverguide/C/monitoring.xml:33(para)
16805
msgid ""
16806
"Hopefully these simple examples will allow you to monitor additional servers "
16807
"and services on your network."
16808
msgstr ""
16809
16810
#: serverguide/C/monitoring.xml:39(title)
16811
msgid "Nagios"
16812
msgstr ""
16813
16814
#: serverguide/C/monitoring.xml:44(para)
16815
msgid ""
16816
"First, on <emphasis>server01</emphasis> install the "
16817
"<application>nagios</application> package. In a terminal enter:"
16818
msgstr ""
16819
16820
#: serverguide/C/monitoring.xml:50(command)
16821
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16822
msgstr ""
16823
16824
#: serverguide/C/monitoring.xml:53(para)
16825
msgid ""
16826
"You will be asked to enter a password for the "
16827
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16828
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16829
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16830
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16831
"of the <application>apache2-utils</application> package."
16832
msgstr ""
16833
16834
#: serverguide/C/monitoring.xml:60(para)
16835
msgid ""
16836
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16837
"user enter:"
16838
msgstr ""
16839
16840
#: serverguide/C/monitoring.xml:65(command)
16841
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16842
msgstr ""
16843
16844
#: serverguide/C/monitoring.xml:68(para)
16845
msgid "To add a user:"
16846
msgstr ""
16847
16848
#: serverguide/C/monitoring.xml:73(command)
16849
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16850
msgstr ""
16851
16852
#: serverguide/C/monitoring.xml:76(para)
16853
msgid ""
16854
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16855
"server</application> package. From a terminal on server02 enter:"
16856
msgstr ""
16857
16858
#: serverguide/C/monitoring.xml:82(command)
16859
msgid "sudo apt-get install nagios-nrpe-server"
16860
msgstr ""
16861
16862
#: serverguide/C/monitoring.xml:86(para)
16863
msgid ""
16864
"<application>NRPE</application> allows you to execute local checks on remote "
16865
"hosts. There are other ways of accomplishing this through other Nagios "
16866
"plugins as well as other checks."
16867
msgstr ""
16868
16869
#: serverguide/C/monitoring.xml:94(title)
16870
msgid "Configuration Overview"
16871
msgstr ""
16872
16873
#: serverguide/C/monitoring.xml:96(para)
16874
msgid ""
16875
"There are a couple of directories containing "
16876
"<application>Nagios</application> configuration and check files."
16877
msgstr ""
16878
16879
#: serverguide/C/monitoring.xml:102(para)
16880
msgid ""
16881
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16882
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16883
"etc."
16884
msgstr ""
16885
16886
#: serverguide/C/monitoring.xml:108(para)
16887
msgid ""
16888
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16889
"service checks."
16890
msgstr ""
16891
16892
#: serverguide/C/monitoring.xml:113(para)
16893
msgid ""
16894
"<filename>/etc/nagios</filename>: on the remote host contains the "
16895
"<application>nagios-nrpe-server</application> configuration files."
16896
msgstr ""
16897
16898
#: serverguide/C/monitoring.xml:118(para)
16899
msgid ""
16900
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16901
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16902
msgstr ""
16903
16904
#: serverguide/C/monitoring.xml:123(para)
16905
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16906
msgstr ""
16907
16908
#: serverguide/C/monitoring.xml:129(para)
16909
msgid ""
16910
"There are a plethora of checks <application>Nagios</application> can be "
16911
"configured to execute for any given host. For this example Nagios will be "
16912
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16913
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16914
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16915
msgstr ""
16916
16917
#: serverguide/C/monitoring.xml:136(para)
16918
msgid ""
16919
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16920
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16921
msgstr ""
16922
16923
#: serverguide/C/monitoring.xml:141(para)
16924
msgid ""
16925
"Additionally, there are some terms that once explained will hopefully make "
16926
"understanding Nagios configuration easier:"
16927
msgstr ""
16928
16929
#: serverguide/C/monitoring.xml:147(para)
16930
msgid ""
16931
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16932
"is being monitored."
16933
msgstr ""
16934
16935
#: serverguide/C/monitoring.xml:152(para)
16936
msgid ""
16937
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16938
"could group all web servers, file server, etc."
16939
msgstr ""
16940
16941
#: serverguide/C/monitoring.xml:157(para)
16942
msgid ""
16943
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16944
"as HTTP, DNS, NFS, etc."
16945
msgstr ""
16946
16947
#: serverguide/C/monitoring.xml:162(para)
16948
msgid ""
16949
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16950
"together. This is useful for grouping multiple HTTP for example."
16951
msgstr ""
16952
16953
#: serverguide/C/monitoring.xml:168(para)
16954
msgid ""
16955
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16956
"place. Nagios can be configured to send emails, SMS messages, etc."
16957
msgstr ""
16958
16959
#: serverguide/C/monitoring.xml:174(para)
16960
msgid ""
16961
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16962
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16963
"will also <application>ping</application> check the "
16964
"<emphasis>gateway</emphasis>."
16965
msgstr ""
16966
16967
#: serverguide/C/monitoring.xml:179(para)
16968
msgid ""
16969
"Large Nagios installations can be quite complex to configure. It is usually "
16970
"best to start small, one or two hosts, get things configured the way you "
16971
"like then expand."
16972
msgstr ""
16973
16974
#: serverguide/C/monitoring.xml:194(para)
16975
msgid ""
16976
"First, create a <emphasis>host</emphasis> configuration file for "
16977
"<emphasis>server02</emphasis>. In a terminal enter:"
16978
msgstr ""
16979
16980
#: serverguide/C/monitoring.xml:199(command)
16981
msgid ""
16982
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16983
"/etc/nagios3/conf.d/server02.cfg"
16984
msgstr ""
16985
16986
#: serverguide/C/monitoring.xml:203(para)
16987
msgid ""
16988
"In the above and following command examples, replace "
16989
"<emphasis>\"server01\"</emphasis>, "
16990
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16991
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16992
"your servers."
16993
msgstr ""
16994
16995
#: serverguide/C/monitoring.xml:212(para)
16996
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16997
msgstr ""
16998
16999
#: serverguide/C/monitoring.xml:216(programlisting)
17000
#, no-wrap
17001
msgid ""
17002
"\n"
17003
"define host{\n"
17004
" use generic-host ; Name of host "
17005
"template to use\n"
17006
" host_name server02\n"
17007
" alias Server 02\n"
17008
" address 172.18.100.101\n"
17009
"}\n"
17010
"\n"
17011
"# check DNS service.\n"
17012
"define service {\n"
17013
" use generic-service\n"
17014
" host_name server02\n"
17015
" service_description DNS\n"
17016
" check_command check_dns!172.18.100.101\n"
17017
"}\n"
17018
msgstr ""
17019
17020
#: serverguide/C/monitoring.xml:236(para)
17021
msgid ""
17022
"Restart the <application>nagios</application> daemon to enable the new "
17023
"configuration:"
17024
msgstr ""
17025
17026
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
17027
msgid "sudo /etc/init.d/nagios3 restart"
17028
msgstr ""
17029
17030
#: serverguide/C/monitoring.xml:251(para)
17031
msgid ""
17032
"Now add a service definition for the MySQL check by adding the following to "
17033
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
17034
msgstr ""
17035
17036
#: serverguide/C/monitoring.xml:255(programlisting)
17037
#, no-wrap
17038
msgid ""
17039
"\n"
17040
"# check MySQL servers.\n"
17041
"define service {\n"
17042
" hostgroup_name mysql-servers\n"
17043
" service_description MySQL\n"
17044
" check_command "
17045
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
17046
" use generic-service\n"
17047
" notification_interval 0 ; set > 0 if you want to be "
17048
"renotified\n"
17049
"}\n"
17050
msgstr ""
17051
17052
#: serverguide/C/monitoring.xml:269(para)
17053
msgid ""
17054
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
17055
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
17056
msgstr ""
17057
17058
#: serverguide/C/monitoring.xml:274(programlisting)
17059
#, no-wrap
17060
msgid ""
17061
"\n"
17062
"# MySQL hostgroup.\n"
17063
"define hostgroup {\n"
17064
" hostgroup_name mysql-servers\n"
17065
" alias MySQL servers\n"
17066
" members localhost, server02\n"
17067
" }\n"
17068
msgstr ""
17069
17070
#: serverguide/C/monitoring.xml:286(para)
17071
msgid ""
17072
"The Nagios check needs to authenticate to MySQL. To add a "
17073
"<emphasis>nagios</emphasis> user to MySQL enter:"
17074
msgstr ""
17075
17076
#: serverguide/C/monitoring.xml:291(command)
17077
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
17078
msgstr ""
17079
17080
#: serverguide/C/monitoring.xml:295(para)
17081
msgid ""
17082
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
17083
"<emphasis>mysql-servers</emphasis> hostgroup."
17084
msgstr ""
17085
17086
#: serverguide/C/monitoring.xml:303(para)
17087
msgid ""
17088
"Restart <application>nagios</application> to start checking the MySQL "
17089
"servers."
17090
msgstr ""
17091
17092
#: serverguide/C/monitoring.xml:318(para)
17093
msgid ""
17094
"Lastly configure NRPE to check the disk space on "
17095
"<emphasis>server02</emphasis>."
17096
msgstr ""
17097
17098
#: serverguide/C/monitoring.xml:322(para)
17099
msgid ""
17100
"On <emphasis>server01</emphasis> add the service check to "
17101
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17102
msgstr ""
17103
17104
#: serverguide/C/monitoring.xml:327(programlisting)
17105
#, no-wrap
17106
msgid ""
17107
"\n"
17108
"# NRPE disk check.\n"
17109
"define service {\n"
17110
" use generic-service\n"
17111
" host_name server02\n"
17112
" service_description nrpe-disk\n"
17113
" check_command "
17114
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
17115
"}\n"
17116
msgstr ""
17117
17118
#: serverguide/C/monitoring.xml:340(para)
17119
msgid ""
17120
"Now on <emphasis>server02</emphasis> edit "
17121
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
17122
msgstr ""
17123
17124
#: serverguide/C/monitoring.xml:344(programlisting)
17125
#, no-wrap
17126
msgid ""
17127
"\n"
17128
"allowed_hosts=172.18.100.100\n"
17129
msgstr ""
17130
17131
#: serverguide/C/monitoring.xml:348(para)
17132
msgid "And below in the command definition area add:"
17133
msgstr ""
17134
17135
#: serverguide/C/monitoring.xml:352(programlisting)
17136
#, no-wrap
17137
msgid ""
17138
"\n"
17139
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
17140
"e\n"
17141
msgstr ""
17142
17143
#: serverguide/C/monitoring.xml:359(para)
17144
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
17145
msgstr ""
17146
17147
#: serverguide/C/monitoring.xml:364(command)
17148
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
17149
msgstr ""
17150
17151
#: serverguide/C/monitoring.xml:370(para)
17152
msgid ""
17153
"Also, on <emphasis>server01</emphasis> restart "
17154
"<application>nagios</application>:"
17155
msgstr ""
17156
17157
#: serverguide/C/monitoring.xml:383(para)
17158
msgid ""
17159
"You should now be able to see the host and service checks in the Nagios CGI "
17160
"files. To access them point a browser to http://server01/nagios3. You will "
17161
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
17162
"password."
17163
msgstr ""
17164
17165
#: serverguide/C/monitoring.xml:393(para)
17166
msgid ""
17167
"This section has just scratched the surface of Nagios' features. The "
17168
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
17169
"plugins</application> contain many more service checks."
17170
msgstr ""
17171
17172
#: serverguide/C/monitoring.xml:400(para)
17173
msgid ""
17174
"For more information see <ulink "
17175
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
17176
msgstr ""
17177
17178
#: serverguide/C/monitoring.xml:405(para)
17179
msgid ""
17180
"Specifically the <ulink "
17181
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
17182
"site."
17183
msgstr ""
17184
17185
#: serverguide/C/monitoring.xml:410(para)
17186
msgid ""
17187
"There is also a list of <ulink "
17188
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
17189
"Nagios and network monitoring:"
17190
msgstr ""
17191
17192
#: serverguide/C/monitoring.xml:416(para)
17193
msgid ""
17194
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
17195
"Wiki</ulink> page also has more details."
17196
msgstr ""
17197
17198
#: serverguide/C/monitoring.xml:425(title)
17199
msgid "Munin"
17200
msgstr ""
17201
17202
#: serverguide/C/monitoring.xml:430(para)
17203
msgid ""
17204
"Before installing <application>Munin</application> on "
17205
"<emphasis>server01</emphasis><application>apache2</application> will need to "
17206
"be installed. The default configuration is fine for running a "
17207
"<application>munin</application> server. For more information see <xref "
17208
"linkend=\"httpd\"/>."
17209
msgstr ""
17210
17211
#: serverguide/C/monitoring.xml:436(para)
17212
msgid ""
17213
"First, on <emphasis>server01</emphasis> install "
17214
"<application>munin</application>. In a terminal enter:"
17215
msgstr ""
17216
17217
#: serverguide/C/monitoring.xml:441(command)
17218
msgid "sudo apt-get install munin"
17219
msgstr ""
17220
17221
#: serverguide/C/monitoring.xml:444(para)
17222
msgid ""
17223
"Now on <emphasis>server02</emphasis> install the <application>munin-"
17224
"node</application> package:"
17225
msgstr ""
17226
17227
#: serverguide/C/monitoring.xml:449(command)
17228
msgid "sudo apt-get install munin-node"
17229
msgstr ""
17230
17231
#: serverguide/C/monitoring.xml:456(para)
17232
msgid ""
17233
"On <emphasis>server01</emphasis> edit the "
17234
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
17235
"<emphasis>server02</emphasis>:"
17236
msgstr ""
17237
17238
#: serverguide/C/monitoring.xml:461(programlisting)
17239
#, no-wrap
17240
msgid ""
17241
"\n"
17242
"## First our \"normal\" host.\n"
17243
"[server02]\n"
17244
" address 172.18.100.101\n"
17245
msgstr ""
17246
17247
#: serverguide/C/monitoring.xml:468(para)
17248
msgid ""
17249
"Replace <emphasis>server02</emphasis> and "
17250
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
17251
"for your server."
17252
msgstr ""
17253
17254
#: serverguide/C/monitoring.xml:474(para)
17255
msgid ""
17256
"Next, configure <application>munin-node</application> on "
17257
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
17258
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
17259
msgstr ""
17260
17261
#: serverguide/C/monitoring.xml:479(programlisting)
17262
#, no-wrap
17263
msgid ""
17264
"\n"
17265
"allow ^172\\.18\\.100\\.100$\n"
17266
msgstr ""
17267
17268
#: serverguide/C/monitoring.xml:484(para)
17269
msgid ""
17270
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
17271
"<application>munin</application> server."
17272
msgstr ""
17273
17274
#: serverguide/C/monitoring.xml:489(para)
17275
msgid ""
17276
"Now restart <application>munin-node</application> on "
17277
"<emphasis>server02</emphasis> for the changes to take effect:"
17278
msgstr ""
17279
17280
#: serverguide/C/monitoring.xml:494(command)
17281
msgid "sudo /etc/init.d/munin-node restart"
17282
msgstr ""
17283
17284
#: serverguide/C/monitoring.xml:497(para)
17285
msgid ""
17286
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
17287
"you should see links to nice graphs displaying information from the standard "
17288
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
17289
msgstr ""
17290
17291
#: serverguide/C/monitoring.xml:503(para)
17292
msgid ""
17293
"Since this is a new install it may take some time for the graphs to display "
17294
"anything useful."
17295
msgstr ""
17296
17297
#: serverguide/C/monitoring.xml:510(title)
17298
msgid "Additional Plugins"
17299
msgstr ""
17300
17301
#: serverguide/C/monitoring.xml:512(para)
17302
msgid ""
17303
"The <application>munin-plugins-extra</application> package contains "
17304
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17305
"install the package, from a terminal enter:"
17306
msgstr ""
17307
17308
#: serverguide/C/monitoring.xml:518(command)
17309
msgid "sudo apt-get install munin-plugins-extra"
17310
msgstr ""
17311
17312
#: serverguide/C/monitoring.xml:521(para)
17313
msgid "Be sure to install the package on both the server and node machines."
17314
msgstr ""
17315
17316
#: serverguide/C/monitoring.xml:531(para)
17317
msgid ""
17318
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17319
"website for more details."
17320
msgstr ""
17321
17322
#: serverguide/C/monitoring.xml:536(para)
17323
msgid ""
17324
"Specifically the <ulink "
17325
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17326
"Documentation</ulink> page includes information on additional plugins, "
17327
"writing plugins, etc."
17328
msgstr ""
17329
17330
#: serverguide/C/monitoring.xml:542(para)
17331
msgid ""
17332
"Also, there is a book in German by Open Source Press: <ulink "
17333
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17334
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17335
msgstr ""
17336
17337
#: serverguide/C/monitoring.xml:548(para)
17338
msgid ""
17339
"Another resource is the <ulink "
17340
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17341
"page."
17342
msgstr ""
17343
17344
#: serverguide/C/mail.xml:13(title)
17345
msgid "Email Services"
17346
msgstr ""
17347
17348
#: serverguide/C/mail.xml:14(para)
17349
msgid ""
17350
"The process of getting an email from one person to another over a network or "
17351
"the Internet involves many systems working together. Each of these systems "
17352
"must be correctly configured for the process to work. The sender uses a "
17353
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
17354
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
17355
"the last of which will hand it off to a <emphasis>Mail Delivery "
17356
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
17357
"it will be retrieved by the recipient's email client, usually via a POP3 or "
17358
"IMAP server."
17359
msgstr ""
17360
17361
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
17362
msgid "Postfix"
17363
msgstr ""
17364
17365
#: serverguide/C/mail.xml:25(para)
17366
msgid ""
17367
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
17368
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
17369
"compatible with the MTA <application>sendmail</application>. This section "
17370
"explains how to install and configure <application>postfix</application>. It "
17371
"also explains how to set it up as an SMTP server using a secure connection "
17372
"(for sending emails securely)."
17373
msgstr ""
17374
17375
#: serverguide/C/mail.xml:34(para)
17376
msgid ""
17377
"This guide does not cover setting up Postfix <emphasis>Virtual "
17378
"Domains</emphasis>, for information on Virtual Domains and other advanced "
17379
"configurations see <xref linkend=\"postfix-references\"/>."
17380
msgstr ""
17381
17382
#: serverguide/C/mail.xml:41(para)
17383
msgid ""
17384
"To install <application>postfix</application> run the following command:"
17385
msgstr ""
17386
17387
#: serverguide/C/mail.xml:47(para)
17388
msgid ""
17389
"Simply press return when the installation process asks questions, the "
17390
"configuration will be done in greater detail in the next stage."
17391
msgstr ""
17392
17393
#: serverguide/C/mail.xml:52(title)
17394
msgid "Basic Configuration"
17395
msgstr ""
17396
17397
#: serverguide/C/mail.xml:53(para)
17398
msgid ""
17399
"To configure <application>postfix</application>, run the following command:"
17400
msgstr ""
17401
17402
#: serverguide/C/mail.xml:57(command)
17403
msgid "sudo dpkg-reconfigure postfix"
17404
msgstr ""
17405
17406
#: serverguide/C/mail.xml:63(para)
17407
msgid "Internet Site"
17408
msgstr ""
17409
17410
#: serverguide/C/mail.xml:64(para)
17411
msgid "mail.example.com"
17412
msgstr ""
17413
17414
#: serverguide/C/mail.xml:65(para)
17415
msgid "steve"
17416
msgstr ""
17417
17418
#: serverguide/C/mail.xml:66(para)
17419
msgid "mail.example.com, localhost.localdomain, localhost"
17420
msgstr ""
17421
17422
#: serverguide/C/mail.xml:67(para)
17423
msgid "No"
17424
msgstr ""
17425
17426
#: serverguide/C/mail.xml:68(para)
17427
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17428
msgstr ""
17429
17430
#: serverguide/C/mail.xml:69(para)
17431
msgid "0"
17432
msgstr ""
17433
17434
#: serverguide/C/mail.xml:70(para)
17435
msgid "+"
17436
msgstr ""
17437
17438
#: serverguide/C/mail.xml:71(para)
17439
msgid "all"
17440
msgstr ""
17441
17442
#: serverguide/C/mail.xml:59(para)
17443
msgid ""
17444
"The user interface will be displayed. On each screen, select the following "
17445
"values: <placeholder-1/>"
17446
msgstr ""
17447
17448
#: serverguide/C/mail.xml:75(para)
17449
msgid ""
17450
"Replace mail.example.com with the domain for which you'll accept email, "
17451
"192.168.0.0/24 with the actual network and class range of your mail server, "
17452
"and steve with the appropriate username."
17453
msgstr ""
17454
17455
#: serverguide/C/mail.xml:81(para)
17456
msgid ""
17457
"Now is a good time to decide which mailbox format you want to use. By "
17458
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
17459
"mailbox format. Rather than editing the configuration file directly, you can "
17460
"use the <command>postconf</command> command to configure all "
17461
"<application>postfix</application> parameters. The configuration parameters "
17462
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
17463
"you wish to re-configure a particular parameter, you can either run the "
17464
"command or change it manually in the file."
17465
msgstr ""
17466
17467
#: serverguide/C/mail.xml:92(para)
17468
msgid ""
17469
"To configure the mailbox format for <emphasis "
17470
"role=\"strong\">Maildir:</emphasis>"
17471
msgstr ""
17472
17473
#: serverguide/C/mail.xml:97(command)
17474
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17475
msgstr ""
17476
17477
#: serverguide/C/mail.xml:100(para)
17478
msgid ""
17479
"This will place new mail in /home/<emphasis "
17480
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17481
"your Mail Delivery Agent (MDA) to use the same path."
17482
msgstr ""
17483
17484
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17485
msgid "SMTP Authentication"
17486
msgstr ""
17487
17488
#: serverguide/C/mail.xml:110(para)
17489
msgid ""
17490
"SMTP-AUTH allows a client to identify itself through an authentication "
17491
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17492
"the authentication process. Once authenticated the SMTP server will allow "
17493
"the client to relay mail."
17494
msgstr ""
17495
17496
#: serverguide/C/mail.xml:117(para)
17497
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17498
msgstr ""
17499
17500
#: serverguide/C/mail.xml:120(screen)
17501
#, no-wrap
17502
msgid ""
17503
"\n"
17504
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17505
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17506
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17507
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17508
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17509
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17510
"sudo postconf -e 'smtpd_recipient_restrictions = "
17511
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17512
"sudo postconf -e 'inet_interfaces = all'\n"
17513
msgstr ""
17514
17515
#: serverguide/C/mail.xml:131(para)
17516
msgid ""
17517
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17518
"the Postfix queue directory."
17519
msgstr ""
17520
17521
#: serverguide/C/mail.xml:137(para)
17522
msgid ""
17523
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17524
"and-security\"/> for details. This example also uses a Certificate Authority "
17525
"(CA). For information on generating a CA certificate see <xref "
17526
"linkend=\"certificate-authority\"/>."
17527
msgstr ""
17528
17529
#: serverguide/C/mail.xml:143(para)
17530
msgid ""
17531
"You can get the digital certificate from a certificate authority. But unlike "
17532
"web clients, SMTP clients rarely complain about \"self-signed "
17533
"certificates\", so alternatively, you can create the certificate yourself. "
17534
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17535
"details."
17536
msgstr ""
17537
17538
#: serverguide/C/mail.xml:155(para)
17539
msgid ""
17540
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17541
"both incoming and outgoing mail:"
17542
msgstr ""
17543
17544
#: serverguide/C/mail.xml:158(screen)
17545
#, no-wrap
17546
msgid ""
17547
"\n"
17548
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17549
"sudo postconf -e 'smtp_use_tls = yes'\n"
17550
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17551
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17552
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17553
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17554
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17555
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17556
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17557
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17558
"sudo postconf -e 'myhostname = mail.example.com'\n"
17559
msgstr ""
17560
17561
#: serverguide/C/mail.xml:173(para)
17562
msgid ""
17563
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17564
"the certificate enter:"
17565
msgstr ""
17566
17567
#: serverguide/C/mail.xml:177(command)
17568
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17569
msgstr ""
17570
17571
#: serverguide/C/mail.xml:180(para)
17572
msgid ""
17573
"Again, for more details about certificates see <xref linkend=\"certificates-"
17574
"and-security\"/>."
17575
msgstr ""
17576
17577
#: serverguide/C/mail.xml:186(para)
17578
msgid ""
17579
"After running all the commands, <application>Postfix</application> is "
17580
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17581
"TLS encryption."
17582
msgstr ""
17583
17584
#: serverguide/C/mail.xml:191(para)
17585
msgid ""
17586
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17587
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17588
msgstr ""
17589
17590
#: serverguide/C/mail.xml:195(para)
17591
msgid ""
17592
"The postfix initial configuration is complete. Run the following command to "
17593
"restart the postfix daemon:"
17594
msgstr ""
17595
17596
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17597
msgid "sudo /etc/init.d/postfix restart"
17598
msgstr ""
17599
17600
#: serverguide/C/mail.xml:204(para)
17601
msgid ""
17602
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17603
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17604
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17605
"However it is still necessary to set up SASL authentication before you can "
17606
"use SMTP-AUTH."
17607
msgstr ""
17608
17609
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17610
msgid "Configuring SASL"
17611
msgstr ""
17612
17613
#: serverguide/C/mail.xml:215(para)
17614
msgid ""
17615
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17616
"enable Dovecot SASL the <application>dovecot-common</application> package "
17617
"will need to be installed. From a terminal prompt enter the following:"
17618
msgstr ""
17619
17620
#: serverguide/C/mail.xml:221(command)
17621
msgid "sudo apt-get install dovecot-common"
17622
msgstr ""
17623
17624
#: serverguide/C/mail.xml:223(para)
17625
msgid ""
17626
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17627
"In the <emphasis>auth default</emphasis> section uncomment the "
17628
"<emphasis>socket listen</emphasis> option and change the following:"
17629
msgstr ""
17630
17631
#: serverguide/C/mail.xml:227(programlisting)
17632
#, no-wrap
17633
msgid ""
17634
"\n"
17635
" socket listen {\n"
17636
" #master {\n"
17637
" # Master socket provides access to userdb information. It's typically\n"
17638
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17639
" # can find mailbox locations.\n"
17640
" #path = /var/run/dovecot/auth-master\n"
17641
" #mode = 0600\n"
17642
" # Default user/group is the one who started dovecot-auth (root)\n"
17643
" #user = \n"
17644
" #group = \n"
17645
" #}\n"
17646
" client {\n"
17647
" # The client socket is generally safe to export to everyone. Typical "
17648
"use\n"
17649
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17650
" # using it.\n"
17651
" path = /var/spool/postfix/private/auth-client\n"
17652
" mode = 0660\n"
17653
" user = postfix\n"
17654
" group = postfix\n"
17655
" }\n"
17656
" }\n"
17657
msgstr ""
17658
17659
#: serverguide/C/mail.xml:251(para)
17660
msgid ""
17661
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17662
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17663
"add <emphasis>\"login\"</emphasis>:"
17664
msgstr ""
17665
17666
#: serverguide/C/mail.xml:256(programlisting)
17667
#, no-wrap
17668
msgid ""
17669
"\n"
17670
" mechanisms = plain login\n"
17671
msgstr ""
17672
17673
#: serverguide/C/mail.xml:260(para)
17674
msgid ""
17675
"Once you have <application>Dovecot</application> configured restart it with:"
17676
msgstr ""
17677
17678
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17679
msgid "sudo /etc/init.d/dovecot restart"
17680
msgstr ""
17681
17682
#: serverguide/C/mail.xml:269(title)
17683
msgid "Postfix-Dovecot"
17684
msgstr ""
17685
17686
#: serverguide/C/mail.xml:271(para)
17687
msgid ""
17688
"Another option for configuring <application>Postfix</application> for SMTP-"
17689
"AUTH is using the <application>dovecot-postfix</application> package. This "
17690
"package will install <application>Dovecot</application> and configure "
17691
"<application>Postfix</application> to use it for both SASL authentication "
17692
"and as a Mail Delivery Agent (MDA). The package also configures "
17693
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17694
msgstr ""
17695
17696
#: serverguide/C/mail.xml:280(para)
17697
msgid ""
17698
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17699
"server. For example, if you are configuring your server to be a mail "
17700
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17701
"the above commands to configure Postfix for SMTPAUTH."
17702
msgstr ""
17703
17704
#: serverguide/C/mail.xml:287(para)
17705
msgid "To install the package, from a terminal prompt enter:"
17706
msgstr ""
17707
17708
#: serverguide/C/mail.xml:292(command)
17709
msgid "sudo apt-get install dovecot-postfix"
17710
msgstr ""
17711
17712
#: serverguide/C/mail.xml:295(para)
17713
msgid ""
17714
"You should now have a working mail server, but there are a few options that "
17715
"you may wish to further customize. For example, the package uses the "
17716
"certificate and key from the <application>ssl-cert</application> package, "
17717
"and in a production environment you should use a certificate and key "
17718
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17719
"for more details."
17720
msgstr ""
17721
17722
#: serverguide/C/mail.xml:301(para)
17723
msgid ""
17724
"Once you have a customized certificate and key for the host, change the "
17725
"following options in <filename>/etc/postfix/main.cf</filename>:"
17726
msgstr ""
17727
17728
#: serverguide/C/mail.xml:305(programlisting)
17729
#, no-wrap
17730
msgid ""
17731
"\n"
17732
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17733
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17734
msgstr ""
17735
17736
#: serverguide/C/mail.xml:310(para)
17737
msgid "Then restart Postfix:"
17738
msgstr ""
17739
17740
#: serverguide/C/mail.xml:321(para)
17741
msgid ""
17742
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17743
msgstr ""
17744
17745
#: serverguide/C/mail.xml:324(para)
17746
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17747
msgstr ""
17748
17749
#: serverguide/C/mail.xml:329(command)
17750
msgid "telnet mail.example.com 25"
17751
msgstr ""
17752
17753
#: serverguide/C/mail.xml:331(para)
17754
msgid ""
17755
"After you have established the connection to the postfix mail server, type:"
17756
msgstr ""
17757
17758
#: serverguide/C/mail.xml:335(screen)
17759
#, no-wrap
17760
msgid ""
17761
"\n"
17762
"ehlo mail.example.com\n"
17763
msgstr ""
17764
17765
#: serverguide/C/mail.xml:338(para)
17766
msgid ""
17767
"If you see the following lines among others, then everything is working "
17768
"perfectly. Type <command>quit</command> to exit."
17769
msgstr ""
17770
17771
#: serverguide/C/mail.xml:342(programlisting)
17772
#, no-wrap
17773
msgid ""
17774
"\n"
17775
"250-STARTTLS\n"
17776
"250-AUTH LOGIN PLAIN\n"
17777
"250-AUTH=LOGIN PLAIN\n"
17778
"250 8BITMIME\n"
17779
msgstr ""
17780
17781
#: serverguide/C/mail.xml:352(para)
17782
msgid ""
17783
"This section introduces some common ways to determine the cause if problems "
17784
"arise."
17785
msgstr ""
17786
17787
#: serverguide/C/mail.xml:356(title)
17788
msgid "Escaping chroot"
17789
msgstr ""
17790
17791
#: serverguide/C/mail.xml:357(para)
17792
msgid ""
17793
"The Ubuntu <application>postfix</application> package will by default "
17794
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17795
"This can add greater complexity when troubleshooting problems."
17796
msgstr ""
17797
17798
#: serverguide/C/mail.xml:361(para)
17799
msgid ""
17800
"To turn off the chroot operation locate for the following line in the "
17801
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17802
msgstr ""
17803
17804
#: serverguide/C/mail.xml:365(screen)
17805
#, no-wrap
17806
msgid ""
17807
"\n"
17808
"smtp inet n - - - - smtpd\n"
17809
msgstr ""
17810
17811
#: serverguide/C/mail.xml:368(para)
17812
msgid "and modify it as follows:"
17813
msgstr ""
17814
17815
#: serverguide/C/mail.xml:371(screen)
17816
#, no-wrap
17817
msgid ""
17818
"\n"
17819
"smtp inet n - n - - smtpd\n"
17820
msgstr ""
17821
17822
#: serverguide/C/mail.xml:374(para)
17823
msgid ""
17824
"You will then need to restart Postfix to use the new configuration. From a "
17825
"terminal prompt enter:"
17826
msgstr ""
17827
17828
#: serverguide/C/mail.xml:382(title)
17829
msgid "Log Files"
17830
msgstr ""
17831
17832
#: serverguide/C/mail.xml:383(para)
17833
msgid ""
17834
"<application>Postfix</application> sends all log messages to "
17835
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17836
"can sometimes get lost in the normal log output so they are also logged to "
17837
"<filename>/var/log/mail.err</filename> and "
17838
"<filename>/var/log/mail.warn</filename> respectively."
17839
msgstr ""
17840
17841
#: serverguide/C/mail.xml:388(para)
17842
msgid ""
17843
"To see messages entered into the logs in real time you can use the "
17844
"<application>tail -f</application> command:"
17845
msgstr ""
17846
17847
#: serverguide/C/mail.xml:393(command)
17848
msgid "tail -f /var/log/mail.err"
17849
msgstr ""
17850
17851
#: serverguide/C/mail.xml:395(para)
17852
msgid ""
17853
"The amount of detail that is recorded in the logs can be increased. Below "
17854
"are some configuration options for increasing the log level for some of the "
17855
"areas covered above."
