1
# English (United Kingdom) translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-09-14 21:00+0000\n"
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
"Language-Team: English (United Kingdom) <en_GB@li.org>\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:46+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Ubuntu Server Guide"
28
#: serverguide/C/serverguide-C.omf:9(date)
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Windows Networking"
36
#: serverguide/C/windows-networking.xml:15(para)
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
47
"Computer networks are often comprised of diverse systems, and while "
48
"operating a network made up entirely of Ubuntu desktop and server computers "
49
"would certainly be fun, some network environments must consist of both "
50
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
51
"class=\"registered\">Windows</trademark> systems working together in "
52
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
53
"principles and tools used in configuring your Ubuntu Server for sharing "
54
"network resources with Windows computers."
56
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
60
#: serverguide/C/windows-networking.xml:27(para)
62
"Successfully networking your Ubuntu system with Windows clients involves "
63
"providing and integrating with services common to Windows environments. Such "
64
"services assist the sharing of data and information about the computers and "
65
"users involved in the network, and may be classified under three major "
66
"categories of functionality:"
68
"Successfully networking your Ubuntu system with Windows clients involves "
69
"providing and integrating with services common to Windows environments. Such "
70
"services assist the sharing of data and information about the computers and "
71
"users involved in the network, and may be classified under three major "
72
"categories of functionality:"
74
#: serverguide/C/windows-networking.xml:35(para)
76
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
77
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
78
"folders, volumes, and the sharing of printers throughout the network."
80
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
81
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
82
"folders, volumes, and the sharing of printers throughout the network."
84
#: serverguide/C/windows-networking.xml:41(para)
86
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
87
"information about the computers and users of the network with such "
88
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
89
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
91
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
92
"information about the computers and users of the network with such "
93
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
94
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
96
#: serverguide/C/windows-networking.xml:48(para)
98
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
99
"the identity of a computer or user of the network and determining the "
100
"information the computer or user is authorized to access using such "
101
"principles and technologies as file permissions, group policies, and the "
102
"Kerberos authentication service."
104
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
105
"the identity of a computer or user of the network and determining the "
106
"information the computer or user is authorised to access using such "
107
"principles and technologies as file permissions, group policies, and the "
108
"Kerberos authentication service."
110
#: serverguide/C/windows-networking.xml:56(para)
112
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
113
"clients and share network resources among them. One of the principal pieces "
114
"of software your Ubuntu system includes for Windows networking is the Samba "
115
"suite of SMB server applications and tools."
117
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
118
"clients and share network resources among them. One of the principal pieces "
119
"of software your Ubuntu system includes for Windows networking is the Samba "
120
"suite of SMB server applications and tools."
122
#: serverguide/C/windows-networking.xml:62(para)
124
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
125
"of the common Samba use cases, and how to install and configure the "
126
"necessary packages. Additional detailed documentation and information on "
127
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
130
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
131
"of the common Samba use cases, and how to install and configure the "
132
"necessary packages. Additional detailed documentation and information on "
133
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
136
#: serverguide/C/windows-networking.xml:70(title)
137
msgid "Samba File Server"
138
msgstr "Samba File Server"
140
#: serverguide/C/windows-networking.xml:72(para)
142
"One of the most common ways to network Ubuntu and Windows computers is to "
143
"configure Samba as a File Server. This section covers setting up a "
144
"<application>Samba</application> server to share files with Windows clients."
146
"One of the most common ways to network Ubuntu and Windows computers is to "
147
"configure Samba as a File Server. This section covers setting up a "
148
"<application>Samba</application> server to share files with Windows clients."
150
#: serverguide/C/windows-networking.xml:77(para)
152
"The server will be configured to share files with any client on the network "
153
"without prompting for a password. If your environment requires stricter "
154
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
156
"The server will be configured to share files with any client on the network "
157
"without prompting for a password. If your environment requires stricter "
158
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
160
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
162
msgstr "Installation"
164
#: serverguide/C/windows-networking.xml:85(para)
166
"The first step is to install the <application>samba</application> package. "
167
"From a terminal prompt enter:"
169
"The first step is to install the <application>samba</application> package. "
170
"From a terminal prompt enter:"
172
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
173
msgid "sudo apt-get install samba"
174
msgstr "sudo apt-get install samba"
176
#: serverguide/C/windows-networking.xml:93(para)
178
"That's all there is to it; you are now ready to configure Samba to share "
181
"That's all there is to it; you are now ready to configure Samba to share "
184
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
185
msgid "Configuration"
186
msgstr "Configuration"
188
#: serverguide/C/windows-networking.xml:101(para)
190
"The main Samba configuration file is located in "
191
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
192
"a significant amount of comments in order to document various configuration "
195
"The main Samba configuration file is located in "
196
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
197
"a significant amount of comments in order to document various configuration "
200
#: serverguide/C/windows-networking.xml:106(para)
202
"Not all the available options are included in the default configuration "
203
"file. See the <filename>smb.conf</filename><application>man</application> "
204
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
205
"Collection/\">Samba HOWTO Collection</ulink> for more details."
207
"Not all the available options are included in the default configuration "
208
"file. See the <filename>smb.conf</filename><application>man</application> "
209
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
210
"Collection/\">Samba HOWTO Collection</ulink> for more details."
212
#: serverguide/C/windows-networking.xml:116(para)
214
"First, edit the following key/value pairs in the "
215
"<emphasis>[global]</emphasis> section of "
216
"<filename>/etc/samba/smb.conf</filename>:"
218
"First, edit the following key/value pairs in the "
219
"<emphasis>[global]</emphasis> section of "
220
"<filename>/etc/samba/smb.conf</filename>:"
222
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
226
" workgroup = EXAMPLE\n"
231
" workgroup = EXAMPLE\n"
235
#: serverguide/C/windows-networking.xml:127(para)
237
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
238
"section, and is commented by default. Also, change "
239
"<emphasis>EXAMPLE</emphasis> to better match your environment."
241
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
242
"section, and is commented by default. Also, change "
243
"<emphasis>EXAMPLE</emphasis> to better match your environment."
245
#: serverguide/C/windows-networking.xml:135(para)
247
"Create a new section at the bottom of the file, or uncomment one of the "
248
"examples, for the directory to be shared:"
250
"Create a new section at the bottom of the file, or uncomment one of the "
251
"examples, for the directory to be shared:"
253
#: serverguide/C/windows-networking.xml:139(programlisting)
258
" comment = Ubuntu File Server Share\n"
259
" path = /srv/samba/share\n"
263
" create mask = 0755\n"
267
" comment = Ubuntu File Server Share\n"
268
" path = /srv/samba/share\n"
272
" create mask = 0755\n"
274
#: serverguide/C/windows-networking.xml:151(para)
276
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
279
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
282
#: serverguide/C/windows-networking.xml:156(para)
283
msgid "<emphasis>path:</emphasis> the path to the directory to share."
284
msgstr "<emphasis>path:</emphasis> the path to the directory to share."
286
#: serverguide/C/windows-networking.xml:159(para)
288
"This example uses <filename>/srv/samba/sharename</filename> because, "
289
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
290
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
291
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
292
"specific data should be served. Technically Samba shares can be placed "
293
"anywhere on the filesystem as long as the permissions are correct, but "
294
"adhering to standards is recommended."
296
"This example uses <filename>/srv/samba/sharename</filename> because, "
297
"according to the <emphasis>File system Hierarchy Standard (FHS)</emphasis>, "
298
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
299
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
300
"specific data should be served. Technically Samba shares can be placed "
301
"anywhere on the file system as long as the permissions are correct, but "
302
"adhering to standards is recommended."
304
#: serverguide/C/windows-networking.xml:168(para)
306
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
307
"directory using <application>Windows Explorer</application>."
309
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
310
"directory using <application>Windows Explorer</application>."
312
#: serverguide/C/windows-networking.xml:174(para)
314
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
315
"without supplying a password."
317
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
318
"without supplying a password."
320
#: serverguide/C/windows-networking.xml:179(para)
322
"<emphasis>read only:</emphasis> determines if the share is read only or if "
323
"write privileges are granted. Write privileges are allowed only when the "
324
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
325
"is <emphasis>yes</emphasis>, then access to the share is read only."
327
"<emphasis>read only:</emphasis> determines if the share is read only or if "
328
"write privileges are granted. Write privileges are allowed only when the "
329
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
330
"is <emphasis>yes</emphasis>, then access to the share is read only."
332
#: serverguide/C/windows-networking.xml:184(para)
334
"<emphasis>create mask:</emphasis> determines the permissions new files will "
337
"<emphasis>create mask:</emphasis> determines the permissions new files will "
340
#: serverguide/C/windows-networking.xml:193(para)
342
"Now that <application>Samba</application> is configured, the directory needs "
343
"to be created and the permissions changed. From a terminal enter:"
345
"Now that <application>Samba</application> is configured, the directory needs "
346
"to be created and the permissions changed. From a terminal enter:"
348
#: serverguide/C/windows-networking.xml:199(command)
349
msgid "sudo mkdir -p /srv/samba/share"
350
msgstr "sudo mkdir -p /srv/samba/share"
352
#: serverguide/C/windows-networking.xml:200(command)
353
msgid "sudo chown nobody.nogroup /srv/samba/share/"
354
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
356
#: serverguide/C/windows-networking.xml:204(para)
358
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
359
"directory tree if it doesn't exist. Change the share name to fit your "
362
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
363
"directory tree if it doesn't exist. Change the share name to fit your "
366
#: serverguide/C/windows-networking.xml:213(para)
368
"Finally, restart the <application>samba</application> services to enable the "
371
"Finally, restart the <application>samba</application> services to enable the "
374
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
375
msgid "sudo restart smbd"
376
msgstr "sudo restart smbd"
378
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
379
msgid "sudo restart nmbd"
380
msgstr "sudo restart nmbd"
382
#: serverguide/C/windows-networking.xml:226(para)
384
"Once again, the above configuration gives all access to any client on the "
385
"local network. For a more secure configuration see <xref linkend=\"samba-"
386
"fileprint-security\"/>."
388
"Once again, the above configuration gives all access to any client on the "
389
"local network. For a more secure configuration see <xref linkend=\"samba-"
390
"fileprint-security\"/>."
392
#: serverguide/C/windows-networking.xml:232(para)
394
"From a Windows client you should now be able to browse to the Ubuntu file "
395
"server and see the shared directory. To check that everything is working try "
396
"creating a directory from Windows."
398
"From a Windows client you should now be able to browse to the Ubuntu file "
399
"server and see the shared directory. To check that everything is working try "
400
"creating a directory from Windows."
402
#: serverguide/C/windows-networking.xml:237(para)
404
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
405
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
406
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
407
"share actually exists and the permissions are correct."
409
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
410
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
411
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
412
"share actually exists and the permissions are correct."
414
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
418
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
420
"For in depth Samba configurations see the <ulink "
421
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
424
"For in depth Samba configurations see the <ulink "
425
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
428
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
430
"The guide is also available in <ulink "
431
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
434
"The guide is also available in <ulink "
435
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
438
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
441
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
442
"another good reference."
445
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
446
"another good reference."
448
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
450
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
453
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
456
#: serverguide/C/windows-networking.xml:275(title)
457
msgid "Samba Print Server"
458
msgstr "Samba Print Server"
460
#: serverguide/C/windows-networking.xml:277(para)
462
"Another common use of Samba is to configure it to share printers installed, "
463
"either locally or over the network, on an Ubuntu server. Similar to <xref "
464
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
465
"any client on the local network to use the installed printers without "
466
"prompting for a username and password."
468
"Another common use of Samba is to configure it to share printers installed, "
469
"either locally or over the network, on an Ubuntu server. Similar to <xref "
470
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
471
"any client on the local network to use the installed printers without "
472
"prompting for a user name and password."
474
#: serverguide/C/windows-networking.xml:283(para)
476
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
479
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
482
#: serverguide/C/windows-networking.xml:290(para)
484
"Before installing and configuring Samba it is best to already have a working "
485
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
488
"Before installing and configuring Samba it is best to already have a working "
489
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
492
#: serverguide/C/windows-networking.xml:295(para)
494
"To install the <application>samba</application> package, from a terminal "
497
"To install the <application>samba</application> package, from a terminal "
500
#: serverguide/C/windows-networking.xml:306(para)
502
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
503
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
504
"network, and change <emphasis>security</emphasis> to <emphasis "
505
"role=\"italic\">share</emphasis>:"
507
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
508
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
509
"network, and change <emphasis>security</emphasis> to <emphasis "
510
"role=\"italic\">share</emphasis>:"
512
#: serverguide/C/windows-networking.xml:318(para)
514
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
515
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
517
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
518
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
520
#: serverguide/C/windows-networking.xml:322(programlisting)
531
#: serverguide/C/windows-networking.xml:327(para)
532
msgid "After editing <filename>smb.conf</filename> restart Samba:"
533
msgstr "After editing <filename>smb.conf</filename> restart Samba:"
535
#: serverguide/C/windows-networking.xml:336(para)
537
"The default Samba configuration will automatically share any printers "
538
"installed. Simply install the printer locally on your Windows clients."
540
"The default Samba configuration will automatically share any printers "
541
"installed. Simply install the printer locally on your Windows clients."
543
#: serverguide/C/windows-networking.xml:365(para)
545
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
546
"more information on configuring CUPS."
548
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
549
"more information on configuring CUPS."
551
#: serverguide/C/windows-networking.xml:379(title)
552
msgid "Securing a Samba File and Print Server"
553
msgstr "Securing a Samba File and Print Server"
555
#: serverguide/C/windows-networking.xml:382(title)
556
msgid "Samba Security Modes"
557
msgstr "Samba Security Modes"
559
#: serverguide/C/windows-networking.xml:384(para)
561
"There are two security levels available to the Common Internet Filesystem "
562
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
563
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
564
"allows more flexibility, providing four ways of implementing user-level "
565
"security and one way to implement share-level:"
567
"There are two security levels available to the Common Internet Filesystem "
568
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
569
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
570
"allows more flexibility, providing four ways of implementing user-level "
571
"security and one way to implement share-level:"
573
#: serverguide/C/windows-networking.xml:393(para)
575
"<emphasis>security = user:</emphasis> requires clients to supply a username "
576
"and password to connect to shares. Samba user accounts are separate from "
577
"system accounts, but the <application>libpam-smbpass</application> package "
578
"will sync system users and passwords with the Samba user database."
580
"<emphasis>security = user:</emphasis> requires clients to supply a user name "
581
"and password to connect to shares. Samba user accounts are separate from "
582
"system accounts, but the <application>libpam-smbpass</application> package "
583
"will sync system users and passwords with the Samba user database."
585
#: serverguide/C/windows-networking.xml:400(para)
587
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
588
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
589
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
590
"linkend=\"samba-dc\"/> for further information."
592
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
593
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
594
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
595
"linkend=\"samba-dc\"/> for further information."
597
#: serverguide/C/windows-networking.xml:407(para)
599
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
600
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
601
"integration\"/> for details."
603
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
604
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
605
"integration\"/> for details."
607
#: serverguide/C/windows-networking.xml:413(para)
609
"<emphasis>security = server:</emphasis> this mode is left over from before "
610
"Samba could become a member server, and due to some security issues should "
611
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
612
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
613
"of the Samba guide for more details."
615
"<emphasis>security = server:</emphasis> this mode is left over from before "
616
"Samba could become a member server, and due to some security issues should "
617
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
618
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
619
"of the Samba guide for more details."
621
#: serverguide/C/windows-networking.xml:421(para)
623
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
624
"without supplying a username and password."
626
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
627
"without supplying a user name and password."
629
#: serverguide/C/windows-networking.xml:428(para)
631
"The security mode you choose will depend on your environment and what you "
632
"need the Samba server to accomplish."
634
"The security mode you choose will depend on your environment and what you "
635
"need the Samba server to accomplish."
637
#: serverguide/C/windows-networking.xml:434(title)
638
msgid "Security = User"
639
msgstr "Security = User"
641
#: serverguide/C/windows-networking.xml:436(para)
643
"This section will reconfigure the Samba file and print server, from <xref "
644
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
645
"require authentication."
647
"This section will reconfigure the Samba file and print server, from <xref "
648
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
649
"require authentication."
651
#: serverguide/C/windows-networking.xml:441(para)
653
"First, install the <application>libpam-smbpass</application> package which "
654
"will sync the system users to the Samba user database:"
656
"First, install the <application>libpam-smbpass</application> package which "
657
"will sync the system users to the Samba user database:"
659
#: serverguide/C/windows-networking.xml:447(command)
660
msgid "sudo apt-get install libpam-smbpass"
661
msgstr "sudo apt-get install libpam-smbpass"
663
#: serverguide/C/windows-networking.xml:451(para)
665
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
666
"<application>libpam-smbpass</application> is already installed."
668
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
669
"<application>libpam-smbpass</application> is already installed."