17856
msgstr ""
17857
17858
#: serverguide/C/mail.xml:401(para)
17859
msgid ""
17860
"To increase <emphasis>TLS</emphasis> activity logging set the "
17861
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17862
msgstr ""
17863
17864
#: serverguide/C/mail.xml:405(command)
17865
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17866
msgstr ""
17867
17868
#: serverguide/C/mail.xml:409(para)
17869
msgid ""
17870
"If you are having trouble sending or receiving mail from a specific domain "
17871
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17872
msgstr ""
17873
17874
#: serverguide/C/mail.xml:414(command)
17875
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17876
msgstr ""
17877
17878
#: serverguide/C/mail.xml:418(para)
17879
msgid ""
17880
"You can increase the verbosity of any <application>Postfix</application> "
17881
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17882
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17883
"<emphasis>smtp</emphasis> entry:"
17884
msgstr ""
17885
17886
#: serverguide/C/mail.xml:422(programlisting)
17887
#, no-wrap
17888
msgid ""
17889
"\n"
17890
"smtp unix - - - - - smtp -v\n"
17891
msgstr ""
17892
17893
#: serverguide/C/mail.xml:428(para)
17894
msgid ""
17895
"It is important to note that after making one of the logging changes above "
17896
"the <application>Postfix</application> process will need to be reloaded in "
17897
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17898
"reload</command>"
17899
msgstr ""
17900
17901
#: serverguide/C/mail.xml:435(para)
17902
msgid ""
17903
"To increase the amount of information logged when troubleshooting "
17904
"<emphasis>SASL</emphasis> issues you can set the following options in "
17905
"<filename>/etc/dovecot/dovecot.conf</filename>"
17906
msgstr ""
17907
17908
#: serverguide/C/mail.xml:439(programlisting)
17909
#, no-wrap
17910
msgid ""
17911
"\n"
17912
"auth_debug=yes\n"
17913
"auth_debug_passwords=yes\n"
17914
msgstr ""
17915
17916
#: serverguide/C/mail.xml:446(para)
17917
msgid ""
17918
"Just like <application>Postfix</application> if you change a "
17919
"<application>Dovecot</application> configuration the process will need to be "
17920
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17921
msgstr ""
17922
17923
#: serverguide/C/mail.xml:452(para)
17924
msgid ""
17925
"Some of the options above can drastically increase the amount of information "
17926
"sent to the log files. Remember to return the log level back to normal after "
17927
"you have corrected the problem. Then reload the appropriate daemon for the "
17928
"new configuration to take affect."
17929
msgstr ""
17930
17931
#: serverguide/C/mail.xml:460(para)
17932
msgid ""
17933
"Administering a <application>Postfix</application> server can be a very "
17934
"complicated task. At some point you may need to turn to the Ubuntu community "
17935
"for more experienced help."
17936
msgstr ""
17937
17938
#: serverguide/C/mail.xml:464(para)
17939
msgid ""
17940
"A great place to ask for <application>Postfix</application> assistance, and "
17941
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17942
"server</emphasis> IRC channel on <ulink "
17943
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17944
"one of the <ulink "
17945
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17946
msgstr ""
17947
17948
#: serverguide/C/mail.xml:469(para)
17949
msgid ""
17950
"For in depth <application>Postfix</application> information Ubuntu "
17951
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17952
"Book of Postfix</ulink>."
17953
msgstr ""
17954
17955
#: serverguide/C/mail.xml:473(para)
17956
msgid ""
17957
"Finally, the <ulink "
17958
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17959
"also has great documentation on all the different configuration options "
17960
"available."
17961
msgstr ""
17962
17963
#: serverguide/C/mail.xml:477(para)
17964
msgid ""
17965
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17966
"Wiki Postifx</ulink> page has more information."
17967
msgstr ""
17968
17969
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17970
msgid "Exim4"
17971
msgstr ""
17972
17973
#: serverguide/C/mail.xml:486(para)
17974
msgid ""
17975
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17976
"developed at the University of Cambridge for use on Unix systems connected "
17977
"to the Internet. Exim can be installed in place of "
17978
"<application>sendmail</application>, although the configuration of "
17979
"<application>exim</application> is quite different to that of "
17980
"<application>sendmail</application>."
17981
msgstr ""
17982
17983
#: serverguide/C/mail.xml:497(para)
17984
msgid ""
17985
"To install <application>exim4</application>, run the following command: "
17986
"<screen>\n"
17987
"<command>sudo apt-get install exim4</command>\n"
17988
"</screen>"
17989
msgstr ""
17990
17991
#: serverguide/C/mail.xml:506(para)
17992
msgid ""
17993
"To configure <application>Exim4</application>, run the following command:"
17994
msgstr ""
17995
17996
#: serverguide/C/mail.xml:510(command)
17997
msgid "sudo dpkg-reconfigure exim4-config"
17998
msgstr ""
17999
18000
#: serverguide/C/mail.xml:512(para)
18001
msgid ""
18002
"The user interface will be displayed. The user interface lets you configure "
18003
"many parameters. For example, In <application>Exim4</application> the "
18004
"configuration files are split among multiple files. If you wish to have them "
18005
"in one file you can configure accordingly in this user interface."
18006
msgstr ""
18007
18008
#: serverguide/C/mail.xml:520(para)
18009
msgid ""
18010
"All the parameters you configure in the user interface are stored in "
18011
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
18012
"re-configure, either you re-run the configuration wizard or manually edit "
18013
"this file using your favorite editor. Once you configure, you can run the "
18014
"following command to generate the master configuration file:"
18015
msgstr ""
18016
18017
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
18018
msgid "sudo update-exim4.conf"
18019
msgstr ""
18020
18021
#: serverguide/C/mail.xml:533(para)
18022
msgid ""
18023
"The master configuration file, is generated and it is stored in "
18024
"<filename>/var/lib/exim4/config.autogenerated</filename>."
18025
msgstr ""
18026
18027
#: serverguide/C/mail.xml:539(para)
18028
msgid ""
18029
"At any time, you should not edit the master configuration file, "
18030
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
18031
"updated automatically every time you run <command>update-exim4.conf</command>"
18032
msgstr ""
18033
18034
#: serverguide/C/mail.xml:547(para)
18035
msgid ""
18036
"You can run the following command to start <application>Exim4</application> "
18037
"daemon."
18038
msgstr ""
18039
18040
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
18041
msgid "sudo /etc/init.d/exim4 start"
18042
msgstr ""
18043
18044
#: serverguide/C/mail.xml:557(para)
18045
msgid ""
18046
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
18047
msgstr ""
18048
18049
#: serverguide/C/mail.xml:560(para)
18050
msgid ""
18051
"The first step is to create a certificate for use with TLS. Enter the "
18052
"following into a terminal prompt:"
18053
msgstr ""
18054
18055
#: serverguide/C/mail.xml:564(command)
18056
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
18057
msgstr ""
18058
18059
#: serverguide/C/mail.xml:566(para)
18060
msgid ""
18061
"Now Exim4 needs to be configured for TLS by editing "
18062
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
18063
"the following:"
18064
msgstr ""
18065
18066
#: serverguide/C/mail.xml:570(programlisting)
18067
#, no-wrap
18068
msgid ""
18069
"\n"
18070
"MAIN_TLS_ENABLE = yes\n"
18071
msgstr ""
18072
18073
#: serverguide/C/mail.xml:573(para)
18074
msgid ""
18075
"Next you need to configure <application>Exim4</application> to use the "
18076
"<application>saslauthd</application> for authentication. Edit "
18077
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
18078
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
18079
"<emphasis>login_saslauthd_server</emphasis> sections:"
18080
msgstr ""
18081
18082
#: serverguide/C/mail.xml:578(programlisting)
18083
#, no-wrap
18084
msgid ""
18085
"\n"
18086
" plain_saslauthd_server:\n"
18087
" driver = plaintext\n"
18088
" public_name = PLAIN\n"
18089
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
18090
" server_set_id = $auth2\n"
18091
" server_prompts = :\n"
18092
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18093
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18094
" .endif\n"
18095
"#\n"
18096
" login_saslauthd_server:\n"
18097
" driver = plaintext\n"
18098
" public_name = LOGIN\n"
18099
" server_prompts = \"Username:: : Password::\"\n"
18100
" # don't send system passwords over unencrypted connections\n"
18101
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
18102
" server_set_id = $auth1\n"
18103
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18104
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18105
" .endif\n"
18106
msgstr ""
18107
18108
#: serverguide/C/mail.xml:600(para)
18109
msgid "Finally, update the Exim4 configuration and restart the service:"
18110
msgstr ""
18111
18112
#: serverguide/C/mail.xml:605(command)
18113
msgid "sudo /etc/init.d/exim4 restart"
18114
msgstr ""
18115
18116
#: serverguide/C/mail.xml:610(para)
18117
msgid ""
18118
"This section provides details on configuring the saslauthd to provide "
18119
"authentication for <application>Exim4</application>."
18120
msgstr ""
18121
18122
#: serverguide/C/mail.xml:613(para)
18123
msgid ""
18124
"The first step is to install the sasl2-bin package. From a terminal prompt "
18125
"enter the following:"
18126
msgstr ""
18127
18128
#: serverguide/C/mail.xml:617(command)
18129
msgid "sudo apt-get install sasl2-bin"
18130
msgstr ""
18131
18132
#: serverguide/C/mail.xml:619(para)
18133
msgid ""
18134
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
18135
"and set START=no to:"
18136
msgstr ""
18137
18138
#: serverguide/C/mail.xml:622(programlisting)
18139
#, no-wrap
18140
msgid ""
18141
"\n"
18142
"START=yes\n"
18143
msgstr ""
18144
18145
#: serverguide/C/mail.xml:625(para)
18146
msgid ""
18147
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
18148
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
18149
"service:"
18150
msgstr ""
18151
18152
#: serverguide/C/mail.xml:630(command)
18153
msgid "sudo adduser Debian-exim sasl"
18154
msgstr ""
18155
18156
#: serverguide/C/mail.xml:632(para)
18157
msgid "Now start the <application>saslauthd</application> service:"
18158
msgstr ""
18159
18160
#: serverguide/C/mail.xml:636(command)
18161
msgid "sudo /etc/init.d/saslauthd start"
18162
msgstr ""
18163
18164
#: serverguide/C/mail.xml:638(para)
18165
msgid ""
18166
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
18167
"and SASL authentication."
18168
msgstr ""
18169
18170
#: serverguide/C/mail.xml:647(para)
18171
msgid ""
18172
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
18173
"information."
18174
msgstr ""
18175
18176
#: serverguide/C/mail.xml:652(para)
18177
msgid ""
18178
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
18179
"server\">Exim4 Book</ulink> available."
18180
msgstr ""
18181
18182
#: serverguide/C/mail.xml:657(para)
18183
msgid ""
18184
"Another resource is the <ulink "
18185
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
18186
"page."
18187
msgstr ""
18188
18189
#: serverguide/C/mail.xml:666(title)
18190
msgid "Dovecot Server"
18191
msgstr ""
18192
18193
#: serverguide/C/mail.xml:667(para)
18194
msgid ""
18195
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
18196
"security primarily in mind. It supports the major mailbox formats: mbox or "
18197
"Maildir. This section explain how to set it up as an imap or pop3 server."
18198
msgstr ""
18199
18200
#: serverguide/C/mail.xml:675(para)
18201
msgid ""
18202
"To install <application>dovecot</application>, run the following command in "
18203
"the command prompt:"
18204
msgstr ""
18205
18206
#: serverguide/C/mail.xml:680(command)
18207
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
18208
msgstr ""
18209
18210
#: serverguide/C/mail.xml:685(para)
18211
msgid ""
18212
"To configure <application>dovecot</application>, you can edit the file "
18213
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
18214
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
18215
"secure). A description of these protocols is beyond the scope of this guide. "
18216
"For further information, refer to the Wikipedia articles on <ulink "
18217
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
18218
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
18219
"link>."
18220
msgstr ""
18221
18222
#: serverguide/C/mail.xml:695(para)
18223
msgid ""
18224
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
18225
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
18226
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
18227
msgstr ""
18228
18229
#: serverguide/C/mail.xml:701(programlisting)
18230
#, no-wrap
18231
msgid ""
18232
"\n"
18233
"protocols = pop3 pop3s imap imaps\n"
18234
msgstr ""
18235
18236
#: serverguide/C/mail.xml:704(para)
18237
msgid ""
18238
"Next, choose the mailbox you would like to use. "
18239
"<application>Dovecot</application> supports <emphasis "
18240
"role=\"strong\">maildir</emphasis> and <emphasis "
18241
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
18242
"mailbox formats. They both have their own benefits and are discussed on "
18243
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
18244
"site</ulink>."
18245
msgstr ""
18246
18247
#: serverguide/C/mail.xml:712(para)
18248
msgid ""
18249
"Once you have chosen your mailbox type, edit the file "
18250
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18251
msgstr ""
18252
18253
#: serverguide/C/mail.xml:717(programlisting)
18254
#, no-wrap
18255
msgid ""
18256
"\n"
18257
"mail_location = maildir:~/Maildir # (for maildir)\n"
18258
"or\n"
18259
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
18260
msgstr ""
18261
18262
#: serverguide/C/mail.xml:723(para)
18263
msgid ""
18264
"You should configure your Mail Transport Agent (MTA) to transfer the "
18265
"incoming mail to this type of mailbox if it is different from the one you "
18266
"have configured."
18267
msgstr ""
18268
18269
#: serverguide/C/mail.xml:729(para)
18270
msgid ""
18271
"Once you have configured dovecot, restart the "
18272
"<application>dovecot</application> daemon in order to test your setup:"
18273
msgstr ""
18274
18275
#: serverguide/C/mail.xml:738(para)
18276
msgid ""
18277
"If you have enabled imap, or pop3, you can also try to log in with the "
18278
"commands <command>telnet localhost pop3</command> or <command>telnet "
18279
"localhost imap2</command>. If you see something like the following, the "
18280
"installation has been successful:"
18281
msgstr ""
18282
18283
#: serverguide/C/mail.xml:745(programlisting)
18284
#, no-wrap
18285
msgid ""
18286
"\n"
18287
"bhuvan@rainbow:~$ telnet localhost pop3\n"
18288
"Trying 127.0.0.1...\n"
18289
"Connected to localhost.localdomain.\n"
18290
"Escape character is '^]'.\n"
18291
"+OK Dovecot ready.\n"
18292
msgstr ""
18293
18294
#: serverguide/C/mail.xml:754(title)
18295
msgid "Dovecot SSL Configuration"
18296
msgstr ""
18297
18298
#: serverguide/C/mail.xml:755(para)
18299
msgid ""
18300
"To configure <application>dovecot</application> to use SSL, you can edit the "
18301
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18302
"lines:"
18303
msgstr ""
18304
18305
#: serverguide/C/mail.xml:760(programlisting)
18306
#, no-wrap
18307
msgid ""
18308
"\n"
18309
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18310
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
18311
"ssl_disable = no\n"
18312
"disable_plaintext_auth = no\n"
18313
msgstr ""
18314
18315
#: serverguide/C/mail.xml:766(para)
18316
msgid ""
18317
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18318
"can create self signed SSL certificate. The latter is a good option for "
18319
"email, because SMTP clients rarely complain about \"self-signed "
18320
"certificates\". Please refer to <xref linkend=\"certificates-and-"
18321
"security\"/> for details about how to create self signed SSL certificate. "
18322
"Once you create the certificate, you will have a key file and a certificate "
18323
"file. Please copy them to the location pointed in the "
18324
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18325
msgstr ""
18326
18327
#: serverguide/C/mail.xml:781(title)
18328
msgid "Firewall Configuration for an Email Server"
18329
msgstr ""
18330
18331
#: serverguide/C/mail.xml:787(para)
18332
msgid "IMAP - 143"
18333
msgstr ""
18334
18335
#: serverguide/C/mail.xml:788(para)
18336
msgid "IMAPS - 993"
18337
msgstr ""
18338
18339
#: serverguide/C/mail.xml:789(para)
18340
msgid "POP3 - 110"
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:790(para)
18344
msgid "POP3S - 995"
18345
msgstr ""
18346
18347
#: serverguide/C/mail.xml:782(para)
18348
msgid ""
18349
"To access your mail server from another computer, you must configure your "
18350
"firewall to allow connections to the server on the necessary ports. "
18351
"<placeholder-1/>"
18352
msgstr ""
18353
18354
#: serverguide/C/mail.xml:799(para)
18355
msgid ""
18356
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18357
"more information."
18358
msgstr ""
18359
18360
#: serverguide/C/mail.xml:804(para)
18361
msgid ""
18362
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18363
"Ubuntu Wiki</ulink> page has more details."
18364
msgstr ""
18365
18366
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
18367
msgid "Mailman"
18368
msgstr ""
18369
18370
#: serverguide/C/mail.xml:814(para)
18371
msgid ""
18372
"Mailman is an open source program for managing electronic mail discussions "
18373
"and e-newsletter lists. Many open source mailing lists (including all the "
18374
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
18375
"Mailman as their mailing list software. It is powerful and easy to install "
18376
"and maintain."
18377
msgstr ""
18378
18379
#: serverguide/C/mail.xml:824(para)
18380
msgid ""
18381
"Mailman provides a web interface for the administrators and users, using an "
18382
"external mail server to send and receive emails. It works perfectly with the "
18383
"following mail servers:"
18384
msgstr ""
18385
18386
#: serverguide/C/mail.xml:835(application)
18387
msgid "Exim"
18388
msgstr ""
18389
18390
#: serverguide/C/mail.xml:838(application)
18391
msgid "Sendmail"
18392
msgstr ""
18393
18394
#: serverguide/C/mail.xml:841(application)
18395
msgid "Qmail"
18396
msgstr ""
18397
18398
#: serverguide/C/mail.xml:846(para)
18399
msgid ""
18400
"We will see how to install and configure Mailman with, the Apache web "
18401
"server, and either the Postfix or Exim mail server. If you wish to install "
18402
"Mailman with a different mail server, please refer to the references section."
18403
msgstr ""
18404
18405
#: serverguide/C/mail.xml:853(para)
18406
msgid ""
18407
"You only need to install one mail server and "
18408
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18409
msgstr ""
18410
18411
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
18412
msgid "Apache2"
18413
msgstr ""
18414
18415
#: serverguide/C/mail.xml:859(para)
18416
msgid ""
18417
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18418
"installation\">HTTPD Installation</ulink> section for details."
18419
msgstr ""
18420
18421
#: serverguide/C/mail.xml:867(para)
18422
msgid ""
18423
"For instructions on installing and configuring Postfix refer to <xref "
18424
"linkend=\"postfix\"/>"
18425
msgstr ""
18426
18427
#: serverguide/C/mail.xml:873(para)
18428
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18429
msgstr ""
18430
18431
#: serverguide/C/mail.xml:884(application)
18432
msgid "dc_use_split_config='true'"
18433
msgstr ""
18434
18435
#: serverguide/C/mail.xml:876(para)
18436
msgid ""
18437
"Once exim4 is installed, the configuration files are stored in the "
18438
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18439
"configuration files are split across different files. You can change this "
18440
"behavior by changing the following variable in the "
18441
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18442
msgstr ""
18443
18444
#: serverguide/C/mail.xml:891(para)
18445
msgid ""
18446
"To install <application>Mailman</application>, run following command at a "
18447
"terminal prompt:"
18448
msgstr ""
18449
18450
#: serverguide/C/mail.xml:895(command)
18451
msgid "sudo apt-get install mailman"
18452
msgstr ""
18453
18454
#: serverguide/C/mail.xml:897(para)
18455
msgid ""
18456
"It copies the installation files in "
18457
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18458
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
18459
"creates <emphasis>list</emphasis> linux user. It creates the "
18460
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
18461
"this user."
18462
msgstr ""
18463
18464
#: serverguide/C/mail.xml:909(para)
18465
msgid ""
18466
"This section assumes you have successfully installed "
18467
"<application>mailman</application>, <application>apache2</application>, and "
18468
"<application>postfix</application> or <application>exim4</application>. Now "
18469
"you just need to configure them."
18470
msgstr ""
18471
18472
#: serverguide/C/mail.xml:918(para)
18473
msgid ""
18474
"An example Apache configuration file comes with "
18475
"<application>Mailman</application> and is placed in "
18476
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18477
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18478
"available</filename>:"
18479
msgstr ""
18480
18481
#: serverguide/C/mail.xml:924(command)
18482
msgid ""
18483
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18484
msgstr ""
18485
18486
#: serverguide/C/mail.xml:926(para)
18487
msgid ""
18488
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18489
"Mailman administration site. Now enable the new configuration and restart "
18490
"Apache:"
18491
msgstr ""
18492
18493
#: serverguide/C/mail.xml:931(command)
18494
msgid "sudo a2ensite mailman.conf"
18495
msgstr ""
18496
18497
#: serverguide/C/mail.xml:934(para)
18498
msgid ""
18499
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18500
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18501
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18502
"can make changes to the <filename>/etc/apache2/sites-"
18503
"available/mailman.conf</filename> file if you wish to change this behavior."
18504
msgstr ""
18505
18506
#: serverguide/C/mail.xml:945(para)
18507
msgid ""
18508
"For <application>Postfix</application> integration, we will associate the "
18509
"domain lists.example.com with the mailing lists. Please replace "
18510
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18511
msgstr ""
18512
18513
#: serverguide/C/mail.xml:949(para)
18514
msgid ""
18515
"You can use the postconf command to add the necessary configuration to "
18516
"<filename>/etc/postfix/main.cf</filename>:"
18517
msgstr ""
18518
18519
#: serverguide/C/mail.xml:953(command)
18520
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18521
msgstr ""
18522
18523
#: serverguide/C/mail.xml:954(command)
18524
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18525
msgstr ""
18526
18527
#: serverguide/C/mail.xml:955(command)
18528
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18529
msgstr ""
18530
18531
#: serverguide/C/mail.xml:957(para)
18532
msgid ""
18533
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18534
"the following transport:"
18535
msgstr ""
18536
18537
#: serverguide/C/mail.xml:960(programlisting)
18538
#, no-wrap
18539
msgid ""
18540
"\n"
18541
"mailman unix - n n - - pipe\n"
18542
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18543
" ${nexthop} ${user}\n"
18544
msgstr ""
18545
18546
#: serverguide/C/mail.xml:965(para)
18547
msgid ""
18548
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18549
"is delivered to a list."
18550
msgstr ""
18551
18552
#: serverguide/C/mail.xml:968(para)
18553
msgid ""
18554
"Associate the domain lists.example.com to the Mailman transport with the "
18555
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18556
msgstr ""
18557
18558
#: serverguide/C/mail.xml:971(programlisting)
18559
#, no-wrap
18560
msgid ""
18561
"\n"
18562
"lists.example.com mailman:\n"
18563
msgstr ""
18564
18565
#: serverguide/C/mail.xml:974(para)
18566
msgid ""
18567
"Now have <application>Postfix</application> build the transport map by "
18568
"entering the following from a terminal prompt:"
18569
msgstr ""
18570
18571
#: serverguide/C/mail.xml:978(command)
18572
msgid "sudo postmap -v /etc/postfix/transport"
18573
msgstr ""
18574
18575
#: serverguide/C/mail.xml:980(para)
18576
msgid "Then restart Postfix to enable the new configurations:"
18577
msgstr ""
18578
18579
#: serverguide/C/mail.xml:989(para)
18580
msgid ""
18581
"Once Exim4 is installed, you can start the Exim server using the following "
18582
"command from a terminal prompt:"
18583
msgstr ""
18584
18585
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18586
msgid "Main"
18587
msgstr ""
18588
18589
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18590
msgid "Transport"
18591
msgstr ""
18592
18593
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18594
msgid "Router"
18595
msgstr ""
18596
18597
#: serverguide/C/mail.xml:996(para)
18598
msgid ""
18599
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18600
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18601
"different types. For details, please refer to the <ulink "
18602
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18603
"add new a configuration file to the following configuration types: "
18604
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18605
"these mini configuration files. So, the order of these configuration files "
18606
"is very important."
18607
msgstr ""
18608
18609
#: serverguide/C/mail.xml:1027(programlisting)
18610
#, no-wrap
18611
msgid ""
18612
"\n"
18613
"# start\n"
18614
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18615
"# directory.\n"
18616
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18617
"# This is normally the same as ~mailman\n"
18618
"MM_HOME=/var/lib/mailman\n"
18619
"#\n"
18620
"# User and group for Mailman, should match your --with-mail-gid\n"
18621
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18622
"MM_UID=list\n"
18623
"MM_GID=list\n"
18624
"#\n"
18625
"# Domains that your lists are in - colon separated list\n"
18626
"# you may wish to add these into local_domains as well\n"
18627
"domainlist mm_domains=hostname.com\n"
18628
"#\n"
18629
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18630
"#\n"
18631
"# These values are derived from the ones above and should not need\n"
18632
"# editing unless you have munged your mailman installation\n"
18633
"#\n"
18634
"# The path of the Mailman mail wrapper script\n"
18635
"MM_WRAP=MM_HOME/mail/mailman\n"
18636
"#\n"
18637
"# The path of the list config file (used as a required file when\n"
18638
"# verifying list addresses)\n"
18639
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18640
"# end\n"
18641
msgstr ""
18642
18643
#: serverguide/C/mail.xml:1021(para)
18644
msgid ""
18645
"All the configuration files belonging to the main type are stored in the "
18646
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18647
"following content to a new file, named <filename>04_exim4-"
18648
"config_mailman</filename>: <placeholder-1/>"
18649
msgstr ""
18650
18651
#: serverguide/C/mail.xml:1067(programlisting)
18652
#, no-wrap
18653
msgid ""
18654
"\n"
18655
" mailman_transport:\n"
18656
" driver = pipe\n"
18657
" command = MM_WRAP \\\n"
18658
" '${if def:local_part_suffix \\\n"
18659
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18660
"\\\n"
18661
" {post}}' \\\n"
18662
" $local_part\n"
18663
" current_directory = MM_HOME\n"
18664
" home_directory = MM_HOME\n"
18665
" user = MM_UID\n"
18666
" group = MM_GID\n"
18667
msgstr ""
18668
18669
#: serverguide/C/mail.xml:1061(para)
18670
msgid ""
18671
"All the configuration files belonging to transport type are stored in the "
18672
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18673
"following content to a new file named <filename> 40_exim4-"
18674
"config_mailman</filename>: <placeholder-1/>"
18675
msgstr ""
18676
18677
#: serverguide/C/mail.xml:1088(programlisting)
18678
#, no-wrap
18679
msgid ""
18680
"\n"
18681
" mailman_router:\n"
18682
" driver = accept\n"
18683
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18684
" local_part_suffix_optional\n"
18685
" local_part_suffix = -bounces : -bounces+* : \\\n"
18686
" -confirm+* : -join : -leave : \\\n"
18687
" -owner : -request : -admin\n"
18688
" transport = mailman_transport\n"
18689
msgstr ""
18690
18691
#: serverguide/C/mail.xml:1084(para)
18692
msgid ""
18693
"All the configuration files belonging to router type are stored in the "
18694
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18695
"following content in to a new file named <filename>101_exim4-"
18696
"config_mailman</filename>: <placeholder-1/>"
18697
msgstr ""
18698
18699
#: serverguide/C/mail.xml:1101(para)
18700
msgid ""
18701
"The order of main and transport configuration files can be in any order. "
18702
"But, the order of router configuration files must be the same. This "
18703
"particular file must appear before the <application>200_exim4-"
18704
"config_primary</application> file. These two configuration files contain "
18705
"same type of information. The first file takes the precedence. For more "
18706
"details, please refer to the references section."
18707
msgstr ""
18708
18709
#: serverguide/C/mail.xml:1114(para)
18710
msgid ""
18711
"Once mailman is installed, you can run it using the following command:"
18712
msgstr ""
18713
18714
#: serverguide/C/mail.xml:1118(command)
18715
msgid "sudo /etc/init.d/mailman start"
18716
msgstr ""
18717
18718
#: serverguide/C/mail.xml:1120(para)
18719
msgid ""
18720
"Once mailman is installed, you should create the default mailing list. Run "
18721
"the following command to create the mailing list:"
18722
msgstr ""
18723
18724
#: serverguide/C/mail.xml:1126(command)
18725
msgid "sudo /usr/sbin/newlist mailman"
18726
msgstr ""
18727
18728
#: serverguide/C/mail.xml:1129(programlisting)
18729
#, no-wrap
18730
msgid ""
18731
"\n"
18732
" Enter the email address of the person running the list: bhuvan at "
18733
"ubuntu.com\n"
18734
" Initial mailman password:\n"
18735
" To finish creating your mailing list, you must edit your "
18736
"<filename>/etc/aliases</filename> (or\n"
18737
" equivalent) file by adding the following lines, and possibly running the\n"
18738
" `newaliases' program:\n"
18739
"\n"
18740
" ## mailman mailing list\n"
18741
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18742
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18743
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18744
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18745
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18746
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18747
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18748
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18749
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18750
"mailman\"\n"
18751
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18752
"mailman\"\n"
18753
"\n"
18754
" Hit enter to notify mailman owner...\n"
18755
"\n"
18756
" # \n"
18757
msgstr ""
18758
18759
#: serverguide/C/mail.xml:1152(para)
18760
msgid ""
18761
"We have configured either Postfix or Exim4 to recognize all emails from "
18762
"mailman. So, it is not mandatory to make any new entries in "
18763
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18764
"configuration files, please ensure that you restart those services before "
18765
"continuing to next section."
18766
msgstr ""
18767
18768
#: serverguide/C/mail.xml:1160(para)
18769
msgid ""
18770
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18771
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18772
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18773
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18774
msgstr ""
18775
18776
#: serverguide/C/mail.xml:1171(title)
18777
msgid "Administration"
18778
msgstr ""
18779
18780
#: serverguide/C/mail.xml:1172(para)
18781
msgid ""
18782
"We assume you have a default installation. The mailman cgi scripts are still "
18783
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18784
"Mailman provides a web based administration facility. To access this page, "
18785
"point your browser to the following url:"
18786
msgstr ""
18787
18788
#: serverguide/C/mail.xml:1180(para)
18789
msgid "http://hostname/cgi-bin/mailman/admin"
18790
msgstr ""
18791
18792
#: serverguide/C/mail.xml:1184(para)
18793
msgid ""
18794
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18795
"screen. If you click the mailing list name, it will ask for your "
18796
"authentication password. If you enter the correct password, you will be able "
18797
"to change administrative settings of this mailing list. You can create a new "
18798
"mailing list using the command line utility "
18799
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18800
"mailing list using the web interface."
18801
msgstr ""
18802
18803
#: serverguide/C/mail.xml:1197(title)
18804
msgid "Users"
18805
msgstr ""
18806
18807
#: serverguide/C/mail.xml:1198(para)
18808
msgid ""
18809
"Mailman provides a web based interface for users. To access this page, point "
18810
"your browser to the following url:"
18811
msgstr ""
18812
18813
#: serverguide/C/mail.xml:1203(para)
18814
msgid "http://hostname/cgi-bin/mailman/listinfo"
18815
msgstr ""
18816
18817
#: serverguide/C/mail.xml:1207(para)
18818
msgid ""
18819
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18820
"screen. If you click the mailing list name, it will display the subscription "
18821
"form. You can enter your email address, name (optional), and password to "
18822
"subscribe. An email invitation will be sent to you. You can follow the "
18823
"instructions in the email to subscribe."
18824
msgstr ""
18825
18826
#: serverguide/C/mail.xml:1219(ulink)
18827
msgid "GNU Mailman - Installation Manual"
18828
msgstr ""
18829
18830
#: serverguide/C/mail.xml:1223(ulink)
18831
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18832
msgstr ""
18833
18834
#: serverguide/C/mail.xml:1226(para)
18835
msgid ""
18836
"Also, see the <ulink "
18837
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18838
"Wiki</ulink> page."
18839
msgstr ""
18840
18841
#: serverguide/C/mail.xml:1232(title)
18842
msgid "Mail Filtering"
18843
msgstr ""
18844
18845
#: serverguide/C/mail.xml:1233(para)
18846
msgid ""
18847
"One of the largest issues with email today is the problem of Unsolicited "
18848
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18849
"and other forms of malware. According to some reports these messages make up "
18850
"the bulk of all email traffic on the Internet."
18851
msgstr ""
18852
18853
#: serverguide/C/mail.xml:1238(para)
18854
msgid ""
18855
"This section will cover integrating <application>Amavisd-new</application>, "
18856
"<application>Spamassassin</application>, and "
18857
"<application>ClamAV</application> with the "
18858
"<application>Postfix</application> Mail Transport Agent (MTA). "
18859
"<application>Postfix</application> can also check email validity by passing "
18860
"it through external content filters. These filters can sometimes determine "
18861
"if a message is spam without needing to process it with more resource "
18862
"intensive applications. Two common filters are "
18863
"<application>opendkim</application> and <application>python-policyd-"
18864
"spf</application>."
18865
msgstr ""
18866
18867
#: serverguide/C/mail.xml:1248(para)
18868
msgid ""
18869
"<application>Amavisd-new</application> is a wrapper program that can call "
18870
"any number of content filtering programs for spam detection, antivirus, etc."
18871
msgstr ""
18872
18873
#: serverguide/C/mail.xml:1254(para)
18874
msgid ""
18875
"<application>Spamassassin</application> uses a variety of mechanisms to "
18876
"filter email based on the message content."
18877
msgstr ""
18878
18879
#: serverguide/C/mail.xml:1259(para)
18880
msgid ""
18881
"<application>ClamAV</application> is an open source antivirus application."
18882
msgstr ""
18883
18884
#: serverguide/C/mail.xml:1264(para)
18885
msgid ""
18886
"<application>opendkim</application> implements a Sendmail Mail Filter "
18887
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18888
msgstr ""
18889
18890
#: serverguide/C/mail.xml:1270(para)
18891
msgid ""
18892
"<application>python-policyd-spf</application> enables Sender Policy "
18893
"Framework (SPF) checking with <application>Postfix</application>."
18894
msgstr ""
18895
18896
#: serverguide/C/mail.xml:1275(para)
18897
msgid "This is how the pieces fit together:"
18898
msgstr ""
18899
18900
#: serverguide/C/mail.xml:1280(para)
18901
msgid "An email message is accepted by <application>Postfix</application>."
18902
msgstr ""
18903
18904
#: serverguide/C/mail.xml:1285(para)
18905
msgid ""
18906
"The message is passed through any external filters "
18907
"<application>opendkim</application> and <application>python-policyd-"
18908
"spf</application> in this case."
18909
msgstr ""
18910
18911
#: serverguide/C/mail.xml:1291(para)
18912
msgid "<application>Amavisd-new</application> then processes the message."
18913
msgstr ""
18914
18915
#: serverguide/C/mail.xml:1296(para)
18916
msgid ""
18917
"<application>ClamAV</application> is used to scan the message. If the "
18918
"message contains a virus <application>Postfix</application> will reject the "
18919
"message."
18920
msgstr ""
18921
18922
#: serverguide/C/mail.xml:1302(para)
18923
msgid ""
18924
"Clean messages will then be analyzed by "
18925
"<application>Spamassassin</application> to find out if the message is spam. "
18926
"<application>Spamassassin</application> will then add X-Header lines "
18927
"allowing <application>Amavisd-new</application> to further manipulate the "
18928
"message."
18929
msgstr ""
18930
18931
#: serverguide/C/mail.xml:1309(para)
18932
msgid ""
18933
"For example, if a message has a Spam score of over fifty the message could "
18934
"be automatically dropped from the queue without the recipient ever having to "
18935
"be bothered. Another, way to handle flagged messages is to deliver them to "
18936
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18937
"see fit."
18938
msgstr ""
18939
18940
#: serverguide/C/mail.xml:1316(para)
18941
msgid ""
18942
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18943
"configuring Postfix."
18944
msgstr ""
18945
18946
#: serverguide/C/mail.xml:1319(para)
18947
msgid ""
18948
"To install the rest of the applications enter the following from a terminal "
18949
"prompt:"
18950
msgstr ""
18951
18952
#: serverguide/C/mail.xml:1323(command)
18953
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18954
msgstr ""
18955
18956
#: serverguide/C/mail.xml:1324(command)
18957
msgid "sudo apt-get install opendkim python-policyd-spf"
18958
msgstr ""
18959
18960
#: serverguide/C/mail.xml:1326(para)
18961
msgid ""
18962
"There are some optional packages that integrate with "
18963
"<application>Spamassassin</application> for better spam detection:"
18964
msgstr ""
18965
18966
#: serverguide/C/mail.xml:1330(command)
18967
msgid "sudo apt-get install pyzor razor"
18968
msgstr ""
18969
18970
#: serverguide/C/mail.xml:1332(para)
18971
msgid ""
18972
"Along with the main filtering applications compression utilities are needed "
18973
"to process some email attachments:"
18974
msgstr ""
18975
18976
#: serverguide/C/mail.xml:1336(command)
18977
msgid ""
18978
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18979
msgstr ""
18980
18981
#: serverguide/C/mail.xml:1339(para)
18982
msgid ""
18983
"If some packages are not found, check that the "
18984
"<emphasis>multiverse</emphasis> repository is enabled in "
18985
"<filename>/etc/apt/sources.list</filename>"
18986
msgstr ""
18987
18988
#: serverguide/C/mail.xml:1340(para)
18989
msgid ""
18990
"If you make changes to the file, be sure to run <command>sudo apt-get "
18991
"update</command> before trying to install again."
18992
msgstr ""
18993
18994
#: serverguide/C/mail.xml:1345(para)
18995
msgid "Now configure everything to work together and filter email."
18996
msgstr ""
18997
18998
#: serverguide/C/mail.xml:1349(title)
18999
msgid "ClamAV"
19000
msgstr ""
19001
19002
#: serverguide/C/mail.xml:1350(para)
19003
msgid ""
19004
"The default behaviour of <application>ClamAV</application> will fit our "
19005
"needs. For more ClamAV configuration options, check the configuration files "
19006
"in <filename>/etc/clamav</filename>."
19007
msgstr ""
19008
19009
#: serverguide/C/mail.xml:1355(para)
19010
msgid ""
19011
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
19012
"group in order for <application>Amavisd-new</application> to have the "
19013
"appropriate access to scan files:"
19014
msgstr ""
19015
19016
#: serverguide/C/mail.xml:1360(command)
19017
msgid "sudo adduser clamav amavis"
19018
msgstr ""
19019
19020
#: serverguide/C/mail.xml:1364(title)
19021
msgid "Spamassassin"
19022
msgstr ""
19023
19024
#: serverguide/C/mail.xml:1365(para)
19025
msgid ""
19026
"Spamassassin automatically detects optional components and will use them if "
19027
"they are present. This means that there is no need to configure "
19028
"<application>pyzor</application> and <application>razor</application>."
19029
msgstr ""
19030
19031
#: serverguide/C/mail.xml:1369(para)
19032
msgid ""
19033
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
19034
"<application>Spamassassin</application> daemon. Change "
19035
"<emphasis>ENABLED=0</emphasis> to:"
19036
msgstr ""
19037
19038
#: serverguide/C/mail.xml:1373(programlisting)
19039
#, no-wrap
19040
msgid ""
19041
"\n"
19042
"ENABLED=1\n"
19043
msgstr ""
19044
19045
#: serverguide/C/mail.xml:1376(para)
19046
msgid "Now start the daemon:"
19047
msgstr ""
19048
19049
#: serverguide/C/mail.xml:1380(command)
19050
msgid "sudo /etc/init.d/spamassassin start"
19051
msgstr ""
19052
19053
#: serverguide/C/mail.xml:1384(title)
19054
msgid "Amavisd-new"
19055
msgstr ""
19056
19057
#: serverguide/C/mail.xml:1385(para)
19058
msgid ""
19059
"First activate spam and antivirus detection in <application>Amavisd-"
19060
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
19061
"content_filter_mode</filename>:"
19062
msgstr ""
19063
19064
#: serverguide/C/mail.xml:1389(programlisting)
19065
#, no-wrap
19066
msgid ""
19067
"\n"
19068
"use strict;\n"
19069
"\n"
19070
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
19071
"# and to re-enable antivirus checking.\n"
19072
"\n"
19073
"#\n"
19074
"# Default antivirus checking mode\n"
19075
"# Uncomment the two lines below to enable it\n"
19076
"#\n"
19077
"\n"
19078
"@bypass_virus_checks_maps = (\n"
19079
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
19080
"$bypass_virus_checks_re);\n"
19081
"\n"
19082
"\n"
19083
"#\n"
19084
"# Default SPAM checking mode\n"
19085
"# Uncomment the two lines below to enable it\n"
19086
"#\n"
19087
"\n"
19088
"@bypass_spam_checks_maps = (\n"
19089
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
19090
"$bypass_spam_checks_re);\n"
19091
"\n"
19092
"1; # insure a defined return\n"
19093
msgstr ""
19094
19095
#: serverguide/C/mail.xml:1414(para)
19096
msgid ""
19097
"Bouncing spam can be a bad idea as the return address is often faked. "
19098
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
19099
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
19100
"D_BOUNCE, as follows:"
19101
msgstr ""
19102
19103
#: serverguide/C/mail.xml:1420(programlisting)
19104
#, no-wrap
19105
msgid ""
19106
"\n"
19107
"$final_spam_destiny = D_DISCARD;\n"
19108
msgstr ""
19109
19110
#: serverguide/C/mail.xml:1424(para)
19111
msgid ""
19112
"Additionally, you may want to adjust the following options to flag more "
19113
"messages as spam:"
19114
msgstr ""
19115
19116
#: serverguide/C/mail.xml:1428(programlisting)
19117
#, no-wrap
19118
msgid ""
19119
"\n"
19120
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
19121
"level\n"
19122
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
19123
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
19124
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
19125
msgstr ""
19126
19127
#: serverguide/C/mail.xml:1435(para)
19128
msgid ""
19129
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
19130
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
19131
"option. Also, if the server receives mail for multiple domains the "
19132
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
19133
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
19134
msgstr ""
19135
19136
#: serverguide/C/mail.xml:1442(programlisting)
19137
#, no-wrap
19138
msgid ""
19139
"\n"
19140
"$myhostname = 'mail.example.com';\n"
19141
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
19142
msgstr ""
19143
19144
#: serverguide/C/mail.xml:1447(para)
19145
msgid ""
19146
"After configuration <application>Amavisd-new</application> needs to be "
19147
"restarted:"
19148
msgstr ""
19149
19150
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
19151
msgid "sudo /etc/init.d/amavis restart"
19152
msgstr ""
19153
19154
#: serverguide/C/mail.xml:1454(title)
19155
msgid "DKIM Whitelist"
19156
msgstr ""
19157
19158
#: serverguide/C/mail.xml:1456(para)
19159
msgid ""
19160
"<application>Amavisd-new</application> can be configured to automatically "
19161
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
19162
"Keys. There are some pre-configured domains in the "
19163
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
19164
msgstr ""
19165
19166
#: serverguide/C/mail.xml:1462(para)
19167
msgid "There are multiple ways to configure the Whitelist for a domain:"
19168
msgstr ""
19169
19170
#: serverguide/C/mail.xml:1468(para)
19171
msgid ""
19172
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19173
"address from the \"example.com\" domain."
19174
msgstr ""
19175
19176
#: serverguide/C/mail.xml:1473(para)
19177
msgid ""
19178
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19179
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
19180
"have a valid signature."
19181
msgstr ""
19182
19183
#: serverguide/C/mail.xml:1479(para)
19184
msgid ""
19185
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
19186
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
19187
"role=\"italic\">example.com</emphasis> the parent domain."
19188
msgstr ""
19189
19190
#: serverguide/C/mail.xml:1485(para)
19191
msgid ""
19192
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
19193
"that have a valid signature from \"example.com\". This is usually used for "
19194
"discussion groups that sign their messages."
19195
msgstr ""
19196
19197
#: serverguide/C/mail.xml:1492(para)
19198
msgid ""
19199
"A domain can also have multiple Whitelist configurations. After, editing the "
19200
"file restart <application>amaisd-new</application>:"
19201
msgstr ""
19202
19203
#: serverguide/C/mail.xml:1501(para)
19204
msgid ""
19205
"In this context, once a domain has been added to the Whitelist the message "
19206
"will not receive any anti-virus or spam filtering. This may or may not be "
19207
"the intended behavior you wish for a domain."
19208
msgstr ""
19209
19210
#: serverguide/C/mail.xml:1511(para)
19211
msgid ""
19212
"For <application>Postfix</application> integration, enter the following from "
19213
"a terminal prompt:"
19214
msgstr ""
19215
19216
#: serverguide/C/mail.xml:1515(command)
19217
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19218
msgstr ""
19219
19220
#: serverguide/C/mail.xml:1517(para)
19221
msgid ""
19222
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
19223
"to the end of the file:"
19224
msgstr ""
19225
19226
#: serverguide/C/mail.xml:1520(programlisting)
19227
#, no-wrap
19228
msgid ""
19229
"\n"
19230
"smtp-amavis unix - - - - 2 smtp\n"
19231
" -o smtp_data_done_timeout=1200\n"
19232
" -o smtp_send_xforward_command=yes\n"
19233
" -o disable_dns_lookups=yes\n"
19234
" -o max_use=20\n"
19235
"\n"
19236
"127.0.0.1:10025 inet n - - - - smtpd\n"
19237
" -o content_filter=\n"
19238
" -o local_recipient_maps=\n"
19239
" -o relay_recipient_maps=\n"
19240
" -o smtpd_restriction_classes=\n"
19241
" -o smtpd_delay_reject=no\n"
19242
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19243
" -o smtpd_helo_restrictions=\n"
19244
" -o smtpd_sender_restrictions=\n"
19245
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19246
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19247
" -o smtpd_end_of_data_restrictions=\n"
19248
" -o mynetworks=127.0.0.0/8\n"
19249
" -o smtpd_error_sleep_time=0\n"
19250
" -o smtpd_soft_error_limit=1001\n"
19251
" -o smtpd_hard_error_limit=1000\n"
19252
" -o smtpd_client_connection_count_limit=0\n"
19253
" -o smtpd_client_connection_rate_limit=0\n"
19254
" -o "
19255
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19256
msgstr ""
19257
19258
#: serverguide/C/mail.xml:1547(para)
19259
msgid ""
19260
"Also add the following two lines immediately below the "
19261
"<emphasis>\"pickup\"</emphasis> transport service:"
19262
msgstr ""
19263
19264
#: serverguide/C/mail.xml:1550(programlisting)
19265
#, no-wrap
19266
msgid ""
19267
"\n"
19268
" -o content_filter=\n"
19269
" -o receive_override_options=no_header_body_checks\n"
19270
msgstr ""
19271
19272
#: serverguide/C/mail.xml:1554(para)
19273
msgid ""
19274
"This will prevent messages that are generated to report on spam from being "
19275
"classified as spam."
19276
msgstr ""
19277
19278
#: serverguide/C/mail.xml:1557(para)
19279
msgid "Now restart <application>Postfix</application>:"
19280
msgstr ""
19281
19282
#: serverguide/C/mail.xml:1563(para)
19283
msgid "Content filtering with spam and virus detection is now enabled."
19284
msgstr ""
19285
19286
#: serverguide/C/mail.xml:1569(title)
19287
msgid "Amavisd-new and Spamassassin"
19288
msgstr ""
19289
19290
#: serverguide/C/mail.xml:1571(para)
19291
msgid ""
19292
"When integrating <application>Amavisd-new</application> with "
19293
"<application>Spamassassin</application>, if you choose to disable the bayes "
19294
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
19295
"<application>cron</application> to update the nightly rules, the result can "
19296
"cause a situation where a large amount of error messages are sent to the "
19297
"<emphasis>amavis</emphasis> user via the amavisd-new "
19298
"<application>cron</application> job."
19299
msgstr ""
19300
19301
#: serverguide/C/mail.xml:1578(para)
19302
msgid "There are several ways to handle this situation:"
19303
msgstr ""
19304
19305
#: serverguide/C/mail.xml:1584(para)
19306
msgid "Configure your MDA to filter messages you do not wish to see."
19307
msgstr ""
19308
19309
#: serverguide/C/mail.xml:1589(para)
19310
msgid ""
19311
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
19312
"<emphasis>use_bayes 0</emphasis>. For example, edit "
19313
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
19314
"the top before the <emphasis>test</emphasis> statements:"
19315
msgstr ""
19316
19317
#: serverguide/C/mail.xml:1593(programlisting)
19318
#, no-wrap
19319
msgid ""
19320
"\n"
19321
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
19322
"exit 0\n"
19323
msgstr ""
19324
19325
#: serverguide/C/mail.xml:1603(para)
19326
msgid ""
19327
"First, test that the <application>Amavisd-new</application> SMTP is "
19328
"listening:"
19329
msgstr ""
19330
19331
#: serverguide/C/mail.xml:1606(programlisting)
19332
#, no-wrap
19333
msgid ""
19334
"\n"
19335
"telnet localhost 10024\n"
19336
"Trying 127.0.0.1...\n"
19337
"Connected to localhost.\n"
19338
"Escape character is '^]'.\n"
19339
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19340
"^]\n"
19341
msgstr ""
19342
19343
#: serverguide/C/mail.xml:1614(para)
19344
msgid ""
19345
"In the Header of messages that go through the content filter you should see:"
19346
msgstr ""
19347
19348
#: serverguide/C/mail.xml:1617(programlisting)
19349
#, no-wrap
19350
msgid ""
19351
"\n"
19352
"X-Spam-Level: \n"
19353
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19354
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19355
"BAYES_00\n"
19356
"X-Spam-Level: \n"
19357
msgstr ""
19358
19359
#: serverguide/C/mail.xml:1624(para)
19360
msgid ""
19361
"Your output will vary, but the important thing is that there are <emphasis>X-"
19362
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19363
msgstr ""
19364
19365
#: serverguide/C/mail.xml:1632(para)
19366
msgid ""
19367
"The best way to figure out why something is going wrong is to check the log "
19368
"files."
19369
msgstr ""
19370
19371
#: serverguide/C/mail.xml:1637(para)
19372
msgid ""
19373
"For instructions on <application>Postfix</application> logging see the <xref "
19374
"linkend=\"postfix-troubleshooting\"/> section."
19375
msgstr ""
19376
19377
#: serverguide/C/mail.xml:1643(para)
19378
msgid ""
19379
"<application>Amavisd-new</application> uses "
19380
"<application>Syslog</application> to send messages to "
19381
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
19382
"increased by adding the <emphasis>$log_level</emphasis> option to "
19383
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
19384
"1 to 5."
19385
msgstr ""
19386
19387
#: serverguide/C/mail.xml:1648(programlisting)
19388
#, no-wrap
19389
msgid ""
19390
"\n"
19391
"$log_level = 2;\n"
19392
msgstr ""
19393
19394
#: serverguide/C/mail.xml:1652(para)
19395
msgid ""
19396
"When the <application>Amavisd-new</application> log output is increased "
19397
"<application>Spamassassin</application> log output is also increased."
19398
msgstr ""
19399
19400
#: serverguide/C/mail.xml:1659(para)
19401
msgid ""
19402
"The <application>ClamAV</application> log level can be increased by editing "
19403
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19404
msgstr ""
19405
19406
#: serverguide/C/mail.xml:1663(programlisting)
19407
#, no-wrap
19408
msgid ""
19409
"\n"
19410
"LogVerbose true\n"
19411
msgstr ""
19412
19413
#: serverguide/C/mail.xml:1666(para)
19414
msgid ""
19415
"By default <application>ClamAV</application> will send log messages to "
19416
"<filename>/var/log/clamav/clamav.log</filename>."
19417
msgstr ""
19418
19419
#: serverguide/C/mail.xml:1672(para)
19420
msgid ""
19421
"After changing an applications log settings remember to restart the service "
19422
"for the new settings to take affect. Also, once the issue you are "
19423
"troubleshooting is resolved it is a good idea to change the log settings "
19424
"back to normal."
19425
msgstr ""
19426
19427
#: serverguide/C/mail.xml:1680(para)
19428
msgid "For more information on filtering mail see the following links:"
19429
msgstr ""
19430
19431
#: serverguide/C/mail.xml:1686(ulink)
19432
msgid "Amavisd-new Documentation"
19433
msgstr ""
19434
19435
#: serverguide/C/mail.xml:1690(para)
19436
msgid ""
19437
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
19438
"Documentation</ulink> and <ulink "
19439
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19440
msgstr ""
19441
19442
#: serverguide/C/mail.xml:1697(ulink)
19443
msgid "Spamassassin Wiki"
19444
msgstr ""
19445
19446
#: serverguide/C/mail.xml:1702(ulink)
19447
msgid "Pyzor Homepage"
19448
msgstr ""
19449
19450
#: serverguide/C/mail.xml:1707(ulink)
19451
msgid "Razor Homepage"
19452
msgstr ""
19453
19454
#: serverguide/C/mail.xml:1712(ulink)
19455
msgid "DKIM.org"
19456
msgstr ""
19457
19458
#: serverguide/C/mail.xml:1717(ulink)
19459
msgid "Postfix Amavis New"
19460
msgstr ""
19461
19462
#: serverguide/C/mail.xml:1721(para)
19463
msgid ""
19464
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19465
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19466
msgstr ""
19467
19468
#: serverguide/C/lamp-applications.xml:13(title)
19469
msgid "LAMP Applications"
19470
msgstr ""
19471
19472
#: serverguide/C/lamp-applications.xml:19(para)
19473
msgid ""
19474
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19475
"Ubuntu servers. There is a plethora of Open Source applications written "
19476
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19477
"Content Management Systems, and Management Software such as phpMyAdmin."
19478
msgstr ""
19479
19480
#: serverguide/C/lamp-applications.xml:26(para)
19481
msgid ""
19482
"One advantage of LAMP is the substantial flexibility for different database, "
19483
"web server, and scripting languages. Popular substitutes for MySQL include "
19484
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19485
"instead of PHP."
19486
msgstr ""
19487
19488
#: serverguide/C/lamp-applications.xml:32(para)
19489
msgid ""
19490
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19491
"is:"
19492
msgstr ""
19493
19494
#: serverguide/C/lamp-applications.xml:38(para)
19495
msgid "Download an archive containing the application source files."
19496
msgstr ""
19497
19498
#: serverguide/C/lamp-applications.xml:43(para)
19499
msgid ""
19500
"Unpack the archive, usually in a directory accessible to a web server."
19501
msgstr ""
19502
19503
#: serverguide/C/lamp-applications.xml:48(para)
19504
msgid ""
19505
"Depending on where the source was extracted, configure a web server to serve "
19506
"the files."
19507
msgstr ""
19508
19509
#: serverguide/C/lamp-applications.xml:53(para)
19510
msgid "Configure the application to connect to the database."
19511
msgstr ""
19512
19513
#: serverguide/C/lamp-applications.xml:58(para)
19514
msgid ""
19515
"Run a script, or browse to a page of the application, to install the "
19516
"database needed by the application."
19517
msgstr ""
19518
19519
#: serverguide/C/lamp-applications.xml:63(para)
19520
msgid ""
19521
"Once the steps above, or similar steps, are completed you are ready to begin "
19522
"using the application."
19523
msgstr ""
19524
19525
#: serverguide/C/lamp-applications.xml:69(para)
19526
msgid ""
19527
"A disadvantage of using this approach is that the application files are not "
19528
"placed in the file system in a standard way, which can cause confusion as to "
19529
"where the application is installed. Another larger disadvantage is updating "
19530
"the application. When a new version is released, the same process used to "
19531
"install the application is needed to apply updates."
19532
msgstr ""
19533
19534
#: serverguide/C/lamp-applications.xml:76(para)
19535
msgid ""
19536
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19537
"packaged for Ubuntu, and are available for installation in the same way as "
19538
"non-LAMP applications. Depending on the application some extra configuration "
19539
"and setup steps may be needed, however."
19540
msgstr ""
19541
19542
#: serverguide/C/lamp-applications.xml:82(para)
19543
msgid ""
19544
"This section covers howto install and configure the Wiki applications "
19545
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19546
"and the MySQL management application <application>phpMyAdmin</application>."
19547
msgstr ""
19548
19549
#: serverguide/C/lamp-applications.xml:88(para)
19550
msgid ""
19551
"A Wiki is a website that allows the visitors to easily add, remove and "
19552
"modify available content easily. The ease of interaction and operation makes "
19553
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19554
"also referred to the collaborative software."
19555
msgstr ""
19556
19557
#: serverguide/C/lamp-applications.xml:100(title)
19558
msgid "Moin Moin"
19559
msgstr ""
19560
19561
#: serverguide/C/lamp-applications.xml:102(para)
19562
msgid ""
19563
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19564
"engine, and licensed under the GNU GPL."
19565
msgstr ""
19566
19567
#: serverguide/C/lamp-applications.xml:110(para)
19568
msgid ""
19569
"To install <application>MoinMoin</application>, run the following command in "
19570
"the command prompt:"
19571
msgstr ""
19572
19573
#: serverguide/C/lamp-applications.xml:116(command)
19574
msgid "sudo apt-get install python-moinmoin"
19575
msgstr ""
19576
19577
#: serverguide/C/lamp-applications.xml:119(para)
19578
msgid ""
19579
"You should also install <application>apache2</application> web server. For "
19580
"installing <application>apache2</application> web server, please refer to "
19581
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19582
"linkend=\"httpd\"/> section."
19583
msgstr ""
19584
19585
#: serverguide/C/lamp-applications.xml:130(para)
19586
msgid ""
19587
"For configuring your first Wiki application, please run the following set of "
19588
"commands. Let us assume that you are creating a Wiki named "
19589
"<emphasis>mywiki</emphasis>:"
19590
msgstr ""
19591
19592
#: serverguide/C/lamp-applications.xml:137(command)
19593
msgid "cd /usr/share/moin"
19594
msgstr ""
19595
19596
#: serverguide/C/lamp-applications.xml:138(command)
19597
msgid "sudo mkdir mywiki"
19598
msgstr ""
19599
19600
#: serverguide/C/lamp-applications.xml:139(command)
19601
msgid "sudo cp -R data mywiki"
19602
msgstr ""
19603
19604
#: serverguide/C/lamp-applications.xml:140(command)
19605
msgid "sudo cp -R underlay mywiki"
19606
msgstr ""
19607
19608
#: serverguide/C/lamp-applications.xml:141(command)
19609
msgid "sudo cp server/moin.cgi mywiki"
19610
msgstr ""
19611
19612
#: serverguide/C/lamp-applications.xml:142(command)
19613
msgid "sudo chown -R www-data.www-data mywiki"
19614
msgstr ""
19615
19616
#: serverguide/C/lamp-applications.xml:143(command)
19617
msgid "sudo chmod -R ug+rwX mywiki"
19618
msgstr ""
19619
19620
#: serverguide/C/lamp-applications.xml:144(command)
19621
msgid "sudo chmod -R o-rwx mywiki"
19622
msgstr ""
19623
19624
#: serverguide/C/lamp-applications.xml:147(para)
19625
msgid ""
19626
"Now you should configure <application>MoinMoin</application> to find your "
19627
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19628
"<application>MoinMoin</application>, open "
19629
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19630
msgstr ""
19631
19632
#: serverguide/C/lamp-applications.xml:155(programlisting)
19633
#, no-wrap
19634
msgid "data_dir = '/org/mywiki/data'"
19635
msgstr ""
19636
19637
#: serverguide/C/lamp-applications.xml:157(para)
19638
msgid "to"
19639
msgstr ""
19640
19641
#: serverguide/C/lamp-applications.xml:161(programlisting)
19642
#, no-wrap
19643
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19644
msgstr ""
19645
19646
#: serverguide/C/lamp-applications.xml:163(para)
19647
msgid ""
19648
"Also, below the <emphasis>data_dir</emphasis> option add the "
19649
"<emphasis>data_underlay_dir</emphasis>:"
19650
msgstr ""
19651
19652
#: serverguide/C/lamp-applications.xml:167(programlisting)
19653
#, no-wrap
19654
msgid ""
19655
"\n"
19656
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19657
msgstr ""
19658
19659
#: serverguide/C/lamp-applications.xml:172(para)
19660
msgid ""
19661
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19662
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19663
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19664
"change."
19665
msgstr ""
19666
19667
#: serverguide/C/lamp-applications.xml:181(para)
19668
msgid ""
19669
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19670
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19671
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19672
"<quote>(\"mywiki\", r\".*\")</quote>."
19673
msgstr ""
19674
19675
#: serverguide/C/lamp-applications.xml:189(para)
19676
msgid ""
19677
"Once you have configured <application>MoinMoin</application> to find your "
19678
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19679
"<application>apache2</application> and make it ready for your Wiki "
19680
"application."
19681
msgstr ""
19682
19683
#: serverguide/C/lamp-applications.xml:196(para)
19684
msgid ""
19685
"You should add the following lines in <filename>/etc/apache2/sites-"
19686
"available/default</filename> file inside the <quote><VirtualHost "
19687
"*></quote> tag:"
19688
msgstr ""
19689
19690
#: serverguide/C/lamp-applications.xml:202(programlisting)
19691
#, no-wrap
19692
msgid ""
19693
"\n"
19694
"### moin\n"
19695
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19696
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19697
" <Directory /usr/share/moin/htdocs>\n"
19698
" Order allow,deny\n"
19699
" allow from all\n"
19700
" </Directory>\n"
19701
"### end moin\n"
19702
msgstr ""
19703
19704
#: serverguide/C/lamp-applications.xml:214(para)
19705
msgid ""
19706
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19707
"<emphasis>alias</emphasis> line above, to the "
19708
"<application>moinmoin</application> version installed."
19709
msgstr ""
19710
19711
#: serverguide/C/lamp-applications.xml:220(para)
19712
msgid ""
19713
"Once you configure the <application>apache2</application> web server and "
19714
"make it ready for your Wiki application, you should restart it. You can run "
19715
"the following command to restart the <application>apache2</application> web "
19716
"server:"
19717
msgstr ""
19718
19719
#: serverguide/C/lamp-applications.xml:233(title)
19720
msgid "Verification"
19721
msgstr ""
19722
19723
#: serverguide/C/lamp-applications.xml:235(para)
19724
msgid ""
19725
"You can verify the Wiki application and see if it works by pointing your web "
19726
"browser to the following URL:"
19727
msgstr ""
19728
19729
#: serverguide/C/lamp-applications.xml:239(programlisting)
19730
#, no-wrap
19731
msgid ""
19732
"\n"
19733
"http://localhost/mywiki\n"
19734
msgstr ""
19735
19736
#: serverguide/C/lamp-applications.xml:243(para)
19737
msgid ""
19738
"You can also run the test command by pointing your web browser to the "
19739
"following URL:"
19740
msgstr ""
19741
19742
#: serverguide/C/lamp-applications.xml:248(programlisting)
19743
#, no-wrap
19744
msgid ""
19745
"\n"
19746
"http://localhost/mywiki?action=test\n"
19747
msgstr ""
19748
19749
#: serverguide/C/lamp-applications.xml:252(para)
19750
msgid ""
19751
"For more details, please refer to the <ulink "
19752
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19753
msgstr ""
19754
19755
#: serverguide/C/lamp-applications.xml:263(para)
19756
msgid ""
19757
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19758
"Wiki</ulink>."
19759
msgstr ""
19760
19761
#: serverguide/C/lamp-applications.xml:268(para)
19762
msgid ""
19763
"Also, see the <ulink "
19764
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19765
"MoinMoin</ulink> page."
19766
msgstr ""
19767
19768
#: serverguide/C/lamp-applications.xml:277(title)
19769
msgid "MediaWiki"
19770
msgstr ""
19771
19772
#: serverguide/C/lamp-applications.xml:279(para)
19773
msgid ""
19774
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19775
"either use <application>MySQL</application> or "
19776
"<application>PostgreSQL</application> Database Management System."
19777
msgstr ""
19778
19779
#: serverguide/C/lamp-applications.xml:289(para)
19780
msgid ""
19781
"Before installing <application>MediaWiki</application> you should also "
19782
"install <application>Apache2</application>, the "
19783
"<application>PHP5</application> scripting language and Database a Management "
19784
"System. <application>MySQL</application> or "
19785
"<application>PostgreSQL</application> are the most common, choose one "
19786
"depending on your need. Please refer to those sections in this manual for "
19787
"installation instructions."
19788
msgstr ""
19789
19790
#: serverguide/C/lamp-applications.xml:297(para)
19791
msgid ""
19792
"To install <application>MediaWiki</application>, run the following command "
19793
"in the command prompt:"
19794
msgstr ""
19795
19796
#: serverguide/C/lamp-applications.xml:303(command)
19797
msgid "sudo apt-get install mediawiki php5-gd"
19798
msgstr ""
19799
19800
#: serverguide/C/lamp-applications.xml:306(para)
19801
msgid ""
19802
"For additional <application>MediaWiki</application> functionality see the "
19803
"<application>mediawiki-extensions</application> package."
19804
msgstr ""
19805
19806
#: serverguide/C/lamp-applications.xml:316(para)
19807
msgid ""
19808
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19809
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19810
"directory. You should uncomment the following line in this file to access "
19811
"MediaWiki application."
19812
msgstr ""
19813
19814
#: serverguide/C/lamp-applications.xml:324(screen)
19815
#, no-wrap
19816
msgid ""
19817
"\n"
19818
"# Alias /mediawiki /var/lib/mediawiki\n"
19819
msgstr ""
19820
19821
#: serverguide/C/lamp-applications.xml:328(para)
19822
msgid ""
19823
"After you uncomment the above line, restart Apache server and access "
19824
"MediaWiki using the following url:"
19825
msgstr ""
19826
19827
#: serverguide/C/lamp-applications.xml:333(programlisting)
19828
#, no-wrap
19829
msgid ""
19830
"\n"
19831
"http://localhost/mediawiki/config/index.php\n"
19832
msgstr ""
19833
19834
#: serverguide/C/lamp-applications.xml:338(para)
19835
msgid ""
19836
"Please read the <quote>Checking environment...</quote> section in this page. "
19837
"You should be able to fix many issues by carefully reading this section."