671
#: serverguide/C/windows-networking.xml:457(para)
673
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
674
"<emphasis>[share]</emphasis> section change:"
676
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
677
"<emphasis>[share]</emphasis> section change:"
679
#: serverguide/C/windows-networking.xml:461(programlisting)
688
#: serverguide/C/windows-networking.xml:465(para)
689
msgid "Finally, restart Samba for the new settings to take effect:"
690
msgstr "Finally, restart Samba for the new settings to take effect:"
692
#: serverguide/C/windows-networking.xml:474(para)
694
"Now when connecting to the shared directories or printers you should be "
695
"prompted for a username and password."
697
"Now when connecting to the shared directories or printers you should be "
698
"prompted for a user name and password."
700
#: serverguide/C/windows-networking.xml:479(para)
702
"If you choose to map a network drive to the share you can check the "
703
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
704
"enter the username and password once, at least until the password changes."
706
"If you choose to map a network drive to the share you can tick the "
707
"<quote>Reconnect at Logon</quote> tick box, which will require you to only "
708
"enter the user name and password once, at least until the password changes."
710
#: serverguide/C/windows-networking.xml:487(title)
711
msgid "Share Security"
712
msgstr "Share Security"
714
#: serverguide/C/windows-networking.xml:489(para)
716
"There are several options available to increase the security for each "
717
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
718
"this section will cover some common options."
720
"There are several options available to increase the security for each "
721
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
722
"this section will cover some common options."
724
#: serverguide/C/windows-networking.xml:495(title)
728
#: serverguide/C/windows-networking.xml:497(para)
730
"Groups define a collection of computers or users which have a common level "
731
"of access to particular network resources and offer a level of granularity "
732
"in controlling access to such resources. For example, if a group <emphasis "
733
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
734
"role=\"italic\">freda</emphasis>, <emphasis "
735
"role=\"italic\">danika</emphasis>, and <emphasis "
736
"role=\"italic\">rob</emphasis> and a second group <emphasis "
737
"role=\"italic\">support</emphasis> is defined and consists of users "
738
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
739
"role=\"italic\">jeremy</emphasis>, and <emphasis "
740
"role=\"italic\">vincent</emphasis> then certain network resources configured "
741
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
742
"subsequently enable access by freda, danika, and rob, but not jeremy or "
743
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
744
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
745
"role=\"italic\">support</emphasis> groups, she will be able to access "
746
"resources configured for access by both groups, whereas all other users will "
747
"have only access to resources explicitly allowing the group they are part of."
749
"Groups define a collection of computers or users which have a common level "
750
"of access to particular network resources and offer a level of granularity "
751
"in controlling access to such resources. For example, if a group <emphasis "
752
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
753
"role=\"italic\">freda</emphasis>, <emphasis "
754
"role=\"italic\">danika</emphasis>, and <emphasis "
755
"role=\"italic\">rob</emphasis> and a second group <emphasis "
756
"role=\"italic\">support</emphasis> is defined and consists of users "
757
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
758
"role=\"italic\">jeremy</emphasis>, and <emphasis "
759
"role=\"italic\">vincent</emphasis> then certain network resources configured "
760
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
761
"subsequently enable access by freda, danika, and rob, but not jeremy or "
762
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
763
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
764
"role=\"italic\">support</emphasis> groups, she will be able to access "
765
"resources configured for access by both groups, whereas all other users will "
766
"have only access to resources explicitly allowing the group they are part of."
768
#: serverguide/C/windows-networking.xml:511(para)
770
"By default Samba looks for the local system groups defined in "
771
"<filename>/etc/group</filename> to determine which users belong to which "
772
"groups. For more information on adding and removing users from groups see "
773
"<xref linkend=\"adding-deleting-users\"/>."
775
"By default Samba looks for the local system groups defined in "
776
"<filename>/etc/group</filename> to determine which users belong to which "
777
"groups. For more information on adding and removing users from groups see "
778
"<xref linkend=\"adding-deleting-users\"/>."
780
#: serverguide/C/windows-networking.xml:517(para)
782
"When defining groups in the Samba configuration file, "
783
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
784
"preface the group name with an \"@\" symbol. For example, if you wished to "
785
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
786
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
787
"do so by entering the group name as <emphasis "
788
"role=\"bold\">@sysadmin</emphasis>."
790
"When defining groups in the Samba configuration file, "
791
"<filename>/etc/samba/smb.conf</filename>, the recognised syntax is to "
792
"preface the group name with an \"@\" symbol. For example, if you wished to "
793
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
794
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
795
"do so by entering the group name as <emphasis "
796
"role=\"bold\">@sysadmin</emphasis>."
798
#: serverguide/C/windows-networking.xml:526(title)
799
msgid "File Permissions"
800
msgstr "File Permissions"
802
#: serverguide/C/windows-networking.xml:528(para)
804
"File Permissions define the explicit rights a computer or user has to a "
805
"particular directory, file, or set of files. Such permissions may be defined "
806
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
807
"the explicit permissions of a defined file share."
809
"File Permissions define the explicit rights a computer or user has to a "
810
"particular directory, file, or set of files. Such permissions may be defined "
811
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
812
"the explicit permissions of a defined file share."
814
#: serverguide/C/windows-networking.xml:534(para)
816
"For example, if you have defined a Samba share called "
817
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
818
"only</emphasis> permissions to the group of users known as <emphasis "
819
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
820
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
821
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
822
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
823
"under the <emphasis>[share]</emphasis> entry:"
825
"For example, if you have defined a Samba share called "
826
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
827
"only</emphasis> permissions to the group of users known as <emphasis "
828
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
829
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
830
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
831
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
832
"under the <emphasis>[share]</emphasis> entry:"
834
#: serverguide/C/windows-networking.xml:543(programlisting)
839
" write list = @sysadmin, vincent\n"
843
" write list = @sysadmin, vincent\n"
845
#: serverguide/C/windows-networking.xml:548(para)
847
"Another possible Samba permission is to declare "
848
"<emphasis>administrative</emphasis> permissions to a particular shared "
849
"resource. Users having administrative permissions may read, write, or modify "
850
"any information contained in the resource the user has been given explicit "
851
"administrative permissions to."
853
"Another possible Samba permission is to declare "
854
"<emphasis>administrative</emphasis> permissions to a particular shared "
855
"resource. Users having administrative permissions may read, write, or modify "
856
"any information contained in the resource the user has been given explicit "
857
"administrative permissions to."
859
#: serverguide/C/windows-networking.xml:554(para)
861
"For example, if you wanted to give the user <emphasis "
862
"role=\"italic\">melissa</emphasis> administrative permissions to the "
863
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
864
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
865
"under the <emphasis>[share]</emphasis> entry:"
867
"For example, if you wanted to give the user <emphasis "
868
"role=\"italic\">melissa</emphasis> administrative permissions to the "
869
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
870
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
871
"under the <emphasis>[share]</emphasis> entry:"
873
#: serverguide/C/windows-networking.xml:561(programlisting)
877
" admin users = melissa\n"
880
" admin users = melissa\n"
882
#: serverguide/C/windows-networking.xml:565(para)
884
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
885
"the changes to take effect:"
887
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
888
"the changes to take effect:"
890
#: serverguide/C/windows-networking.xml:575(para)
892
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
893
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
894
"<emphasis role=\"italic\">security = share</emphasis>"
896
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
897
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
898
"<emphasis role=\"italic\">security = share</emphasis>"
900
#: serverguide/C/windows-networking.xml:581(para)
902
"Now that Samba has been configured to limit which groups have access to the "
903
"shared directory, the filesystem permissions need to be updated."
905
"Now that Samba has been configured to limit which groups have access to the "
906
"shared directory, the filesystem permissions need to be updated."
908
#: serverguide/C/windows-networking.xml:586(para)
910
"Traditional Linux file permissions do not map well to Windows NT Access "
911
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
912
"providing more fine grained control. For example, to enable ACLs on "
913
"<filename>/srv</filename> an EXT3 filesystem, edit "
914
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
916
"Traditional Linux file permissions do not map well to Windows NT Access "
917
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
918
"providing more fine grained control. For example, to enable ACLs on "
919
"<filename>/srv</filename> an EXT3 filesystem, edit "
920
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
922
#: serverguide/C/windows-networking.xml:593(programlisting)
926
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
930
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
933
#: serverguide/C/windows-networking.xml:597(para)
934
msgid "Then remount the partition:"
935
msgstr "Then remount the partition:"
937
#: serverguide/C/windows-networking.xml:602(command)
938
msgid "sudo mount -v -o remount /srv"
939
msgstr "sudo mount -v -o remount /srv"
941
#: serverguide/C/windows-networking.xml:606(para)
943
"The above example assumes <filename>/srv</filename> on a separate partition. "
944
"If <filename>/srv</filename>, or wherever you have configured your share "
945
"path, is part of the <filename>/</filename> partition a reboot may be "
948
"The above example assumes <filename>/srv</filename> on a separate partition. "
949
"If <filename>/srv</filename>, or wherever you have configured your share "
950
"path, is part of the <filename>/</filename> partition a reboot may be "
953
#: serverguide/C/windows-networking.xml:613(para)
955
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
956
"group will be given read, write, and execute permissions to "
957
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
958
"will be given read and execute permissions, and the files will be owned by "
959
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
961
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
962
"group will be given read, write, and execute permissions to "
963
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
964
"will be given read and execute permissions, and the files will be owned by "
965
"the user name <emphasis>melissa</emphasis>. Enter the following in a "
968
#: serverguide/C/windows-networking.xml:621(command)
969
msgid "sudo chown -R melissa /srv/samba/share/"
970
msgstr "sudo chown -R melissa /srv/samba/share/"
972
#: serverguide/C/windows-networking.xml:622(command)
973
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
974
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
976
#: serverguide/C/windows-networking.xml:623(command)
977
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
978
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
980
#: serverguide/C/windows-networking.xml:627(para)
982
"The <application>setfacl</application> command above gives "
983
"<emphasis>execute</emphasis> permissions to all files in the "
984
"<filename>/srv/samba/share</filename> directory, which you may or may not "
987
"The <application>setfacl</application> command above gives "
988
"<emphasis>execute</emphasis> permissions to all files in the "
989
"<filename>/srv/samba/share</filename> directory, which you may or may not "
992
#: serverguide/C/windows-networking.xml:633(para)
994
"Now from a Windows client you should notice the new file permissions are "
995
"implemented. See the <application>acl</application> and "
996
"<application>setfacl</application> man pages for more information on POSIX "
999
"Now from a Windows client you should notice the new file permissions are "
1000
"implemented. See the <application>acl</application> and "
1001
"<application>setfacl</application> man pages for more information on POSIX "
1004
#: serverguide/C/windows-networking.xml:641(title)
1005
msgid "Samba AppArmor Profile"
1006
msgstr "Samba AppArmor Profile"
1008
#: serverguide/C/windows-networking.xml:643(para)
1010
"Ubuntu comes with the <application>AppArmor</application> security module, "
1011
"which provides mandatory access controls. The default AppArmor profile for "
1012
"Samba will need to be adapted to your configuration. For more details on "
1013
"using AppArmor see <xref linkend=\"apparmor\"/>."
1015
"Ubuntu comes with the <application>AppArmor</application> security module, "
1016
"which provides mandatory access controls. The default AppArmor profile for "
1017
"Samba will need to be adapted to your configuration. For more details on "
1018
"using AppArmor see <xref linkend=\"apparmor\"/>."
1020
#: serverguide/C/windows-networking.xml:649(para)
1022
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1023
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1024
"of the <application>apparmor-profiles</application> packages. To install the "
1025
"package, from a terminal prompt enter:"
1027
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1028
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1029
"of the <application>apparmor-profiles</application> packages. To install the "
1030
"package, from a terminal prompt enter:"
1032
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
1033
msgid "sudo apt-get install apparmor-profiles"
1034
msgstr "sudo apt-get install apparmor-profiles"
1036
#: serverguide/C/windows-networking.xml:660(para)
1037
msgid "This package contains profiles for several other binaries."
1038
msgstr "This package contains profiles for several other binaries."
1040
#: serverguide/C/windows-networking.xml:665(para)
1042
"By default the profiles for <application>smbd</application> and "
1043
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1044
"allowing Samba to work without modifying the profile, and only logging "
1045
"errors. To place the <application>smbd</application> profile into "
1046
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1047
"profile will need to be modified to reflect any directories that are shared."
1049
"By default the profiles for <application>smbd</application> and "
1050
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1051
"allowing Samba to work without modifying the profile, and only logging "
1052
"errors. To place the <application>smbd</application> profile into "
1053
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1054
"profile will need to be modified to reflect any directories that are shared."
1056
#: serverguide/C/windows-networking.xml:672(para)
1058
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1059
"for <emphasis>[share]</emphasis> from the file server example:"
1061
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1062
"for <emphasis>[share]</emphasis> from the file server example:"
1064
#: serverguide/C/windows-networking.xml:677(programlisting)
1068
" /srv/samba/share/ r,\n"
1069
" /srv/samba/share/** rwkix,\n"
1072
" /srv/samba/share/ r,\n"
1073
" /srv/samba/share/** rwkix,\n"
1075
#: serverguide/C/windows-networking.xml:682(para)
1077
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1079
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1081
#: serverguide/C/windows-networking.xml:687(command)
1082
msgid "sudo aa-enforce /usr/sbin/smbd"
1083
msgstr "sudo aa-enforce /usr/sbin/smbd"
1085
#: serverguide/C/windows-networking.xml:688(command)
1086
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1087
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1089
#: serverguide/C/windows-networking.xml:691(para)
1091
"You should now be able to read, write, and execute files in the shared "
1092
"directory as normal, and the <application>smbd</application> binary will "
1093
"have access to only the configured files and directories. Be sure to add "
1094
"entries for each directory you configure Samba to share. Also, any errors "
1095
"will be logged to <filename>/var/log/syslog</filename>."
1097
"You should now be able to read, write, and execute files in the shared "
1098
"directory as normal, and the <application>smbd</application> binary will "
1099
"have access to only the configured files and directories. Be sure to add "
1100
"entries for each directory you configure Samba to share. Also, any errors "
1101
"will be logged to <filename>/var/log/syslog</filename>."
1103
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
1105
"O'Reilly's <ulink "
1106
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1107
"also a good reference."
1109
"O'Reilly's <ulink "
1110
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1111
"also a good reference."
1113
#: serverguide/C/windows-networking.xml:722(para)
1115
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1116
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1119
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1120
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1123
#: serverguide/C/windows-networking.xml:728(para)
1125
"For more information on Samba and ACLs see the <ulink "
1126
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1127
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1129
"For more information on Samba and ACLs see the <ulink "
1130
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1131
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1133
#: serverguide/C/windows-networking.xml:744(title)
1134
msgid "Samba as a Domain Controller"
1135
msgstr "Samba as a Domain Controller"
1137
#: serverguide/C/windows-networking.xml:746(para)
1139
"Although it cannot act as an Active Directory Primary Domain Controller "
1140
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1141
"domain controller. A major advantage of this configuration is the ability to "
1142
"centralize user and machine credentials. Samba can also use multiple "
1143
"backends to store the user information."
1145
"Although it cannot act as an Active Directory Primary Domain Controller "
1146
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1147
"domain controller. A major advantage of this configuration is the ability to "
1148
"centralise user and machine credentials. Samba can also use multiple "
1149
"backends to store the user information."
1151
#: serverguide/C/windows-networking.xml:753(title)
1152
msgid "Primary Domain Controller"
1153
msgstr "Primary Domain Controller"
1155
#: serverguide/C/windows-networking.xml:755(para)
1157
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1158
"using the default smbpasswd backend."
1160
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1161
"using the default smbpasswd backend."
1163
#: serverguide/C/windows-networking.xml:762(para)
1165
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1166
"the user accounts, by entering the following in a terminal prompt:"
1168
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1169
"the user accounts, by entering the following in a terminal prompt:"
1171
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1172
msgid "sudo apt-get install samba libpam-smbpass"
1173
msgstr "sudo apt-get install samba libpam-smbpass"
1175
#: serverguide/C/windows-networking.xml:774(para)
1177
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1178
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1179
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1180
"should relate to your organization:"
1182
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1183
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1184
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1185
"should relate to your organisation:"
1187
#: serverguide/C/windows-networking.xml:789(para)
1189
"In the commented <quote>Domains</quote> section add or uncomment the "
1192
"In the commented <quote>Domains</quote> section add or uncomment the "
1195
#: serverguide/C/windows-networking.xml:793(programlisting)
1199
" domain logons = yes\n"
1200
" logon path = \\\\%N\\%U\\profile\n"
1201
" logon drive = H:\n"
1202
" logon home = \\\\%N\\%U\n"
1203
" logon script = logon.cmd\n"
1204
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1205
"/var/lib/samba -s /bin/false %u\n"
1208
" domain logons = yes\n"
1209
" logon path = \\\\%N\\%U\\profile\n"
1210
" logon drive = H:\n"
1211
" logon home = \\\\%N\\%U\n"
1212
" logon script = logon.cmd\n"
1213
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1214
"/var/lib/samba -s /bin/false %u\n"
1216
#: serverguide/C/windows-networking.xml:804(para)
1218
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1219
"Samba to act as a domain controller."