19838
msgstr ""
19839
19840
#: serverguide/C/lamp-applications.xml:345(para)
19841
msgid ""
19842
"Once the configuration is complete, you should copy the "
19843
"<filename>LocalSettings.php</filename> file to "
19844
"<filename>/etc/mediawiki</filename> directory:"
19845
msgstr ""
19846
19847
#: serverguide/C/lamp-applications.xml:352(command)
19848
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19849
msgstr ""
19850
19851
#: serverguide/C/lamp-applications.xml:355(para)
19852
msgid ""
19853
"You may also want to edit "
19854
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19855
msgstr ""
19856
19857
#: serverguide/C/lamp-applications.xml:360(programlisting)
19858
#, no-wrap
19859
msgid ""
19860
"\n"
19861
"ini_set( 'memory_limit', '64M' );\n"
19862
msgstr ""
19863
19864
#: serverguide/C/lamp-applications.xml:367(title)
19865
msgid "Extensions"
19866
msgstr ""
19867
19868
#: serverguide/C/lamp-applications.xml:368(para)
19869
msgid ""
19870
"The extensions add new features and enhancements for the MediaWiki "
19871
"application. The extensions give wiki administrators and end users the "
19872
"ability to customize MediaWiki to their requirements."
19873
msgstr ""
19874
19875
#: serverguide/C/lamp-applications.xml:374(para)
19876
msgid ""
19877
"You can download MediaWiki extensions as an archive file or checkout from "
19878
"the Subversion repository. You should copy it to "
19879
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19880
"also add the following line at the end of file: "
19881
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19882
msgstr ""
19883
19884
#: serverguide/C/lamp-applications.xml:382(programlisting)
19885
#, no-wrap
19886
msgid ""
19887
"\n"
19888
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19889
msgstr ""
19890
19891
#: serverguide/C/lamp-applications.xml:392(para)
19892
msgid ""
19893
"For more details, please refer to the <ulink "
19894
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19895
msgstr ""
19896
19897
#: serverguide/C/lamp-applications.xml:398(para)
19898
msgid ""
19899
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19900
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19901
"new MediaWiki administrators."
19902
msgstr ""
19903
19904
#: serverguide/C/lamp-applications.xml:404(para)
19905
msgid ""
19906
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19907
"Wiki MediaWiki</ulink> page is a good resource."
19908
msgstr ""
19909
19910
#: serverguide/C/lamp-applications.xml:414(title)
19911
msgid "phpMyAdmin"
19912
msgstr ""
19913
19914
#: serverguide/C/lamp-applications.xml:416(para)
19915
msgid ""
19916
"<application>phpMyAdmin</application> is a LAMP application specifically "
19917
"written for administering <application>MySQL</application> servers. Written "
19918
"in <application>PHP</application>, and accessed through a web browser, "
19919
"phpMyAdmin provides a graphical interface for database administration tasks."
19920
msgstr ""
19921
19922
#: serverguide/C/lamp-applications.xml:425(para)
19923
msgid ""
19924
"Before installing <application>phpMyAdmin</application> you will need access "
19925
"to a <application>MySQL</application> database either on the same host as "
19926
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19927
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19928
"enter:"
19929
msgstr ""
19930
19931
#: serverguide/C/lamp-applications.xml:432(command)
19932
msgid "sudo apt-get install phpmyadmin"
19933
msgstr ""
19934
19935
#: serverguide/C/lamp-applications.xml:435(para)
19936
msgid ""
19937
"At the prompt choose which web server to be configured for "
19938
"<application>phpMyAdmin</application>. The rest of this section will use "
19939
"<application>Apache2</application> for the web server."
19940
msgstr ""
19941
19942
#: serverguide/C/lamp-applications.xml:440(para)
19943
msgid ""
19944
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19945
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19946
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19947
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19948
"user if you any setup, and enter the <application>MySQL</application> user's "
19949
"password."
19950
msgstr ""
19951
19952
#: serverguide/C/lamp-applications.xml:447(para)
19953
msgid ""
19954
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19955
"needed, create users, create/destroy databases and tables, etc."
19956
msgstr ""
19957
19958
#: serverguide/C/lamp-applications.xml:455(para)
19959
msgid ""
19960
"The configuration files for <application>phpMyAdmin</application> are "
19961
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19962
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19963
"configuration options that apply globally to "
19964
"<application>phpMyAdmin</application>."
19965
msgstr ""
19966
19967
#: serverguide/C/lamp-applications.xml:461(para)
19968
msgid ""
19969
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19970
"hosted on another server, adjust the following in "
19971
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19972
msgstr ""
19973
19974
#: serverguide/C/lamp-applications.xml:466(programlisting)
19975
#, no-wrap
19976
msgid ""
19977
"\n"
19978
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19979
msgstr ""
19980
19981
#: serverguide/C/lamp-applications.xml:471(para)
19982
msgid ""
19983
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19984
"remote database server name or IP address. Also, be sure that the "
19985
"<application>phpMyAdmin</application> host has permissions to access the "
19986
"remote database."
19987
msgstr ""
19988
19989
#: serverguide/C/lamp-applications.xml:477(para)
19990
msgid ""
19991
"Once configured, log out of <application>phpMyAdmin</application> and back "
19992
"in, and you should be accessing the new server."
19993
msgstr ""
19994
19995
#: serverguide/C/lamp-applications.xml:481(para)
19996
msgid ""
19997
"The <filename>config.header.inc.php</filename> and "
19998
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19999
"header and footer to <application>phpMyAdmin</application>."
20000
msgstr ""
20001
20002
#: serverguide/C/lamp-applications.xml:486(para)
20003
msgid ""
20004
"Another important configuration file is "
20005
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
20006
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
20007
"configure <application>Apache2</application> to serve the "
20008
"<application>phpMyAdmin</application> site. The file contains directives for "
20009
"loading <application>PHP</application>, directory permissions, etc. For more "
20010
"information on configuring <application>Apache2</application> see <xref "
20011
"linkend=\"httpd\"/>."
20012
msgstr ""
20013
20014
#: serverguide/C/lamp-applications.xml:500(para)
20015
msgid ""
20016
"The <application>phpMyAdmin</application> documentation comes installed with "
20017
"the package and can be accessed from the <emphasis>phpMyAdmin "
20018
"Documentation</emphasis> link (a question mark with a box around it) under "
20019
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
20020
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
20021
msgstr ""
20022
20023
#: serverguide/C/lamp-applications.xml:507(para)
20024
msgid ""
20025
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
20026
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
20027
msgstr ""
20028
20029
#: serverguide/C/lamp-applications.xml:512(para)
20030
msgid ""
20031
"A third resource is the <ulink "
20032
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
20033
"Wiki</ulink> page."
20034
msgstr ""
20035
20036
#: serverguide/C/introduction.xml:14(para)
20037
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
20038
msgstr ""
20039
20040
#: serverguide/C/introduction.xml:15(para)
20041
msgid ""
20042
"Here you can find information on how to install and configure various server "
20043
"applications. It is a step-by-step, task-oriented guide for configuring and "
20044
"customizing your system."
20045
msgstr ""
20046
20047
#: serverguide/C/introduction.xml:19(para)
20048
msgid ""
20049
"This guide assumes you have a basic understanding of your Ubuntu system. "
20050
"Some installation details are covered in <xref linkend=\"installation\"/>, "
20051
"but if you need detailed instructions installing Ubuntu please refer to the "
20052
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
20053
"Installation Guide</ulink>."
20054
msgstr ""
20055
20056
#: serverguide/C/introduction.xml:25(para)
20057
msgid ""
20058
"A HTML version of the manual is available online at <ulink "
20059
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
20060
"HTML files are also available in the <application>ubuntu-"
20061
"serverguide</application> package. See <xref linkend=\"package-"
20062
"management\"/> for details on installing packages."
20063
msgstr ""
20064
20065
#: serverguide/C/introduction.xml:32(para)
20066
msgid ""
20067
"If you choose to install the <application>ubuntu-serverguide</application> "
20068
"you can view this document from a console by:"
20069
msgstr ""
20070
20071
#: serverguide/C/introduction.xml:36(command)
20072
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
20073
msgstr ""
20074
20075
#: serverguide/C/introduction.xml:39(para)
20076
msgid ""
20077
"If you are using a localized version of Ubuntu, replace "
20078
"<emphasis>C</emphasis> with your language localization (e.g. "
20079
"<emphasis>en_GB</emphasis>)."
20080
msgstr ""
20081
20082
#: serverguide/C/introduction.xml:53(title)
20083
msgid "Support"
20084
msgstr ""
20085
20086
#: serverguide/C/introduction.xml:55(para)
20087
msgid ""
20088
"There are a couple of different ways that Ubuntu Server Edition is "
20089
"supported, commercial support and community support. The main commercial "
20090
"support (and development funding) is available from Canonical Ltd. They "
20091
"supply reasonably priced support contracts on a per desktop or per server "
20092
"basis. For more information see the <ulink "
20093
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
20094
"page."
20095
msgstr ""
20096
20097
#: serverguide/C/introduction.xml:62(para)
20098
msgid ""
20099
"Community support is also provided by dedicated individuals, and companies, "
20100
"that wish to make Ubuntu the best distribution possible. Support is provided "
20101
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
20102
"large amount of information available can be overwhelming, but a good search "
20103
"engine query can usually provide an answer to your questions. See the <ulink "
20104
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
20105
"information."
20106
msgstr ""
20107
20108
#: serverguide/C/installation.xml:14(para)
20109
msgid ""
20110
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
20111
"Edition. For more detailed instructions, please refer to the <ulink "
20112
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
20113
"Installation Guide</ulink>."
20114
msgstr ""
20115
20116
#: serverguide/C/installation.xml:19(title)
20117
msgid "Preparing to Install"
20118
msgstr ""
20119
20120
#: serverguide/C/installation.xml:20(para)
20121
msgid ""
20122
"This section explains various aspects to consider before starting the "
20123
"installation."
20124
msgstr ""
20125
20126
#: serverguide/C/installation.xml:24(title)
20127
msgid "System Requirements"
20128
msgstr ""
20129
20130
#: serverguide/C/installation.xml:25(para)
20131
msgid ""
20132
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
20133
"and AMD64. The table below lists recommended hardware specifications. "
20134
"Depending on your needs, you might manage with less than this. However, most "
20135
"users risk being frustrated if they ignore these suggestions."
20136
msgstr ""
20137
20138
#: serverguide/C/installation.xml:27(title)
20139
msgid "Recommended Minimum Requirements"
20140
msgstr ""
20141
20142
#: serverguide/C/installation.xml:35(para)
20143
msgid "Install Type"
20144
msgstr ""
20145
20146
#: serverguide/C/installation.xml:36(para)
20147
msgid "RAM"
20148
msgstr ""
20149
20150
#: serverguide/C/installation.xml:37(para)
20151
msgid "Hard Drive Space"
20152
msgstr ""
20153
20154
#: serverguide/C/installation.xml:40(para)
20155
msgid "Base System"
20156
msgstr ""
20157
20158
#: serverguide/C/installation.xml:41(para)
20159
msgid "All Tasks Installed"
20160
msgstr ""
20161
20162
#: serverguide/C/installation.xml:46(para)
20163
msgid "Server"
20164
msgstr ""
20165
20166
#: serverguide/C/installation.xml:47(para)
20167
msgid "128 megabytes"
20168
msgstr ""
20169
20170
#: serverguide/C/installation.xml:48(para)
20171
msgid "500 megabytes"
20172
msgstr ""
20173
20174
#: serverguide/C/installation.xml:49(para)
20175
msgid "1 gigabyte"
20176
msgstr ""
20177
20178
#: serverguide/C/installation.xml:54(para)
20179
msgid ""
20180
"The Server Edition provides a common base for all sorts of server "
20181
"applications. It is a minimalist design providing a platform for the desired "
20182
"services, such as file/print services, web hosting, email hosting, etc."
20183
msgstr ""
20184
20185
#: serverguide/C/installation.xml:60(para)
20186
msgid ""
20187
"The requirements for UEC are slightly different for Front End requirements "
20188
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
20189
"requirements see <xref linkend=\"uec-node-requirements\"/>."
20190
msgstr ""
20191
20192
#: serverguide/C/installation.xml:68(title)
20193
msgid "Server and Desktop Differences"
20194
msgstr ""
20195
20196
#: serverguide/C/installation.xml:69(para)
20197
msgid ""
20198
"There are a few differences between the <emphasis>Ubuntu Server "
20199
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
20200
"should be noted that both editions use the same "
20201
"<application>apt</application> repositories. Making it just as easy to "
20202
"install a <emphasis role=\"italic\">server</emphasis> application on the "
20203
"Desktop Edition as it is on the Server Edition."
20204
msgstr ""
20205
20206
#: serverguide/C/installation.xml:75(para)
20207
msgid ""
20208
"The differences between the two editions are the lack of an X window "
20209
"environment in the Server Edition, the installation process, and different "
20210
"Kernel options."
20211
msgstr ""
20212
20213
#: serverguide/C/installation.xml:82(title)
20214
msgid "Kernel Differences:"
20215
msgstr ""
20216
20217
#: serverguide/C/installation.xml:85(para)
20218
msgid ""
20219
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
20220
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
20221
"Edition."
20222
msgstr ""
20223
20224
#: serverguide/C/installation.xml:91(para)
20225
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20226
msgstr ""
20227
20228
#: serverguide/C/installation.xml:96(para)
20229
msgid ""
20230
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20231
"Desktop Edition."
20232
msgstr ""
20233
20234
#: serverguide/C/installation.xml:102(para)
20235
msgid ""
20236
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20237
"limited by memory addressing space."
20238
msgstr ""
20239
20240
#: serverguide/C/installation.xml:107(para)
20241
msgid ""
20242
"To see all kernel configuration options you can look through "
20243
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
20244
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
20245
"is a great resource on the options available."
20246
msgstr ""
20247
20248
#: serverguide/C/installation.xml:116(title)
20249
msgid "Backing Up"
20250
msgstr ""
20251
20252
#: serverguide/C/installation.xml:119(para)
20253
msgid ""
20254
"Before installing <application>Ubuntu Server Edition</application> you "
20255
"should make sure all data on the system is backed up. See <xref "
20256
"linkend=\"backups\"/> for backup options."
20257
msgstr ""
20258
20259
#: serverguide/C/installation.xml:123(para)
20260
msgid ""
20261
"If this is not the first time an operating system has been installed on your "
20262
"computer, it is likely you will need to re-partition your disk to make room "
20263
"for Ubuntu."
20264
msgstr ""
20265
20266
#: serverguide/C/installation.xml:127(para)
20267
msgid ""
20268
"Any time you partition your disk, you should be prepared to lose everything "
20269
"on the disk should you make a mistake or something goes wrong during "
20270
"partitioning. The programs used in installation are quite reliable, most "
20271
"have seen years of use, but they also perform destructive actions."
20272
msgstr ""
20273
20274
#: serverguide/C/installation.xml:139(title)
20275
msgid "Installing from CD"
20276
msgstr ""
20277
20278
#: serverguide/C/installation.xml:140(para)
20279
msgid ""
20280
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20281
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20282
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20283
"a graphical installation program. Instead the Server Edition uses a console "
20284
"menu based process."
20285
msgstr ""
20286
20287
#: serverguide/C/installation.xml:147(para)
20288
msgid ""
20289
"First, download and burn the appropriate ISO file from the <ulink "
20290
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
20291
msgstr ""
20292
20293
#: serverguide/C/installation.xml:153(para)
20294
msgid "Boot the system from the CD-ROM drive."
20295
msgstr ""
20296
20297
#: serverguide/C/installation.xml:158(para)
20298
msgid ""
20299
"At the boot prompt you will be asked to select the language. Afterwards the "
20300
"installation process begins by asking for your keyboard layout."
20301
msgstr ""
20302
20303
#: serverguide/C/installation.xml:164(para)
20304
msgid ""
20305
"From the main boot menu there are some additional options to install Ubuntu "
20306
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20307
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20308
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20309
"will cover the basic Ubuntu Server install."
20310
msgstr ""
20311
20312
#: serverguide/C/installation.xml:172(para)
20313
msgid ""
20314
"The installer then discovers your hardware configuration, and configures the "
20315
"network settings using DHCP. If you do not wish to use DHCP at the next "
20316
"screen choose \"Go Back\", and you have the option to \"Configure the "
20317
"network manually\"."
20318
msgstr ""
20319
20320
#: serverguide/C/installation.xml:179(para)
20321
msgid "Next, the installer asks for the system's hostname and Time Zone."
20322
msgstr ""
20323
20324
#: serverguide/C/installation.xml:184(para)
20325
msgid ""
20326
"You can then choose from several options to configure the hard drive layout. "
20327
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
20328
msgstr ""
20329
20330
#: serverguide/C/installation.xml:190(para)
20331
msgid "The Ubuntu base system is then installed."
20332
msgstr ""
20333
20334
#: serverguide/C/installation.xml:195(para)
20335
msgid ""
20336
"A new user is setup, this user will have <emphasis>root</emphasis> access "
20337
"through the <application>sudo</application> utility."
20338
msgstr ""
20339
20340
#: serverguide/C/installation.xml:201(para)
20341
msgid ""
20342
"After the user is setup, you will be asked to encrypt your <filename "
20343
"role=\"directory\">home</filename> directory."
20344
msgstr ""
20345
20346
#: serverguide/C/installation.xml:207(para)
20347
msgid ""
20348
"The next step in the installation process is to decide how you want to "
20349
"update the system. There are three options:"
20350
msgstr ""
20351
20352
#: serverguide/C/installation.xml:213(para)
20353
msgid ""
20354
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20355
"log into the machine and manually install updates."
20356
msgstr ""
20357
20358
#: serverguide/C/installation.xml:219(para)
20359
msgid ""
20360
"<emphasis>Install security updates Automatically</emphasis>: will install "
20361
"the <application>unattended-upgrades</application> package, which will "
20362
"install security updates without the intervention of an administrator. For "
20363
"more details see <xref linkend=\"automatic-updates\"/>."
20364
msgstr ""
20365
20366
#: serverguide/C/installation.xml:226(para)
20367
msgid ""
20368
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20369
"service provided by Canonical to help manage your Ubuntu machines. See the "
20370
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
20371
"site for details."
20372
msgstr ""
20373
20374
#: serverguide/C/installation.xml:235(para)
20375
msgid ""
20376
"You now have the option to install, or not install, several package tasks. "
20377
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20378
"to launch <application>aptitude</application> to choose specific packages to "
20379
"install. For more information see <xref linkend=\"aptitude\"/>."
20380
msgstr ""
20381
20382
#: serverguide/C/installation.xml:243(para)
20383
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20384
msgstr ""
20385
20386
#: serverguide/C/installation.xml:249(para)
20387
msgid ""
20388
"If at any point during installation you are not satisfied by the default "
20389
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20390
"detailed installation menu that will allow you to modify the default "
20391
"settings."
20392
msgstr ""
20393
20394
#: serverguide/C/installation.xml:254(para)
20395
msgid ""
20396
"At some point during the installation process you may want to read the help "
20397
"screen provided by the installation system. To do this, press F1."
20398
msgstr ""
20399
20400
#: serverguide/C/installation.xml:259(para)
20401
msgid ""
20402
"Once again, for detailed instructions see the <ulink "
20403
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
20404
"Installation Guide</ulink>."
20405
msgstr ""
20406
20407
#: serverguide/C/installation.xml:265(title)
20408
msgid "Package Tasks"
20409
msgstr ""
20410
20411
#: serverguide/C/installation.xml:266(para)
20412
msgid ""
20413
"During the Server Edition installation you have the option of installing "
20414
"additional packages from the CD. The packages are grouped by the type of "
20415
"service they provide."
20416
msgstr ""
20417
20418
#: serverguide/C/installation.xml:272(para)
20419
msgid "Cloud computing: Walrus storage service"
20420
msgstr ""
20421
20422
#: serverguide/C/installation.xml:277(para)
20423
msgid "Cloud computing: all-in-one cluster"
20424
msgstr ""
20425
20426
#: serverguide/C/installation.xml:282(para)
20427
msgid "Cloud computing: Cluster controller"
20428
msgstr ""
20429
20430
#: serverguide/C/installation.xml:287(para)
20431
msgid "Cloud computing: Node controller"
20432
msgstr ""
20433
20434
#: serverguide/C/installation.xml:292(para)
20435
msgid "Cloud computing: Storage controller"
20436
msgstr ""
20437
20438
#: serverguide/C/installation.xml:297(para)
20439
msgid "Cloud computing: top-level cloud controller"
20440
msgstr ""
20441
20442
#: serverguide/C/installation.xml:302(para)
20443
msgid "DNS server: Selects the BIND DNS server and its documentation."
20444
msgstr ""
20445
20446
#: serverguide/C/installation.xml:307(para)
20447
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20448
msgstr ""
20449
20450
#: serverguide/C/installation.xml:312(para)
20451
msgid ""
20452
"Mail server: This task selects a variety of package useful for a general "
20453
"purpose mail server system."
20454
msgstr ""
20455
20456
#: serverguide/C/installation.xml:317(para)
20457
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20458
msgstr ""
20459
20460
#: serverguide/C/installation.xml:322(para)
20461
msgid ""
20462
"PostgreSQL database: This task selects client and server packages for the "
20463
"PostgreSQL database."
20464
msgstr ""
20465
20466
#: serverguide/C/installation.xml:327(para)
20467
msgid "Print server: This task sets up your system to be a print server."
20468
msgstr ""
20469
20470
#: serverguide/C/installation.xml:332(para)
20471
msgid ""
20472
"Samba File server: This task sets up your system to be a Samba file server, "
20473
"which is especially suitable in networks with both Windows and Linux systems."
20474
msgstr ""
20475
20476
#: serverguide/C/installation.xml:338(para)
20477
msgid ""
20478
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20479
"etc."
20480
msgstr ""
20481
20482
#: serverguide/C/installation.xml:343(para)
20483
msgid ""
20484
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20485
msgstr ""
20486
20487
#: serverguide/C/installation.xml:348(para)
20488
msgid ""
20489
"Manually select packages: Executes <application>apptitude</application> "
20490
"allowing you to individually select packages."
20491
msgstr ""
20492
20493
#: serverguide/C/installation.xml:353(para)
20494
msgid ""
20495
"Installing the package groups is accomplished using the "
20496
"<application>tasksel</application> utility. One of the important difference "
20497
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20498
"installed, a package is also configured to reasonable defaults, eventually "
20499
"prompting you for additional required information. Likewise, when installing "
20500
"a task, the packages are not only installed, but also configured to provided "
20501
"a fully integrated service."
20502
msgstr ""
20503
20504
#: serverguide/C/installation.xml:360(para)
20505
msgid ""
20506
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20507
"<xref linkend=\"uec\"/>."
20508
msgstr ""
20509
20510
#: serverguide/C/installation.xml:363(para)
20511
msgid ""
20512
"Once the installation process has finished you can view a list of available "
20513
"tasks by entering the following from a terminal prompt:"
20514
msgstr ""
20515
20516
#: serverguide/C/installation.xml:368(command)
20517
msgid "tasksel --list-tasks"
20518
msgstr ""
20519
20520
#: serverguide/C/installation.xml:371(para)
20521
msgid ""
20522
"The output will list tasks from other Ubuntu based distributions such as "
20523
"Kubuntu and Edubuntu. Note that you can also invoke the "
20524
"<command>tasksel</command> command by itself, which will bring up a menu of "
20525
"the different tasks available."
20526
msgstr ""
20527
20528
#: serverguide/C/installation.xml:377(para)
20529
msgid ""
20530
"You can view a list of which packages are installed with each task using the "
20531
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20532
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20533
"following:"
20534
msgstr ""
20535
20536
#: serverguide/C/installation.xml:382(command)
20537
msgid "tasksel --task-packages dns-server"
20538
msgstr ""
20539
20540
#: serverguide/C/installation.xml:384(para)
20541
msgid "The output of the command should list:"
20542
msgstr ""
20543
20544
#: serverguide/C/installation.xml:387(programlisting)
20545
#, no-wrap
20546
msgid ""
20547
"\n"
20548
"bind9-doc \n"
20549
"bind9utils \n"
20550
"bind9\n"
20551
msgstr ""
20552
20553
#: serverguide/C/installation.xml:392(para)
20554
msgid ""
20555
"Also, if you did not install one of the tasks during the installation "
20556
"process, but for example you decide to make your new LAMP server a DNS "
20557
"server as well. Simply insert the installation CD and from a terminal:"
20558
msgstr ""
20559
20560
#: serverguide/C/installation.xml:397(command)
20561
msgid "sudo tasksel install dns-server"
20562
msgstr ""
20563
20564
#: serverguide/C/installation.xml:402(title)
20565
msgid "Upgrading"
20566
msgstr ""
20567
20568
#: serverguide/C/installation.xml:403(para)
20569
msgid ""
20570
"There are several ways to upgrade from one Ubuntu release to another. This "
20571
"section gives an overview of the recommended upgrade method."
20572
msgstr ""
20573
20574
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20575
msgid "do-release-upgrade"
20576
msgstr ""
20577
20578
#: serverguide/C/installation.xml:408(para)
20579
msgid ""
20580
"The recommended way to upgrade a Server Edition installation is to use the "
20581
"<application>do-release-upgrade</application> utility. Part of the "
20582
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20583
"graphical dependencies and is installed by default."
20584
msgstr ""
20585
20586
#: serverguide/C/installation.xml:413(para)
20587
msgid ""
20588
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20589
"upgrade</command>. However, using <application>do-release-"
20590
"upgrade</application> is recommended because it has the ability to handle "
20591
"system configuration changes sometimes needed between releases."
20592
msgstr ""
20593
20594
#: serverguide/C/installation.xml:418(para)
20595
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20596
msgstr ""
20597
20598
#: serverguide/C/installation.xml:424(para)
20599
msgid ""
20600
"It is also possible to use <application>do-release-upgrade</application> to "
20601
"upgrade to a development version of Ubuntu. To accomplish this use the "
20602
"<emphasis>-d</emphasis> switch:"
20603
msgstr ""
20604
20605
#: serverguide/C/installation.xml:429(command)
20606
msgid "do-release-upgrade -d"
20607
msgstr ""
20608
20609
#: serverguide/C/installation.xml:432(para)
20610
msgid ""
20611
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20612
"for production environments."
20613
msgstr ""
20614
20615
#: serverguide/C/installation.xml:439(title)
20616
msgid "Advanced Installation"
20617
msgstr ""
20618
20619
#: serverguide/C/installation.xml:442(title)
20620
msgid "Software RAID"
20621
msgstr ""
20622
20623
#: serverguide/C/installation.xml:444(para)
20624
msgid ""
20625
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20626
"the probability of catastrophic data loss in case of drive failure. RAID is "
20627
"implemented in either software (where the operating system knows about both "
20628
"drives and actively maintains both of them) or hardware (where a special "
20629
"controller makes the OS think there's only one drive and maintains the "
20630
"drives 'invisibly')."
20631
msgstr ""
20632
20633
#: serverguide/C/installation.xml:451(para)
20634
msgid ""
20635
"The RAID software included with current versions of Linux (and Ubuntu) is "
20636
"based on the <application>'mdadm'</application> driver and works very well, "
20637
"better even than many so-called 'hardware' RAID controllers. This section "
20638
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20639
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20640
"another for <emphasis>swap</emphasis>."
20641
msgstr ""
20642
20643
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20644
msgid ""
20645
"Follow the installation steps until you get to the <emphasis>Partition "
20646
"disks</emphasis> step, then:"
20647
msgstr ""
20648
20649
#: serverguide/C/installation.xml:468(para)
20650
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20651
msgstr ""
20652
20653
#: serverguide/C/installation.xml:475(para)
20654
msgid ""
20655
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20656
"partition table on this device?\"</emphasis>."
20657
msgstr ""
20658
20659
#: serverguide/C/installation.xml:479(para)
20660
msgid ""
20661
"Repeat this step for each drive you wish to be part of the RAID array."
20662
msgstr ""
20663
20664
#: serverguide/C/installation.xml:486(para)
20665
msgid ""
20666
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20667
"select <emphasis>\"Create a new partition\"</emphasis>."
20668
msgstr ""
20669
20670
#: serverguide/C/installation.xml:493(para)
20671
msgid ""
20672
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20673
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20674
"size is twice that of RAM. Enter the partition size, then choose "
20675
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20676
msgstr ""
20677
20678
#: serverguide/C/installation.xml:502(para)
20679
msgid ""
20680
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20681
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20682
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20683
"<emphasis>\"Done setting up partition\"</emphasis>."
20684
msgstr ""
20685
20686
#: serverguide/C/installation.xml:511(para)
20687
msgid ""
20688
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20689
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20690
"partition\"</emphasis>."
20691
msgstr ""
20692
20693
#: serverguide/C/installation.xml:519(para)
20694
msgid ""
20695
"Use the rest of the free space on the drive and choose "
20696
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20697
msgstr ""
20698
20699
#: serverguide/C/installation.xml:526(para)
20700
msgid ""
20701
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20702
"at the top, changing it to <emphasis>\"physical volume for "
20703
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20704
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20705
"<emphasis>\"Done setting up partition\"</emphasis>."
20706
msgstr ""
20707
20708
#: serverguide/C/installation.xml:536(para)
20709
msgid "Repeat steps three through eight for the other disk and partitions."
20710
msgstr ""
20711
20712
#: serverguide/C/installation.xml:545(title)
20713
msgid "RAID Configuration"
20714
msgstr ""
20715
20716
#: serverguide/C/installation.xml:547(para)
20717
msgid "With the partitions setup the arrays are ready to be configured:"
20718
msgstr ""
20719
20720
#: serverguide/C/installation.xml:554(para)
20721
msgid ""
20722
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20723
"Software RAID\"</emphasis> at the top."
20724
msgstr ""
20725
20726
#: serverguide/C/installation.xml:561(para)
20727
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20728
msgstr ""
20729
20730
#: serverguide/C/installation.xml:568(para)
20731
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20732
msgstr ""
20733
20734
#: serverguide/C/installation.xml:575(para)
20735
msgid ""
20736
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20737
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20738
msgstr ""
20739
20740
#: serverguide/C/installation.xml:581(para)
20741
msgid ""
20742
"In order to use <emphasis>RAID5</emphasis> you need at least "
20743
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20744
"<emphasis>two</emphasis> drives are required."
20745
msgstr ""
20746
20747
#: serverguide/C/installation.xml:590(para)
20748
msgid ""
20749
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20750
"of hard drives you have, for the array. Then select "
20751
"<emphasis>\"Continue\"</emphasis>."
20752
msgstr ""
20753
20754
#: serverguide/C/installation.xml:598(para)
20755
msgid ""
20756
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20757
"default, then choose <emphasis>\"Continue\"</emphasis>."
20758
msgstr ""
20759
20760
#: serverguide/C/installation.xml:605(para)
20761
msgid ""
20762
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20763
"etc. The numbers will usually match and the different letters correspond to "
20764
"different hard drives."
20765
msgstr ""
20766
20767
#: serverguide/C/installation.xml:610(para)
20768
msgid ""
20769
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20770
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20771
"go to the next step."
20772
msgstr ""
20773
20774
#: serverguide/C/installation.xml:618(para)
20775
msgid ""
20776
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20777
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20778
"and <emphasis>sdb2</emphasis>."
20779
msgstr ""
20780
20781
#: serverguide/C/installation.xml:626(para)
20782
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20783
msgstr ""
20784
20785
#: serverguide/C/installation.xml:636(title)
20786
msgid "Formatting"
20787
msgstr ""
20788
20789
#: serverguide/C/installation.xml:638(para)
20790
msgid ""
20791
"There should now be a list of hard drives and RAID devices. The next step is "
20792
"to format and set the mount point for the RAID devices. Treat the RAID "
20793
"device as a local hard drive, format and mount accordingly."
20794
msgstr ""
20795
20796
#: serverguide/C/installation.xml:646(para)
20797
msgid ""
20798
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20799
"#0\"</emphasis> partition."
20800
msgstr ""
20801
20802
#: serverguide/C/installation.xml:653(para)
20803
msgid ""
20804
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20805
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20806
msgstr ""
20807
20808
#: serverguide/C/installation.xml:661(para)
20809
msgid ""
20810
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20811
"#1\"</emphasis> partition."
20812
msgstr ""
20813
20814
#: serverguide/C/installation.xml:668(para)
20815
msgid ""
20816
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20817
"journaling file system\"</emphasis>."
20818
msgstr ""
20819
20820
#: serverguide/C/installation.xml:675(para)
20821
msgid ""
20822
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20823
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20824
"options as appropriate, then select <emphasis>\"Done setting up "
20825
"partition\"</emphasis>."
20826
msgstr ""
20827
20828
#: serverguide/C/installation.xml:683(para)
20829
msgid ""
20830
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20831
"disk\"</emphasis>."
20832
msgstr ""
20833
20834
#: serverguide/C/installation.xml:690(para)
20835
msgid ""
20836
"If you choose to place the root partition on a RAID array, the installer "
20837
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20838
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20839
msgstr ""
20840
20841
#: serverguide/C/installation.xml:695(para)
20842
msgid "The installation process will then continue normally."