1221
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1222
"Samba to act as a domain controller."
1224
#: serverguide/C/windows-networking.xml:809(para)
1226
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1227
"their home directory. It is also possible to configure a "
1228
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1231
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1232
"their home directory. It is also possible to configure a "
1233
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1236
#: serverguide/C/windows-networking.xml:815(para)
1238
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1240
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1242
#: serverguide/C/windows-networking.xml:820(para)
1244
"<emphasis>logon home:</emphasis> specifies the home directory location."
1246
"<emphasis>logon home:</emphasis> specifies the home directory location."
1248
#: serverguide/C/windows-networking.xml:825(para)
1250
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1251
"once a user has logged in. The script needs to be placed in the "
1252
"<emphasis>[netlogon]</emphasis> share."
1254
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1255
"once a user has logged in. The script needs to be placed in the "
1256
"<emphasis>[netlogon]</emphasis> share."
1258
#: serverguide/C/windows-networking.xml:831(para)
1260
"<emphasis>add machine script:</emphasis> a script that will automatically "
1261
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1262
"workstation to join the domain."
1264
"<emphasis>add machine script:</emphasis> a script that will automatically "
1265
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1266
"workstation to join the domain."
1268
#: serverguide/C/windows-networking.xml:835(para)
1270
"In this example the <emphasis>machines</emphasis> group will need to be "
1271
"created using the <application>addgroup</application> utility see <xref "
1272
"linkend=\"adding-deleting-users\"/> for details."
1274
"In this example the <emphasis>machines</emphasis> group will need to be "
1275
"created using the <application>addgroup</application> utility see <xref "
1276
"linkend=\"adding-deleting-users\"/> for details."
1278
#: serverguide/C/windows-networking.xml:839(para)
1280
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1281
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1282
"(and other admin functions) to work. This is achieved by executing:"
1284
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1285
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1286
"(and other admin functions) to work. This is achieved by executing:"
1288
#: serverguide/C/windows-networking.xml:844(command)
1290
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1291
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1292
"SeRemoteShutdownPrivilege"
1294
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1295
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1296
"SeRemoteShutdownPrivilege"
1298
#: serverguide/C/windows-networking.xml:851(para)
1300
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1301
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1304
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1305
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1308
#: serverguide/C/windows-networking.xml:860(para)
1310
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1311
"role=\"italic\">logon home</emphasis> to be mapped:"
1313
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1314
"role=\"italic\">logon home</emphasis> to be mapped:"
1316
#: serverguide/C/windows-networking.xml:865(programlisting)
1321
" comment = Home Directories\n"
1322
" browseable = no\n"
1324
" create mask = 0700\n"
1325
" directory mask = 0700\n"
1326
" valid users = %S\n"
1330
" comment = Home Directories\n"
1331
" browseable = no\n"
1333
" create mask = 0700\n"
1334
" directory mask = 0700\n"
1335
" valid users = %S\n"
1337
#: serverguide/C/windows-networking.xml:878(para)
1339
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1340
"share needs to be configured. To enable the share, uncomment:"
1342
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1343
"share needs to be configured. To enable the share, uncomment:"
1345
#: serverguide/C/windows-networking.xml:883(programlisting)
1350
" comment = Network Logon Service\n"
1351
" path = /srv/samba/netlogon\n"
1353
" read only = yes\n"
1354
" share modes = no\n"
1358
" comment = Network Logon Service\n"
1359
" path = /srv/samba/netlogon\n"
1361
" read only = yes\n"
1362
" share modes = no\n"
1364
#: serverguide/C/windows-networking.xml:893(para)
1366
"The original <emphasis>netlogon</emphasis> share path is "
1367
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1368
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1369
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1370
"location for site-specific data provided by the system."
1372
"The original <emphasis>netlogon</emphasis> share path is "
1373
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1374
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1375
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1376
"location for site-specific data provided by the system."
1378
#: serverguide/C/windows-networking.xml:904(para)
1380
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1381
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1383
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1384
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1386
#: serverguide/C/windows-networking.xml:910(command)
1387
msgid "sudo mkdir -p /srv/samba/netlogon"
1388
msgstr "sudo mkdir -p /srv/samba/netlogon"
1390
#: serverguide/C/windows-networking.xml:911(command)
1391
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1392
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1394
#: serverguide/C/windows-networking.xml:914(para)
1396
"You can enter any normal Windows logon script commands in "
1397
"<filename>logon.cmd</filename> to customize the client's environment."
1399
"You can enter any normal Windows logon script commands in "
1400
"<filename>logon.cmd</filename> to customise the client's environment."
1402
#: serverguide/C/windows-networking.xml:922(para)
1404
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1405
"workstation to the domain, a system group needs to be mapped to the Windows "
1406
"<emphasis>Domain Admins</emphasis> group. Using the "
1407
"<application>net</application> utility, from a terminal enter:"
1409
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1410
"workstation to the domain, a system group needs to be mapped to the Windows "
1411
"<emphasis>Domain Admins</emphasis> group. Using the "
1412
"<application>net</application> utility, from a terminal enter:"
1414
#: serverguide/C/windows-networking.xml:929(command)
1416
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1419
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1422
#: serverguide/C/windows-networking.xml:933(para)
1424
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1425
"prefer. Also, the user used to join the domain needs to be a member of the "
1426
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1427
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1428
"allows <application>sudo</application> use."
1430
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1431
"prefer. Also, the user used to join the domain needs to be a member of the "
1432
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1433
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1434
"allows <application>sudo</application> use."
1436
#: serverguide/C/windows-networking.xml:944(para)
1437
msgid "Finally, restart Samba to enable the new domain controller:"
1438
msgstr "Finally, restart Samba to enable the new domain controller:"
1440
#: serverguide/C/windows-networking.xml:956(para)
1442
"You should now be able to join Windows clients to the Domain in the same "
1443
"manner as joining them to an NT4 domain running on a Windows server."
1445
"You should now be able to join Windows clients to the Domain in the same "
1446
"manner as joining them to an NT4 domain running on a Windows server."
1448
#: serverguide/C/windows-networking.xml:966(title)
1449
msgid "Backup Domain Controller"
1450
msgstr "Backup Domain Controller"
1452
#: serverguide/C/windows-networking.xml:968(para)
1454
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1455
"Backup Domain Controller (BDC) as well. This will allow clients to "
1456
"authenticate in case the PDC becomes unavailable."
1458
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1459
"Backup Domain Controller (BDC) as well. This will allow clients to "
1460
"authenticate in case the PDC becomes unavailable."
1462
#: serverguide/C/windows-networking.xml:973(para)
1464
"When configuring Samba as a BDC you need a way to sync account information "
1465
"with the PDC. There are multiple ways of accomplishing this "
1466
"<application>scp</application>, <application>rsync</application>, or by "
1467
"using <application>LDAP</application> as the <emphasis>passdb "
1468
"backend</emphasis>."
1470
"When configuring Samba as a BDC you need a way to sync account information "
1471
"with the PDC. There are multiple ways of accomplishing this "
1472
"<application>scp</application>, <application>rsync</application>, or by "
1473
"using <application>LDAP</application> as the <emphasis>passdb "
1474
"backend</emphasis>."
1476
#: serverguide/C/windows-networking.xml:979(para)
1478
"Using LDAP is the most robust way to sync account information, because both "
1479
"domain controllers can use the same information in real time. However, "
1480
"setting up a LDAP server may be overly complicated for a small number of "
1481
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1483
"Using LDAP is the most robust way to sync account information, because both "
1484
"domain controllers can use the same information in real time. However, "
1485
"setting up a LDAP server may be overly complicated for a small number of "
1486
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1488
#: serverguide/C/windows-networking.xml:988(para)
1490
"First, install <application>samba</application> and <application>libpam-"
1491
"smbpass</application>. From a terminal enter:"
1493
"First, install <application>samba</application> and <application>libpam-"
1494
"smbpass</application>. From a terminal enter:"
1496
#: serverguide/C/windows-networking.xml:999(para)
1498
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1499
"following in the <emphasis>[global]</emphasis>:"
1501
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1502
"following in the <emphasis>[global]</emphasis>:"
1504
#: serverguide/C/windows-networking.xml:1012(para)
1505
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1506
msgstr "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1508
#: serverguide/C/windows-networking.xml:1016(programlisting)
1512
" domain logons = yes\n"
1513
" domain master = no\n"
1516
" domain logons = yes\n"
1517
" domain master = no\n"
1519
#: serverguide/C/windows-networking.xml:1024(para)
1521
"Make sure a user has rights to read the files in "
1522
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1523
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1526
"Make sure a user has rights to read the files in "
1527
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1528
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1531
#: serverguide/C/windows-networking.xml:1030(command)
1532
msgid "sudo chgrp -R admin /var/lib/samba"
1533
msgstr "sudo chgrp -R admin /var/lib/samba"
1535
#: serverguide/C/windows-networking.xml:1036(para)
1537
"Next, sync the user accounts, using <application>scp</application> to copy "
1538
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1540
"Next, sync the user accounts, using <application>scp</application> to copy "
1541
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1543
#: serverguide/C/windows-networking.xml:1042(command)
1544
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1545
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1547
#: serverguide/C/windows-networking.xml:1046(para)
1549
"Replace <emphasis>username</emphasis> with a valid username and "
1550
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1552
"Replace <emphasis>username</emphasis> with a valid username and "
1553
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1555
#: serverguide/C/windows-networking.xml:1055(para)
1556
msgid "Finally, restart <application>samba</application>:"
1557
msgstr "Finally, restart <application>samba</application>:"
1559
#: serverguide/C/windows-networking.xml:1067(para)
1561
"You can test that your Backup Domain controller is working by stopping the "
1562
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1565
"You can test that your Backup Domain controller is working by stopping the "
1566
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1569
#: serverguide/C/windows-networking.xml:1072(para)
1571
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1572
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1573
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1574
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1575
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1577
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1578
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1579
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1580
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1581
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1583
#: serverguide/C/windows-networking.xml:1102(para)
1585
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1586
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1587
"up a Primary Domain Controller."
1589
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1590
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1591
"up a Primary Domain Controller."
1593
#: serverguide/C/windows-networking.xml:1108(para)
1595
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1596
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1597
"explains setting up a Backup Domain Controller."
1599
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1600
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1601
"explains setting up a Backup Domain Controller."
1603
#: serverguide/C/windows-networking.xml:1123(title)
1604
msgid "Samba Active Directory Integration"
1605
msgstr "Samba Active Directory Integration"
1607
#: serverguide/C/windows-networking.xml:1126(title)
1608
msgid "Accessing a Samba Share"
1609
msgstr "Accessing a Samba Share"
1611
#: serverguide/C/windows-networking.xml:1128(para)
1613
"Another, use for Samba is to integrate into an existing Windows network. "
1614
"Once part of an Active Directory domain, Samba can provide file and print "
1615
"services to AD users."
1617
"Another, use for Samba is to integrate into an existing Windows network. "
1618
"Once part of an Active Directory domain, Samba can provide file and print "
1619
"services to AD users."
1621
#: serverguide/C/windows-networking.xml:1133(para)
1623
"The simplest way to join an AD domain is to use <application>Likewise-"
1624
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1627
"The simplest way to join an AD domain is to use <application>Likewise-"
1628
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1631
#: serverguide/C/windows-networking.xml:1138(para)
1633
"Once part of the domain, enter the following command in the terminal prompt:"
1635
"Once part of the domain, enter the following command in the terminal prompt:"
1637
#: serverguide/C/windows-networking.xml:1143(command)
1638
msgid "sudo apt-get install samba smbfs smbclient"
1639
msgstr "sudo apt-get install samba smbfs smbclient"
1641
#: serverguide/C/windows-networking.xml:1146(para)
1643
"Since the <application>likewise-open</application> and "
1644
"<application>samba</application> packages use separate "
1645
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1646
"<filename role=\"directory\">/var/lib/samba</filename>:"
1648
"Since the <application>likewise-open</application> and "
1649
"<application>samba</application> packages use separate "
1650
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1651
"<filename role=\"directory\">/var/lib/samba</filename>:"
1653
#: serverguide/C/windows-networking.xml:1152(command)
1654
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1655
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1657
#: serverguide/C/windows-networking.xml:1153(command)
1658
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1659
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1661
#: serverguide/C/windows-networking.xml:1156(para)
1662
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1663
msgstr "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1665
#: serverguide/C/windows-networking.xml:1160(programlisting)
1669
" workgroup = EXAMPLE\n"
1672
" realm = EXAMPLE.COM\n"
1674
" idmap backend = lwopen\n"
1675
" idmap uid = 50-9999999999\n"
1676
" idmap gid = 50-9999999999\n"
1679
" workgroup = EXAMPLE\n"
1682
" realm = EXAMPLE.COM\n"
1684
" idmap backend = lwopen\n"
1685
" idmap uid = 50-9999999999\n"
1686
" idmap gid = 50-9999999999\n"
1688
#: serverguide/C/windows-networking.xml:1171(para)
1690
"Restart <application>samba</application> for the new settings to take effect:"
1692
"Restart <application>samba</application> for the new settings to take effect:"
1694
#: serverguide/C/windows-networking.xml:1180(para)
1696
"You should now be able to access any <application>Samba</application> shares "
1697
"from a Windows client. However, be sure to give the appropriate AD users or "
1698
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1699
"security\"/> for more details."
1701
"You should now be able to access any <application>Samba</application> shares "
1702
"from a Windows client. However, be sure to give the appropriate AD users or "
1703
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1704
"security\"/> for more details."
1706
#: serverguide/C/windows-networking.xml:1188(title)
1707
msgid "Accessing a Windows Share"
1708
msgstr "Accessing a Windows Share"
1710
#: serverguide/C/windows-networking.xml:1190(para)
1712
"Now that the Samba server is part of the Active Directory domain you can "
1713
"access any Windows server shares:"
1715
"Now that the Samba server is part of the Active Directory domain you can "
1716
"access any Windows server shares:"
1718
#: serverguide/C/windows-networking.xml:1197(para)
1720
"To mount a Windows file share enter the following in a terminal prompt:"
1722
"To mount a Windows file share enter the following in a terminal prompt:"
1724
#: serverguide/C/windows-networking.xml:1201(command)
1725
msgid "mount.cifs //fs01.example.com/share mount_point"
1726
msgstr "mount.cifs //fs01.example.com/share mount_point"
1728
#: serverguide/C/windows-networking.xml:1204(para)
1730
"It is also possible to access shares on computers not part of an AD domain, "
1731
"but a username and password will need to be provided."
1733
"It is also possible to access shares on computers not part of an AD domain, "
1734
"but a username and password will need to be provided."
1736
#: serverguide/C/windows-networking.xml:1212(para)
1738
"To mount the share during boot place an entry in "
1739
"<filename>/etc/fstab</filename>, for example:"
1741
"To mount the share during boot place an entry in "
1742
"<filename>/etc/fstab</filename>, for example:"
1744
#: serverguide/C/windows-networking.xml:1216(programlisting)
1748
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1752
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1755
#: serverguide/C/windows-networking.xml:1223(para)
1757
"Another way to copy files from a Windows server is to use the "
1758
"<application>smbclient</application> utility. To list the files in a Windows "
1761
"Another way to copy files from a Windows server is to use the "
1762
"<application>smbclient</application> utility. To list the files in a Windows "
1765
#: serverguide/C/windows-networking.xml:1229(command)
1766
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1767
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1769
#: serverguide/C/windows-networking.xml:1235(para)
1770
msgid "To copy a file from the share, enter:"
1771
msgstr "To copy a file from the share, enter:"
1773
#: serverguide/C/windows-networking.xml:1240(command)
1774
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1775
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1777
#: serverguide/C/windows-networking.xml:1243(para)
1779
"This will copy the <filename>file.txt</filename> into the current directory."
1781
"This will copy the <filename>file.txt</filename> into the current directory."
1783
#: serverguide/C/windows-networking.xml:1250(para)
1784
msgid "And to copy a file to the share:"
1785
msgstr "And to copy a file to the share:"
1787
#: serverguide/C/windows-networking.xml:1255(command)
1788
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1789
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1791
#: serverguide/C/windows-networking.xml:1258(para)
1793
"This will copy the <filename>/etc/hosts</filename> to "
1794
"<filename>//fs01.example.com/share/hosts</filename>."
1796
"This will copy the <filename>/etc/hosts</filename> to "
1797
"<filename>//fs01.example.com/share/hosts</filename>."
1799
#: serverguide/C/windows-networking.xml:1265(para)
1801
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1802
"<application>smbclient</application> command all at once. This is useful for "
1803
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1804
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1805
"and directory commands, simply execute:"
1807
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1808
"<application>smbclient</application> command all at once. This is useful for "
1809
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1810
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1811
"and directory commands, simply execute:"
1813
#: serverguide/C/windows-networking.xml:1272(command)
1814
msgid "smbclient //fs01.example.com/share -k"
1815
msgstr "smbclient //fs01.example.com/share -k"
1817
#: serverguide/C/windows-networking.xml:1279(para)
1819
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1820
"<emphasis>//192.168.0.5/share</emphasis>, "
1821
"<emphasis>username=steve,password=secret</emphasis>, and "
1822
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1823
"file name, and an actual username and password with rights to the share."