20843
msgstr ""
20844
20845
#: serverguide/C/installation.xml:701(title)
20846
msgid "Degraded RAID"
20847
msgstr ""
20848
20849
#: serverguide/C/installation.xml:703(para)
20850
msgid ""
20851
"At some point in the life of the computer a disk failure event may occur. "
20852
"When this happens, using Software RAID, the operating system will place the "
20853
"array into what is known as a <emphasis>degraded</emphasis> state."
20854
msgstr ""
20855
20856
#: serverguide/C/installation.xml:708(para)
20857
msgid ""
20858
"If the array has become degraded, due to the chance of data corruption, by "
20859
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20860
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20861
"second prompt giving you the option to go ahead and boot the system, or "
20862
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20863
"the desired behavior, especially if the machine is in a remote location. "
20864
"Booting to a degraded array can be configured several ways:"
20865
msgstr ""
20866
20867
#: serverguide/C/installation.xml:719(para)
20868
msgid ""
20869
"The <application>dpkg-reconfigure</application> utility can be used to "
20870
"configure the default behavior, and during the process you will be queried "
20871
"about additional settings related to the array. Such as monitoring, email "
20872
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20873
"following:"
20874
msgstr ""
20875
20876
#: serverguide/C/installation.xml:726(command)
20877
msgid "sudo dpkg-reconfigure mdadm"
20878
msgstr ""
20879
20880
#: serverguide/C/installation.xml:732(para)
20881
msgid ""
20882
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20883
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20884
"The file has the advantage of being able to pre-configure the system's "
20885
"behavior, and can also be manually edited:"
20886
msgstr ""
20887
20888
#: serverguide/C/installation.xml:738(programlisting)
20889
#, no-wrap
20890
msgid ""
20891
"\n"
20892
"BOOT_DEGRADED=true\n"
20893
msgstr ""
20894
20895
#: serverguide/C/installation.xml:743(para)
20896
msgid "The configuration file can be overridden by using a Kernel argument."
20897
msgstr ""
20898
20899
#: serverguide/C/installation.xml:751(para)
20900
msgid ""
20901
"Using a Kernel argument will allow the system to boot to a degraded array as "
20902
"well:"
20903
msgstr ""
20904
20905
#: serverguide/C/installation.xml:757(para)
20906
msgid ""
20907
"When the server is booting press <keycap>Shift</keycap> to open the "
20908
"<application>Grub</application> menu."
20909
msgstr ""
20910
20911
#: serverguide/C/installation.xml:762(para)
20912
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20913
msgstr ""
20914
20915
#: serverguide/C/installation.xml:767(para)
20916
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20917
msgstr ""
20918
20919
#: serverguide/C/installation.xml:772(para)
20920
msgid ""
20921
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20922
"end of the line."
20923
msgstr ""
20924
20925
#: serverguide/C/installation.xml:777(para)
20926
msgid ""
20927
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20928
"the system."
20929
msgstr ""
20930
20931
#: serverguide/C/installation.xml:786(para)
20932
msgid ""
20933
"Once the system has booted you can either repair the array see <xref "
20934
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20935
"another machine due to major hardware failure."
20936
msgstr ""
20937
20938
#: serverguide/C/installation.xml:793(title)
20939
msgid "RAID Maintenance"
20940
msgstr ""
20941
20942
#: serverguide/C/installation.xml:795(para)
20943
msgid ""
20944
"The <application>mdadm</application> utility can be used to view the status "
20945
"of an array, add disks to an array, remove disks, etc:"
20946
msgstr ""
20947
20948
#: serverguide/C/installation.xml:802(para)
20949
msgid "To view the status of an array, from a terminal prompt enter:"
20950
msgstr ""
20951
20952
#: serverguide/C/installation.xml:806(command)
20953
msgid "sudo mdadm -D /dev/md0"
20954
msgstr ""
20955
20956
#: serverguide/C/installation.xml:809(para)
20957
msgid ""
20958
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20959
"display <emphasis>detailed</emphasis> information about the "
20960
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20961
"with the appropriate RAID device."
20962
msgstr ""
20963
20964
#: serverguide/C/installation.xml:815(para)
20965
msgid "To view the status of a disk in an array:"
20966
msgstr ""
20967
20968
#: serverguide/C/installation.xml:819(command)
20969
msgid "sudo mdadm -E /dev/sda1"
20970
msgstr ""
20971
20972
#: serverguide/C/installation.xml:821(para)
20973
msgid ""
20974
"The output if very similar to the <command>mdadm -D</command> command, "
20975
"adjust <filename>/dev/sda1</filename> for each disk."
20976
msgstr ""
20977
20978
#: serverguide/C/installation.xml:826(para)
20979
msgid "If a disk fails and needs to be removed from an array enter:"
20980
msgstr ""
20981
20982
#: serverguide/C/installation.xml:830(command)
20983
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20984
msgstr ""
20985
20986
#: serverguide/C/installation.xml:832(para)
20987
msgid ""
20988
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20989
"the appropriate RAID device and disk."
20990
msgstr ""
20991
20992
#: serverguide/C/installation.xml:837(para)
20993
msgid "Similarly, to add a new disk:"
20994
msgstr ""
20995
20996
#: serverguide/C/installation.xml:841(command)
20997
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20998
msgstr ""
20999
21000
#: serverguide/C/installation.xml:846(para)
21001
msgid ""
21002
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
21003
"though there is nothing physically wrong with the drive. It is usually "
21004
"worthwhile to remove the drive from the array then re-add it. This will "
21005
"cause the drive to re-sync with the array. If the drive will not sync with "
21006
"the array, it is a good indication of hardware failure."
21007
msgstr ""
21008
21009
#: serverguide/C/installation.xml:852(para)
21010
msgid ""
21011
"The <filename>/proc/mdstat</filename> file also contains useful information "
21012
"about the system's RAID devices:"
21013
msgstr ""
21014
21015
#: serverguide/C/installation.xml:857(command)
21016
msgid "cat /proc/mdstat"
21017
msgstr ""
21018
21019
#: serverguide/C/installation.xml:858(computeroutput)
21020
#, no-wrap
21021
msgid ""
21022
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
21023
"[raid10] \n"
21024
"md0 : active raid1 sda1[0] sdb1[1]\n"
21025
" 10016384 blocks [2/2] [UU]\n"
21026
" \n"
21027
"unused devices: <none>"
21028
msgstr ""
21029
21030
#: serverguide/C/installation.xml:865(para)
21031
msgid ""
21032
"The following command is great for watching the status of a syncing drive:"
21033
msgstr ""
21034
21035
#: serverguide/C/installation.xml:870(command)
21036
msgid "watch -n1 cat /proc/mdstat"
21037
msgstr ""
21038
21039
#: serverguide/C/installation.xml:873(para)
21040
msgid ""
21041
"Press <emphasis>Ctrl+c</emphasis> to stop the "
21042
"<application>watch</application> command."
21043
msgstr ""
21044
21045
#: serverguide/C/installation.xml:877(para)
21046
msgid ""
21047
"If you do need to replace a faulty drive, after the drive has been replaced "
21048
"and synced, <application>grub</application> will need to be installed. To "
21049
"install <application>grub</application> on the new drive, enter the "
21050
"following:"
21051
msgstr ""
21052
21053
#: serverguide/C/installation.xml:883(command)
21054
msgid "sudo grub-install /dev/md0"
21055
msgstr ""
21056
21057
#: serverguide/C/installation.xml:886(para)
21058
msgid ""
21059
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
21060
msgstr ""
21061
21062
#: serverguide/C/installation.xml:894(para)
21063
msgid ""
21064
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
21065
"can be configured. Please see the following links for more information:"
21066
msgstr ""
21067
21068
#: serverguide/C/installation.xml:901(para)
21069
msgid ""
21070
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
21071
"Wiki Articles on RAID</ulink>."
21072
msgstr ""
21073
21074
#: serverguide/C/installation.xml:907(ulink)
21075
msgid "Software RAID HOWTO"
21076
msgstr ""
21077
21078
#: serverguide/C/installation.xml:912(ulink)
21079
msgid "Managing RAID on Linux"
21080
msgstr ""
21081
21082
#: serverguide/C/installation.xml:919(title)
21083
msgid "Logical Volume Manager (LVM)"
21084
msgstr ""
21085
21086
#: serverguide/C/installation.xml:921(para)
21087
msgid ""
21088
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
21089
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
21090
"hard disks. LVM volumes can be created on both software RAID partitions and "
21091
"standard partitions residing on a single disk. Volumes can also be extended, "
21092
"giving greater flexibility to systems as requirements change."
21093
msgstr ""
21094
21095
#: serverguide/C/installation.xml:930(para)
21096
msgid ""
21097
"A side effect of LVM's power and flexibility is a greater degree of "
21098
"complication. Before diving into the LVM installation process, it is best to "
21099
"get familiar with some terms."
21100
msgstr ""
21101
21102
#: serverguide/C/installation.xml:937(para)
21103
msgid ""
21104
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
21105
"Volumes (LV)."
21106
msgstr ""
21107
21108
#: serverguide/C/installation.xml:942(para)
21109
msgid ""
21110
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
21111
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
21112
"which resides the actual EXT3, XFS, JFS, etc filesystem."
21113
msgstr ""
21114
21115
#: serverguide/C/installation.xml:948(para)
21116
msgid ""
21117
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
21118
"RAID partition. The Volume Group can be extended by adding more PVs."
21119
msgstr ""
21120
21121
#: serverguide/C/installation.xml:959(para)
21122
msgid ""
21123
"As an example this section covers installing Ubuntu Server Edition with "
21124
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
21125
"the initial install only one Physical Volume (PV) will be part of the Volume "
21126
"Group (VG). Another PV will be added after install to demonstrate how a VG "
21127
"can be extended."
21128
msgstr ""
21129
21130
#: serverguide/C/installation.xml:965(para)
21131
msgid ""
21132
"There are several installation options for LVM, <emphasis>\"Guided - use the "
21133
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
21134
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
21135
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
21136
"partitions and configure LVM. At this time the only way to configure a "
21137
"system with both LVM and standard partitions, during installation, is to use "
21138
"the Manual approach."
21139
msgstr ""
21140
21141
#: serverguide/C/installation.xml:982(para)
21142
msgid ""
21143
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
21144
"<emphasis>\"Manual\"</emphasis>."
21145
msgstr ""
21146
21147
#: serverguide/C/installation.xml:989(para)
21148
msgid ""
21149
"Select the hard disk and on the next screen choose \"yes\" to "
21150
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
21151
msgstr ""
21152
21153
#: serverguide/C/installation.xml:996(para)
21154
msgid ""
21155
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
21156
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
21157
msgstr ""
21158
21159
#: serverguide/C/installation.xml:1004(para)
21160
msgid ""
21161
"For the LVM <emphasis>/srv</emphasis>, create a new "
21162
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
21163
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
21164
"<emphasis>\"Done setting up the partition\"</emphasis>."
21165
msgstr ""
21166
21167
#: serverguide/C/installation.xml:1012(para)
21168
msgid ""
21169
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
21170
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
21171
"disk."
21172
msgstr ""
21173
21174
#: serverguide/C/installation.xml:1020(para)
21175
msgid ""
21176
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
21177
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
21178
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
21179
"After entering a name, select the partition configured for LVM, and choose "
21180
"<emphasis>\"Continue\"</emphasis>."
21181
msgstr ""
21182
21183
#: serverguide/C/installation.xml:1029(para)
21184
msgid ""
21185
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
21186
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
21187
"volume group, and enter a name for the new LV, for example "
21188
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
21189
"a size, which may be the full partition because it can always be extended "
21190
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
21191
"main <emphasis>\"Partition Disks\"</emphasis> screen."
21192
msgstr ""
21193
21194
#: serverguide/C/installation.xml:1039(para)
21195
msgid ""
21196
"Now add a filesystem to the new LVM. Select the partition under "
21197
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
21198
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
21199
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
21200
"select <emphasis>\"Done setting up the partition\"</emphasis>."
21201
msgstr ""
21202
21203
#: serverguide/C/installation.xml:1048(para)
21204
msgid ""
21205
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21206
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
21207
"the installation."
21208
msgstr ""
21209
21210
#: serverguide/C/installation.xml:1056(para)
21211
msgid "There are some useful utilities to view information about LVM:"
21212
msgstr ""
21213
21214
#: serverguide/C/installation.xml:1061(para)
21215
msgid ""
21216
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
21217
msgstr ""
21218
21219
#: serverguide/C/installation.xml:1062(para)
21220
msgid ""
21221
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21222
msgstr ""
21223
21224
#: serverguide/C/installation.xml:1063(para)
21225
msgid ""
21226
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21227
"Physical Volumes."
21228
msgstr ""
21229
21230
#: serverguide/C/installation.xml:1068(title)
21231
msgid "Extending Volume Groups"
21232
msgstr ""
21233
21234
#: serverguide/C/installation.xml:1070(para)
21235
msgid ""
21236
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21237
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21238
"adding it to the volume group (VG), extending the logical volume <filename "
21239
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21240
"example assumes a second hard disk has been added to the system. This hard "
21241
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21242
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
21243
"before issuing the commands below. You could lose some data if you issue "
21244
"those commands on a non-empty disk. In our example we will use the entire "
21245
"disk as a physical volume (you could choose to create partitions and use "
21246
"them as different physical volumes)"
21247
msgstr ""
21248
21249
#: serverguide/C/installation.xml:1082(para)
21250
msgid "First, create the physical volume, in a terminal execute:"
21251
msgstr ""
21252
21253
#: serverguide/C/installation.xml:1087(command)
21254
msgid "sudo pvcreate /dev/sdb"
21255
msgstr ""
21256
21257
#: serverguide/C/installation.xml:1093(para)
21258
msgid "Now extend the Volume Group (VG):"
21259
msgstr ""
21260
21261
#: serverguide/C/installation.xml:1098(command)
21262
msgid "sudo vgextend vg01 /dev/sdb"
21263
msgstr ""
21264
21265
#: serverguide/C/installation.xml:1104(para)
21266
msgid ""
21267
"Use <application>vgdisplay</application> to find out the free physical "
21268
"extents - Free PE / size (the size you can allocate). We will assume a free "
21269
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
21270
"whole free space available. Use your own PE and/or free space."
21271
msgstr ""
21272
21273
#: serverguide/C/installation.xml:1110(para)
21274
msgid ""
21275
"The Logical Volume (LV) can now be extended by different methods, we will "
21276
"only see how to use the PE to extend the LV:"
21277
msgstr ""
21278
21279
#: serverguide/C/installation.xml:1115(command)
21280
msgid "sudo lvextend /dev/vg01/srv -l +511"
21281
msgstr ""
21282
21283
#: serverguide/C/installation.xml:1118(para)
21284
msgid ""
21285
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21286
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21287
"Gig, Tera, etc bytes."
21288
msgstr ""
21289
21290
#: serverguide/C/installation.xml:1126(para)
21291
msgid ""
21292
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21293
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21294
"practice to unmount it anyway and check the filesystem, so that you don't "
21295
"mess up the day you want to reduce a logical volume (in that case unmounting "
21296
"first is compulsory)."
21297
msgstr ""
21298
21299
#: serverguide/C/installation.xml:1132(para)
21300
msgid ""
21301
"The following commands are for an <emphasis>EXT3</emphasis> or "
21302
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21303
"there may be other utilities available."
21304
msgstr ""
21305
21306
#: serverguide/C/installation.xml:1139(command)
21307
msgid "sudo e2fsck -f /dev/vg01/srv"
21308
msgstr ""
21309
21310
#: serverguide/C/installation.xml:1142(para)
21311
msgid ""
21312
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21313
"forces checking even if the system seems clean."
21314
msgstr ""
21315
21316
#: serverguide/C/installation.xml:1149(para)
21317
msgid "Finally, resize the filesystem:"
21318
msgstr ""
21319
21320
#: serverguide/C/installation.xml:1154(command)
21321
msgid "sudo resize2fs /dev/vg01/srv"
21322
msgstr ""
21323
21324
#: serverguide/C/installation.xml:1160(para)
21325
msgid "Now mount the partition and check its size."
21326
msgstr ""
21327
21328
#: serverguide/C/installation.xml:1165(command)
21329
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21330
msgstr ""
21331
21332
#: serverguide/C/installation.xml:1177(para)
21333
msgid ""
21334
"See the <ulink "
21335
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21336
"Articles</ulink>."
21337
msgstr ""
21338
21339
#: serverguide/C/installation.xml:1182(para)
21340
msgid ""
21341
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21342
"HOWTO</ulink> for more information."
21343
msgstr ""
21344
21345
#: serverguide/C/installation.xml:1187(para)
21346
msgid ""
21347
"Another good article is <ulink "
21348
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21349
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21350
"linuxdevcenter.com site."
21351
msgstr ""
21352
"Another good article is <ulink "
21353
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21354
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21355
"linuxdevcenter.com site."
21356
21357
#: serverguide/C/installation.xml:1194(para)
21358
msgid ""
21359
"For more information on <application>fdisk</application> see the <ulink "
21360
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
21361
"sk man page</ulink>."
21362
msgstr ""
21363
21364
#: serverguide/C/file-server.xml:13(title)
21365
msgid "File Servers"
21366
msgstr ""
21367
21368
#: serverguide/C/file-server.xml:15(para)
21369
msgid ""
21370
"If you have more than one computer on a single network. At some point you "
21371
"will probably need to share files between them. In this section we cover "
21372
"installing and configuring FTP, NFS, and CUPS."
21373
msgstr ""
21374
21375
#: serverguide/C/file-server.xml:22(title)
21376
msgid "FTP Server"
21377
msgstr ""
21378
21379
#: serverguide/C/file-server.xml:24(para)
21380
msgid ""
21381
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21382
"files between computers. FTP works on a client/server model. The server "
21383
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21384
"listens for FTP requests from remote clients. When a request is received, it "
21385
"manages the login and sets up the connection. For the duration of the "
21386
"session it executes any of commands sent by the FTP client."
21387
msgstr ""
21388
21389
#: serverguide/C/file-server.xml:33(para)
21390
msgid "Access to an FTP server can be managed in two ways:"
21391
msgstr ""
21392
21393
#: serverguide/C/file-server.xml:37(para)
21394
msgid "Anonymous"
21395
msgstr ""
21396
21397
#: serverguide/C/file-server.xml:40(para)
21398
msgid "Authenticated"
21399
msgstr ""
21400
21401
#: serverguide/C/file-server.xml:43(para)
21402
msgid ""
21403
"In the Anonymous mode, remote clients can access the FTP server by using the "
21404
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21405
"address as the password. In the Authenticated mode a user must have an "
21406
"account and a password. User access to the FTP server directories and files "
21407
"is dependent on the permissions defined for the account used at login. As a "
21408
"general rule, the FTP daemon will hide the root directory of the FTP server "
21409
"and change it to the FTP Home directory. This hides the rest of the file "
21410
"system from remote sessions."
21411
msgstr ""
21412
21413
#: serverguide/C/file-server.xml:55(title)
21414
msgid "vsftpd - FTP Server Installation"
21415
msgstr ""
21416
21417
#: serverguide/C/file-server.xml:57(para)
21418
msgid ""
21419
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21420
"and maintain. To install <application>vsftpd</application> you can run the "
21421
"following command:"
21422
msgstr ""
21423
21424
#: serverguide/C/file-server.xml:65(command)
21425
msgid "sudo apt-get install vsftpd"
21426
msgstr ""
21427
21428
#: serverguide/C/file-server.xml:71(title)
21429
msgid "Anonymous FTP Configuration"
21430
msgstr ""
21431
21432
#: serverguide/C/file-server.xml:73(para)
21433
msgid ""
21434
"By default <application>vsftpd</application> is configured to only allow "
21435
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21436
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21437
"default FTP directory."
21438
msgstr ""
21439
21440
#: serverguide/C/file-server.xml:80(para)
21441
msgid ""
21442
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21443
"example, simply create a directory in another location and change the "
21444
"<emphasis>ftp</emphasis> user's home directory:"
21445
msgstr ""
21446
21447
#: serverguide/C/file-server.xml:87(command)
21448
msgid "sudo mkdir /srv/ftp"
21449
msgstr ""
21450
21451
#: serverguide/C/file-server.xml:88(command)
21452
msgid "sudo usermod -d /srv/ftp ftp"
21453
msgstr ""
21454
21455
#: serverguide/C/file-server.xml:91(para)
21456
msgid "After making the change restart <application>vsftpd</application>:"
21457
msgstr ""
21458
21459
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21460
msgid "sudo /etc/init.d/vsftpd restart"
21461
msgstr ""
21462
21463
#: serverguide/C/file-server.xml:99(para)
21464
msgid ""
21465
"Finally, copy any files and directories you would like to make available "
21466
"through anonymous FTP to <filename>/srv/ftp</filename>."
21467
msgstr ""
21468
21469
#: serverguide/C/file-server.xml:106(title)
21470
msgid "User Authenticated FTP Configuration"
21471
msgstr ""
21472
21473
#: serverguide/C/file-server.xml:108(para)
21474
msgid ""
21475
"To configure <application>vsftpd</application> to authenticate system users "
21476
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
21477
msgstr ""
21478
21479
#: serverguide/C/file-server.xml:114(programlisting)
21480
#, no-wrap
21481
msgid ""
21482
"\n"
21483
"local_enable=YES\n"
21484
"write_enable=YES\n"
21485
msgstr ""
21486
21487
#: serverguide/C/file-server.xml:119(para)
21488
msgid "Now restart <application>vsftpd</application>:"
21489
msgstr ""
21490
21491
#: serverguide/C/file-server.xml:127(para)
21492
msgid ""
21493
"Now when system users login to FTP they will start in their "
21494
"<emphasis>home</emphasis> directories where they can download, upload, "
21495
"create directories, etc."
21496
msgstr ""
21497
21498
#: serverguide/C/file-server.xml:133(para)
21499
msgid ""
21500
"Similarly, by default, the anonymous users are not allowed to upload files "
21501
"to FTP server. To change this setting, you should uncomment the following "
21502
"line, and restart <application>vsftpd</application>:"
21503
msgstr ""
21504
21505
#: serverguide/C/file-server.xml:140(programlisting)
21506
#, no-wrap
21507
msgid ""
21508
"\n"
21509
"anon_upload_enable=YES\n"
21510
msgstr ""
21511
21512
#: serverguide/C/file-server.xml:145(para)
21513
msgid ""
21514
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21515
"not enable anonymous upload on servers accessed directly from the Internet."
21516
msgstr ""
21517
21518
#: serverguide/C/file-server.xml:151(para)
21519
msgid ""
21520
"The configuration file consists of many configuration parameters. The "
21521
"information about each parameter is available in the configuration file. "
21522
"Alternatively, you can refer to the man page, <command>man 5 "
21523
"vsftpd.conf</command> for details of each parameter."
21524
msgstr ""
21525
21526
#: serverguide/C/file-server.xml:162(title)
21527
msgid "Securing FTP"
21528
msgstr ""
21529
21530
#: serverguide/C/file-server.xml:164(para)
21531
msgid ""
21532
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21533
"<application>vsftpd</application> more secure. For example users can be "
21534
"limited to their home directories by uncommenting:"
21535
msgstr ""
21536
21537
#: serverguide/C/file-server.xml:170(programlisting)
21538
#, no-wrap
21539
msgid ""
21540
"\n"
21541
"chroot_local_user=YES\n"
21542
msgstr ""
21543
21544
#: serverguide/C/file-server.xml:174(para)
21545
msgid ""
21546
"You can also limit a specific list of users to just their home directories:"
21547
msgstr ""
21548
21549
#: serverguide/C/file-server.xml:178(programlisting)
21550
#, no-wrap
21551
msgid ""
21552
"\n"
21553
"chroot_list_enable=YES\n"
21554
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21555
msgstr ""
21556
21557
#: serverguide/C/file-server.xml:183(para)
21558
msgid ""
21559
"After uncommenting the above options, create a "
21560
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21561
"per line. Then restart <application>vsftpd</application>:"
21562
msgstr ""
21563
21564
#: serverguide/C/file-server.xml:192(para)
21565
msgid ""
21566
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21567
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21568
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21569
"add them to the list."
21570
msgstr ""
21571
21572
#: serverguide/C/file-server.xml:199(para)
21573
msgid ""
21574
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21575
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21576
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21577
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21578
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21579
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21580
"with a shell may not be ideal for some environments, such as a shared web "
21581
"host."
21582
msgstr ""
21583
21584
#: serverguide/C/file-server.xml:208(para)
21585
msgid ""
21586
"To configure <emphasis>FTPS</emphasis>, edit "
21587
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21588
msgstr ""
21589
21590
#: serverguide/C/file-server.xml:212(programlisting)
21591
#, no-wrap
21592
msgid ""
21593
"\n"
21594
"ssl_enable=Yes\n"
21595
msgstr ""
21596
21597
#: serverguide/C/file-server.xml:216(para)
21598
msgid "Also, notice the certificate and key related options:"
21599
msgstr ""
21600
21601
#: serverguide/C/file-server.xml:220(programlisting)
21602
#, no-wrap
21603
msgid ""
21604
"\n"
21605
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21606
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21607
msgstr ""
21608
21609
#: serverguide/C/file-server.xml:225(para)
21610
msgid ""
21611
"By default these options are set the certificate and key provided by the "
21612
"<application>ssl-cert</application> package. In a production environment "
21613
"these should be replaced with a certificate and key generated for the "
21614
"specific host. For more information on certificates see <xref "
21615
"linkend=\"certificates-and-security\"/>."
21616
msgstr ""
21617
21618
#: serverguide/C/file-server.xml:231(para)
21619
msgid ""
21620
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21621
"be forced to use <emphasis>FTPS</emphasis>:"
21622
msgstr ""
21623
21624
#: serverguide/C/file-server.xml:240(para)
21625
msgid ""
21626
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21627
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21628
"adding the <emphasis>nologin</emphasis> shell:"
21629
msgstr ""
21630
21631
#: serverguide/C/file-server.xml:245(programlisting)
21632
#, no-wrap
21633
msgid ""
21634
"\n"
21635
"# /etc/shells: valid login shells\n"
21636
"/bin/csh\n"
21637
"/bin/sh\n"
21638
"/usr/bin/es\n"
21639
"/usr/bin/ksh\n"
21640
"/bin/ksh\n"
21641
"/usr/bin/rc\n"
21642
"/usr/bin/tcsh\n"
21643
"/bin/tcsh\n"
21644
"/usr/bin/esh\n"
21645
"/bin/dash\n"
21646
"/bin/bash\n"
21647
"/bin/rbash\n"
21648
"/usr/bin/screen\n"
21649
"/usr/sbin/nologin\n"
21650
msgstr ""
21651
21652
#: serverguide/C/file-server.xml:263(para)
21653
msgid ""
21654
"This is necessary because, by default <application>vsftpd</application> uses "
21655
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21656
"configuration file contains:"
21657
msgstr ""
21658
21659
#: serverguide/C/file-server.xml:268(programlisting)
21660
#, no-wrap
21661
msgid ""
21662
"\n"
21663
"auth required pam_shells.so\n"
21664
msgstr ""
21665
21666
#: serverguide/C/file-server.xml:272(para)
21667
msgid ""
21668
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21669
"in the <filename>/etc/shells</filename> file."
21670
msgstr ""
21671
21672
#: serverguide/C/file-server.xml:277(para)
21673
msgid ""
21674
"Most popular FTP clients can be configured connect using FTPS. The "
21675
"<application>lftp</application> command line FTP client has the ability to "
21676
"use FTPS as well."
21677
msgstr ""
21678
21679
#: serverguide/C/file-server.xml:288(para)
21680
msgid ""
21681
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21682
"website</ulink> for more information."
21683
msgstr ""
21684
21685
#: serverguide/C/file-server.xml:293(para)
21686
msgid ""
21687
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21688
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21689
"\">vsftpd.conf man page</ulink>."
21690
msgstr ""
21691
21692
#: serverguide/C/file-server.xml:299(para)
21693
msgid ""
21694
"The CodeGurus article <ulink "
21695
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21696
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21697
"contrasting FTPS and SFTP."
21698
msgstr ""
21699
21700
#: serverguide/C/file-server.xml:305(para)
21701
msgid ""
21702
"Also, for more information see the <ulink "
21703
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21704
"page."
21705
msgstr ""
21706
21707
#: serverguide/C/file-server.xml:315(title)
21708
msgid "Network File System (NFS)"
21709
msgstr ""
21710
21711
#: serverguide/C/file-server.xml:316(para)
21712
msgid ""
21713
"NFS allows a system to share directories and files with others over a "
21714
"network. By using NFS, users and programs can access files on remote systems "
21715
"almost as if they were local files."
21716
msgstr ""
21717
21718
#: serverguide/C/file-server.xml:322(para)
21719
msgid "Some of the most notable benefits that NFS can provide are:"
21720
msgstr ""
21721
21722
#: serverguide/C/file-server.xml:328(para)
21723
msgid ""
21724
"Local workstations use less disk space because commonly used data can be "
21725
"stored on a single machine and still remain accessible to others over the "
21726
"network."
21727
msgstr ""
21728
21729
#: serverguide/C/file-server.xml:333(para)
21730
msgid ""
21731
"There is no need for users to have separate home directories on every "
21732
"network machine. Home directories could be set up on the NFS server and made "
21733
"available throughout the network."
21734
msgstr ""
21735
21736
#: serverguide/C/file-server.xml:339(para)
21737
msgid ""
21738
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21739
"be used by other machines on the network. This may reduce the number of "
21740
"removable media drives throughout the network."
21741
msgstr ""
21742
21743
#: serverguide/C/file-server.xml:349(para)
21744
msgid ""
21745
"At a terminal prompt enter the following command to install the NFS Server:"
21746
msgstr ""
21747
21748
#: serverguide/C/file-server.xml:355(command)
21749
msgid "sudo apt-get install nfs-kernel-server"
21750
msgstr ""
21751
21752
#: serverguide/C/file-server.xml:361(para)
21753
msgid ""
21754
"You can configure the directories to be exported by adding them to the "
21755
"<filename>/etc/exports</filename> file. For example:"
21756
msgstr ""
21757
21758
#: serverguide/C/file-server.xml:366(screen)
21759
#, no-wrap
21760
msgid ""
21761
"\n"
21762
"/ubuntu *(ro,sync,no_root_squash)\n"
21763
"/home *(rw,sync,no_root_squash)\n"
21764
msgstr ""
21765
21766
#: serverguide/C/file-server.xml:372(para)
21767
msgid ""
21768
"You can replace * with one of the hostname formats. Make the hostname "
21769
"declaration as specific as possible so unwanted systems cannot access the "
21770
"NFS mount."
21771
msgstr ""
21772
21773
#: serverguide/C/file-server.xml:378(para)
21774
msgid ""
21775
"To start the NFS server, you can run the following command at a terminal "
21776
"prompt:"
21777
msgstr ""
21778
21779
#: serverguide/C/file-server.xml:383(command)
21780
msgid "sudo /etc/init.d/nfs-kernel-server start"
21781
msgstr ""
21782
21783
#: serverguide/C/file-server.xml:388(title)
21784
msgid "NFS Client Configuration"
21785
msgstr ""
21786
21787
#: serverguide/C/file-server.xml:389(para)
21788
msgid ""
21789
"Use the <application>mount</application> command to mount a shared NFS "
21790
"directory from another machine, by typing a command line similar to the "
21791
"following at a terminal prompt:"
21792
msgstr ""
21793
21794
#: serverguide/C/file-server.xml:395(command)
21795
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21796
msgstr ""
21797
21798
#: serverguide/C/file-server.xml:399(para)
21799
msgid ""
21800
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21801
"There should be no files or subdirectories in the "
21802
"<filename>/local/ubuntu</filename> directory."
21803
msgstr ""
21804
21805
#: serverguide/C/file-server.xml:406(para)
21806
msgid ""
21807
"An alternate way to mount an NFS share from another machine is to add a line "
21808
"to the <filename>/etc/fstab</filename> file. The line must state the "
21809
"hostname of the NFS server, the directory on the server being exported, and "
21810
"the directory on the local machine where the NFS share is to be mounted."
21811
msgstr ""
21812
21813
#: serverguide/C/file-server.xml:414(para)
21814
msgid ""
21815
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21816
"as follows:"
21817
msgstr ""
21818
21819
#: serverguide/C/file-server.xml:420(programlisting)
21820
#, no-wrap
21821
msgid ""
21822
"\n"
21823
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21824
"rsize=8192,wsize=8192,timeo=14,intr\n"
21825
msgstr ""
21826
21827
#: serverguide/C/file-server.xml:424(para)
21828
msgid ""
21829
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21830
"common</application> package is installed on your client. To install "
21831
"<application>nfs-common</application> enter the following command at the "
21832
"terminal prompt: <screen>\n"
21833
"<command>sudo apt-get install nfs-common</command>\n"
21834
"</screen>"
21835
msgstr ""
21836
21837
#: serverguide/C/file-server.xml:437(ulink)
21838
msgid "Linux NFS faq"
21839
msgstr ""
21840
21841
#: serverguide/C/file-server.xml:439(ulink)
21842
msgid "Ubuntu Wiki NFS Howto"
21843
msgstr ""
21844
21845
#: serverguide/C/file-server.xml:445(title)
21846
msgid "CUPS - Print Server"
21847
msgstr ""
21848
21849
#: serverguide/C/file-server.xml:446(para)
21850
msgid ""
21851
"The primary mechanism for Ubuntu printing and print services is the "
21852
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21853
"printing system is a freely available, portable printing layer which has "
21854
"become the new standard for printing in most Linux distributions."