1825
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1826
"<emphasis>//192.168.0.5/share</emphasis>, "
1827
"<emphasis>username=steve,password=secret</emphasis>, and "
1828
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1829
"file name, and an actual username and password with rights to the share."
1831
#: serverguide/C/windows-networking.xml:1290(para)
1833
"For more <application>smbclient</application> options see the man page: "
1834
"<command>man smbclient</command>, also available <ulink "
1835
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1838
"For more <application>smbclient</application> options see the man page: "
1839
"<command>man smbclient</command>, also available <ulink "
1840
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1843
#: serverguide/C/windows-networking.xml:1295(para)
1845
"The <application>mount.cifs</application><ulink "
1846
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1847
"\">man page</ulink> is also useful for more detailed information."
1849
"The <application>mount.cifs</application><ulink "
1850
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1851
"\">man page</ulink> is also useful for more detailed information."
1853
#: serverguide/C/windows-networking.xml:1308(title)
1854
msgid "Likewise Open"
1855
msgstr "Likewise Open"
1857
#: serverguide/C/windows-networking.xml:1310(para)
1859
"<application>Likewise Open</application> simplifies the necessary "
1860
"configuration needed to authenticate a Linux machine to an Active Directory "
1861
"domain. Based on <application>winbind</application>, the "
1862
"<application>likewise-open</application> package takes the pain out of "
1863
"integrating Ubuntu authentication into an existing Windows network."
1865
"<application>Likewise Open</application> simplifies the necessary "
1866
"configuration needed to authenticate a Linux machine to an Active Directory "
1867
"domain. Based on <application>winbind</application>, the "
1868
"<application>likewise-open</application> package takes the pain out of "
1869
"integrating Ubuntu authentication into an existing Windows network."
1871
#: serverguide/C/windows-networking.xml:1319(para)
1873
"There are two ways to use Likewise Open, <application>likewise-"
1874
"open</application> the command line utility and <application>likewise-open-"
1875
"gui</application>. This section focuses on the command line utility."
1877
"There are two ways to use Likewise Open, <application>likewise-"
1878
"open</application> the command line utility and <application>likewise-open-"
1879
"gui</application>. This section focuses on the command line utility."
1881
#: serverguide/C/windows-networking.xml:1324(para)
1883
"To install the <application>likewise-open</application> package, open a "
1884
"terminal prompt and enter:"
1886
"To install the <application>likewise-open</application> package, open a "
1887
"terminal prompt and enter:"
1889
#: serverguide/C/windows-networking.xml:1329(command)
1890
msgid "sudo apt-get install likewise-open"
1891
msgstr "sudo apt-get install likewise-open"
1893
#: serverguide/C/windows-networking.xml:1334(title)
1894
msgid "Joining a Domain"
1895
msgstr "Joining a Domain"
1897
#: serverguide/C/windows-networking.xml:1336(para)
1899
"The main executable file of the <application>likewise-open</application> "
1900
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1901
"join your computer to the domain. Before you join a domain you will need to "
1902
"make sure you have:"
1904
"The main executable file of the <application>likewise-open</application> "
1905
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1906
"join your computer to the domain. Before you join a domain you will need to "
1907
"make sure you have:"
1909
#: serverguide/C/windows-networking.xml:1344(para)
1911
"Access to an Active Directory user with appropriate rights to join the "
1914
"Access to an Active Directory user with appropriate rights to join the "
1917
#: serverguide/C/windows-networking.xml:1349(para)
1919
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1920
"you want to join. If your AD domain does not match a valid domain such as "
1921
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1922
"the form of <emphasis>domainname.local</emphasis>."
1924
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1925
"you want to join. If your AD domain does not match a valid domain such as "
1926
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1927
"the form of <emphasis>domainname.local</emphasis>."
1929
#: serverguide/C/windows-networking.xml:1356(para)
1931
"DNS for the domain setup properly. In a production AD environment this "
1932
"should be the case. Proper Microsoft DNS is needed so that client "
1933
"workstations can determine the Active Directory domain is available."
1935
"DNS for the domain setup properly. In a production AD environment this "
1936
"should be the case. Proper Microsoft DNS is needed so that client "
1937
"workstations can determine the Active Directory domain is available."
1939
#: serverguide/C/windows-networking.xml:1360(para)
1941
"If you don't have a Windows DNS server on your network, see <xref "
1942
"linkend=\"likewise-open-ms-dns\"/> for details."
1944
"If you don't have a Windows DNS server on your network, see <xref "
1945
"linkend=\"likewise-open-ms-dns\"/> for details."
1947
#: serverguide/C/windows-networking.xml:1367(para)
1948
msgid "To join a domain, from a terminal prompt enter:"
1949
msgstr "To join a domain, from a terminal prompt enter:"
1951
#: serverguide/C/windows-networking.xml:1372(command)
1952
msgid "sudo domainjoin-cli join example.com Administrator"
1953
msgstr "sudo domainjoin-cli join example.com Administrator"
1955
#: serverguide/C/windows-networking.xml:1376(para)
1957
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1958
"<emphasis>Administrator</emphasis> with the appropriate user name."
1960
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1961
"<emphasis>Administrator</emphasis> with the appropriate user name."
1963
#: serverguide/C/windows-networking.xml:1382(para)
1965
"You will then be prompted for the user's password. If all goes well a "
1966
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1968
"You will then be prompted for the user's password. If all goes well a "
1969
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1971
#: serverguide/C/windows-networking.xml:1388(para)
1973
"After joining the domain, it is necessary to reboot before attempting to "
1974
"authenticate against the domain."
1976
"After joining the domain, it is necessary to reboot before attempting to "
1977
"authenticate against the domain."
1979
#: serverguide/C/windows-networking.xml:1394(para)
1981
"After successfully joining an Ubuntu machine to an Active Directory domain "
1982
"you can authenticate using any valid AD user. To login you will need to "
1983
"enter the user name as 'domain\\username'. For example to ssh to a server "
1984
"joined to the domain enter:"
1986
"After successfully joining an Ubuntu machine to an Active Directory domain "
1987
"you can authenticate using any valid AD user. To login you will need to "
1988
"enter the user name as 'domain\\username'. For example to ssh to a server "
1989
"joined to the domain enter:"
1991
#: serverguide/C/windows-networking.xml:1401(command)
1992
msgid "ssh 'example\\steve'@hostname"
1993
msgstr "ssh 'example\\steve'@hostname"
1995
#: serverguide/C/windows-networking.xml:1405(para)
1997
"If configuring a Desktop the user name will need to be prefixed with "
1998
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
2000
"If configuring a Desktop the user name will need to be prefixed with "
2001
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
2003
#: serverguide/C/windows-networking.xml:1411(para)
2005
"To make likewise-open use a default domain, you can add the following "
2006
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
2008
"To make likewise-open use a default domain, you can add the following "
2009
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
2011
#: serverguide/C/windows-networking.xml:1415(programlisting)
2015
"winbind use default domain = yes\n"
2018
"winbind use default domain = yes\n"
2020
#: serverguide/C/windows-networking.xml:1419(para)
2021
msgid "Then restart the <application>likewise-open</application> daemons:"
2022
msgstr "Then restart the <application>likewise-open</application> daemons:"
2024
#: serverguide/C/windows-networking.xml:1424(command)
2025
msgid "sudo /etc/init.d/likewise-open restart"
2026
msgstr "sudo /etc/init.d/likewise-open restart"
2028
#: serverguide/C/windows-networking.xml:1428(para)
2030
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
2031
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
2032
"using only their username."
2034
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
2035
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
2036
"using only their username."
2038
#: serverguide/C/windows-networking.xml:1434(para)
2040
"The <application>domainjoin-cli</application> utility can also be used to "
2041
"leave the domain. From a terminal:"
2043
"The <application>domainjoin-cli</application> utility can also be used to "
2044
"leave the domain. From a terminal:"
2046
#: serverguide/C/windows-networking.xml:1439(command)
2047
msgid "sudo domainjoin-cli leave"
2048
msgstr "sudo domainjoin-cli leave"
2050
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
2051
msgid "Other Utilities"
2052
msgstr "Other Utilities"
2054
#: serverguide/C/windows-networking.xml:1446(para)
2056
"The <application>likewise-open</application> package comes with a few other "
2057
"utilities that may be useful for gathering information about the Active "
2058
"Directory environment. These utilities are used to join the machine to the "
2059
"domain, and are the same as those available in the <application>samba-"
2060
"common</application> and <application>winbind</application> packages:"
2062
"The <application>likewise-open</application> package comes with a few other "
2063
"utilities that may be useful for gathering information about the Active "
2064
"Directory environment. These utilities are used to join the machine to the "
2065
"domain, and are the same as those available in the <application>samba-"
2066
"common</application> and <application>winbind</application> packages:"
2068
#: serverguide/C/windows-networking.xml:1455(para)
2070
"<application>lwinet</application>: Returns information about the network and "
2073
"<application>lwinet</application>: Returns information about the network and "
2076
#: serverguide/C/windows-networking.xml:1460(para)
2078
"<application>lwimsg</application>: Allows interaction with the "
2079
"<application>likewise-winbindd</application> daemon."
2081
"<application>lwimsg</application>: Allows interaction with the "
2082
"<application>likewise-winbindd</application> daemon."
2084
#: serverguide/C/windows-networking.xml:1465(para)
2086
"<application>lwiinfo</application>: Displays information about various parts "
2089
"<application>lwiinfo</application>: Displays information about various parts "
2092
#: serverguide/C/windows-networking.xml:1471(para)
2093
msgid "Please refer to each utility's man page specific for details."
2094
msgstr "Please refer to each utility's man page specific for details."
2096
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
2097
msgid "Troubleshooting"
2098
msgstr "Troubleshooting"
2100
#: serverguide/C/windows-networking.xml:1481(para)
2102
"If the client has trouble joining the domain, double check that the "
2103
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2106
"If the client has trouble joining the domain, double check that the "
2107
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2110
#: serverguide/C/windows-networking.xml:1486(programlisting)
2114
"nameserver 192.168.0.1\n"
2117
"nameserver 192.168.0.1\n"
2119
#: serverguide/C/windows-networking.xml:1491(para)
2121
"For more information when joining a domain, use the <emphasis>--loglevel "
2122
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2123
"<application>domainjoin-cli</application> utility:"
2125
"For more information when joining a domain, use the <emphasis>--loglevel "
2126
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2127
"<application>domainjoin-cli</application> utility:"
2129
#: serverguide/C/windows-networking.xml:1497(command)
2130
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2132
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2134
#: serverguide/C/windows-networking.xml:1501(para)
2136
"If an Active Directory user has trouble logging in, check the "
2137
"<filename>/var/log/auth.log</filename> for details."
2139
"If an Active Directory user has trouble logging in, check the "
2140
"<filename>/var/log/auth.log</filename> for details."
2142
#: serverguide/C/windows-networking.xml:1506(para)
2144
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
2145
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
2146
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
2147
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
2148
"<emphasis>hosts</emphasis> option. For example:"
2150
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
2151
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
2152
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
2153
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
2154
"<emphasis>hosts</emphasis> option. For example:"
2156
#: serverguide/C/windows-networking.xml:1512(programlisting)
2160
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2163
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2165
#: serverguide/C/windows-networking.xml:1516(para)
2166
msgid "Change the above to:"
2167
msgstr "Change the above to:"
2169
#: serverguide/C/windows-networking.xml:1520(programlisting)
2173
"hosts: files dns [NOTFOUND=return]\n"
2176
"hosts: files dns [NOTFOUND=return]\n"
2178
#: serverguide/C/windows-networking.xml:1524(para)
2179
msgid "Then restart networking by entering:"
2180
msgstr "Then restart networking by entering:"
2182
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
2183
msgid "sudo /etc/init.d/networking restart"
2184
msgstr "sudo /etc/init.d/networking restart"
2186
#: serverguide/C/windows-networking.xml:1532(para)
2187
msgid "You should now be able to join the Active Directory domain."
2188
msgstr "You should now be able to join the Active Directory domain."
2190
#: serverguide/C/windows-networking.xml:1540(title)
2191
msgid "Microsoft DNS"
2192
msgstr "Microsoft DNS"
2194
#: serverguide/C/windows-networking.xml:1542(para)
2196
"The following are instructions for installing DNS on an Active Directory "
2197
"domain controller running Windows Server 2003, but the instructions should "
2198
"be similar for other versions:"
2200
"The following are instructions for installing DNS on an Active Directory "
2201
"domain controller running Windows Server 2003, but the instructions should "
2202
"be similar for other versions:"
2204
#: serverguide/C/windows-networking.xml:1551(para)
2207
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
2208
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
2209
"This will open the <application>Server Role Mangement</application> utility."
2212
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
2213
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
2214
"This will open the <application>Server Role Mangement</application> utility."
2216
#: serverguide/C/windows-networking.xml:1559(para)
2217
msgid "Click <guilabel>Add or remove a role</guilabel>"
2218
msgstr "Click <guilabel>Add or remove a role</guilabel>"
2220
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
2224
#: serverguide/C/windows-networking.xml:1561(para)
2225
msgid "Select \"DNS Server\""
2226
msgstr "Select \"DNS Server\""
2228
#: serverguide/C/windows-networking.xml:1563(para)
2229
msgid "Click Next again to proceed"
2230
msgstr "Click Next again to proceed"
2232
#: serverguide/C/windows-networking.xml:1564(para)
2233
msgid "Select \"Create a forward lookup zone\" if it is not selected."
2234
msgstr "Select \"Create a forward lookup zone\" if it is not selected."
2236
#: serverguide/C/windows-networking.xml:1566(para)
2238
"Make sure \"This server maintains the zone\" is selected and click Next."
2240
"Make sure \"This server maintains the zone\" is selected and click Next."
2242
#: serverguide/C/windows-networking.xml:1567(para)
2243
msgid "Enter your domain name and click Next"
2244
msgstr "Enter your domain name and click Next"
2246
#: serverguide/C/windows-networking.xml:1568(para)
2247
msgid "Click Next to \"Allow only secure dynamic updates\""
2248
msgstr "Click Next to \"Allow only secure dynamic updates\""
2250
#: serverguide/C/windows-networking.xml:1570(para)
2252
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2253
"should not forward queries\" and click Next."
2255
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2256
"should not forward queries\" and click Next."
2258
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
2259
msgid "Click Finish"
2260
msgstr "Click Finish"
2262
#: serverguide/C/windows-networking.xml:1577(para)
2264
"DNS is now installed and can be further configured using the "
2265
"<application>Microsoft Management Console</application> DNS snap-in."
2267
"DNS is now installed and can be further configured using the "
2268
"<application>Microsoft Management Console</application> DNS snap-in."
2270
#: serverguide/C/windows-networking.xml:1585(para)
2272
msgstr "Click Start"
2274
#: serverguide/C/windows-networking.xml:1586(para)
2275
msgid "Control Panel"
2276
msgstr "Control Panel"
2278
#: serverguide/C/windows-networking.xml:1587(para)
2279
msgid "Network Connections"
2280
msgstr "Network Connections"
2282
#: serverguide/C/windows-networking.xml:1588(para)
2283
msgid "Right Click \"Local Area Connection\""
2284
msgstr "Right Click \"Local Area Connection\""
2286
#: serverguide/C/windows-networking.xml:1589(para)
2287
msgid "Click Properties"
2288
msgstr "Click Properties"
2290
#: serverguide/C/windows-networking.xml:1590(para)
2291
msgid "Double click \"Internet Protocol (TCP/IP)\""
2292
msgstr "Double click \"Internet Protocol (TCP/IP)\""
2294
#: serverguide/C/windows-networking.xml:1591(para)
2295
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2296
msgstr "Enter the Server's IP Address as the \"Preferred DNS server\""
2298
#: serverguide/C/windows-networking.xml:1592(para)
2302
#: serverguide/C/windows-networking.xml:1593(para)
2303
msgid "Click Ok again to save the settings"
2304
msgstr "Click Ok again to save the settings"
2306
#: serverguide/C/windows-networking.xml:1582(para)
2308
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2310
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2312
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2316
#: serverguide/C/windows-networking.xml:1602(para)
2318
"Please refer to the <ulink "
2319
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2320
"further information."
2322
"Please refer to the <ulink "
2323
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2324
"further information."
2326
#: serverguide/C/windows-networking.xml:1606(para)
2328
"For more <application>domainjoin-cli</application> options see the man page: "
2329
"<command>man domainjoin-cli</command>."
2331
"For more <application>domainjoin-cli</application> options see the man page: "
2332
"<command>man domainjoin-cli</command>."
2334
#: serverguide/C/windows-networking.xml:1610(para)
2336
"Also, see the <ulink "
2337
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2338
"LikewiseOpen</ulink> page."
2340
"Also, see the <ulink "
2341
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2342
"LikewiseOpen</ulink> page."
2344
#: serverguide/C/web-servers.xml:13(title)
2346
msgstr "Web Servers"
2348
#: serverguide/C/web-servers.xml:14(para)
2350
"A Web server is a software responsible for accepting HTTP requests from "
2351
"clients, which are known as Web browsers, and serving them HTTP responses "
2352
"along with optional data contents, which usually are Web pages such as HTML "
2353
"documents and linked objects (images, etc.)."
2355
"A Web server is a software responsible for accepting HTTP requests from "
2356
"clients, which are known as Web browsers, and serving them HTTP responses "
2357
"along with optional data contents, which usually are Web pages such as HTML "
2358
"documents and linked objects (images, etc.)."
2360
#: serverguide/C/web-servers.xml:19(title)
2361
msgid "HTTPD - Apache2 Web Server"
2362
msgstr "HTTPD - Apache2 Web Server"
2364
#: serverguide/C/web-servers.xml:20(para)
2366
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2367
"are used to serve Web Pages requested by client computers. Clients typically "
2368
"request and view Web Pages using Web Browser applications such as "
2369
"<application>Firefox</application>, <application>Opera</application>, or "
2370
"<application>Mozilla</application>."
2372
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2373
"are used to serve Web Pages requested by client computers. Clients typically "
2374
"request and view Web Pages using Web Browser applications such as "
2375
"<application>Firefox</application>, <application>Opera</application>, or "
2376
"<application>Mozilla</application>."
2378
#: serverguide/C/web-servers.xml:24(para)
2380
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2381
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2382
"resource. For example, to view the home page of the <ulink "
2383
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2384
"the FQDN. To request specific information about <ulink "
2385
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2386
"enter the FQDN followed by a path."
2388
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2389
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2390
"resource. For example, to view the home page of the <ulink "
2391
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2392
"the FQDN. To request specific information about <ulink "
2393
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2394
"enter the FQDN followed by a path."
2396
#: serverguide/C/web-servers.xml:29(para)
2398
"The most common protocol used to transfer Web pages is the Hyper Text "
2399
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2400
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2401
"protocol for uploading and downloading files, are also supported."
2403
"The most common protocol used to transfer Web pages is the Hyper Text "
2404
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2405
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2406
"protocol for uploading and downloading files, are also supported."
2408
#: serverguide/C/web-servers.xml:33(para)
2410
"Apache Web Servers are often used in combination with the "
2411
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2412
"(<application>PHP</application>) scripting language, and other popular "
2413
"scripting languages such as <application>Python</application> and "
2414
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2415
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2416
"for the development and deployment of Web-based applications."
2418
"Apache Web Servers are often used in combination with the "
2419
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2420
"(<application>PHP</application>) scripting language, and other popular "
2421
"scripting languages such as <application>Python</application> and "
2422
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2423
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2424
"for the development and deployment of Web-based applications."
2426
#: serverguide/C/web-servers.xml:42(para)
2428
"The <application>Apache2</application> web server is available in Ubuntu "
2429
"Linux. To install Apache2:"
2431
"The <application>Apache2</application> web server is available in Ubuntu "
2432
"Linux. To install Apache2:"
2434
#: serverguide/C/web-servers.xml:48(para)
2435
msgid "At a terminal prompt enter the following command:"
2436
msgstr "At a terminal prompt enter the following command:"
2438
#: serverguide/C/web-servers.xml:53(command)
2439
msgid "sudo apt-get install apache2"
2440
msgstr "sudo apt-get install apache2"
2442
#: serverguide/C/web-servers.xml:63(para)
2444
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2445
"text configuration files. These <emphasis>directives</emphasis> are "
2446
"separated between the following files and directories:"
2448
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2449
"text configuration files. These <emphasis>directives</emphasis> are "
2450
"separated between the following files and directories:"
2452
#: serverguide/C/web-servers.xml:71(para)
2454
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2455
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2457
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2458
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2460
#: serverguide/C/web-servers.xml:77(para)
2462
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2463
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2464
"serve content may add files, or symlinks, to this directory."
2466
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2467
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2468
"serve content may add files, or symlinks, to this directory."
2470
#: serverguide/C/web-servers.xml:83(para)
2472
"<emphasis>envvars:</emphasis> file where Apache2 "
2473
"<emphasis>environment</emphasis> variables are set."
2475
"<emphasis>envvars:</emphasis> file where Apache2 "
2476
"<emphasis>environment</emphasis> variables are set."
2478
#: serverguide/C/web-servers.xml:88(para)
2480
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2481
"file, named after the <application>httpd</application> daemon. The file can "
2482
"be used for <emphasis>user specific</emphasis> configuration options that "
2483
"globally effect Apache2."
2485
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2486
"file, named after the <application>httpd</application> daemon. The file can "
2487
"be used for <emphasis>user specific</emphasis> configuration options that "
2488
"globally effect Apache2."
2490
#: serverguide/C/web-servers.xml:95(para)
2492
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2493
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2494
"modules will have specific configuration files, however."
2496
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2497
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2498
"modules will have specific configuration files, however."
2500
#: serverguide/C/web-servers.xml:101(para)
2502
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2503
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2504
"configuration file is symlinked it will be enabled the next time "
2505
"<application>apache2</application> is restarted."
2507
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2508
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2509
"configuration file is symlinked it will be enabled the next time "
2510
"<application>apache2</application> is restarted."
2512
#: serverguide/C/web-servers.xml:108(para)
2514
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2515
"TCP ports Apache2 is listening on."
2517
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2518
"TCP ports Apache2 is listening on."
2520
#: serverguide/C/web-servers.xml:113(para)
2522
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2523
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2524
"to be configured for multiple sites that have separate configurations."
2526
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2527
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2528
"to be configured for multiple sites that have separate configurations."
2530
#: serverguide/C/web-servers.xml:119(para)
2532
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2533
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2534
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2535
"a configuration file in sites-available is symlinked, the site configured by "
2536
"it will be active once Apache2 is restarted."
2538
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2539
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2540
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2541
"a configuration file in sites-available is symlinked, the site configured by "
2542
"it will be active once Apache2 is restarted."
2544
#: serverguide/C/web-servers.xml:127(para)
2546
"In addition, other configuration files may be added using the "
2547
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2548
"many configuration files. Any directive may be placed in any of these "
2549
"configuration files. Changes to the main configuration files are only "
2550
"recognized by Apache2 when it is started or restarted."
2552
"In addition, other configuration files may be added using the "
2553
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2554
"many configuration files. Any directive may be placed in any of these "
2555
"configuration files. Changes to the main configuration files are only "
2556
"recognised by Apache2 when it is started or restarted."
2558
#: serverguide/C/web-servers.xml:136(para)
2560
"The server also reads a file containing mime document types; the filename is "
2561
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2562
"<filename>/etc/mime.types</filename> by default."
2564
"The server also reads a file containing mime document types; the filename is "
2565
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2566
"<filename>/etc/mime.types</filename> by default."
2568
#: serverguide/C/web-servers.xml:141(title)
2569
msgid "Basic Settings"
2570
msgstr "Basic Settings"
2572
#: serverguide/C/web-servers.xml:142(para)
2574
"This section explains Apache2 server essential configuration parameters. "
2575
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2576
"Documentation</ulink> for more details."
2578
"This section explains Apache2 server essential configuration parameters. "
2579
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2580
"Documentation</ulink> for more details."
2582
#: serverguide/C/web-servers.xml:150(para)
2584
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2585
"it is configured with a single default virtual host (using the "
2586
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2587
"if you have a single site, or used as a template for additional virtual "
2588
"hosts if you have multiple sites. If left alone, the default virtual host "
2589
"will serve as your default site, or the site users will see if the URL they "
2590
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2591
"your custom sites. To modify the default virtual host, edit the file "
2592
"<filename>/etc/apache2/sites-available/default</filename>."
2594
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2595
"it is configured with a single default virtual host (using the "
2596
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2597
"if you have a single site, or used as a template for additional virtual "
2598
"hosts if you have multiple sites. If left alone, the default virtual host "
2599
"will serve as your default site, or the site users will see if the URL they "
2600
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2601
"your custom sites. To modify the default virtual host, edit the file "
2602
"<filename>/etc/apache2/sites-available/default</filename>."
2604
#: serverguide/C/web-servers.xml:163(para)
2606
"The directives set for a virtual host only apply to that particular virtual "
2607
"host. If a directive is set server-wide and not defined within the virtual "
2608
"host settings, the default setting is used. For example, you can define a "
2609
"Webmaster email address and not define individual email addresses for each "
2612
"The directives set for a virtual host only apply to that particular virtual "
2613
"host. If a directive is set server-wide and not defined within the virtual "
2614
"host settings, the default setting is used. For example, you can define a "
2615
"Webmaster e-mail address and not define individual e-mail addresses for each "
2618
#: serverguide/C/web-servers.xml:171(para)
2620
"If you wish to configure a new virtual host or site, copy that file into the "
2621
"same directory with a name you choose. For example:"
2623
"If you wish to configure a new virtual host or site, copy that file into the "
2624
"same directory with a name you choose. For example:"
2626
#: serverguide/C/web-servers.xml:177(command)
2628
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2629
"available/mynewsite"
2631
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2632
"available/mynewsite"
2634
#: serverguide/C/web-servers.xml:180(para)
2636
"Edit the new file to configure the new site using some of the directives "
2639
"Edit the new file to configure the new site using some of the directives "
2642
#: serverguide/C/web-servers.xml:187(para)
2644
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2645
"to be advertised for the server's administrator. The default value is "
2646
"webmaster@localhost. This should be changed to an email address that is "
2647
"delivered to you (if you are the server's administrator). If your website "
2648
"has a problem, Apache2 will display an error message containing this email "
2649
"address to report the problem to. Find this directive in your site's "
2650
"configuration file in /etc/apache2/sites-available."
2652
"The <emphasis>ServerAdmin</emphasis> directive specifies the e-mail address "
2653
"to be advertised for the server's administrator. The default value is "
2654
"webmaster@localhost. This should be changed to an e-mail address that is "
2655
"delivered to you (if you are the server's administrator). If your website "
2656
"has a problem, Apache2 will display an error message containing this e-mail "
2657
"address to report the problem to. Find this directive in your site's "
2658
"configuration file in /etc/apache2/sites-available."
2660
#: serverguide/C/web-servers.xml:198(para)
2662
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2663
"the IP address, Apache2 should listen on. If the IP address is not "
2664
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2665
"it runs on. The default value for the Listen directive is 80. Change this to "
2666
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2667
"that it will not be available to the Internet, to (for example) 81 to change "
2668
"the port that it listens on, or leave it as is for normal operation. This "
2669
"directive can be found and changed in its own file, "
2670
"<filename>/etc/apache2/ports.conf</filename>"
2672
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2673
"the IP address, Apache2 should listen on. If the IP address is not "
2674
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2675
"it runs on. The default value for the Listen directive is 80. Change this to "
2676
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2677
"that it will not be available to the Internet, to (for example) 81 to change "
2678
"the port that it listens on, or leave it as is for normal operation. This "
2679
"directive can be found and changed in its own file, "
2680
"<filename>/etc/apache2/ports.conf</filename>"
2682
#: serverguide/C/web-servers.xml:211(para)
2684
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2685
"FQDN your site should answer to. The default virtual host has no ServerName "
2686
"directive specified, so it will respond to all requests that do not match a "
2687
"ServerName directive in another virtual host. If you have just acquired the "
2688
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2689
"value of the ServerName directive in your virtual host configuration file "
2690
"should be ubunturocks.com. Add this directive to the new virtual host file "
2691
"you created earlier (<filename>/etc/apache2/sites-"
2692
"available/mynewsite</filename>)."
2694
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2695
"FQDN your site should answer to. The default virtual host has no ServerName "
2696
"directive specified, so it will respond to all requests that do not match a "
2697
"ServerName directive in another virtual host. If you have just acquired the "
2698
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2699
"value of the ServerName directive in your virtual host configuration file "
2700
"should be ubunturocks.com. Add this directive to the new virtual host file "
2701
"you created earlier (<filename>/etc/apache2/sites-"
2702
"available/mynewsite</filename>)."
2704
#: serverguide/C/web-servers.xml:223(para)
2706
"You may also want your site to respond to www.ubunturocks.com, since many "
2707
"users will assume the www prefix is appropriate. Use the "
2708
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2709
"wildcards in the ServerAlias directive."
2711
"You may also want your site to respond to www.ubunturocks.com, since many "
2712
"users will assume the www prefix is appropriate. Use the "
2713
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2714
"wildcards in the ServerAlias directive."
2716
#: serverguide/C/web-servers.xml:230(para)
2718
"For example, the following configuration will cause your site to respond to "
2719
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2721
"For example, the following configuration will cause your site to respond to "
2722
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2724
#: serverguide/C/web-servers.xml:236(programlisting)
2728
"ServerAlias *.ubunturocks.com\n"
2731
"ServerAlias *.ubunturocks.com\n"
2733
#: serverguide/C/web-servers.xml:242(para)
2735
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2736
"should look for the files that make up the site. The default value is "
2737
"/var/www. No site is configured there, but if you uncomment the "
2738
"<emphasis>RedirectMatch</emphasis> directive in "
2739
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2740
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2741
"this value in your site's virtual host file, and remember to create that "
2742
"directory if necessary!"
2744
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2745
"should look for the files that make up the site. The default value is "
2746
"/var/www. No site is configured there, but if you uncomment the "
2747
"<emphasis>RedirectMatch</emphasis> directive in "
2748
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2749
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2750
"this value in your site's virtual host file, and remember to create that "
2751
"directory if necessary!"
2753
#: serverguide/C/web-servers.xml:254(para)
2755
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2756
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2757
"enabled point to \"available\" sites."
2759
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2760
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2761
"enabled point to \"available\" sites."
2763
#: serverguide/C/web-servers.xml:260(para)
2765
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2766
"<application>a2ensite</application> utility and restart Apache2:"
2768
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2769
"<application>a2ensite</application> utility and restart Apache2:"
2771
#: serverguide/C/web-servers.xml:266(command)
2772
msgid "sudo a2ensite mynewsite"
2773
msgstr "sudo a2ensite mynewsite"
2775
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2776
msgid "sudo /etc/init.d/apache2 restart"
2777
msgstr "sudo /etc/init.d/apache2 restart"
2779
#: serverguide/C/web-servers.xml:271(para)
2781
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2782
"name for the VirtualHost. One method is to name the file after the "
2783
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2785
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2786
"name for the VirtualHost. One method is to name the file after the "
2787
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2789
#: serverguide/C/web-servers.xml:278(para)
2791
"Similarly, use the <application>a2dissite</application> utility to disable "
2792
"sites. This is can be useful when troubleshooting configuration problems "
2793
"with multiple VirtualHosts:"
2795
"Similarly, use the <application>a2dissite</application> utility to disable "
2796
"sites. This is can be useful when troubleshooting configuration problems "
2797
"with multiple VirtualHosts:"
2799
#: serverguide/C/web-servers.xml:284(command)
2800
msgid "sudo a2dissite mynewsite"
2801
msgstr "sudo a2dissite mynewsite"
2803
#: serverguide/C/web-servers.xml:290(title)
2804
msgid "Default Settings"
2805
msgstr "Default Settings"
2807
#: serverguide/C/web-servers.xml:292(para)
2809
"This section explains configuration of the Apache2 server default settings. "
2810
"For example, if you add a virtual host, the settings you configure for the "
2811
"virtual host take precedence for that virtual host. For a directive not "
2812
"defined within the virtual host settings, the default value is used."
2814
"This section explains configuration of the Apache2 server default settings. "
2815
"For example, if you add a virtual host, the settings you configure for the "
2816
"virtual host take precedence for that virtual host. For a directive not "
2817
"defined within the virtual host settings, the default value is used."
2819
#: serverguide/C/web-servers.xml:304(para)
2821
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2822
"server when a user requests an index of a directory by specifying a forward "
2823
"slash (/) at the end of the directory name."
2825
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2826
"server when a user requests an index of a directory by specifying a forward "
2827
"slash (/) at the end of the directory name."
2829
#: serverguide/C/web-servers.xml:311(para)
2831
"For example, when a user requests the page "
2832
"http://www.example.com/this_directory/, he or she will get either the "
2833
"DirectoryIndex page if it exists, a server-generated directory list if it "
2834
"does not and the Indexes option is specified, or a Permission Denied page if "
2835
"neither is true. The server will try to find one of the files listed in the "
2836
"DirectoryIndex directive and will return the first one it finds. If it does "
2837
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2838
"set for that directory, the server will generate and return a list, in HTML "
2839
"format, of the subdirectories and files in the directory. The default value, "
2840
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2841
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2842
"Apache2 finds a file in a requested directory matching any of these names, "
2843
"the first will be displayed."