21855
msgstr ""
21856
21857
#: serverguide/C/file-server.xml:453(para)
21858
msgid ""
21859
"CUPS manages print jobs and queues and provides network printing using the "
21860
"standard Internet Printing Protocol (IPP), while offering support for a very "
21861
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21862
"also supports PostScript Printer Description (PPD) and auto-detection of "
21863
"network printers, and features a simple web-based configuration and "
21864
"administration tool."
21865
msgstr ""
21866
21867
#: serverguide/C/file-server.xml:463(para)
21868
msgid ""
21869
"To install CUPS on your Ubuntu computer, simply use "
21870
"<application>sudo</application> with the <application>apt-get</application> "
21871
"command and give the packages to install as the first parameter. A complete "
21872
"CUPS install has many package dependencies, but they may all be specified on "
21873
"the same command line. Enter the following at a terminal prompt to install "
21874
"CUPS:"
21875
msgstr ""
21876
21877
#: serverguide/C/file-server.xml:468(command)
21878
msgid "sudo apt-get install cups"
21879
msgstr ""
21880
21881
#: serverguide/C/file-server.xml:471(para)
21882
msgid ""
21883
"Upon authenticating with your user password, the packages should be "
21884
"downloaded and installed without error. Upon the conclusion of installation, "
21885
"the CUPS server will be started automatically."
21886
msgstr ""
21887
21888
#: serverguide/C/file-server.xml:476(para)
21889
msgid ""
21890
"For troubleshooting purposes, you can access CUPS server errors via the "
21891
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21892
"error log does not show enough information to troubleshoot any problems you "
21893
"encounter, the verbosity of the CUPS log can be increased by changing the "
21894
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21895
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21896
"everything, from the default of \"info\". If you make this change, remember "
21897
"to change it back once you've solved your problem, to prevent the log file "
21898
"from becoming overly large."
21899
msgstr ""
21900
21901
#: serverguide/C/file-server.xml:489(para)
21902
msgid ""
21903
"The Common UNIX Printing System server's behavior is configured through the "
21904
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21905
"The CUPS configuration file follows the same syntax as the primary "
21906
"configuration file for the Apache HTTP server, so users familiar with "
21907
"editing Apache's configuration file should feel at ease when editing the "
21908
"CUPS configuration file. Some examples of settings you may wish to change "
21909
"initially will be presented here."
21910
msgstr ""
21911
21912
#: serverguide/C/file-server.xml:499(para)
21913
msgid ""
21914
"Prior to editing the configuration file, you should make a copy of the "
21915
"original file and protect it from writing, so you will have the original "
21916
"settings as a reference, and to reuse as necessary."
21917
msgstr ""
21918
21919
#: serverguide/C/file-server.xml:503(para)
21920
msgid ""
21921
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21922
"writing with the following commands, issued at a terminal prompt:"
21923
msgstr ""
21924
21925
#: serverguide/C/file-server.xml:509(command)
21926
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21927
msgstr ""
21928
21929
#: serverguide/C/file-server.xml:510(command)
21930
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21931
msgstr ""
21932
21933
#: serverguide/C/file-server.xml:515(para)
21934
msgid ""
21935
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21936
"address of the designated administrator of the CUPS server, simply edit the "
21937
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21938
"preferred text editor, and add or modify the <emphasis "
21939
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21940
"you are the Administrator for the CUPS server, and your e-mail address is "
21941
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21942
"as such:"
21943
msgstr ""
21944
21945
#: serverguide/C/file-server.xml:526(screen)
21946
#, no-wrap
21947
msgid ""
21948
"\n"
21949
"ServerAdmin bjoy@somebigco.com\n"
21950
msgstr ""
21951
21952
#: serverguide/C/file-server.xml:532(para)
21953
msgid ""
21954
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21955
"server installation listens only on the loopback interface at IP address "
21956
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21957
"listen on an actual network adapter's IP address, you must specify either a "
21958
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21959
"addition of a Listen directive. For example, if your CUPS server resides on "
21960
"a local network at the IP address <emphasis "
21961
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21962
"accessible to the other systems on this subnetwork, you would edit the "
21963
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21964
"such:"
21965
msgstr ""
21966
21967
#: serverguide/C/file-server.xml:546(screen)
21968
#, no-wrap
21969
msgid ""
21970
"\n"
21971
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21972
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21973
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21974
"(IPP)\n"
21975
msgstr ""
21976
21977
#: serverguide/C/file-server.xml:552(para)
21978
msgid ""
21979
"In the example above, you may comment out or remove the reference to the "
21980
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21981
"</application> to listen on that interface, but would rather have it only "
21982
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21983
"listening for all network interfaces for which a certain hostname is bound, "
21984
"including the Loopback, you could create a Listen entry for the hostname "
21985
"<emphasis>socrates</emphasis> as such:"
21986
msgstr ""
21987
21988
#: serverguide/C/file-server.xml:562(screen)
21989
#, no-wrap
21990
msgid ""
21991
"\n"
21992
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21993
msgstr ""
21994
21995
#: serverguide/C/file-server.xml:566(para)
21996
msgid ""
21997
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21998
"instead, as in:"
21999
msgstr ""
22000
22001
#: serverguide/C/file-server.xml:568(screen)
22002
#, no-wrap
22003
msgid ""
22004
"\n"
22005
"Port 631 # Listen on port 631 on all interfaces\n"
22006
msgstr ""
22007
22008
#: serverguide/C/file-server.xml:575(para)
22009
msgid ""
22010
"For more examples of configuration directives in the CUPS server "
22011
"configuration file, view the associated system manual page by entering the "
22012
"following command at a terminal prompt:"
22013
msgstr ""
22014
22015
#: serverguide/C/file-server.xml:582(command)
22016
msgid "man cupsd.conf"
22017
msgstr ""
22018
22019
#: serverguide/C/file-server.xml:586(para)
22020
msgid ""
22021
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
22022
"configuration file, you'll need to restart the CUPS server by typing the "
22023
"following command at a terminal prompt:"
22024
msgstr ""
22025
22026
#: serverguide/C/file-server.xml:592(command)
22027
msgid "sudo /etc/init.d/cups restart"
22028
msgstr ""
22029
22030
#: serverguide/C/file-server.xml:598(title)
22031
msgid "Web Interface"
22032
msgstr ""
22033
22034
#: serverguide/C/file-server.xml:600(para)
22035
msgid ""
22036
"CUPS can be configured and monitored using a web interface, which by default "
22037
"is available at <ulink "
22038
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
22039
"web interface can be used to perform all printer management tasks."
22040
msgstr ""
22041
22042
#: serverguide/C/file-server.xml:604(para)
22043
msgid ""
22044
"In order to perform administrative tasks via the web interface, you must "
22045
"either have the root account enabled on your server, or authenticate as a "
22046
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
22047
"reasons, CUPS won't authenticate a user that doesn't have a password."
22048
msgstr ""
22049
22050
#: serverguide/C/file-server.xml:607(para)
22051
msgid ""
22052
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
22053
"at the terminal prompt: <screen>\n"
22054
"<command>sudo usermod -aG lpadmin username</command>\n"
22055
"</screen>"
22056
msgstr ""
22057
22058
#: serverguide/C/file-server.xml:613(para)
22059
msgid ""
22060
"Further documentation is available in the <emphasis "
22061
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
22062
msgstr ""
22063
22064
#: serverguide/C/file-server.xml:621(ulink)
22065
msgid "CUPS Website"
22066
msgstr ""
22067
22068
#: serverguide/C/file-server.xml:624(ulink)
22069
msgid "Ubuntu Wiki CUPS page"
22070
msgstr ""
22071
22072
#: serverguide/C/dns.xml:13(title)
22073
msgid "Domain Name Service (DNS)"
22074
msgstr ""
22075
22076
#: serverguide/C/dns.xml:14(para)
22077
msgid ""
22078
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
22079
"fully qualified domain names (FQDN) to one another. In this way, DNS "
22080
"alleviates the need to remember IP addresses. Computers that run DNS are "
22081
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
22082
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
22083
"common program used for maintaining a name server on Linux."
22084
msgstr ""
22085
22086
#: serverguide/C/dns.xml:24(para)
22087
msgid ""
22088
"At a terminal prompt, enter the following command to install "
22089
"<application>dns</application>:"
22090
msgstr ""
22091
22092
#: serverguide/C/dns.xml:28(command)
22093
msgid "sudo apt-get install bind9"
22094
msgstr ""
22095
22096
#: serverguide/C/dns.xml:30(para)
22097
msgid ""
22098
"A very useful package for testing and troubleshooting DNS issues is the "
22099
"dnsutils package. To install <application>dnsutils</application> enter the "
22100
"following:"
22101
msgstr ""
22102
22103
#: serverguide/C/dns.xml:35(command)
22104
msgid "sudo apt-get install dnsutils"
22105
msgstr ""
22106
22107
#: serverguide/C/dns.xml:40(para)
22108
msgid ""
22109
"There are many ways to configure <application>BIND9</application>. Some of "
22110
"the most common configurations are a caching nameserver, primary master, and "
22111
"as a secondary master."
22112
msgstr ""
22113
22114
#: serverguide/C/dns.xml:46(para)
22115
msgid ""
22116
"When configured as a caching nameserver BIND9 will find the answer to name "
22117
"queries and remember the answer when the domain is queried again."
22118
msgstr ""
22119
22120
#: serverguide/C/dns.xml:52(para)
22121
msgid ""
22122
"As a primary master server BIND9 reads the data for a zone from a file on "
22123
"it's host and is authoritative for that zone."
22124
msgstr ""
22125
22126
#: serverguide/C/dns.xml:57(para)
22127
msgid ""
22128
"In a secondary master configuration BIND9 gets the zone data from another "
22129
"nameserver authoritative for the zone."
22130
msgstr ""
22131
22132
#: serverguide/C/dns.xml:65(para)
22133
msgid ""
22134
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
22135
"directory. The primary configuration file is "
22136
"<filename>/etc/bind/named.conf</filename>."
22137
msgstr ""
22138
22139
#: serverguide/C/dns.xml:72(para)
22140
msgid ""
22141
"The <emphasis>include</emphasis> line specifies the filename which contains "
22142
"the DNS options. The <emphasis>directory</emphasis> line in the "
22143
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
22144
"look for files. All files BIND uses will be relative to this directory."
22145
msgstr ""
22146
22147
#: serverguide/C/dns.xml:80(para)
22148
msgid ""
22149
"The file named <filename>/etc/bind/db.root</filename> describes the root "
22150
"nameservers in the world. The servers change over time, so the "
22151
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
22152
"This is usually done as updates to the <application>bind9</application> "
22153
"package. The <emphasis>zone</emphasis> section defines a master server, and "
22154
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
22155
msgstr ""
22156
22157
#: serverguide/C/dns.xml:90(para)
22158
msgid ""
22159
"It is possible to configure the same server to be a caching name server, "
22160
"primary master, and secondary master. A server can be the Start of Authority "
22161
"(SOA) for one zone, while providing secondary service for another zone. All "
22162
"the while providing caching services for hosts on the local LAN."
22163
msgstr ""
22164
22165
#: serverguide/C/dns.xml:98(title)
22166
msgid "Caching Nameserver"
22167
msgstr ""
22168
22169
#: serverguide/C/dns.xml:99(para)
22170
msgid ""
22171
"The default configuration is setup to act as a caching server. All that is "
22172
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
22173
"uncomment and edit the following in "
22174
"<filename>/etc/bind/named.conf.options</filename>:"
22175
msgstr ""
22176
22177
#: serverguide/C/dns.xml:103(programlisting)
22178
#, no-wrap
22179
msgid ""
22180
"\n"
22181
"forwarders {\n"
22182
" 1.2.3.4;\n"
22183
" 5.6.7.8;\n"
22184
" };\n"
22185
msgstr ""
22186
22187
#: serverguide/C/dns.xml:110(para)
22188
msgid ""
22189
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
22190
"the IP Adresses of actual nameservers."
22191
msgstr ""
22192
22193
#: serverguide/C/dns.xml:114(para)
22194
msgid ""
22195
"Now restart the DNS server, to enable the new configuration. From a terminal "
22196
"prompt:"
22197
msgstr ""
22198
22199
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
22200
msgid "sudo /etc/init.d/bind9 restart"
22201
msgstr ""
22202
22203
#: serverguide/C/dns.xml:120(para)
22204
msgid ""
22205
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
22206
"DNS server."
22207
msgstr ""
22208
22209
#: serverguide/C/dns.xml:125(title)
22210
msgid "Primary Master"
22211
msgstr ""
22212
22213
#: serverguide/C/dns.xml:126(para)
22214
msgid ""
22215
"In this section <application>BIND9</application> will be configured as the "
22216
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
22217
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
22218
"(Fully Qualified Domain Name)."
22219
msgstr ""
22220
22221
#: serverguide/C/dns.xml:132(title)
22222
msgid "Forward Zone File"
22223
msgstr ""
22224
22225
#: serverguide/C/dns.xml:133(para)
22226
msgid ""
22227
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
22228
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
22229
msgstr ""
22230
22231
#: serverguide/C/dns.xml:137(programlisting)
22232
#, no-wrap
22233
msgid ""
22234
"\n"
22235
"zone \"example.com\" {\n"
22236
"\ttype master;\n"
22237
" file \"/etc/bind/db.example.com\";\n"
22238
"};\n"
22239
msgstr ""
22240
22241
#: serverguide/C/dns.xml:143(para)
22242
msgid ""
22243
"Now use an existing zone file as a template to create the "
22244
"<filename>/etc/bind/db.example.com</filename> file:"
22245
msgstr ""
22246
22247
#: serverguide/C/dns.xml:147(command)
22248
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22249
msgstr ""
22250
22251
#: serverguide/C/dns.xml:149(para)
22252
msgid ""
22253
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
22254
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
22255
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22256
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22257
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22258
"leaving the \".\" at the end."
22259
msgstr ""
22260
22261
#: serverguide/C/dns.xml:155(para)
22262
msgid ""
22263
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22264
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
22265
msgstr ""
22266
22267
#: serverguide/C/dns.xml:159(programlisting)
22268
#, no-wrap
22269
msgid ""
22270
"\n"
22271
";\n"
22272
"; BIND data file for local loopback interface\n"
22273
";\n"
22274
"$TTL 604800\n"
22275
"@ IN SOA ns.example.com. root.example.com. (\n"
22276
" 2 ; Serial\n"
22277
" 604800 ; Refresh\n"
22278
" 86400 ; Retry\n"
22279
" 2419200 ; Expire\n"
22280
" 604800 ) ; Negative Cache TTL\n"
22281
";\n"
22282
"@ IN NS ns.example.com.\n"
22283
"@ IN A 127.0.0.1\n"
22284
"@ IN AAAA ::1\n"
22285
"ns IN A 192.168.1.10\n"
22286
msgstr ""
22287
22288
#: serverguide/C/dns.xml:176(para)
22289
msgid ""
22290
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22291
"make changes to the zone file. If you make multiple changes before "
22292
"restarting BIND9, simply increment the Serial once."
22293
msgstr ""
22294
22295
#: serverguide/C/dns.xml:180(para)
22296
msgid ""
22297
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22298
"linkend=\"dns-record-types\"/> for details."
22299
msgstr ""
22300
22301
#: serverguide/C/dns.xml:184(para)
22302
msgid ""
22303
"Many admins like to use the last date edited as the serial of a zone, such "
22304
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
22305
"<emphasis>ss</emphasis> is the Serial Number)"
22306
msgstr ""
22307
22308
#: serverguide/C/dns.xml:189(para)
22309
msgid ""
22310
"Once you have made a change to the zone file "
22311
"<application>BIND9</application> will need to be restarted for the changes "
22312
"to take effect:"
22313
msgstr ""
22314
22315
#: serverguide/C/dns.xml:198(title)
22316
msgid "Reverse Zone File"
22317
msgstr ""
22318
22319
#: serverguide/C/dns.xml:199(para)
22320
msgid ""
22321
"Now that the zone is setup and resolving names to IP Adresses a "
22322
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22323
"DNS to resolve an address to a name."
22324
msgstr ""
22325
22326
#: serverguide/C/dns.xml:203(para)
22327
msgid "Edit /etc/bind/named.conf.local and add the following:"
22328
msgstr ""
22329
22330
#: serverguide/C/dns.xml:206(programlisting)
22331
#, no-wrap
22332
msgid ""
22333
"\n"
22334
"zone \"1.168.192.in-addr.arpa\" {\n"
22335
" type master;\n"
22336
" notify no;\n"
22337
" file \"/etc/bind/db.192\";\n"
22338
"};\n"
22339
msgstr ""
22340
22341
#: serverguide/C/dns.xml:214(para)
22342
msgid ""
22343
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22344
"whatever network you are using. Also, name the zone file "
22345
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
22346
"first octet of your network."
22347
msgstr ""
22348
22349
#: serverguide/C/dns.xml:219(para)
22350
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22351
msgstr ""
22352
22353
#: serverguide/C/dns.xml:223(command)
22354
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22355
msgstr ""
22356
22357
#: serverguide/C/dns.xml:225(para)
22358
msgid ""
22359
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22360
"same options as <filename>/etc/bind/db.example.com</filename>:"
22361
msgstr ""
22362
22363
#: serverguide/C/dns.xml:229(programlisting)
22364
#, no-wrap
22365
msgid ""
22366
"\n"
22367
";\n"
22368
"; BIND reverse data file for local loopback interface\n"
22369
";\n"
22370
"$TTL 604800\n"
22371
"@ IN SOA ns.example.com. root.example.com. (\n"
22372
" 2 ; Serial\n"
22373
" 604800 ; Refresh\n"
22374
" 86400 ; Retry\n"
22375
" 2419200 ; Expire\n"
22376
" 604800 ) ; Negative Cache TTL\n"
22377
";\n"
22378
"@ IN NS ns.\n"
22379
"10 IN PTR ns.example.com.\n"
22380
msgstr ""
22381
22382
#: serverguide/C/dns.xml:244(para)
22383
msgid ""
22384
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22385
"incremented on each change as well. For each <emphasis>A record</emphasis> "
22386
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22387
"create a <emphasis>PTR record</emphasis> in "
22388
"<filename>/etc/bind/db.192</filename>."
22389
msgstr ""
22390
22391
#: serverguide/C/dns.xml:249(para)
22392
msgid ""
22393
"After creating the reverse zone file restart "
22394
"<application>BIND9</application>:"
22395
msgstr ""
22396
22397
#: serverguide/C/dns.xml:258(title)
22398
msgid "Secondary Master"
22399
msgstr ""
22400
22401
#: serverguide/C/dns.xml:259(para)
22402
msgid ""
22403
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22404
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22405
"availability of the domain should the Primary become unavailable."
22406
msgstr ""
22407
22408
#: serverguide/C/dns.xml:263(para)
22409
msgid ""
22410
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22411
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22412
"and Reverse zone definitions in "
22413
"<filename>/etc/bind/named.conf.local</filename>:"
22414
msgstr ""
22415
22416
#: serverguide/C/dns.xml:267(programlisting)
22417
#, no-wrap
22418
msgid ""
22419
"\n"
22420
"zone \"example.com\" {\n"
22421
" type master;\n"
22422
"\tfile \"/etc/bind/db.example.com\";\n"
22423
" allow-transfer { 192.168.1.11; };\n"
22424
"};\n"
22425
"\n"
22426
"zone \"1.168.192.in-addr.arpa\" {\n"
22427
" type master;\n"
22428
" notify no;\n"
22429
" file \"/etc/bind/db.192\";\n"
22430
"\tallow-transfer { 192.168.1.11; };\n"
22431
"};\n"
22432
msgstr ""
22433
22434
#: serverguide/C/dns.xml:282(para)
22435
msgid ""
22436
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22437
"Secondary nameserver."
22438
msgstr ""
22439
22440
#: serverguide/C/dns.xml:286(para)
22441
msgid ""
22442
"Next, on the Secondary Master, install the <application>bind9</application> "
22443
"package the same way as on the Primary. Then edit the "
22444
"<filename>/etc/bind/named.conf.local</filename> and add the following "
22445
"declarations for the Forward and Reverse zones:"
22446
msgstr ""
22447
22448
#: serverguide/C/dns.xml:290(programlisting)
22449
#, no-wrap
22450
msgid ""
22451
"\n"
22452
"zone \"example.com\" {\n"
22453
"\ttype slave;\n"
22454
" file \"/var/cache/bind/db.example.com\";\n"
22455
" masters { 192.168.1.10; };\n"
22456
"}; \n"
22457
" \n"
22458
"zone \"1.168.192.in-addr.arpa\" {\n"
22459
"\ttype slave;\n"
22460
" file \"/var/cache/bind/db.192\";\n"
22461
" masters { 192.168.1.10; };\n"
22462
"};\n"
22463
msgstr ""
22464
22465
#: serverguide/C/dns.xml:304(para)
22466
msgid ""
22467
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22468
"Primary nameserver."
22469
msgstr ""
22470
22471
#: serverguide/C/dns.xml:308(para)
22472
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22473
msgstr ""
22474
22475
#: serverguide/C/dns.xml:314(para)
22476
msgid ""
22477
"In <filename>/var/log/syslog</filename> you should see something similar to:"
22478
msgstr ""
22479
22480
#: serverguide/C/dns.xml:317(programlisting)
22481
#, no-wrap
22482
msgid ""
22483
"\n"
22484
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22485
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
22486
msgstr ""
22487
22488
#: serverguide/C/dns.xml:322(para)
22489
msgid ""
22490
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22491
"on the Primary is larger than the one on the Secondary."
22492
msgstr ""
22493
22494
#: serverguide/C/dns.xml:328(para)
22495
msgid ""
22496
"The default directory for non-authoritative zone files is "
22497
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22498
"<application>AppArmor</application> to allow the "
22499
"<application>named</application> daemon to write to it. For more information "
22500
"on AppArmor see <xref linkend=\"apparmor\"/>."
22501
msgstr ""
22502
22503
#: serverguide/C/dns.xml:339(para)
22504
msgid ""
22505
"This section covers ways to help determine the cause when problems happen "
22506
"with DNS and <application>BIND9</application>."
22507
msgstr ""
22508
22509
#: serverguide/C/dns.xml:345(title)
22510
msgid "resolv.conf"
22511
msgstr ""
22512
22513
#: serverguide/C/dns.xml:346(para)
22514
msgid ""
22515
"The first step in testing <application>BIND9</application> is to add the "
22516
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22517
"be configured as well as another host to double check things. Simply edit "
22518
"<filename>/etc/resolv.conf</filename> and add the following:"
22519
msgstr ""
22520
22521
#: serverguide/C/dns.xml:351(programlisting)
22522
#, no-wrap
22523
msgid ""
22524
"\n"
22525
"nameserver\t192.168.1.10\n"
22526
"nameserver\t192.168.1.11\n"
22527
msgstr ""
22528
22529
#: serverguide/C/dns.xml:356(para)
22530
msgid ""
22531
"You should also add the IP Address of the Secondary nameserver in case the "
22532
"Primary becomes unavailable."
22533
msgstr ""
22534
22535
#: serverguide/C/dns.xml:362(title)
22536
msgid "dig"
22537
msgstr ""
22538
22539
#: serverguide/C/dns.xml:363(para)
22540
msgid ""
22541
"If you installed the <application>dnsutils</application> package you can "
22542
"test your setup using the DNS lookup utility <application>dig</application>:"
22543
msgstr ""
22544
22545
#: serverguide/C/dns.xml:369(para)
22546
msgid ""
22547
"After installing <application>BIND9</application> use "
22548
"<application>dig</application> against the loopback interface to make sure "
22549
"it is listening on port 53. From a terminal prompt:"
22550
msgstr ""
22551
22552
#: serverguide/C/dns.xml:374(command)
22553
msgid "dig -x 127.0.0.1"
22554
msgstr ""
22555
22556
#: serverguide/C/dns.xml:376(para)
22557
msgid "You should see lines similar to the following in the command output:"
22558
msgstr ""
22559
22560
#: serverguide/C/dns.xml:379(programlisting)
22561
#, no-wrap
22562
msgid ""
22563
"\n"
22564
";; Query time: 1 msec\n"
22565
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22566
msgstr ""
22567
22568
#: serverguide/C/dns.xml:385(para)
22569
msgid ""
22570
"If you have configured <application>BIND9</application> as a "
22571
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22572
"the query time:"
22573
msgstr ""
22574
22575
#: serverguide/C/dns.xml:390(command)
22576
msgid "dig ubuntu.com"
22577
msgstr ""
22578
22579
#: serverguide/C/dns.xml:392(para)
22580
msgid "Note the query time toward the end of the command output:"
22581
msgstr ""
22582
22583
#: serverguide/C/dns.xml:395(programlisting)
22584
#, no-wrap
22585
msgid ""
22586
"\n"
22587
";; Query time: 49 msec\n"
22588
msgstr ""
22589
22590
#: serverguide/C/dns.xml:398(para)
22591
msgid "After a second dig there should be improvement:"
22592
msgstr ""
22593
22594
#: serverguide/C/dns.xml:401(programlisting)
22595
#, no-wrap
22596
msgid ""
22597
"\n"
22598
";; Query time: 1 msec\n"
22599
msgstr ""
22600
22601
#: serverguide/C/dns.xml:408(title)
22602
msgid "ping"
22603
msgstr ""
22604
22605
#: serverguide/C/dns.xml:410(para)
22606
msgid ""
22607
"Now to demonstrate how applications make use of DNS to resolve a host name "
22608
"use the <application>ping</application> utility to send an ICMP echo "
22609
"request. From a terminal prompt enter:"
22610
msgstr ""
22611
22612
#: serverguide/C/dns.xml:416(command)
22613
msgid "ping example.com"
22614
msgstr ""
22615
22616
#: serverguide/C/dns.xml:418(para)
22617
msgid ""
22618
"This tests if the nameserver can resolve the name "
22619
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22620
"should resemble:"
22621
msgstr ""
22622
22623
#: serverguide/C/dns.xml:422(programlisting)
22624
#, no-wrap
22625
msgid ""
22626
"\n"
22627
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22628
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22629
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22630
msgstr ""
22631
22632
#: serverguide/C/dns.xml:429(title)
22633
msgid "named-checkzone"
22634
msgstr ""
22635
22636
#: serverguide/C/dns.xml:430(para)
22637
msgid ""
22638
"A great way to test your zone files is by using the <application>named-"
22639
"checkzone</application> utility installed with the "
22640
"<application>bind9</application> package. This utility allows you to make "
22641
"sure the configuration is correct before restarting "
22642
"<application>BIND9</application> and making the changes live."
22643
msgstr ""
22644
22645
#: serverguide/C/dns.xml:437(para)
22646
msgid ""
22647
"To test our example Forward zone file enter the following from a command "
22648
"prompt:"
22649
msgstr ""
22650
22651
#: serverguide/C/dns.xml:441(command)
22652
msgid "named-checkzone example.com /etc/bind/db.example.com"
22653
msgstr ""
22654
22655
#: serverguide/C/dns.xml:443(para)
22656
msgid ""
22657
"If everything is configured correctly you should see output similar to:"
22658
msgstr ""
22659
22660
#: serverguide/C/dns.xml:446(programlisting)
22661
#, no-wrap
22662
msgid ""
22663
"\n"
22664
"zone example.com/IN: loaded serial 6\n"
22665
"OK\n"
22666
msgstr ""
22667
22668
#: serverguide/C/dns.xml:452(para)
22669
msgid "Similarly, to test the Reverse zone file enter the following:"
22670
msgstr ""
22671
22672
#: serverguide/C/dns.xml:456(command)
22673
msgid "named-checkzone example.com /etc/bind/db.192"
22674
msgstr ""
22675
22676
#: serverguide/C/dns.xml:458(para)
22677
msgid "The output should be similar to:"
22678
msgstr ""
22679
22680
#: serverguide/C/dns.xml:461(programlisting)
22681
#, no-wrap
22682
msgid ""
22683
"\n"
22684
"zone example.com/IN: loaded serial 3\n"
22685
"OK\n"
22686
msgstr ""
22687
22688
#: serverguide/C/dns.xml:468(para)
22689
msgid ""
22690
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22691
"different."
22692
msgstr ""
22693
22694
#: serverguide/C/dns.xml:475(title)
22695
msgid "Logging"
22696
msgstr ""
22697
22698
#: serverguide/C/dns.xml:476(para)
22699
msgid ""
22700
"<application>BIND9</application> has a wide variety of logging configuration "
22701
"options available. There are two main options. The "
22702
"<emphasis>channel</emphasis> option configures where logs go, and the "
22703
"<emphasis>category</emphasis> option determines what information to log."
22704
msgstr ""
22705
22706
#: serverguide/C/dns.xml:480(para)
22707
msgid "If no logging option is configured the default option is:"
22708
msgstr ""
22709
22710
#: serverguide/C/dns.xml:483(programlisting)
22711
#, no-wrap
22712
msgid ""
22713
"\n"
22714
"logging {\n"
22715
" category default { default_syslog; default_debug; };\n"
22716
" category unmatched { null; };\n"
22717
"};\n"
22718
msgstr ""
22719
22720
#: serverguide/C/dns.xml:489(para)
22721
msgid ""
22722
"This section covers configuring <application>BIND9</application> to send "
22723
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22724
"file."
22725
msgstr ""
22726
22727
#: serverguide/C/dns.xml:494(para)
22728
msgid ""
22729
"First, we need to configure a channel to specify which file to send the "
22730
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22731
"the following:"
22732
msgstr ""
22733
22734
#: serverguide/C/dns.xml:498(programlisting)
22735
#, no-wrap
22736
msgid ""
22737
"\n"
22738
"logging {\n"
22739
" channel query.log { \n"
22740
" file \"/var/log/query.log\";\n"
22741
" severity debug 3; \n"
22742
" }; \n"
22743
"};\n"
22744
msgstr ""
22745
22746
#: serverguide/C/dns.xml:508(para)
22747
msgid "Next, configure a category to send all DNS queries to the query file:"
22748
msgstr ""
22749
22750
#: serverguide/C/dns.xml:511(programlisting)
22751
#, no-wrap
22752
msgid ""
22753
"\n"
22754
"logging {\n"
22755
" channel query.log { \n"
22756
" file \"/var/log/query.log\"; \n"
22757
" severity debug 3; \n"
22758
" }; \n"
22759
" <emphasis>category queries { query.log; };</emphasis> \n"
22760
"};\n"
22761
msgstr ""
22762
22763
#: serverguide/C/dns.xml:523(para)
22764
msgid ""
22765
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22766
"level isn't specified level 1 is the default."
22767
msgstr ""
22768
22769
#: serverguide/C/dns.xml:529(para)
22770
msgid ""
22771
"Since the <emphasis>named daemon</emphasis> runs as the "
22772
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22773
"file must be created and the ownership changed:"
22774
msgstr ""
22775
22776
#: serverguide/C/dns.xml:534(command)
22777
msgid "sudo touch /var/log/query.log"
22778
msgstr ""
22779
22780
#: serverguide/C/dns.xml:535(command)
22781
msgid "sudo chown bind /var/log/query.log"
22782
msgstr ""
22783
22784
#: serverguide/C/dns.xml:539(para)
22785
msgid ""
22786
"Before <application>named</application> daemon can write to the new log file "
22787
"the <application>AppArmor</application> profile must be updated. First, edit "
22788
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22789
msgstr ""
22790
22791
#: serverguide/C/dns.xml:543(programlisting)
22792
#, no-wrap
22793
msgid ""
22794
"\n"
22795
"/var/log/query.log w,\n"
22796
msgstr ""
22797
22798
#: serverguide/C/dns.xml:546(para)
22799
msgid "Next, reload the profile:"
22800
msgstr ""
22801
22802
#: serverguide/C/dns.xml:550(command)
22803
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22804
msgstr ""
22805
22806
#: serverguide/C/dns.xml:552(para)
22807
msgid ""
22808
"For more information on <application>AppArmor</application> see <xref "
22809
"linkend=\"apparmor\"/>"
22810
msgstr ""
22811
22812
#: serverguide/C/dns.xml:557(para)
22813
msgid ""
22814
"Now restart <application>BIND9</application> for the changes to take effect:"
22815
msgstr ""
22816
22817
#: serverguide/C/dns.xml:565(para)
22818
msgid ""
22819
"You should see the file <filename>/var/log/query.log</filename> fill with "
22820
"query information. This is a simple example of the "
22821
"<application>BIND9</application> logging options. For coverage of advanced "
22822
"options see <xref linkend=\"dns-more-info\"/>."
22823
msgstr ""
22824
22825
#: serverguide/C/dns.xml:574(title)
22826
msgid "Common Record Types"
22827
msgstr ""
22828
22829
#: serverguide/C/dns.xml:575(para)
22830
msgid "This section covers some of the most common DNS record types."