2845
"For example, when a user requests the page "
2846
"http://www.example.com/this_directory/, he or she will get either the "
2847
"DirectoryIndex page if it exists, a server-generated directory list if it "
2848
"does not and the Indexes option is specified, or a Permission Denied page if "
2849
"neither is true. The server will try to find one of the files listed in the "
2850
"DirectoryIndex directive and will return the first one it finds. If it does "
2851
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2852
"set for that directory, the server will generate and return a list, in HTML "
2853
"format, of the subdirectories and files in the directory. The default value, "
2854
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2855
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2856
"Apache2 finds a file in a requested directory matching any of these names, "
2857
"the first will be displayed."
2859
#: serverguide/C/web-servers.xml:332(para)
2861
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2862
"file for Apache2 to use for specific error events. For example, if a user "
2863
"requests a resource that does not exist, a 404 error will occur, and per "
2864
"Apache2's default configuration, the file "
2865
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2866
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2867
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2868
"redirects requests to the /error directory to "
2869
"<filename>/usr/share/apache2/error/</filename>."
2871
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2872
"file for Apache2 to use for specific error events. For example, if a user "
2873
"requests a resource that does not exist, a 404 error will occur, and per "
2874
"Apache2's default configuration, the file "
2875
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2876
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2877
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2878
"redirects requests to the /error directory to "
2879
"<filename>/usr/share/apache2/error/</filename>."
2881
#: serverguide/C/web-servers.xml:344(para)
2883
"To see a list of the default ErrorDocument directives, use this command:"
2885
"To see a list of the default ErrorDocument directives, use this command:"
2887
#: serverguide/C/web-servers.xml:350(command)
2888
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2889
msgstr "grep ErrorDocument /etc/apache2/apache2.conf"
2891
#: serverguide/C/web-servers.xml:355(para)
2893
"By default, the server writes the transfer log to the file "
2894
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2895
"per-site basis in your virtual host configuration files with the "
2896
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2897
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2898
"specify the file to which errors are logged, via the "
2899
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2900
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2901
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2902
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2903
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2904
"/etc/apache2/apache2.conf</filename> for the default value)."
2906
"By default, the server writes the transfer log to the file "
2907
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2908
"per-site basis in your virtual host configuration files with the "
2909
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2910
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2911
"specify the file to which errors are logged, via the "
2912
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2913
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2914
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2915
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2916
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2917
"/etc/apache2/apache2.conf</filename> for the default value)."
2919
#: serverguide/C/web-servers.xml:370(para)
2921
"Some options are specified on a per-directory basis rather than per-server. "
2922
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2923
"is enclosed in XML-like tags, like so:"
2925
"Some options are specified on a per-directory basis rather than per-server. "
2926
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2927
"is enclosed in XML-like tags, like so:"
2929
#: serverguide/C/web-servers.xml:376(programlisting)
2933
"<Directory /var/www/mynewsite>\n"
2935
"</Directory>\n"
2938
"<Directory /var/www/mynewsite>\n"
2940
"</Directory>\n"
2942
#: serverguide/C/web-servers.xml:382(para)
2944
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2945
"one or more of the following values (among others), separated by spaces:"
2947
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2948
"one or more of the following values (among others), separated by spaces:"
2950
#: serverguide/C/web-servers.xml:394(para)
2952
"Most files should not be executed as CGI scripts. This would be very "
2953
"dangerous. CGI scripts should kept in a directory separate from and outside "
2954
"your DocumentRoot, and only this directory should have the ExecCGI option "
2955
"set. This is the default, and the default location for CGI scripts is "
2956
"<filename>/usr/lib/cgi-bin</filename>."
2958
"Most files should not be executed as CGI scripts. This would be very "
2959
"dangerous. CGI scripts should kept in a directory separate from and outside "
2960
"your DocumentRoot, and only this directory should have the ExecCGI option "
2961
"set. This is the default, and the default location for CGI scripts is "
2962
"<filename>/usr/lib/cgi-bin</filename>."
2964
#: serverguide/C/web-servers.xml:389(para)
2966
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2967
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2969
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2970
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2972
#: serverguide/C/web-servers.xml:405(para)
2974
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2975
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2976
"other files. This is not a common option. See <ulink "
2977
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2978
"HOWTO</ulink> for more information."
2980
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2981
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2982
"other files. This is not a common option. See <ulink "
2983
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2984
"HOWTO</ulink> for more information."
2986
#: serverguide/C/web-servers.xml:414(para)
2988
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2989
"includes, but disable the <emphasis>#exec</emphasis> and "
2990
"<emphasis>#include</emphasis> commands in CGI scripts."
2992
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2993
"includes, but disable the <emphasis>#exec</emphasis> and "
2994
"<emphasis>#include</emphasis> commands in CGI scripts."
2996
#: serverguide/C/web-servers.xml:426(para)
2998
"For security reasons, this should usually not be set, and certainly should "
2999
"not be set on your DocumentRoot directory. Enable this option carefully on a "
3000
"per-directory basis only if you are certain you want users to see the entire "
3001
"contents of the directory."
3003
"For security reasons, this should usually not be set, and certainly should "
3004
"not be set on your DocumentRoot directory. Enable this option carefully on a "
3005
"per-directory basis only if you are certain you want users to see the entire "
3006
"contents of the directory."
3008
#: serverguide/C/web-servers.xml:421(para)
3010
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
3011
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
3012
"index.html) exists in the requested directory. <placeholder-1/>"
3014
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
3015
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
3016
"index.html) exists in the requested directory. <placeholder-1/>"
3018
#: serverguide/C/web-servers.xml:436(para)
3020
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
3021
"multiviews; this option is disabled by default for security reasons. See the "
3023
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
3024
"Apache2 documentation on this option</ulink>."
3026
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
3027
"multiviews; this option is disabled by default for security reasons. See the "
3029
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
3030
"Apache2 documentation on this option</ulink>."
3032
#: serverguide/C/web-servers.xml:444(para)
3034
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
3035
"symbolic links if the target file or directory has the same owner as the "
3038
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
3039
"symbolic links if the target file or directory has the same owner as the "
3042
#: serverguide/C/web-servers.xml:456(title)
3043
msgid "httpd Settings"
3044
msgstr "httpd Settings"
3046
#: serverguide/C/web-servers.xml:458(para)
3048
"This section explains some basic <application>httpd</application> daemon "
3049
"configuration settings."
3051
"This section explains some basic <application>httpd</application> daemon "
3052
"configuration settings."
3054
#: serverguide/C/web-servers.xml:462(para)
3056
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
3057
"the path to the lockfile used when the server is compiled with either "
3058
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
3059
"stored on the local disk. It should be left to the default value unless the "
3060
"logs directory is located on an NFS share. If this is the case, the default "
3061
"value should be changed to a location on the local disk and to a directory "
3062
"that is readable only by root."
3064
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
3065
"the path to the lockfile used when the server is compiled with either "
3066
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
3067
"stored on the local disk. It should be left to the default value unless the "
3068
"logs directory is located on an NFS share. If this is the case, the default "
3069
"value should be changed to a location on the local disk and to a directory "
3070
"that is readable only by root."
3072
#: serverguide/C/web-servers.xml:471(para)
3074
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
3075
"file in which the server records its process ID (pid). This file should only "
3076
"be readable by root. In most cases, it should be left to the default value."
3078
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
3079
"file in which the server records its process ID (pid). This file should only "
3080
"be readable by root. In most cases, it should be left to the default value."
3082
#: serverguide/C/web-servers.xml:477(para)
3084
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
3085
"used by the server to answer requests. This setting determines the server's "
3086
"access. Any files inaccessible to this user will also be inaccessible to "
3087
"your website's visitors. The default value for User is www-data."
3089
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
3090
"used by the server to answer requests. This setting determines the server's "
3091
"access. Any files inaccessible to this user will also be inaccessible to "
3092
"your website's visitors. The default value for User is www-data."
3094
#: serverguide/C/web-servers.xml:484(para)
3096
"Unless you know exactly what you are doing, do not set the User directive to "
3097
"root. Using root as the User will create large security holes for your Web "
3100
"Unless you know exactly what you are doing, do not set the User directive to "
3101
"root. Using root as the User will create large security holes for your Web "
3104
#: serverguide/C/web-servers.xml:490(para)
3106
"The Group directive is similar to the User directive. Group sets the group "
3107
"under which the server will answer requests. The default group is also www-"
3110
"The Group directive is similar to the User directive. Group sets the group "
3111
"under which the server will answer requests. The default group is also www-"
3114
#: serverguide/C/web-servers.xml:496(title)
3115
msgid "Apache2 Modules"
3116
msgstr "Apache2 Modules"
3118
#: serverguide/C/web-servers.xml:498(para)
3120
"Apache2 is a modular server. This implies that only the most basic "
3121
"functionality is included in the core server. Extended features are "
3122
"available through modules which can be loaded into Apache2. By default, a "
3123
"base set of modules is included in the server at compile-time. If the server "
3124
"is compiled to use dynamically loaded modules, then modules can be compiled "
3125
"separately, and added at any time using the LoadModule directive. Otherwise, "
3126
"Apache2 must be recompiled to add or remove modules."
3128
"Apache2 is a modular server. This implies that only the most basic "
3129
"functionality is included in the core server. Extended features are "
3130
"available through modules which can be loaded into Apache2. By default, a "
3131
"base set of modules is included in the server at compile-time. If the server "
3132
"is compiled to use dynamically loaded modules, then modules can be compiled "
3133
"separately, and added at any time using the LoadModule directive. Otherwise, "
3134
"Apache2 must be recompiled to add or remove modules."
3136
#: serverguide/C/web-servers.xml:510(para)
3138
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
3139
"Configuration directives may be conditionally included on the presence of a "
3140
"particular module by enclosing them in an "
3141
"<emphasis><IfModule></emphasis> block."
3143
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
3144
"Configuration directives may be conditionally included on the presence of a "
3145
"particular module by enclosing them in an "
3146
"<emphasis><IfModule></emphasis> block."
3148
#: serverguide/C/web-servers.xml:517(para)
3150
"You can install additional Apache2 modules and use them with your Web "
3151
"server. For example, run the following command from a terminal prompt to "
3152
"install the <emphasis>MySQL Authentication</emphasis> module:"
3154
"You can install additional Apache2 modules and use them with your Web "
3155
"server. For example, run the following command from a terminal prompt to "
3156
"install the <emphasis>MySQL Authentication</emphasis> module:"
3158
#: serverguide/C/web-servers.xml:524(command)
3159
msgid "sudo apt-get install libapache2-mod-auth-mysql"
3160
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
3162
#: serverguide/C/web-servers.xml:527(para)
3164
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
3165
"additional modules."
3167
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
3168
"additional modules."
3170
#: serverguide/C/web-servers.xml:531(para)
3172
"Use the <application>a2enmod</application> utility to enable a module:"
3174
"Use the <application>a2enmod</application> utility to enable a module:"
3176
#: serverguide/C/web-servers.xml:537(command)
3177
msgid "sudo a2enmod auth_mysql"
3178
msgstr "sudo a2enmod auth_mysql"
3180
#: serverguide/C/web-servers.xml:541(para)
3181
msgid "Similarly, <application>a2dismod</application> will disable a module:"
3183
"Similarly, <application>a2dismod</application> will disable a module:"
3185
#: serverguide/C/web-servers.xml:546(command)
3186
msgid "sudo a2dismod auth_mysql"
3187
msgstr "sudo a2dismod auth_mysql"
3189
#: serverguide/C/web-servers.xml:553(title)
3190
msgid "HTTPS Configuration"
3191
msgstr "HTTPS Configuration"
3193
#: serverguide/C/web-servers.xml:555(para)
3195
"The <application>mod_ssl</application> module adds an important feature to "
3196
"the Apache2 server - the ability to encrypt communications. Thus, when your "
3197
"browser is communicating using SSL, the https:// prefix is used at the "
3198
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
3201
"The <application>mod_ssl</application> module adds an important feature to "
3202
"the Apache2 server - the ability to encrypt communications. Thus, when your "
3203
"browser is communicating using SSL, the https:// prefix is used at the "
3204
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
3207
#: serverguide/C/web-servers.xml:564(para)
3209
"The <application>mod_ssl</application> module is available in "
3210
"<application>apache2-common</application> package. Execute the following "
3211
"command from a terminal prompt to enable the "
3212
"<application>mod_ssl</application> module:"
3214
"The <application>mod_ssl</application> module is available in "
3215
"<application>apache2-common</application> package. Execute the following "
3216
"command from a terminal prompt to enable the "
3217
"<application>mod_ssl</application> module:"
3219
#: serverguide/C/web-servers.xml:571(command)
3220
msgid "sudo a2enmod ssl"
3221
msgstr "sudo a2enmod ssl"
3223
#: serverguide/C/web-servers.xml:574(para)
3225
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
3226
"available/default-ssl</filename>. In order for "
3227
"<application>Apache2</application> to provide HTTPS, a "
3228
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
3229
"needed. The default HTTPS configuration will use a certificate and key "
3230
"generated by the <application>ssl-cert</application> package. They are good "
3231
"for testing, but the auto-generated certificate and key should be replaced "
3232
"by a certificate specific to the site or server. For information on "
3233
"generating a key and obtaining a certificate see <xref "
3234
"linkend=\"certificates-and-security\"/>"
3236
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
3237
"available/default-ssl</filename>. In order for "
3238
"<application>Apache2</application> to provide HTTPS, a "
3239
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
3240
"needed. The default HTTPS configuration will use a certificate and key "
3241
"generated by the <application>ssl-cert</application> package. They are good "
3242
"for testing, but the auto-generated certificate and key should be replaced "
3243
"by a certificate specific to the site or server. For information on "
3244
"generating a key and obtaining a certificate see <xref "
3245
"linkend=\"certificates-and-security\"/>"
3247
#: serverguide/C/web-servers.xml:584(para)
3249
"To configure <application>Apache2</application> for HTTPS, enter the "
3252
"To configure <application>Apache2</application> for HTTPS, enter the "
3255
#: serverguide/C/web-servers.xml:589(command)
3256
msgid "sudo a2ensite default-ssl"
3257
msgstr "sudo a2ensite default-ssl"
3259
#: serverguide/C/web-servers.xml:593(para)
3261
"The directories <filename>/etc/ssl/certs</filename> and "
3262
"<filename>/etc/ssl/private</filename> are the default locations. If you "
3263
"install the certificate and key in another directory make sure to change "
3264
"<emphasis>SSLCertificateFile</emphasis> and "
3265
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
3267
"The directories <filename>/etc/ssl/certs</filename> and "
3268
"<filename>/etc/ssl/private</filename> are the default locations. If you "
3269
"install the certificate and key in another directory make sure to change "
3270
"<emphasis>SSLCertificateFile</emphasis> and "
3271
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
3273
#: serverguide/C/web-servers.xml:600(para)
3275
"With Apache2 now configured for HTTPS, restart the service to enable the new "
3278
"With Apache2 now configured for HTTPS, restart the service to enable the new "
3281
#: serverguide/C/web-servers.xml:611(para)
3283
"Depending on how you obtained your certificate you may need to enter a "
3284
"passphrase when <application>Apache2</application> starts."
3286
"Depending on how you obtained your certificate you may need to enter a "
3287
"passphrase when <application>Apache2</application> starts."
3289
#: serverguide/C/web-servers.xml:617(para)
3291
"You can access the secure server pages by typing https://your_hostname/url/ "
3292
"in your browser address bar."
3294
"You can access the secure server pages by typing https://your_hostname/url/ "
3295
"in your browser address bar."
3297
#: serverguide/C/web-servers.xml:628(para)
3299
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
3300
"Documentation</ulink> contains in depth information on Apache2 configuration "
3301
"directives. Also, see the <application>apache2-doc</application> package for "
3302
"the official Apache2 docs."
3304
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
3305
"Documentation</ulink> contains in depth information on Apache2 configuration "
3306
"directives. Also, see the <application>apache2-doc</application> package for "
3307
"the official Apache2 docs."
3309
#: serverguide/C/web-servers.xml:635(para)
3311
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
3312
"Documentation</ulink> site for more SSL related information."
3314
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
3315
"Documentation</ulink> site for more SSL related information."
3317
#: serverguide/C/web-servers.xml:641(para)
3319
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
3320
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
3323
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
3324
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
3327
#: serverguide/C/web-servers.xml:647(para)
3329
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
3330
"server</emphasis> IRC channel on <ulink "
3331
"url=\"http://freenode.net/\">freenode.net</ulink>."
3333
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
3334
"server</emphasis> IRC channel on <ulink "
3335
"url=\"http://freenode.net/\">freenode.net</ulink>."
3337
#: serverguide/C/web-servers.xml:653(para)
3339
"Usually integrated with PHP and MySQL the <ulink "
3340
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3341
"Ubuntu Wiki </ulink> page is a good resource."
3343
"Usually integrated with PHP and MySQL the <ulink "
3344
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3345
"Ubuntu Wiki </ulink> page is a good resource."
3347
#: serverguide/C/web-servers.xml:664(title)
3348
msgid "PHP5 - Scripting Language"
3349
msgstr "PHP5 - Scripting Language"
3351
#: serverguide/C/web-servers.xml:665(para)
3353
"PHP is a general-purpose scripting language suited for Web development. The "
3354
"PHP script can be embedded into HTML. This section explains how to install "
3355
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
3357
"PHP is a general-purpose scripting language suited for Web development. The "
3358
"PHP script can be embedded into HTML. This section explains how to install "
3359
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
3361
#: serverguide/C/web-servers.xml:669(para)
3363
"This section assumes you have installed and configured Apache2 Web Server "
3364
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
3365
"sections in this document to install and configure Apache2 and MySQL "
3368
"This section assumes you have installed and configured Apache2 Web Server "
3369
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
3370
"sections in this document to install and configure Apache2 and MySQL "
3373
#: serverguide/C/web-servers.xml:676(para)
3374
msgid "The PHP5 is available in Ubuntu Linux."
3375
msgstr "The PHP5 is available in Ubuntu Linux."
3377
#: serverguide/C/web-servers.xml:678(para)
3379
"To install PHP5 you can enter the following command in the terminal prompt: "
3381
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3384
"To install PHP5 you can enter the following command in the terminal prompt: "
3386
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3389
#: serverguide/C/web-servers.xml:687(para)
3391
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
3392
"line you should install <application>php5-cli</application> package. To "
3393
"install <application>php5-cli</application> you can enter the following "
3394
"command in the terminal prompt: <screen>\n"
3395
"<command>sudo apt-get install php5-cli</command>\n"
3398
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
3399
"line you should install <application>php5-cli</application> package. To "
3400
"install <application>php5-cli</application> you can enter the following "
3401
"command in the terminal prompt: <screen>\n"
3402
"<command>sudo apt-get install php5-cli</command>\n"
3405
#: serverguide/C/web-servers.xml:696(para)
3407
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
3408
"accomplish this, you should install <application>php5-cgi</application> "
3409
"package. You can run the following command in a terminal prompt to install "
3410
"<application>php5-cgi</application> package: <screen>\n"
3411
"<command>sudo apt-get install php5-cgi</command>\n"
3414
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
3415
"accomplish this, you should install <application>php5-cgi</application> "
3416
"package. You can run the following command in a terminal prompt to install "
3417
"<application>php5-cgi</application> package: <screen>\n"
3418
"<command>sudo apt-get install php5-cgi</command>\n"
3421
#: serverguide/C/web-servers.xml:706(para)
3423
"To use <application>MySQL</application> with PHP5 you should install "
3424
"<application>php5-mysql</application> package. To install <application>php5-"
3425
"mysql</application> you can enter the following command in the terminal "
3426
"prompt: <screen>\n"
3427
"<command>sudo apt-get install php5-mysql</command>\n"
3430
"To use <application>MySQL</application> with PHP5 you should install "
3431
"<application>php5-mysql</application> package. To install <application>php5-"
3432
"mysql</application> you can enter the following command in the terminal "
3433
"prompt: <screen>\n"
3434
"<command>sudo apt-get install php5-mysql</command>\n"
3437
#: serverguide/C/web-servers.xml:714(para)
3439
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
3440
"install <application>php5-pgsql</application> package. To install "
3441
"<application>php5-pgsql</application> you can enter the following command in "
3442
"the terminal prompt: <screen>\n"
3443
"<command>sudo apt-get install php5-pgsql</command>\n"
3446
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
3447
"install <application>php5-pgsql</application> package. To install "
3448
"<application>php5-pgsql</application> you can enter the following command in "
3449
"the terminal prompt: <screen>\n"
3450
"<command>sudo apt-get install php5-pgsql</command>\n"
3453
#: serverguide/C/web-servers.xml:727(para)
3455
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3456
"you have installed <application>php5-cli</application> package, you can run "
3457
"PHP5 scripts from your command prompt."
3459
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3460
"you have installed <application>php5-cli</application> package, you can run "
3461
"PHP5 scripts from your command prompt."
3463
#: serverguide/C/web-servers.xml:734(para)
3465
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3466
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3467
"when you install the module. Please verify if the files "
3468
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3469
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3470
"not exists, you can enable the module using <command>a2enmod</command> "
3473
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3474
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3475
"when you install the module. Please verify if the files "
3476
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3477
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3478
"not exists, you can enable the module using <command>a2enmod</command> "
3481
#: serverguide/C/web-servers.xml:745(para)
3483
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3484
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3485
"following command at a terminal prompt to restart your web server: "
3486
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3488
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3489
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3490
"following command at a terminal prompt to restart your Web server: "
3491
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3493
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3497
#: serverguide/C/web-servers.xml:754(para)
3499
"To verify your installation, you can run following PHP5 phpinfo script:"
3501
"To verify your installation, you can run following PHP5 phpinfo script:"
3503
#: serverguide/C/web-servers.xml:757(programlisting)
3516
#: serverguide/C/web-servers.xml:762(para)
3518
"You can save the content in a file <filename>phpinfo.php</filename> and "
3519
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3520
"server. When point your browser to "
3521
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3522
"various PHP5 configuration parameters."
3524
"You can save the content in a file <filename>phpinfo.php</filename> and "
3525
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3526
"server. When point your browser to "
3527
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3528
"various PHP5 configuration parameters."
3530
#: serverguide/C/web-servers.xml:776(para)
3532
"For more in depth information see <ulink "
3533
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3535
"For more in depth information see <ulink "
3536
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3538
#: serverguide/C/web-servers.xml:781(para)
3540
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3541
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3542
"5</ulink> and the <ulink "
3543
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3545
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3546
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3547
"5</ulink> and the <ulink "
3548
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3550
#: serverguide/C/web-servers.xml:788(para)
3552
"Also, see the <ulink "
3553
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3554
"Ubuntu Wiki</ulink> page for more information."
3556
"Also, see the <ulink "
3557
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3558
"Ubuntu Wiki</ulink> page for more information."
3560
#: serverguide/C/web-servers.xml:799(title)
3561
msgid "Squid - Proxy Server"
3562
msgstr "Squid - Proxy Server"
3564
#: serverguide/C/web-servers.xml:800(para)
3566
"Squid is a full-featured web proxy cache server application which provides "
3567
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3568
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3569
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3570
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3571
"caching. Squid also supports a wide variety of caching protocols, such as "
3572
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3573
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3576
"Squid is a full-featured Web proxy cache server application which provides "
3577
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3578
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3579
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3580
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3581
"caching. Squid also supports a wide variety of caching protocols, such as "
3582
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3583
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3586
#: serverguide/C/web-servers.xml:808(para)
3588
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3589
"and caching server needs, and scales from the branch office to enterprise "
3590
"level networks while providing extensive, granular access control mechanisms "
3591
"and monitoring of critical parameters via the Simple Network Management "
3592
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3593
"Squid proxy, or caching servers, ensure your system is configured with a "
3594
"large amount of physical memory, as Squid maintains an in-memory cache for "
3595
"increased performance."
3597
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3598
"and caching server needs, and scales from the branch office to enterprise "
3599
"level networks while providing extensive, granular access control mechanisms "
3600
"and monitoring of critical parameters via the Simple Network Management "
3601
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3602
"Squid proxy, or caching servers, ensure your system is configured with a "
3603
"large amount of physical memory, as Squid maintains an in-memory cache for "
3604
"increased performance."
3606
#: serverguide/C/web-servers.xml:817(para)
3608
"At a terminal prompt, enter the following command to install the Squid "
3611
"At a terminal prompt, enter the following command to install the Squid "
3614
#: serverguide/C/web-servers.xml:822(command)
3615
msgid "sudo apt-get install squid"
3616
msgstr "sudo apt-get install squid"
3618
#: serverguide/C/web-servers.xml:828(para)
3620
"Squid is configured by editing the directives contained within the "
3621
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3622
"examples illustrate some of the directives which may be modified to affect "
3623
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3624
"see the References section."
3626
"Squid is configured by editing the directives contained within the "
3627
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3628
"examples illustrate some of the directives which may be modified to affect "
3629
"the behaviour of the Squid server. For more in-depth configuration of Squid, "
3630
"see the References section."
3632
#: serverguide/C/web-servers.xml:834(para)
3634
"Prior to editing the configuration file, you should make a copy of the "
3635
"original file and protect it from writing so you will have the original "
3636
"settings as a reference, and to re-use as necessary."
3638
"Prior to editing the configuration file, you should make a copy of the "
3639
"original file and protect it from writing so you will have the original "
3640
"settings as a reference, and to re-use as necessary."
3642
#: serverguide/C/web-servers.xml:837(para)
3644
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3645
"writing with the following commands entered at a terminal prompt:"
3647
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3648
"writing with the following commands entered at a terminal prompt:"
3650
#: serverguide/C/web-servers.xml:842(command)
3651
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3652
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3654
#: serverguide/C/web-servers.xml:843(command)
3655
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3656
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
3658
#: serverguide/C/web-servers.xml:849(para)
3660
"To set your Squid server to listen on TCP port 8888 instead of the default "
3661
"TCP port 3128, change the http_port directive as such:"
3663
"To set your Squid server to listen on TCP port 8888 instead of the default "
3664
"TCP port 3128, change the http_port directive as such:"
3666
#: serverguide/C/web-servers.xml:853(programlisting)
3675
#: serverguide/C/web-servers.xml:858(para)
3677
"Change the visible_hostname directive in order to give the Squid server a "
3678
"specific hostname. This hostname does not necessarily need to be the "
3679
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3681
"Change the visible_hostname directive in order to give the Squid server a "
3682
"specific hostname. This hostname does not necessarily need to be the "
3683
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3685
#: serverguide/C/web-servers.xml:862(programlisting)
3689
"visible_hostname weezie\n"
3692
"visible_hostname weezie\n"
3694
#: serverguide/C/web-servers.xml:867(para)
3696
"Using Squid's access control, you may configure use of Internet services "
3697
"proxied by Squid to be available only users with certain Internet Protocol "
3698
"(IP) addresses. For example, we will illustrate access by users of the "
3699
"192.168.42.0/24 subnetwork only:"
3701
"Using Squid's access control, you may configure use of Internet services "
3702
"proxied by Squid to be available only users with certain Internet Protocol "
3703
"(IP) addresses. For example, we will illustrate access by users of the "
3704
"192.168.42.0/24 subnetwork only:"
3706
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3708
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3709
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3711
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3712
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3714
#: serverguide/C/web-servers.xml:875(programlisting)
3718
"acl fortytwo_network src 192.168.42.0/24\n"
3721
"acl fortytwo_network src 192.168.42.0/24\n"
3723
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3725
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3726
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3728
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3729
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3731
#: serverguide/C/web-servers.xml:882(programlisting)
3735
"http_access allow fortytwo_network\n"
3738
"http_access allow fortytwo_network\n"
3740
#: serverguide/C/web-servers.xml:887(para)
3742
"Using the excellent access control features of Squid, you may configure use "
3743
"of Internet services proxied by Squid to be available only during normal "
3744
"business hours. For example, we'll illustrate access by employees of a "
3745
"business which is operating between 9:00AM and 5:00PM, Monday through "
3746
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3748
"Using the excellent access control features of Squid, you may configure use "
3749
"of Internet services proxied by Squid to be available only during normal "
3750
"business hours. For example, we'll illustrate access by employees of a "
3751
"business which is operating between 9:00AM and 5:00PM, Monday through "
3752
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3754
#: serverguide/C/web-servers.xml:895(programlisting)
3758
"acl biz_network src 10.1.42.0/24\n"
3759
"acl biz_hours time M T W T F 9:00-17:00\n"
3762
"acl biz_network src 10.1.42.0/24\n"
3763
"acl biz_hours time M T W T F 9:00-17:00\n"
3765
#: serverguide/C/web-servers.xml:903(programlisting)
3769
"http_access allow biz_network biz_hours\n"
3772
"http_access allow biz_network biz_hours\n"
3774
#: serverguide/C/web-servers.xml:910(para)
3776
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3777
"save the file and restart the <application>squid</application> server "
3778
"application to effect the changes using the following command entered at a "
3781
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3782
"save the file and restart the <application>squid</application> server "
3783
"application to effect the changes using the following command entered at a "
3786
#: serverguide/C/web-servers.xml:917(command)
3787
msgid "sudo /etc/init.d/squid restart"
3788
msgstr "sudo /etc/init.d/squid restart"
3790
#: serverguide/C/web-servers.xml:924(ulink)
3791
msgid "Squid Website"
3792
msgstr "Squid Website"
3794
#: serverguide/C/web-servers.xml:926(para)
3796
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3797
"Squid</ulink> page."
3799
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3800
"Squid</ulink> page."
3802
#: serverguide/C/web-servers.xml:933(title)
3803
msgid "Ruby on Rails"
3804
msgstr "Ruby on Rails"
3806
#: serverguide/C/web-servers.xml:934(para)
3808
"Ruby on Rails is an open source web framework for developing database backed "
3809
"web applications. It is optimized for sustainable productivity of the "
3810
"programmer since it lets the programmer to write code by favouring "
3811
"convention over configuration."
3813
"Ruby on Rails is an open source Web framework for developing database backed "
3814
"Web applications. It is optimised for sustainable productivity of the "
3815
"programmer since it lets the programmer to write code by favouring "
3816
"convention over configuration."
3818
#: serverguide/C/web-servers.xml:941(para)
3820
"Before installing <application>Rails</application> you should install "
3821
"<application>Apache</application> and <application>MySQL</application>. To "
3822
"install the <application>Apache</application> package, please refer to <xref "
3823
"linkend=\"httpd\"/>. For instructions on installing "
3824
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3826
"Before installing <application>Rails</application> you should install "
3827
"<application>Apache</application> and <application>MySQL</application>. To "
3828
"install the <application>Apache</application> package, please refer to <xref "
3829
"linkend=\"httpd\"/>. For instructions on installing "
3830
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3832
#: serverguide/C/web-servers.xml:949(para)
3834
"Once you have <application>Apache</application> and "
3835
"<application>MySQL</application> packages installed, you are ready to "
3836
"install <application>Ruby on Rails</application> package."
3838
"Once you have <application>Apache</application> and "
3839
"<application>MySQL</application> packages installed, you are ready to "
3840
"install <application>Ruby on Rails</application> package."
3842
#: serverguide/C/web-servers.xml:956(para)
3844
"To install the <application>Ruby</application> base packages and "
3845
"<application>Ruby on Rails</application>, you can enter the following "
3846
"command in the terminal prompt:"
3848
"To install the <application>Ruby</application> base packages and "
3849
"<application>Ruby on Rails</application>, you can enter the following "
3850
"command in the terminal prompt:"
3852
#: serverguide/C/web-servers.xml:962(command)
3853
msgid "sudo apt-get install rails"
3854
msgstr "sudo apt-get install rails"
3856
#: serverguide/C/web-servers.xml:968(para)
3858
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3859
"configuration file to setup your domains."
3861
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3862
"configuration file to setup your domains."
3864
#: serverguide/C/web-servers.xml:972(para)
3866
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3868
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3870
#: serverguide/C/web-servers.xml:976(programlisting)
3874
"DocumentRoot /path/to/rails/application/public\n"
3877
"DocumentRoot /path/to/rails/application/public\n"
3879
#: serverguide/C/web-servers.xml:979(para)
3881
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3884
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3887
#: serverguide/C/web-servers.xml:983(programlisting)
3891
"<Directory \"/path/to/rails/application/public\">\n"
3892
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3893
" AllowOverride All\n"
3894
" Order allow,deny\n"
3896
" AddHandler cgi-script .cgi\n"
3897
"</Directory>\n"
3900
"<Directory \"/path/to/rails/application/public\">\n"
3901
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3902
" AllowOverride All\n"
3903
" Order allow,deny\n"
3905
" AddHandler cgi-script .cgi\n"
3906
"</Directory>\n"
3908
#: serverguide/C/web-servers.xml:993(para)
3910
"You should also enable the <application>mod_rewrite</application> module for "
3911
"Apache. To enable <application>mod_rewrite</application> module, please "
3912
"enter the following command in a terminal prompt:"
3914
"You should also enable the <application>mod_rewrite</application> module for "
3915
"Apache. To enable <application>mod_rewrite</application> module, please "
3916
"enter the following command in a terminal prompt:"
3918
#: serverguide/C/web-servers.xml:999(command)
3919
msgid "sudo a2enmod rewrite"
3920
msgstr "sudo a2enmod rewrite"
3922
#: serverguide/C/web-servers.xml:1002(para)
3924
"Finally you will need to change the ownership of the "
3925
"<filename>/path/to/rails/application/public</filename> and "
3926
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3927
"used to run the <application>Apache</application> process:"
3929
"Finally you will need to change the ownership of the "
3930
"<filename>/path/to/rails/application/public</filename> and "
3931
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3932
"used to run the <application>Apache</application> process:"
3934
#: serverguide/C/web-servers.xml:1008(command)
3935
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3936
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
3938
#: serverguide/C/web-servers.xml:1009(command)
3939
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3940
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3942
#: serverguide/C/web-servers.xml:1012(para)
3944
"That's it! Now you have your Server ready for your <application>Ruby on "
3945
"Rails</application> applications."