22831
msgstr ""
22832
22833
#: serverguide/C/dns.xml:580(para)
22834
msgid ""
22835
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22836
msgstr ""
22837
22838
#: serverguide/C/dns.xml:583(programlisting)
22839
#, no-wrap
22840
msgid ""
22841
"\n"
22842
"www IN A 192.168.1.12\n"
22843
msgstr ""
22844
22845
#: serverguide/C/dns.xml:588(para)
22846
msgid ""
22847
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22848
"record. You cannot create a CNAME record pointing to another CNAME record."
22849
msgstr ""
22850
22851
#: serverguide/C/dns.xml:591(programlisting)
22852
#, no-wrap
22853
msgid ""
22854
"\n"
22855
"web IN CNAME www\n"
22856
msgstr ""
22857
22858
#: serverguide/C/dns.xml:596(para)
22859
msgid ""
22860
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22861
"to. Must point to an A record, not a CNAME."
22862
msgstr ""
22863
22864
#: serverguide/C/dns.xml:599(programlisting)
22865
#, no-wrap
22866
msgid ""
22867
"\n"
22868
" IN MX 1 mail.example.com.\n"
22869
"mail IN A 192.168.1.13\n"
22870
msgstr ""
22871
22872
#: serverguide/C/dns.xml:605(para)
22873
msgid ""
22874
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22875
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22876
"Secondary servers are defined."
22877
msgstr ""
22878
22879
#: serverguide/C/dns.xml:609(programlisting)
22880
#, no-wrap
22881
msgid ""
22882
"\n"
22883
" IN NS ns.example.com.\n"
22884
"\tIN NS ns2.example.com.\n"
22885
"ns IN A 192.168.1.10\n"
22886
"ns2\tIN A\t 192.168.1.11\n"
22887
msgstr ""
22888
22889
#: serverguide/C/dns.xml:622(para)
22890
msgid ""
22891
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22892
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22893
msgstr ""
22894
22895
#: serverguide/C/dns.xml:627(para)
22896
msgid ""
22897
"For in depth coverage of <emphasis>DNS</emphasis> and "
22898
"<application>BIND9</application> see <ulink "
22899
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22900
msgstr ""
22901
22902
#: serverguide/C/dns.xml:632(para)
22903
msgid ""
22904
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22905
"BIND</ulink> is a popular book now in it's fifth edition."
22906
msgstr ""
22907
22908
#: serverguide/C/dns.xml:637(para)
22909
msgid ""
22910
"A great place to ask for <application>BIND9</application> assistance, and "
22911
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22912
"server</emphasis> IRC channel on <ulink "
22913
"url=\"http://freenode.net\">freenode</ulink>."
22914
msgstr ""
22915
22916
#: serverguide/C/dns.xml:643(para)
22917
msgid ""
22918
"Also, see the <ulink "
22919
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22920
"HOWTO</ulink> in the Ubuntu Wiki."
22921
msgstr ""
22922
22923
#: serverguide/C/databases.xml:13(title)
22924
msgid "Databases"
22925
msgstr ""
22926
22927
#: serverguide/C/databases.xml:14(para)
22928
msgid "Ubuntu provides two popular database servers. They are:"
22929
msgstr ""
22930
22931
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22932
msgid "PostgreSQL"
22933
msgstr ""
22934
22935
#: serverguide/C/databases.xml:25(para)
22936
msgid ""
22937
"They are available in the main repository. This section explains how to "
22938
"install and configure these database servers."
22939
msgstr ""
22940
22941
#: serverguide/C/databases.xml:32(para)
22942
msgid ""
22943
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22944
"It is intended for mission-critical, heavy-load production systems as well "
22945
"as for embedding into mass-deployed software."
22946
msgstr ""
22947
22948
#: serverguide/C/databases.xml:41(para)
22949
msgid "To install MySQL, run the following command from a terminal prompt:"
22950
msgstr ""
22951
22952
#: serverguide/C/databases.xml:46(command)
22953
msgid "sudo apt-get install mysql-server"
22954
msgstr ""
22955
22956
#: serverguide/C/databases.xml:48(para)
22957
msgid ""
22958
"During the installation process you will be prompted to enter a password for "
22959
"the <application>MySQL</application> root user."
22960
msgstr ""
22961
22962
#: serverguide/C/databases.xml:53(para)
22963
msgid ""
22964
"Once the installation is complete, the MySQL server should be started "
22965
"automatically. You can run the following command from a terminal prompt to "
22966
"check whether the MySQL server is running:"
22967
msgstr ""
22968
22969
#: serverguide/C/databases.xml:61(command)
22970
msgid "sudo netstat -tap | grep mysql"
22971
msgstr ""
22972
22973
#: serverguide/C/databases.xml:70(programlisting)
22974
#, no-wrap
22975
msgid ""
22976
"\n"
22977
"tcp 0 0 localhost:mysql *:* LISTEN "
22978
" 2556/mysqld\n"
22979
msgstr ""
22980
22981
#: serverguide/C/databases.xml:74(para)
22982
msgid ""
22983
"If the server is not running correctly, you can type the following command "
22984
"to start it:"
22985
msgstr ""
22986
22987
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22988
msgid "sudo /etc/init.d/mysql restart"
22989
msgstr ""
22990
22991
#: serverguide/C/databases.xml:85(para)
22992
msgid ""
22993
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22994
"the basic settings -- log file, port number, etc. For example, to configure "
22995
"<application>MySQL</application> to listen for connections from network "
22996
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22997
"server's IP address:"
22998
msgstr ""
22999
23000
#: serverguide/C/databases.xml:91(programlisting)
23001
#, no-wrap
23002
msgid ""
23003
"\n"
23004
"bind-address = 192.168.0.5\n"
23005
msgstr ""
23006
23007
#: serverguide/C/databases.xml:95(para)
23008
msgid "Replace 192.168.0.5 with the appropriate address."
23009
msgstr ""
23010
23011
#: serverguide/C/databases.xml:99(para)
23012
msgid ""
23013
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
23014
"<application>mysql</application> daemon will need to be restarted:"
23015
msgstr ""
23016
23017
#: serverguide/C/databases.xml:107(para)
23018
msgid ""
23019
"If you would like to change the "
23020
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
23021
"terminal enter:"
23022
msgstr ""
23023
23024
#: serverguide/C/databases.xml:113(command)
23025
msgid "sudo dpkg-reconfigure mysql-server-5.1"
23026
msgstr ""
23027
23028
#: serverguide/C/databases.xml:116(para)
23029
msgid ""
23030
"The <application>mysql</application> daemon will be stopped, and you will be "
23031
"prompted to enter a new password."
23032
msgstr ""
23033
23034
#: serverguide/C/databases.xml:125(para)
23035
msgid ""
23036
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
23037
"more information."
23038
msgstr ""
23039
23040
#: serverguide/C/databases.xml:130(para)
23041
msgid ""
23042
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
23043
"<application>mysql-doc-5.0</application> package. To install the package "
23044
"enter the following in a terminal:"
23045
msgstr ""
23046
23047
#: serverguide/C/databases.xml:135(command)
23048
msgid "sudo apt-get install mysql-doc-5.0"
23049
msgstr ""
23050
23051
#: serverguide/C/databases.xml:137(para)
23052
msgid ""
23053
"The documentation is in HTML format, to view them enter "
23054
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
23055
"chapter/index.html</command> in your browser's address bar."
23056
msgstr ""
23057
23058
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
23059
msgid ""
23060
"For general SQL information see <ulink "
23061
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
23062
"Special Edition</ulink> by Rafe Colburn."
23063
msgstr ""
23064
23065
#: serverguide/C/databases.xml:149(para)
23066
msgid ""
23067
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
23068
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
23069
msgstr ""
23070
23071
#: serverguide/C/databases.xml:158(para)
23072
msgid ""
23073
"PostgreSQL is an object-relational database system that has the features of "
23074
"traditional commercial database systems with enhancements to be found in "
23075
"next-generation DBMS systems."
23076
msgstr ""
23077
23078
#: serverguide/C/databases.xml:165(para)
23079
msgid ""
23080
"To install PostgreSQL, run the following command in the command prompt:"
23081
msgstr ""
23082
23083
#: serverguide/C/databases.xml:172(command)
23084
msgid "sudo apt-get install postgresql"
23085
msgstr ""
23086
23087
#: serverguide/C/databases.xml:176(para)
23088
msgid ""
23089
"Once the installation is complete, you should configure the PostgreSQL "
23090
"server based on your needs, although the default configuration is viable."
23091
msgstr ""
23092
23093
#: serverguide/C/databases.xml:184(para)
23094
msgid ""
23095
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
23096
"client authentication methods. By default, IDENT authentication method is "
23097
"used for <application>postgres</application> and local users. Please refer "
23098
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
23099
"PostgreSQL Administrator's Guide</ulink>."
23100
msgstr ""
23101
23102
#: serverguide/C/databases.xml:191(para)
23103
msgid ""
23104
"The following discussion assumes that you wish to enable TCP/IP connections "
23105
"and use the MD5 method for client authentication. PostgreSQL configuration "
23106
"files are stored in the "
23107
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
23108
"example, if you install PostgreSQL 8.4, the configuration files are stored "
23109
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
23110
msgstr ""
23111
23112
#: serverguide/C/databases.xml:201(para)
23113
msgid ""
23114
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
23115
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
23116
msgstr ""
23117
23118
#: serverguide/C/databases.xml:208(para)
23119
msgid ""
23120
"To enable TCP/IP connections, edit the file "
23121
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
23122
msgstr ""
23123
23124
#: serverguide/C/databases.xml:210(para)
23125
msgid ""
23126
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
23127
"change it to:"
23128
msgstr ""
23129
23130
#: serverguide/C/databases.xml:213(programlisting)
23131
#, no-wrap
23132
msgid ""
23133
"\n"
23134
"listen_addresses = 'localhost'\n"
23135
msgstr ""
23136
23137
#: serverguide/C/databases.xml:217(para)
23138
msgid ""
23139
"To allow other computers to connect to your "
23140
"<application>PostgreSQL</application> server replace 'localhost' with the "
23141
"<emphasis>IP Address</emphasis> of your server."
23142
msgstr ""
23143
23144
#: serverguide/C/databases.xml:222(para)
23145
msgid ""
23146
"You may also edit all other parameters, if you know what you are doing! For "
23147
"details, refer to the configuration file or to the PostgreSQL documentation."
23148
msgstr ""
23149
23150
#: serverguide/C/databases.xml:227(para)
23151
msgid ""
23152
"Now that we can connect to our <application>PostgreSQL</application> server, "
23153
"the next step is to set a password for the <emphasis>postgres</emphasis> "
23154
"user. Run the following command at a terminal prompt to connect to the "
23155
"default PostgreSQL template database:"
23156
msgstr ""
23157
23158
#: serverguide/C/databases.xml:234(command)
23159
msgid "sudo -u postgres psql template1"
23160
msgstr ""
23161
23162
#: serverguide/C/databases.xml:236(para)
23163
msgid ""
23164
"The above command connects to PostgreSQL database "
23165
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
23166
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
23167
"run the following SQL command at the <application>psql</application> prompt "
23168
"to configure the password for the user <emphasis "
23169
"role=\"italics\">postgres</emphasis>."
23170
msgstr ""
23171
23172
#: serverguide/C/databases.xml:244(command)
23173
msgid "ALTER USER postgres with encrypted password 'your_password';"
23174
msgstr ""
23175
23176
#: serverguide/C/databases.xml:246(para)
23177
msgid ""
23178
"After configuring the password, edit the file "
23179
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
23180
"<emphasis>MD5</emphasis> authentication with the "
23181
"<emphasis>postgres</emphasis> user:"
23182
msgstr ""
23183
23184
#: serverguide/C/databases.xml:252(programlisting)
23185
#, no-wrap
23186
msgid ""
23187
"\n"
23188
"local all postgres md5\n"
23189
msgstr ""
23190
23191
#: serverguide/C/databases.xml:256(para)
23192
msgid ""
23193
"Finally, you should restart the <application>PostgreSQL</application> "
23194
"service to initialize the new configuration. From a terminal prompt enter "
23195
"the following to restart <application>PostgreSQL</application>:"
23196
msgstr ""
23197
23198
#: serverguide/C/databases.xml:262(command)
23199
msgid "sudo /etc/init.d/postgresql-8.4 restart"
23200
msgstr ""
23201
23202
#: serverguide/C/databases.xml:265(para)
23203
msgid ""
23204
"The above configuration is not complete by any means. Please refer <ulink "
23205
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
23206
"Administrator's Guide</ulink> to configure more parameters."
23207
msgstr ""
23208
23209
#: serverguide/C/databases.xml:276(para)
23210
msgid ""
23211
"As mentioned above the <ulink "
23212
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
23213
"Guide</ulink> is an excellent resource. The guide is also available in the "
23214
"<application>postgresql-doc-8.4</application> package. Execute the following "
23215
"in a terminal to install the package:"
23216
msgstr ""
23217
23218
#: serverguide/C/databases.xml:282(command)
23219
msgid "sudo apt-get install postgresql-doc-8.4"
23220
msgstr ""
23221
23222
#: serverguide/C/databases.xml:284(para)
23223
msgid ""
23224
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23225
"8.4/html/index.html</command> into the address bar of your browser."
23226
msgstr ""
23227
23228
#: serverguide/C/databases.xml:296(para)
23229
msgid ""
23230
"Also, see the <ulink "
23231
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23232
"Wiki</ulink> page for more information."
23233
msgstr ""
23234
23235
#: serverguide/C/clustering.xml:13(title)
23236
msgid "Clustering"
23237
msgstr ""
23238
23239
#: serverguide/C/clustering.xml:16(title)
23240
msgid "DRBD"
23241
msgstr ""
23242
23243
#: serverguide/C/clustering.xml:18(para)
23244
msgid ""
23245
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
23246
"multiple hosts. The replication is transparent to other applications on the "
23247
"host systems. Any block device hard disks, partitions, RAID devices, logical "
23248
"volumes, etc can be mirrored."
23249
msgstr ""
23250
23251
#: serverguide/C/clustering.xml:24(para)
23252
msgid ""
23253
"To get started using <application>drbd</application>, first install the "
23254
"necessary packages. From a terminal enter:"
23255
msgstr ""
23256
23257
#: serverguide/C/clustering.xml:29(command)
23258
msgid "sudo apt-get install drbd8-utils"
23259
msgstr ""
23260
23261
#: serverguide/C/clustering.xml:33(para)
23262
msgid ""
23263
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
23264
"virtual machine you will need to manually compile the "
23265
"<application>drbd</application> module. It may be easier to install the "
23266
"<application>linux-server</application> package inside the virtual machine."
23267
msgstr ""
23268
23269
#: serverguide/C/clustering.xml:40(para)
23270
msgid ""
23271
"This section covers setting up a <application>drbd</application> to "
23272
"replicate a separate <filename>/srv</filename> partition, with an "
23273
"<application>ext3</application> filesystem between two hosts. The partition "
23274
"size is not particularly relevant, but both partitions need to be the same "
23275
"size."
23276
msgstr ""
23277
23278
#: serverguide/C/clustering.xml:49(para)
23279
msgid ""
23280
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
23281
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
23282
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
23283
"See <xref linkend=\"dns\"/> for details."
23284
msgstr ""
23285
23286
#: serverguide/C/clustering.xml:57(para)
23287
msgid ""
23288
"To configure <application>drbd</application>, on the first host edit "
23289
"<filename>/etc/drbd.conf</filename>:"
23290
msgstr ""
23291
23292
#: serverguide/C/clustering.xml:61(programlisting)
23293
#, no-wrap
23294
msgid ""
23295
"\n"
23296
"global { usage-count no; }\n"
23297
"common { syncer { rate 100M; } }\n"
23298
"resource r0 {\n"
23299
" protocol C;\n"
23300
" startup {\n"
23301
" wfc-timeout 15;\n"
23302
" degr-wfc-timeout 60;\n"
23303
" }\n"
23304
" net {\n"
23305
" cram-hmac-alg sha1;\n"
23306
" shared-secret \"secret\";\n"
23307
" }\n"
23308
" on drbd01 {\n"
23309
" device /dev/drbd0;\n"
23310
" disk /dev/sdb1;\n"
23311
" address 192.168.0.1:7788;\n"
23312
" meta-disk internal;\n"
23313
" }\n"
23314
" on drbd02 {\n"
23315
" device /dev/drbd0;\n"
23316
" disk /dev/sdb1;\n"
23317
" address 192.168.0.2:7788;\n"
23318
" meta-disk internal;\n"
23319
" }\n"
23320
"} \n"
23321
msgstr ""
23322
23323
#: serverguide/C/clustering.xml:90(para)
23324
msgid ""
23325
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
23326
"this example their default values are fine."
23327
msgstr ""
23328
23329
#: serverguide/C/clustering.xml:98(para)
23330
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
23331
msgstr ""
23332
23333
#: serverguide/C/clustering.xml:103(command)
23334
msgid "scp /etc/drbd.conf drbd02:~"
23335
msgstr ""
23336
23337
#: serverguide/C/clustering.xml:109(para)
23338
msgid ""
23339
"And, on <emphasis>drbd02</emphasis> move the file to "
23340
"<filename>/etc</filename>:"
23341
msgstr ""
23342
23343
#: serverguide/C/clustering.xml:114(command)
23344
msgid "sudo mv drbd.conf /etc/"
23345
msgstr ""
23346
23347
#: serverguide/C/clustering.xml:120(para)
23348
msgid ""
23349
"Next, on both hosts, start the <application>drbd</application> daemon:"
23350
msgstr ""
23351
23352
#: serverguide/C/clustering.xml:125(command)
23353
msgid "sudo /etc/init.d/drbd start"
23354
msgstr ""
23355
23356
#: serverguide/C/clustering.xml:131(para)
23357
msgid ""
23358
"Now using the <application>drbdadm</application> utility initialize the meta "
23359
"data storage. On each server execute:"
23360
msgstr ""
23361
23362
#: serverguide/C/clustering.xml:137(command)
23363
msgid "sudo drbdadm create-md r0"
23364
msgstr ""
23365
23366
#: serverguide/C/clustering.xml:143(para)
23367
msgid ""
23368
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
23369
"primary, enter the following:"
23370
msgstr ""
23371
23372
#: serverguide/C/clustering.xml:148(command)
23373
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
23374
msgstr ""
23375
23376
#: serverguide/C/clustering.xml:154(para)
23377
msgid ""
23378
"After executing the above command, the data will start syncing with the "
23379
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
23380
"the following:"
23381
msgstr ""
23382
23383
#: serverguide/C/clustering.xml:160(command)
23384
msgid "watch -n1 cat /proc/drbd"
23385
msgstr ""
23386
23387
#: serverguide/C/clustering.xml:163(para)
23388
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
23389
msgstr ""
23390
23391
#: serverguide/C/clustering.xml:170(para)
23392
msgid ""
23393
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
23394
msgstr ""
23395
23396
#: serverguide/C/clustering.xml:175(command)
23397
msgid "sudo mkfs.ext3 /dev/drbd0"
23398
msgstr ""
23399
23400
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
23401
msgid "sudo mount /dev/drbd0 /srv"
23402
msgstr ""
23403
23404
#: serverguide/C/clustering.xml:186(para)
23405
msgid ""
23406
"To test that the data is actually syncing between the hosts copy some files "
23407
"on the <emphasis>drbd01</emphasis>, the primary, to "
23408
"<filename>/srv</filename>:"
23409
msgstr ""
23410
23411
#: serverguide/C/clustering.xml:195(para)
23412
msgid "Next, unmount <filename>/srv</filename>:"
23413
msgstr ""
23414
23415
#: serverguide/C/clustering.xml:203(para)
23416
msgid ""
23417
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
23418
"<emphasis>secondary</emphasis> role:"
23419
msgstr ""
23420
23421
#: serverguide/C/clustering.xml:208(command)
23422
msgid "sudo drbdadm secondary r0"
23423
msgstr ""
23424
23425
#: serverguide/C/clustering.xml:211(para)
23426
msgid ""
23427
"Now on the <emphasis>secondary</emphasis> server "
23428
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
23429
msgstr ""
23430
23431
#: serverguide/C/clustering.xml:216(command)
23432
msgid "sudo drbdadm primary r0"
23433
msgstr ""
23434
23435
#: serverguide/C/clustering.xml:219(para)
23436
msgid "Lastly, mount the partition:"
23437
msgstr ""
23438
23439
#: serverguide/C/clustering.xml:227(para)
23440
msgid ""
23441
"Using <emphasis>ls</emphasis> you should see "
23442
"<filename>/srv/default</filename> copied from the former "
23443
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
23444
msgstr ""
23445
23446
#: serverguide/C/clustering.xml:238(para)
23447
msgid ""
23448
"For more information on <application>DRBD</application> see the <ulink "
23449
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
23450
msgstr ""
23451
23452
#: serverguide/C/clustering.xml:243(para)
23453
msgid ""
23454
"The <ulink "
23455
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
23456
">drbd.conf man page</ulink> contains details on the options not covered in "
23457
"this guide."
23458
msgstr ""
23459
23460
#: serverguide/C/clustering.xml:249(para)
23461
msgid ""
23462
"Also, see the <ulink "
23463
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
23464
"rbdadm man page</ulink>."
23465
msgstr ""
23466
23467
#: serverguide/C/clustering.xml:254(para)
23468
msgid ""
23469
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23470
"Wiki</ulink> page also has more information."
23471
msgstr ""
23472
23473
#: serverguide/C/chat.xml:13(title)
23474
msgid "Chat Applications"
23475
msgstr ""
23476
23477
#: serverguide/C/chat.xml:19(para)
23478
msgid ""
23479
"In this section, we will discuss how to install and configure a IRC server, "
23480
"<application>ircd-irc2</application>. We will also discuss how to install "
23481
"and configure Jabber, an instance messaging server."
23482
msgstr ""
23483
23484
#: serverguide/C/chat.xml:28(title)
23485
msgid "IRC Server"
23486
msgstr ""
23487
23488
#: serverguide/C/chat.xml:30(para)
23489
msgid ""
23490
"The Ubuntu repository has many Internet Relay Chat servers. This section "
23491
"explains how to install and configure the original IRC server "
23492
"<application>ircd-irc2</application>."
23493
msgstr ""
23494
23495
#: serverguide/C/chat.xml:39(para)
23496
msgid ""
23497
"To install <application>ircd-irc2</application>, run the following command "
23498
"in the command prompt:"
23499
msgstr ""
23500
23501
#: serverguide/C/chat.xml:45(command)
23502
msgid "sudo apt-get install ircd-irc2"
23503
msgstr ""
23504
23505
#: serverguide/C/chat.xml:48(para)
23506
msgid ""
23507
"The configuration files are stored in <filename>/etc/ircd</filename> "
23508
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
23509
"irc2</filename> directory."
23510
msgstr ""
23511
23512
#: serverguide/C/chat.xml:59(para)
23513
msgid ""
23514
"The IRC settings can be done in the configuration file "
23515
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23516
"this file by editing the following line:"
23517
msgstr ""
23518
23519
#: serverguide/C/chat.xml:64(programlisting)
23520
#, no-wrap
23521
msgid ""
23522
"\n"
23523
"M:irc.localhost::Debian ircd default configuration::000A\n"
23524
msgstr ""
23525
23526
#: serverguide/C/chat.xml:68(para)
23527
msgid ""
23528
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23529
"you set irc.livecipher.com as IRC host name, please make sure "
23530
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23531
"name should not be same as the host name."
23532
msgstr ""
23533
23534
#: serverguide/C/chat.xml:75(para)
23535
msgid ""
23536
"The IRC admin details can be configured by editing the following line:"
23537
msgstr ""
23538
23539
#: serverguide/C/chat.xml:80(programlisting)
23540
#, no-wrap
23541
msgid ""
23542
"\n"
23543
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23544
"Server::IRCnet:\n"
23545
msgstr ""
23546
23547
#: serverguide/C/chat.xml:84(para)
23548
msgid ""
23549
"You should add specific lines to configure the list of IRC ports to listen "
23550
"on, to configure Operator credentials, to configure client authentication, "
23551
"etc. For details, please refer to the example configuration file "
23552
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23553
msgstr ""
23554
23555
#: serverguide/C/chat.xml:92(para)
23556
msgid ""
23557
"The IRC banner to be displayed in the IRC client, when the user connects to "
23558
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23559
msgstr ""
23560
23561
#: serverguide/C/chat.xml:97(para)
23562
msgid ""
23563
"After making necessary changes to the configuration file, you can restart "
23564
"the IRC server using following command:"
23565
msgstr ""
23566
23567
#: serverguide/C/chat.xml:101(programlisting)
23568
#, no-wrap
23569
msgid ""
23570
"\n"
23571
"sudo /etc/init.d/ircd-irc2 restart\n"
23572
msgstr ""
23573
23574
#: serverguide/C/chat.xml:109(para)
23575
msgid ""
23576
"You may also be interested to take a look at other IRC servers available in "
23577
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23578
"<application>ircd-hybrid</application>."
23579
msgstr ""
23580
23581
#: serverguide/C/chat.xml:117(para)
23582
msgid ""
23583
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23584
"FAQ</ulink> for more details about the IRC Server."
23585
msgstr ""
23586
23587
#: serverguide/C/chat.xml:124(para)
23588
msgid ""
23589
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23590
"IRCD</ulink> page has more information."
23591
msgstr ""
23592
23593
#: serverguide/C/chat.xml:132(title)
23594
msgid "Jabber Instant Messaging Server"
23595
msgstr ""
23596
23597
#: serverguide/C/chat.xml:134(para)
23598
msgid ""
23599
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23600
"XMPP, an open standard for instant messaging, and used by many popular "
23601
"applications. This section covers setting up a <emphasis>Jabberd "
23602
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23603
"to providing messaging services to users over the Internet."
23604
msgstr ""
23605
23606
#: serverguide/C/chat.xml:143(para)
23607
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23608
msgstr ""
23609
23610
#: serverguide/C/chat.xml:148(command)
23611
msgid "sudo apt-get install jabberd2"
23612
msgstr ""
23613
23614
#: serverguide/C/chat.xml:155(para)
23615
msgid ""
23616
"A couple of XML configuration files will be used to configure "
23617
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23618
"authentication. This is a very simple form of authentication. However, "
23619
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23620
"Postgresql, etc for for user authentication."
23621
msgstr ""
23622
23623
#: serverguide/C/chat.xml:162(para)
23624
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23625
msgstr ""
23626
23627
#: serverguide/C/chat.xml:166(programlisting)
23628
#, no-wrap
23629
msgid ""
23630
"\n"
23631
" <id>jabber.example.com</id>\n"
23632
msgstr ""
23633
23634
#: serverguide/C/chat.xml:171(para)
23635
msgid ""
23636
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23637
"id, of your server."
23638
msgstr ""
23639
23640
#: serverguide/C/chat.xml:176(para)
23641
msgid "Now in the <storage> section change the <driver> to:"
23642
msgstr ""
23643
23644
#: serverguide/C/chat.xml:180(programlisting)
23645
#, no-wrap
23646
msgid ""
23647
"\n"
23648
" <driver>db</driver>\n"
23649
msgstr ""
23650
23651
#: serverguide/C/chat.xml:184(para)
23652
msgid ""
23653
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23654
"<emphasis><local></emphasis> section change:"
23655
msgstr ""
23656
23657
#: serverguide/C/chat.xml:188(programlisting)
23658
#, no-wrap
23659
msgid ""
23660
"\n"
23661
" <id>jabber.example.com</id>\n"
23662
msgstr ""
23663
23664
#: serverguide/C/chat.xml:192(para)
23665
msgid ""
23666
"And in the <authreg> section adjust the <module> section to:"
23667
msgstr ""
23668
23669
#: serverguide/C/chat.xml:196(programlisting)
23670
#, no-wrap
23671
msgid ""
23672
"\n"
23673
" <module>db</module>\n"
23674
msgstr ""
23675
23676
#: serverguide/C/chat.xml:200(para)
23677
msgid ""
23678
"Finally, restart <application>jabberd2</application> to enable the new "
23679
"settings:"
23680
msgstr ""
23681
23682
#: serverguide/C/chat.xml:205(command)
23683
msgid "sudo /etc/init.d/jabberd2 restart"
23684
msgstr ""
23685
23686
#: serverguide/C/chat.xml:208(para)
23687
msgid ""
23688
"You should now be able to connect to the server using a Jabber client like "
23689
"<application>Pidgin</application> for example."
23690
msgstr ""
23691
23692
#: serverguide/C/chat.xml:213(para)
23693
msgid ""
23694
"The advantage of using Berkeley DB for user data is that after being "
23695
"configured no additional maintenance is required. If you need more control "
23696
"over user accounts and credentials another authentication method is "
23697
"recommended."
23698
msgstr ""
23699
23700
#: serverguide/C/chat.xml:225(para)
23701
msgid ""
23702
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23703
"Site</ulink> contains more details on configuring "
23704
"<application>Jabberd2</application>."
23705
msgstr ""
23706
23707
#: serverguide/C/chat.xml:231(para)
23708
msgid ""
23709
"For more authentication options see the <ulink "
23710
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23711
"Guide</ulink>."
23712
msgstr ""
23713
23714
#: serverguide/C/chat.xml:236(para)
23715
msgid ""
23716
"Also, the <ulink "
23717
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23718
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23719
msgstr ""
23720
23721
#: serverguide/C/backups.xml:13(title)
23722
msgid "Backups"
23723
msgstr ""
23724
23725
#: serverguide/C/backups.xml:14(para)
23726
msgid ""
23727
"There are many ways to backup an Ubuntu installation. The most important "
23728
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23729
"consisting of what to backup, where to back it up to, and how to restore it."
23730
msgstr ""
23731
23732
#: serverguide/C/backups.xml:18(para)
23733
msgid ""
23734
"The following sections discuss various ways of accomplishing these tasks."
23735
msgstr ""
23736
23737
#: serverguide/C/backups.xml:22(title)
23738
msgid "Shell Scripts"
23739
msgstr ""
23740
23741
#: serverguide/C/backups.xml:23(para)
23742
msgid ""
23743
"One of the simplest ways to backup a system is using a <emphasis>shell "
23744
"script</emphasis>. For example, a script can be used to configure which "
23745
"directories to backup, and use those directories as arguments to the "
23746
"<application>tar</application> utility creating an archive file. The archive "
23747
"file can then be moved or copied to another location. The archive can also "
23748
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23749
msgstr ""
23750
23751
#: serverguide/C/backups.xml:29(para)
23752
msgid ""
23753
"The <application>tar</application> utility creates one archive file out of "
23754
"many files or directories. <application>tar</application> can also filter "
23755
"the files through compression utilities reducing the size of the archive "
23756
"file."
23757
msgstr ""
23758
23759
#: serverguide/C/backups.xml:35(title)
23760
msgid "Simple Shell Script"
23761
msgstr ""
23762
23763
#: serverguide/C/backups.xml:36(para)
23764
msgid ""
23765
"The following shell script uses <application>tar</application> to create an "
23766
"archive file on a remotely mounted NFS file system. The archive filename is "
23767
"determined using additional command line utilities."
23768
msgstr ""
23769
23770
#: serverguide/C/backups.xml:40(programlisting)
23771
#, no-wrap
23772
msgid ""
23773
"\n"
23774
"#!/bin/sh\n"
23775
"####################################\n"
23776
"#\n"
23777
"# Backup to NFS mount script.\n"
23778
"#\n"
23779
"####################################\n"
23780
"\n"
23781
"# What to backup. \n"
23782
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23783
"\n"
23784
"# Where to backup to.\n"
23785
"dest=\"/mnt/backup\"\n"
23786
"\n"
23787
"# Create archive filename.\n"
23788
"day=$(date +%A)\n"
23789
"hostname=$(hostname -s)\n"
23790
"archive_file=\"$hostname-$day.tgz\"\n"
23791
"\n"
23792
"# Print start status message.\n"
23793
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23794
"date\n"
23795
"echo\n"
23796
"\n"
23797
"# Backup the files using tar.\n"
23798
"tar czf $dest/$archive_file $backup_files\n"
23799
"\n"
23800
"# Print end status message.\n"
23801
"echo\n"
23802
"echo \"Backup finished\"\n"
23803
"date\n"
23804
"\n"
23805
"# Long listing of files in $dest to check file sizes.\n"
23806
"ls -lh $dest\n"
23807
msgstr ""
23808
23809
#: serverguide/C/backups.xml:77(para)
23810
msgid ""
23811
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23812
"would like to backup. The list should be customized to fit your needs."
23813
msgstr ""
23814
23815
#: serverguide/C/backups.xml:83(para)
23816
msgid ""
23817
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23818
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23819
"day of the week, giving a backup history of seven days. There are other ways "
23820
"to accomplish this including other ways using the "
23821
"<application>date</application> utility."
23822
msgstr ""
23823
23824
#: serverguide/C/backups.xml:90(para)
23825
msgid ""
23826
"<emphasis>$hostname:</emphasis> variable containing the "
23827
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23828
"archive filename gives you the option of placing daily archive files from "
23829
"multiple systems in the same directory."
23830
msgstr ""
23831
23832
#: serverguide/C/backups.xml:97(para)
23833
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23834
msgstr ""
23835
23836
#: serverguide/C/backups.xml:102(para)
23837
msgid ""
23838
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23839
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23840
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23841
"details using <emphasis>NFS</emphasis>."
23842
msgstr ""
23843
23844
#: serverguide/C/backups.xml:109(para)
23845
msgid ""
23846
"<emphasis>status messages:</emphasis> optional messages printed to the "
23847
"console using the <application>echo</application> utility."
23848
msgstr ""
23849
23850
#: serverguide/C/backups.xml:115(para)
23851
msgid ""
23852
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23853
"<application>tar</application> command used to create the archive file."
23854
msgstr ""
23855
23856
#: serverguide/C/backups.xml:121(para)
23857
msgid "<emphasis>c:</emphasis> creates an archive."
23858
msgstr ""
23859
23860
#: serverguide/C/backups.xml:126(para)
23861
msgid ""
23862
"<emphasis>z:</emphasis> filter the archive through the "
23863
"<application>gzip</application> utility compressing the archive."
23864
msgstr ""
23865
23866
#: serverguide/C/backups.xml:131(para)
23867
msgid ""
23868
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23869
"<application>tar</application> output will be sent to STDOUT."
23870
msgstr ""
23871
23872
#: serverguide/C/backups.xml:138(para)
23873
msgid ""
23874
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23875
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23876
"of the destination directory. This is useful for a quick file size check of "
23877
"the archive file. This check should not replace testing the archive file."
23878
msgstr ""
23879
23880
#: serverguide/C/backups.xml:145(para)
23881
msgid ""
23882
"This is a simple example of a backup shell script. There are large amount of "
23883
"options that can be included in a backup script. See <xref linkend=\"backup-"
23884
"shellscript-references\"/> for links to resources providing more in depth "
23885
"shell scripting information."
23886
msgstr ""
23887
23888
#: serverguide/C/backups.xml:152(title)
23889
msgid "Executing the Script"
23890
msgstr ""
23891
23892
#: serverguide/C/backups.xml:154(title)
23893
msgid "Executing from a Terminal"
23894
msgstr ""
23895
23896
#: serverguide/C/backups.xml:155(para)
23897
msgid ""
23898
"The simplest way of executing the above backup script is to copy and paste "
23899
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23900
"from a terminal prompt:"
23901
msgstr ""
23902
23903
#: serverguide/C/backups.xml:160(command)
23904
msgid "sudo bash backup.sh"
23905
msgstr ""
23906
23907
#: serverguide/C/backups.xml:162(para)
23908
msgid ""
23909
"This is a great way to test the script to make sure everything works as "
23910
"expected."
23911
msgstr ""
23912
23913
#: serverguide/C/backups.xml:167(title)
23914
msgid "Executing with cron"
23915
msgstr ""
23916
23917
#: serverguide/C/backups.xml:168(para)
23918
msgid ""
23919
"The <application>cron</application> utility can be used to automate the "
23920
"script execution. The <application>cron</application> daemon allows the "
23921
"execution of scripts, or commands, at a specified time and date."
23922
msgstr ""
23923
23924
#: serverguide/C/backups.xml:172(para)
23925
msgid ""
23926
"<application>cron</application> is configured through entries in a "
23927
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23928
"separated into fields:"
23929
msgstr ""
23930
23931
#: serverguide/C/backups.xml:176(programlisting)
23932
#, no-wrap
23933
msgid ""
23934
"\n"
23935
"# m h dom mon dow command\n"
23936
msgstr ""
23937
23938
#: serverguide/C/backups.xml:181(para)
23939
msgid ""
23940
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23941
msgstr ""
23942
23943
#: serverguide/C/backups.xml:186(para)
23944
msgid ""
23945
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23946
msgstr ""
23947
23948
#: serverguide/C/backups.xml:191(para)
23949
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23950
msgstr ""
23951
23952
#: serverguide/C/backups.xml:196(para)
23953
msgid ""
23954
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23955
msgstr ""
23956
23957
#: serverguide/C/backups.xml:201(para)
23958
msgid ""
23959
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23960
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23961
"valid."
23962
msgstr ""
23963
23964
#: serverguide/C/backups.xml:206(para)
23965
msgid "<emphasis>command:</emphasis> the command to execute."
23966
msgstr ""
23967
23968
#: serverguide/C/backups.xml:211(para)
23969
msgid ""
23970
"To add or change entries in a <filename>crontab</filename> file the "
23971
"<application>crontab -e</application> command should be used. Also, the "
23972
"contents of a <filename>crontab</filename> file can be viewed using the "
23973
"<application>crontab -l</application> command."
23974
msgstr ""
23975
23976
#: serverguide/C/backups.xml:215(para)
23977
msgid ""
23978
"To execute the <application>backup.sh</application> script listed above "
23979
"using <application>cron</application>. Enter the following from a terminal "
23980
"prompt:"
23981
msgstr ""
23982
23983
#: serverguide/C/backups.xml:220(command)
23984
msgid "sudo crontab -e"
23985
msgstr ""
23986
23987
#: serverguide/C/backups.xml:223(para)
23988
msgid ""
23989
"Using <application>sudo</application> with the <application>crontab -"
23990
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23991
"This is necessary if you are backing up directories only the root user has "
23992
"access to."
23993
msgstr ""
23994
23995
#: serverguide/C/backups.xml:228(para)
23996
msgid "Add the following entry to the <filename>crontab</filename> file:"
23997
msgstr ""
23998
23999
#: serverguide/C/backups.xml:231(programlisting)
24000
#, no-wrap
24001
msgid ""
24002
"\n"
24003
"# m h dom mon dow command\n"
24004
"0 0 * * * bash /usr/local/bin/backup.sh\n"
24005
msgstr ""
24006
24007
#: serverguide/C/backups.xml:235(para)
24008
msgid ""
24009
"The <application>backup.sh</application> script will now be executed every "
24010
"day at 12:00 am."
24011
msgstr ""
24012
24013
#: serverguide/C/backups.xml:239(para)
24014
msgid ""
24015
"The <application>backup.sh</application> script will need to be copied to "
24016
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
24017
"to execute properly. The script can reside anywhere on the file system "
24018
"simply change the script path appropriately."
24019
msgstr ""
24020
24021
#: serverguide/C/backups.xml:244(para)
24022
msgid ""
24023
"For more in depth <application>crontab</application> options see <xref "
24024
"linkend=\"backup-shellscript-references\"/>."
24025
msgstr ""
24026
24027
#: serverguide/C/backups.xml:250(title)
24028
msgid "Restoring from the Archive"
24029
msgstr ""
24030
24031
#: serverguide/C/backups.xml:251(para)
24032
msgid ""
24033
"Once an archive has been created it is important to test the archive. The "
24034
"archive can be tested by listing the files it contains, but the best test is "
24035
"to <emphasis>restore</emphasis> a file from the archive."
24036
msgstr ""
24037
24038
#: serverguide/C/backups.xml:257(para)
24039
msgid "To see a listing of the archive contents. From a terminal prompt:"
24040
msgstr ""
24041
24042
#: serverguide/C/backups.xml:261(command)
24043
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
24044
msgstr ""
24045
24046
#: serverguide/C/backups.xml:265(para)
24047
msgid "To restore a file from the archive to a different directory enter:"
24048
msgstr ""
24049
24050
#: serverguide/C/backups.xml:269(command)
24051
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
24052
msgstr ""
24053
24054
#: serverguide/C/backups.xml:271(para)
24055
msgid ""
24056
"The <emphasis>-C</emphasis> option to <application>tar</application> "
24057
"redirects the extracted files to the specified directory. The above example "
24058
"will extract the <filename>/etc/hosts</filename> file to "
24059
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
24060
"recreates the directory structure that it contains."
24061
msgstr ""
24062
24063
#: serverguide/C/backups.xml:276(para)
24064
msgid ""
24065
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
24066
"the file to restore."
24067
msgstr ""
24068
24069
#: serverguide/C/backups.xml:281(para)
24070
msgid "To restore all files in the archive enter the following:"
24071
msgstr ""
24072
24073
#: serverguide/C/backups.xml:285(command)
24074
msgid "cd /"
24075
msgstr ""
24076
24077
#: serverguide/C/backups.xml:286(command)
24078
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
24079
msgstr ""
24080
24081
#: serverguide/C/backups.xml:291(para)
24082
msgid "This will overwrite the files currently on the file system."
24083
msgstr ""
24084
24085
#: serverguide/C/backups.xml:300(para)
24086
msgid ""
24087
"For more information on shell scripting see the <ulink "
24088
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
24089
msgstr ""
24090
24091
#: serverguide/C/backups.xml:305(para)
24092
msgid ""
24093
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
24094
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
24095
"great resource for shell scripting."
24096
msgstr ""
24097
24098
#: serverguide/C/backups.xml:311(para)
24099
msgid ""
24100
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
24101
"Wiki Page</ulink> contains details on advanced "
24102
"<application>cron</application> options."
24103
msgstr ""
24104
24105
#: serverguide/C/backups.xml:318(para)
24106
msgid ""
24107
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
24108
"tar Manual</ulink> for more <application>tar</application> options."
24109
msgstr ""
24110
24111
#: serverguide/C/backups.xml:324(para)
24112
msgid ""
24113
"The Wikipedia <ulink "
24114
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
24115
"Scheme</ulink> article contains information on other backup rotation schemes."
24116
msgstr ""
24117
24118
#: serverguide/C/backups.xml:330(para)
24119
msgid ""
24120
"The shell script uses <application>tar</application> to create the archive, "
24121
"but there many other command line utilities that can be used. For example:"
24122
msgstr ""
24123
24124
#: serverguide/C/backups.xml:336(para)
24125
msgid ""
24126
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
24127
"files to and from archives."
24128
msgstr ""
24129
24130
#: serverguide/C/backups.xml:341(para)
24131
msgid ""
24132
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
24133
"the <application>coreutils</application> package. A low level utility that "
24134
"can copy data from one format to another"
24135
msgstr ""
24136
24137
#: serverguide/C/backups.xml:347(para)
24138
msgid ""
24139
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
24140
"snap shot utility used to create copies of an entire file system."
24141
msgstr ""
24142
24143
#: serverguide/C/backups.xml:358(title)
24144
msgid "Archive Rotation"
24145
msgstr ""
24146
24147
#: serverguide/C/backups.xml:359(para)
24148
msgid ""
24149
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
24150
"allows for seven different archives. For a server whose data doesn't change "
24151
"often this may be enough. If the server has a large amount of data a more "
24152
"robust rotation scheme should be used."
24153
msgstr ""
24154
24155
#: serverguide/C/backups.xml:365(title)
24156
msgid "Rotating NFS Archives"
24157
msgstr ""
24158
24159
#: serverguide/C/backups.xml:366(para)
24160
msgid ""
24161
"In this section the shell script will be slightly modified to implement a "
24162
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
24163
msgstr ""
24164
24165
#: serverguide/C/backups.xml:372(para)
24166
msgid ""
24167
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
24168
"Friday."
24169
msgstr ""
24170
24171
#: serverguide/C/backups.xml:377(para)
24172
msgid ""
24173
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
24174
"weekly backups a month."
24175
msgstr ""
24176
24177
#: serverguide/C/backups.xml:382(para)
24178
msgid ""
24179
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
24180
"rotating two monthly backups based on if the month is odd or even."
24181
msgstr ""
24182
24183
#: serverguide/C/backups.xml:388(para)
24184
msgid "Here is the new script:"
24185
msgstr ""
24186
24187
#: serverguide/C/backups.xml:391(programlisting)
24188
#, no-wrap
24189
msgid ""
24190
"\n"
24191
"#!/bin/bash\n"
24192
"####################################\n"
24193
"#\n"
24194
"# Backup to NFS mount script with\n"
24195
"# grandfather-father-son rotation.\n"
24196
"#\n"
24197
"####################################\n"
24198
"\n"
24199
"# What to backup. \n"
24200
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24201
"\n"
24202
"# Where to backup to.\n"
24203
"dest=\"/mnt/backup\"\n"
24204
"\n"
24205
"# Setup variables for the archive filename.\n"
24206
"day=$(date +%A)\n"
24207
"hostname=$(hostname -s)\n"
24208
"\n"
24209
"# Find which week of the month 1-4 it is.\n"
24210
"day_num=$(date +%d)\n"
24211
"if (( $day_num <= 7 )); then\n"
24212
" week_file=\"$hostname-week1.tgz\"\n"
24213
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
24214
" week_file=\"$hostname-week2.tgz\"\n"
24215
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
24216
" week_file=\"$hostname-week3.tgz\"\n"
24217
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
24218
" week_file=\"$hostname-week4.tgz\"\n"
24219
"fi\n"
24220
"\n"
24221
"# Find if the Month is odd or even.\n"
24222
"month_num=$(date +%m)\n"
24223
"month=$(expr $month_num % 2)\n"
24224
"if [ $month -eq 0 ]; then\n"
24225
" month_file=\"$hostname-month2.tgz\"\n"
24226
"else\n"
24227
" month_file=\"$hostname-month1.tgz\"\n"
24228
"fi\n"
24229
"\n"
24230
"# Create archive filename.\n"
24231
"if [ $day_num == 1 ]; then\n"
24232
"\tarchive_file=$month_file\n"
24233
"elif [ $day != \"Saturday\" ]; then\n"
24234
" archive_file=\"$hostname-$day.tgz\"\n"
24235
"else \n"
24236
"\tarchive_file=$week_file\n"
24237
"fi\n"
24238
"\n"
24239
"# Print start status message.\n"
24240
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24241
"date\n"
24242
"echo\n"
24243
"\n"
24244
"# Backup the files using tar.\n"
24245
"tar czf $dest/$archive_file $backup_files\n"
24246
"\n"
24247
"# Print end status message.\n"
24248
"echo\n"
24249
"echo \"Backup finished\"\n"
24250
"date\n"
24251
"\n"
24252
"# Long listing of files in $dest to check file sizes.\n"
24253
"ls -lh $dest/\n"
24254
msgstr ""
24255
24256
#: serverguide/C/backups.xml:456(para)
24257
msgid ""
24258
"The script can be executed using the same methods as in <xref "
24259
"linkend=\"backup-executing-shellscript\"/>."
24260
msgstr ""
24261
24262
#: serverguide/C/backups.xml:459(para)
24263
msgid ""
24264
"It is good practice to take backup media off site in case of a disaster. In "
24265
"the shell script example the backup media is another server providing an NFS "
24266
"share. In all likelihood taking the NFS server to another location would not "
24267
"be practical. Depending upon connection speeds it may be an option to copy "
24268
"the archive file over a WAN link to a server in another location."
24269
msgstr ""
24270
24271
#: serverguide/C/backups.xml:465(para)
24272
msgid ""
24273
"Another option is to copy the archive file to an external hard drive which "
24274
"can then be taken off site. Since the price of external hard drives continue "
24275
"to decrease it may be cost-effective to use two drives for each archive "
24276
"level. This would allow you to have one external drive attached to the "
24277
"backup server and one in another location."
24278
msgstr ""
24279
24280
#: serverguide/C/backups.xml:472(title)
24281
msgid "Tape Drives"
24282
msgstr ""
24283
24284
#: serverguide/C/backups.xml:473(para)
24285
msgid ""
24286
"A tape drive attached to the server can be used instead of a NFS share. "
24287
"Using a tape drive simplifies archive rotation, and taking the media off "
24288
"site as well."
24289
msgstr ""
24290
24291
#: serverguide/C/backups.xml:477(para)
24292
msgid ""
24293
"When using a tape drive the filename portions of the script aren't needed "
24294
"because the date is sent directly to the tape device. Some commands to "
24295
"manipulate the tape are needed. This is accomplished using "
24296
"<application>mt</application>, a magnetic tape control utility part of the "
24297
"<application>cpio</application> package."
24298
msgstr ""
24299
24300
#: serverguide/C/backups.xml:482(para)
24301
msgid "Here is the shell script modified to use a tape drive:"
24302
msgstr ""
24303
24304
#: serverguide/C/backups.xml:485(programlisting)
24305
#, no-wrap
24306
msgid ""
24307
"\n"
24308
"#!/bin/bash\n"
24309
"####################################\n"
24310
"#\n"
24311
"# Backup to tape drive script.\n"
24312
"#\n"
24313
"####################################\n"
24314
"\n"
24315
"# What to backup. \n"
24316
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24317
"\n"
24318
"# Where to backup to.\n"
24319
"dest=\"/dev/st0\"\n"
24320
"\n"
24321
"# Print start status message.\n"
24322
"echo \"Backing up $backup_files to $dest\"\n"
24323
"date\n"
24324
"echo\n"
24325
"\n"
24326
"# Make sure the tape is rewound.\n"
24327
"mt -f $dest rewind\n"
24328
"\n"
24329
"# Backup the files using tar.\n"
24330
"tar czf $dest $backup_files\n"
24331
"\n"
24332
"# Rewind and eject the tape.\n"
24333
"mt -f $dest rewoffl\n"
24334
"\n"
24335
"# Print end status message.\n"
24336
"echo\n"
24337
"echo \"Backup finished\"\n"
24338
"date\n"
24339
msgstr ""
24340
24341
#: serverguide/C/backups.xml:519(para)
24342
msgid ""
24343
"The default device name for a SCSI tape drive is "
24344
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24345
"system."
24346
msgstr ""
24347
24348
#: serverguide/C/backups.xml:524(para)
24349
msgid ""
24350
"Restoring from a tape drive is basically the same as restoring from a file. "
24351
"Simply rewind the tape and use the device path instead of a file path. For "
24352
"example to restore the <filename>/etc/hosts</filename> file to "
24353
"<filename>/tmp/etc/hosts</filename>:"
24354
msgstr ""
24355
24356
#: serverguide/C/backups.xml:529(command)
24357
msgid "mt -f /dev/st0 rewind"
24358
msgstr ""
24359
24360
#: serverguide/C/backups.xml:530(command)
24361
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24362
msgstr ""
24363
24364
#: serverguide/C/backups.xml:535(title)
24365
msgid "Bacula"
24366
msgstr ""
24367
24368
#: serverguide/C/backups.xml:536(para)
24369
msgid ""
24370
"<application>Bacula</application> is a backup program enabling you to "
24371
"backup, restore, and verify data across your network. There are Bacula "
24372
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
24373
"wide solution."
24374
msgstr ""
24375
24376
#: serverguide/C/backups.xml:542(para)
24377
msgid ""
24378
"<application>Bacula</application> is made up of several components and "
24379
"services used to manage which files to backup and where to back them up to:"
24380
msgstr ""
24381
24382
#: serverguide/C/backups.xml:548(para)
24383
msgid ""
24384
"<application>Bacula Director:</application> a service that controls all "
24385
"backup, restore, verify, and archive operations."
24386
msgstr ""
24387
24388
#: serverguide/C/backups.xml:553(para)
24389
msgid ""
24390
"<application>Bacula Console:</application> an application allowing "
24391
"communication with the Director. There are three versions of the Console:"
24392
msgstr ""
24393
24394
#: serverguide/C/backups.xml:558(para)
24395
msgid "Text based command line version."
24396
msgstr ""
24397
24398
#: serverguide/C/backups.xml:559(para)
24399
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24400
msgstr ""
24401
24402
#: serverguide/C/backups.xml:560(para)
24403
msgid "wxWidgets GUI interface."
24404
msgstr ""
24405
24406
#: serverguide/C/backups.xml:564(para)
24407
msgid ""
24408
"<application>Bacula File:</application> also known as the "
24409
"<application>Bacula Client</application> program. This application is "
24410
"installed on machines to be backed up, and is responsible for the data "
24411
"requested by the Director."
24412
msgstr ""
24413
24414
#: serverguide/C/backups.xml:570(para)
24415
msgid ""
24416
"<application>Bacula Storage:</application> the programs that perform the "
24417
"storage and recovery of data to the physical media."
24418
msgstr ""
24419
24420
#: serverguide/C/backups.xml:575(para)
24421
msgid ""
24422
"<application>Bacula Catalog:</application> is responsible for maintaining "
24423
"the file indexes and volume databases for all files backed up, enabling "
24424
"quick location and restoration of archived files. The Catalog supports three "
24425
"different databases MySQL, PostgreSQL, and SQLite."
24426
msgstr ""
24427
24428
#: serverguide/C/backups.xml:581(para)
24429
msgid ""
24430
"<application>Bacula Monitor:</application> allows the monitoring of the "
24431
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24432
"available as a GTK+ GUI application."
24433
msgstr ""
24434
24435
#: serverguide/C/backups.xml:587(para)
24436
msgid ""
24437
"These services and applications can be run on multiple servers and clients, "
24438
"or they can be installed on one machine if backing up a single disk or "
24439
"volume."
24440
msgstr ""
24441
24442
#: serverguide/C/backups.xml:594(para)
24443
msgid ""
24444
"There are multiple packages containing the different "
24445
"<application>Bacula</application> components. To install Bacula, from a "
24446
"terminal prompt enter:"
24447
msgstr ""
24448
24449
#: serverguide/C/backups.xml:599(command)
24450
msgid "sudo apt-get install bacula"
24451
msgstr ""
24452
24453
#: serverguide/C/backups.xml:601(para)
24454
msgid ""
24455
"By default installing the <application>bacula</application> package will use "
24456
"a <application>MySQL</application> database for the Catalog. If you want to "
24457
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
24458
"director-sqlite3</application> or <application>bacula-director-"
24459
"pgsql</application> respectively."
24460
msgstr ""
24461
24462
#: serverguide/C/backups.xml:607(para)
24463
msgid ""
24464
"During the install process you will be asked to supply credentials for the "
24465
"database <emphasis>administrator</emphasis> and the "
24466
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
24467
"database administrator will need to have the appropriate rights to create a "
24468
"database, see <xref linkend=\"mysql\"/> for more information."
24469
msgstr ""
24470
24471
#: serverguide/C/backups.xml:617(para)
24472
msgid ""
24473
"<application>Bacula</application> configuration files are formatted based on "
24474
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24475
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
24476
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
24477
"directory."
24478
msgstr ""
24479
24480
#: serverguide/C/backups.xml:622(para)
24481
msgid ""
24482
"The various <application>Bacula</application> components must authorize "
24483
"themselves to each other. This is accomplished using the "
24484
"<emphasis>password</emphasis> directive. For example, the "
24485
"<emphasis>Storage</emphasis> resource password in the "
24486
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
24487
"<emphasis>Director</emphasis> resource password in "
24488
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24489
msgstr ""
24490
24491
#: serverguide/C/backups.xml:628(para)
24492
msgid ""
24493
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24494
"to archive the <application>Bacula</application> Catalog. If you plan on "
24495
"using the server to backup more than one client you should change the name "
24496
"of this job to something more descriptive. To change the name edit "
24497
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24498
msgstr ""
24499
24500
#: serverguide/C/backups.xml:633(programlisting)
24501
#, no-wrap
24502
msgid ""
24503
"\n"
24504
"#\n"
24505
"# Define the main nightly save backup job\n"
24506
"# By default, this job will back up to disk in \n"
24507
"Job {\n"
24508
" Name = \"BackupServer\"\n"
24509
" JobDefs = \"DefaultJob\"\n"
24510
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24511
"}\n"
24512
msgstr ""
24513
24514
#: serverguide/C/backups.xml:644(para)
24515
msgid ""
24516
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24517
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24518
"your appropriate hostname, or other descriptive name."
24519
msgstr ""
24520
24521
#: serverguide/C/backups.xml:649(para)
24522
msgid ""
24523
"The <emphasis>Console</emphasis> can be used to query the "
24524
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24525
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24526
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24527
"the following from a terminal:"
24528
msgstr ""
24529
24530
#: serverguide/C/backups.xml:655(command)
24531
msgid "sudo adduser $username bacula"
24532
msgstr ""
24533
24534
#: serverguide/C/backups.xml:658(para)
24535
msgid ""
24536
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24537
"you are adding the current user to the group you should log out and back in "
24538
"for the new permissions to take effect."
24539
msgstr ""
24540
24541
#: serverguide/C/backups.xml:665(title)
24542
msgid "Localhost Backup"
24543
msgstr ""
24544
24545
#: serverguide/C/backups.xml:666(para)
24546
msgid ""
24547
"This section describes how to backup specified directories on a single host "
24548
"to a local tape drive."
24549
msgstr ""
24550
24551
#: serverguide/C/backups.xml:671(para)
24552
msgid ""
24553
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24554
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24555
msgstr ""
24556
24557
#: serverguide/C/backups.xml:674(programlisting)
24558
#, no-wrap
24559
msgid ""
24560
"\n"
24561
"Device {\n"
24562
" Name = \"Tape Drive\"\n"
24563
" Device Type = tape\n"
24564
" Media Type = DDS-4\n"
24565
" Archive Device = /dev/st0\n"
24566
" Hardware end of medium = No;\n"
24567
" AutomaticMount = yes; # when device opened, read it\n"
24568
" AlwaysOpen = Yes;\n"
24569
" RemovableMedia = yes;\n"
24570
" RandomAccess = no;\n"
24571
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24572
"}\n"
24573
msgstr ""
24574
24575
#: serverguide/C/backups.xml:688(para)
24576
msgid ""
24577
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24578
"Type and Archive Device to match your hardware."
24579
msgstr ""
24580
24581
#: serverguide/C/backups.xml:691(para)
24582
msgid "You could also uncomment one of the other examples in the file."
24583
msgstr ""
24584
24585
#: serverguide/C/backups.xml:696(para)
24586
msgid ""
24587
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24588
"<application>Storage</application> daemon will need to be restarted:"
24589
msgstr ""
24590
24591
#: serverguide/C/backups.xml:701(command)
24592
msgid "sudo /etc/init.d/bacula-sd restart"
24593
msgstr ""
24594
24595
#: serverguide/C/backups.xml:705(para)
24596
msgid ""
24597
"Now add a <emphasis>Storage</emphasis> resource in "
24598
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24599
msgstr ""
24600
24601
#: serverguide/C/backups.xml:708(programlisting)
24602
#, no-wrap
24603
msgid ""
24604
"\n"
24605
"# Definition of \"Tape Drive\" storage device\n"
24606
"Storage {\n"
24607
" Name = TapeDrive\n"
24608
" # Do not use \"localhost\" here \n"
24609
" Address = backupserver # N.B. Use a fully qualified name "
24610
"here\n"
24611
" SDPort = 9103\n"
24612
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24613
" Device = \"Tape Drive\"\n"
24614
" Media Type = tape\n"
24615
"}\n"
24616
msgstr ""
24617
24618
#: serverguide/C/backups.xml:720(para)
24619
msgid ""
24620
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24621
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24622
"to the actual host name."
24623
msgstr ""
24624
24625
#: serverguide/C/backups.xml:724(para)
24626
msgid ""
24627
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24628
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24629
msgstr ""
24630
24631
#: serverguide/C/backups.xml:730(para)
24632
msgid ""
24633
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24634
"directories to backup, by adding:"
24635
msgstr ""
24636
24637
#: serverguide/C/backups.xml:733(programlisting)
24638
#, no-wrap
24639
msgid ""
24640
"\n"
24641
"# LocalhostBacup FileSet.\n"
24642
"FileSet {\n"
24643
" Name = \"LocalhostFiles\"\n"
24644
" Include {\n"
24645
" Options {\n"
24646
" signature = MD5\n"
24647
" compression=GZIP\n"
24648
" }\n"
24649
" File = /etc\n"
24650
" File = /home\n"
24651
" }\n"
24652
"}\n"
24653
msgstr ""
24654
24655
#: serverguide/C/backups.xml:747(para)
24656
msgid ""
24657
"This <emphasis>FileSet</emphasis> will backup the <filename "
24658
"role=\"directory\">/etc</filename> and <filename "
24659
"role=\"directory\">/home</filename> directories. The "
24660
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24661
"create a MD5 signature for each file backed up, and to compress the files "
24662
"using GZIP."
24663
msgstr ""
24664
24665
#: serverguide/C/backups.xml:754(para)
24666
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24667
msgstr ""
24668
24669
#: serverguide/C/backups.xml:757(programlisting)
24670
#, no-wrap
24671
msgid ""
24672
"\n"
24673
"# LocalhostBackup Schedule -- Daily.\n"
24674
"Schedule {\n"
24675
" Name = \"LocalhostDaily\"\n"
24676
" Run = Full daily at 00:01\n"
24677
"}\n"
24678
msgstr ""
24679
24680
#: serverguide/C/backups.xml:764(para)
24681
msgid ""
24682
"The job will run every day at 00:01 or 12:01 am. There are many other "
24683
"scheduling options available."
24684
msgstr ""
24685
24686
#: serverguide/C/backups.xml:769(para)
24687
msgid "Finally create the <emphasis>Job</emphasis>:"
24688
msgstr ""
24689
24690
#: serverguide/C/backups.xml:772(programlisting)
24691
#, no-wrap
24692
msgid ""
24693
"\n"
24694
"# Localhost backup.\n"
24695
"Job {\n"
24696
" Name = \"LocalhostBackup\"\n"
24697
" JobDefs = \"DefaultJob\"\n"
24698
" Enabled = yes\n"
24699
" Level = Full\n"
24700
" FileSet = \"LocalhostFiles\"\n"
24701
" Schedule = \"LocalhostDaily\"\n"
24702
" Storage = TapeDrive\n"
24703
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24704
"} \n"
24705
msgstr ""
24706
24707
#: serverguide/C/backups.xml:785(para)
24708
msgid ""
24709
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24710
"drive."
24711
msgstr ""
24712
24713
#: serverguide/C/backups.xml:790(para)
24714
msgid ""
24715
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24716
"current tape does not have a label <application>Bacula</application> will "
24717
"send an email letting you know. To label a tape using the "
24718
"<application>Console</application> enter the following from a terminal:"
24719
msgstr ""
24720
24721
#: serverguide/C/backups.xml:796(command)
24722
msgid "bconsole"
24723
msgstr ""
24724
24725
#: serverguide/C/backups.xml:800(para)
24726
msgid "At the Bacula Console prompt enter:"
24727
msgstr ""
24728
24729
#: serverguide/C/backups.xml:804(command)
24730
msgid "label"
24731
msgstr ""
24732
24733
#: serverguide/C/backups.xml:808(para)
24734
msgid ""
24735
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24736
msgstr ""
24737
24738
#: serverguide/C/backups.xml:818(userinput)
24739
#, no-wrap
24740
msgid "2"
24741
msgstr ""
24742
24743
#: serverguide/C/backups.xml:812(computeroutput)
24744
#, no-wrap
24745
msgid ""
24746
"\n"
24747
"Automatically selected Catalog: MyCatalog\n"
24748
"Using Catalog \"MyCatalog\"\n"
24749
"The defined Storage resources are:\n"
24750
" 1: File\n"
24751
" 2: TapeDrive\n"
24752
"Select Storage resource (1-2):<placeholder-1/>\n"
24753
msgstr ""
24754
24755
#: serverguide/C/backups.xml:823(para)
24756
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24757
msgstr ""
24758
24759
#: serverguide/C/backups.xml:828(userinput)
24760
#, no-wrap
24761
msgid "Sunday"
24762
msgstr ""
24763
24764
#: serverguide/C/backups.xml:827(computeroutput)
24765
#, no-wrap
24766
msgid ""
24767
"\n"
24768
"Enter new Volume name: <placeholder-1/>\n"
24769
"Defined Pools:\n"
24770
" 1: Default\n"
24771
" 2: Scratch"
24772
msgstr ""
24773
24774
#: serverguide/C/backups.xml:833(para)
24775
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24776
msgstr ""
24777
24778
#: serverguide/C/backups.xml:838(para)
24779
msgid "Now, select the <emphasis>Pool</emphasis>:"
24780
msgstr ""
24781
24782
#: serverguide/C/backups.xml:843(userinput)
24783
#, no-wrap
24784
msgid "1"
24785
msgstr ""
24786
24787
#: serverguide/C/backups.xml:842(computeroutput)
24788
#, no-wrap
24789
msgid ""
24790
"\n"
24791
"Select the Pool (1-2): <placeholder-1/>\n"
24792
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24793
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24794
msgstr ""
24795
24796
#: serverguide/C/backups.xml:850(para)
24797
msgid ""
24798
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24799
"backup the localhost to an attached tape drive."
24800
msgstr ""
24801
24802
#: serverguide/C/backups.xml:858(para)
24803
msgid ""
24804
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24805
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24806
"Manual</ulink>"
24807
msgstr ""
24808
24809
#: serverguide/C/backups.xml:864(para)
24810
msgid ""
24811
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24812
"the latest Bacula news and developments."
24813
msgstr ""
24814
24815
#: serverguide/C/backups.xml:869(para)
24816
msgid ""
24817
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24818
"Ubuntu Wiki</ulink> page."
24819
msgstr ""
24820
24821
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24822
#: serverguide/C/backups.xml:0(None)
24823
msgid "translator-credits"
24824
msgstr ""
24825
"Launchpad Contributions:\n"
24826
" Alex Tourangeau https://launchpad.net/~iamthevoice2004\n"
24827
" Daniel LeBlanc https://launchpad.net/~danidou"
24828
24829
#~ msgid "sudo /etc/init.d/samba restart"
24830
#~ msgstr "sudo /etc/init.d/samba restart"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1