3947
"That's it! Now you have your Server ready for your <application>Ruby on "
3948
"Rails</application> applications."
3950
#: serverguide/C/web-servers.xml:1021(para)
3952
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3953
"for more information."
3955
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3956
"for more information."
3958
#: serverguide/C/web-servers.xml:1026(para)
3960
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3961
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3964
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3965
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3968
#: serverguide/C/web-servers.xml:1032(para)
3970
"Another place for more information is the <ulink "
3971
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3972
"Wiki</ulink> page."
3974
"Another place for more information is the <ulink "
3975
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3976
"Wiki</ulink> page."
3978
#: serverguide/C/web-servers.xml:1043(title)
3979
msgid "Apache Tomcat"
3980
msgstr "Apache Tomcat"
3982
#: serverguide/C/web-servers.xml:1044(para)
3984
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3985
"JSP (Java Server Pages) web applications."
3987
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3988
"JSP (Java Server Pages) web applications."
3990
#: serverguide/C/web-servers.xml:1046(para)
3992
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3993
"different ways of running Tomcat. You can install them as a classic unique "
3994
"system-wide instance, that will be started at boot time and will run as the "
3995
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3996
"will run with your own user rights, and that you should start and stop by "
3997
"yourself. This second way is particularly useful in a development server "
3998
"context where multiple users need to test on their own private Tomcat "
4001
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
4002
"different ways of running Tomcat. You can install them as a classic unique "
4003
"system-wide instance, that will be started at boot time and will run as the "
4004
"tomcat6 unpriviledged user. But you can also deploy private instances that "
4005
"will run with your own user rights, and that you should start and stop by "
4006
"yourself. This second way is particularly useful in a development server "
4007
"context where multiple users need to test on their own private Tomcat "
4010
#: serverguide/C/web-servers.xml:1056(title)
4011
msgid "System-wide installation"
4012
msgstr "System-wide installation"
4014
#: serverguide/C/web-servers.xml:1057(para)
4016
"To install the <application>Tomcat</application> server, you can enter the "
4017
"following command in the terminal prompt:"
4019
"To install the <application>Tomcat</application> server, you can enter the "
4020
"following command in the terminal prompt:"
4022
#: serverguide/C/web-servers.xml:1060(command)
4023
msgid "sudo apt-get install tomcat6"
4024
msgstr "sudo apt-get install tomcat6"
4026
#: serverguide/C/web-servers.xml:1062(para)
4028
"This will install a Tomcat server with just a default ROOT webapp that "
4029
"displays a minimal \"It works\" page by default."
4031
"This will install a Tomcat server with just a default ROOT webapp that "
4032
"displays a minimal \"It works\" page by default."
4034
#: serverguide/C/web-servers.xml:1068(para)
4036
"Tomcat configuration files can be found in "
4037
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
4038
"will be described here, please see <ulink "
4039
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
4040
"documentation</ulink> for more."
4042
"Tomcat configuration files can be found in "
4043
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
4044
"will be described here, please see <ulink "
4045
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
4046
"documentation</ulink> for more."
4048
#: serverguide/C/web-servers.xml:1074(title)
4049
msgid "Changing default ports"
4050
msgstr "Changing default ports"
4052
#: serverguide/C/web-servers.xml:1075(para)
4054
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
4055
"connector on port 8009. You might want to change those default ports to "
4056
"avoid conflict with another server on the system. This is done by changing "
4057
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
4059
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
4060
"connector on port 8009. You might want to change those default ports to "
4061
"avoid conflict with another server on the system. This is done by changing "
4062
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
4064
#: serverguide/C/web-servers.xml:1080(programlisting)
4068
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
4069
" connectionTimeout=\"20000\" \n"
4070
" redirectPort=\"8443\" />\n"
4072
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
4076
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
4077
" connectionTimeout=\"20000\" \n"
4078
" redirectPort=\"8443\" />\n"
4080
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
4083
#: serverguide/C/web-servers.xml:1089(title)
4084
msgid "Changing JVM used"
4085
msgstr "Changing JVM used"
4087
#: serverguide/C/web-servers.xml:1090(para)
4089
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
4090
"then try some other JVMs. If you have various JVMs installed, you can set "
4091
"which should be used by setting JAVA_HOME in "
4092
"<filename>/etc/default/tomcat6</filename>:"
4094
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
4095
"then try some other JVMs. If you have various JVMs installed, you can set "
4096
"which should be used by setting JAVA_HOME in "
4097
"<filename>/etc/default/tomcat6</filename>:"
4099
#: serverguide/C/web-servers.xml:1094(programlisting)
4103
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
4106
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
4108
#: serverguide/C/web-servers.xml:1099(title)
4109
msgid "Declaring users and roles"
4110
msgstr "Declaring users and roles"
4112
#: serverguide/C/web-servers.xml:1100(para)
4114
"Usernames, passwords and roles (groups) can be defined centrally in a "
4115
"Servlet container. In Tomcat 6.0 this is done in the "
4116
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
4118
"Usernames, passwords and roles (groups) can be defined centrally in a "
4119
"Servlet container. In Tomcat 6.0 this is done in the "
4120
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
4122
#: serverguide/C/web-servers.xml:1103(programlisting)
4126
"<role rolename=\"admin\"/>\n"
4127
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
4130
"<role rolename=\"admin\"/>\n"
4131
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
4133
#: serverguide/C/web-servers.xml:1111(title)
4134
msgid "Using Tomcat standard webapps"
4135
msgstr "Using Tomcat standard webapps"
4137
#: serverguide/C/web-servers.xml:1112(para)
4139
"Tomcat is shipped with webapps that you can install for documentation, "
4140
"administration or demo purposes."
4142
"Tomcat is shipped with webapps that you can install for documentation, "
4143
"administration or demo purposes."
4145
#: serverguide/C/web-servers.xml:1115(title)
4146
msgid "Tomcat documentation"
4147
msgstr "Tomcat documentation"
4149
#: serverguide/C/web-servers.xml:1116(para)
4151
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
4152
"documentation, packaged as a webapp that you can access by default at "
4153
"http://yourserver:8080/docs. You can install it by entering the following "
4154
"command in the terminal prompt:"
4156
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
4157
"documentation, packaged as a webapp that you can access by default at "
4158
"http://yourserver:8080/docs. You can install it by entering the following "
4159
"command in the terminal prompt:"
4161
#: serverguide/C/web-servers.xml:1121(command)
4162
msgid "sudo apt-get install tomcat6-docs"
4163
msgstr "sudo apt-get install tomcat6-docs"
4165
#: serverguide/C/web-servers.xml:1125(title)
4166
msgid "Tomcat administration webapps"
4167
msgstr "Tomcat administration webapps"
4169
#: serverguide/C/web-servers.xml:1126(para)
4171
"The <application>tomcat6-admin</application> package contains two webapps "
4172
"that can be used to administer the Tomcat server using a web interface. You "
4173
"can install them by entering the following command in the terminal prompt:"
4175
"The <application>tomcat6-admin</application> package contains two webapps "
4176
"that can be used to administer the Tomcat server using a web interface. You "
4177
"can install them by entering the following command in the terminal prompt:"
4179
#: serverguide/C/web-servers.xml:1131(command)
4180
msgid "sudo apt-get install tomcat6-admin"
4181
msgstr "sudo apt-get install tomcat6-admin"
4183
#: serverguide/C/web-servers.xml:1133(para)
4185
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
4186
"access by default at http://yourserver:8080/manager/html. It is primarily "
4187
"used to get server status and restart webapps."
4189
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
4190
"access by default at http://yourserver:8080/manager/html. It is primarily "
4191
"used to get server status and restart webapps."
4193
#: serverguide/C/web-servers.xml:1136(para)
4195
"Access to the <emphasis>manager</emphasis> application is protected by "
4196
"default: you need to define a user with the role \"manager\" in "
4197
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
4199
"Access to the <emphasis>manager</emphasis> application is protected by "
4200
"default: you need to define a user with the role \"manager\" in "
4201
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
4203
#: serverguide/C/web-servers.xml:1140(para)
4205
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
4206
"can access by default at http://yourserver:8080/host-manager/html. It can be "
4207
"used to create virtual hosts dynamically."
4209
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
4210
"can access by default at http://yourserver:8080/host-manager/html. It can be "
4211
"used to create virtual hosts dynamically."
4213
#: serverguide/C/web-servers.xml:1144(para)
4215
"Access to the <emphasis>host-manager</emphasis> application is also "
4216
"protected by default: you need to define a user with the role \"admin\" in "
4217
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
4219
"Access to the <emphasis>host-manager</emphasis> application is also "
4220
"protected by default: you need to define a user with the role \"admin\" in "
4221
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
4223
#: serverguide/C/web-servers.xml:1149(para)
4225
"For security reasons, the tomcat6 user cannot write to the "
4226
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
4227
"these admin webapps (application deployment, virtual host creation) need "
4228
"write access to that directory. If you want to use these features execute "
4229
"the following, to give users in the tomcat6 group the necessary rights:"
4231
"For security reasons, the tomcat6 user cannot write to the "
4232
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
4233
"these admin webapps (application deployment, virtual host creation) need "
4234
"write access to that directory. If you want to use these features execute "
4235
"the following, to give users in the tomcat6 group the necessary rights:"
4237
#: serverguide/C/web-servers.xml:1156(command)
4238
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
4239
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
4241
#: serverguide/C/web-servers.xml:1157(command)
4242
msgid "sudo chmod -R g+w /etc/tomcat6"
4243
msgstr "sudo chmod -R g+w /etc/tomcat6"
4245
#: serverguide/C/web-servers.xml:1162(title)
4246
msgid "Tomcat examples webapps"
4247
msgstr "Tomcat examples webapps"
4249
#: serverguide/C/web-servers.xml:1163(para)
4251
"The <application>tomcat6-examples</application> package contains two webapps "
4252
"that can be used to test or demonstrate Servlets and JSP features, which you "
4253
"can access them by default at http://yourserver:8080/examples. You can "
4254
"install them by entering the following command in the terminal prompt:"
4256
"The <application>tomcat6-examples</application> package contains two webapps "
4257
"that can be used to test or demonstrate Servlets and JSP features, which you "
4258
"can access them by default at http://yourserver:8080/examples. You can "
4259
"install them by entering the following command in the terminal prompt:"
4261
#: serverguide/C/web-servers.xml:1169(command)
4262
msgid "sudo apt-get install tomcat6-examples"
4263
msgstr "sudo apt-get install tomcat6-examples"
4265
#: serverguide/C/web-servers.xml:1175(title)
4266
msgid "Using private instances"
4267
msgstr "Using private instances"
4269
#: serverguide/C/web-servers.xml:1176(para)
4271
"Tomcat is heavily used in development and testing scenarios where using a "
4272
"single system-wide instance doesn't meet the requirements of multiple users "
4273
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
4274
"help deploy your own user-oriented instances, allowing every user on a "
4275
"system to run (without root rights) separate private instances while still "
4276
"using the system-installed libraries."
4278
"Tomcat is heavily used in development and testing scenarios where using a "
4279
"single system-wide instance doesn't meet the requirements of multiple users "
4280
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
4281
"help deploy your own user-oriented instances, allowing every user on a "
4282
"system to run (without root rights) separate private instances while still "
4283
"using the system-installed libraries."
4285
#: serverguide/C/web-servers.xml:1183(para)
4287
"It is possible to run the system-wide instance and the private instances in "
4288
"parallel, as long as they do not use the same TCP ports."
4290
"It is possible to run the system-wide instance and the private instances in "
4291
"parallel, as long as they do not use the same TCP ports."
4293
#: serverguide/C/web-servers.xml:1187(title)
4294
msgid "Installing private instance support"
4295
msgstr "Installing private instance support"
4297
#: serverguide/C/web-servers.xml:1188(para)
4299
"You can install everything necessary to run private instances by entering "
4300
"the following command in the terminal prompt:"
4302
"You can install everything necessary to run private instances by entering "
4303
"the following command in the terminal prompt:"
4305
#: serverguide/C/web-servers.xml:1191(command)
4306
msgid "sudo apt-get install tomcat6-user"
4307
msgstr "sudo apt-get install tomcat6-user"
4309
#: serverguide/C/web-servers.xml:1195(title)
4310
msgid "Creating a private instance"
4311
msgstr "Creating a private instance"
4313
#: serverguide/C/web-servers.xml:1196(para)
4315
"You can create a private instance directory by entering the following "
4316
"command in the terminal prompt:"
4318
"You can create a private instance directory by entering the following "
4319
"command in the terminal prompt:"
4321
#: serverguide/C/web-servers.xml:1199(command)
4322
msgid "tomcat6-instance-create my-instance"
4323
msgstr "tomcat6-instance-create my-instance"
4325
#: serverguide/C/web-servers.xml:1201(para)
4327
"This will create a new <filename>my-instance</filename> directory with all "
4328
"the necessary subdirectories and scripts. You can for example install your "
4329
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
4330
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
4331
"are deployed by default."
4333
"This will create a new <filename>my-instance</filename> directory with all "
4334
"the necessary subdirectories and scripts. You can for example install your "
4335
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
4336
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
4337
"are deployed by default."
4339
#: serverguide/C/web-servers.xml:1209(title)
4340
msgid "Configuring your private instance"
4341
msgstr "Configuring your private instance"
4343
#: serverguide/C/web-servers.xml:1210(para)
4345
"You will find the classic Tomcat configuration files for your private "
4346
"instance in the <filename>conf/</filename> subdirectory. You should for "
4347
"example certainly edit the <filename>conf/server.xml</filename> file to "
4348
"change the default ports used by your private Tomcat instance to avoid "
4349
"conflict with other instances that might be running."
4351
"You will find the classic Tomcat configuration files for your private "
4352
"instance in the <filename>conf/</filename> subdirectory. You should for "
4353
"example certainly edit the <filename>conf/server.xml</filename> file to "
4354
"change the default ports used by your private Tomcat instance to avoid "
4355
"conflict with other instances that might be running."
4357
#: serverguide/C/web-servers.xml:1218(title)
4358
msgid "Starting/stopping your private instance"
4359
msgstr "Starting/stopping your private instance"
4361
#: serverguide/C/web-servers.xml:1219(para)
4363
"You can start your private instance by entering the following command in the "
4364
"terminal prompt (supposing your instance is located in the <filename>my-"
4365
"instance</filename> directory):"
4367
"You can start your private instance by entering the following command in the "
4368
"terminal prompt (supposing your instance is located in the <filename>my-"
4369
"instance</filename> directory):"
4371
#: serverguide/C/web-servers.xml:1223(command)
4372
msgid "my-instance/bin/startup.sh"
4373
msgstr "my-instance/bin/startup.sh"
4375
#: serverguide/C/web-servers.xml:1225(para)
4377
"You should check the <filename>logs/</filename> subdirectory for any error. "
4378
"If you have a <emphasis>java.net.BindException: Address already in "
4379
"use<null>:8080</emphasis> error, it means that the port you're using "
4380
"is already taken and that you should change it."
4382
"You should check the <filename>logs/</filename> subdirectory for any error. "
4383
"If you have a <emphasis>java.net.BindException: Address already in "
4384
"use<null>:8080</emphasis> error, it means that the port you're using "
4385
"is already taken and that you should change it."
4387
#: serverguide/C/web-servers.xml:1230(para)
4389
"You can stop your instance by entering the following command in the terminal "
4390
"prompt (supposing your instance is located in the <filename>my-"
4391
"instance</filename> directory):"
4393
"You can stop your instance by entering the following command in the terminal "
4394
"prompt (supposing your instance is located in the <filename>my-"
4395
"instance</filename> directory):"
4397
#: serverguide/C/web-servers.xml:1234(command)
4398
msgid "my-instance/bin/shutdown.sh"
4399
msgstr "my-instance/bin/shutdown.sh"
4401
#: serverguide/C/web-servers.xml:1243(para)
4403
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
4404
"website for more information."
4406
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
4407
"website for more information."
4409
#: serverguide/C/web-servers.xml:1248(para)
4411
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
4412
"Definitive Guide</ulink> is a good resource for building web applications "
4415
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
4416
"Definitive Guide</ulink> is a good resource for building web applications "
4419
#: serverguide/C/web-servers.xml:1254(para)
4421
"For additional books see the <ulink "
4422
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
4425
"For additional books see the <ulink "
4426
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
4429
#: serverguide/C/web-servers.xml:1259(para)
4431
"Also, see the<ulink "
4432
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
4433
"Tomcat</ulink> page."
4435
"Also, see the<ulink "
4436
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
4437
"Tomcat</ulink> page."
4439
#: serverguide/C/vpn.xml:13(title)
4443
#: serverguide/C/vpn.xml:15(para)
4445
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
4446
"network connection between two or more networks. There are several ways to "
4447
"create a VPN using software as well as dedicated hardware appliances. This "
4448
"chapter will cover installing and configuring "
4449
"<application>OpenVPN</application> to create a VPN between two servers."
4451
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
4452
"network connection between two or more networks. There are several ways to "
4453
"create a VPN using software as well as dedicated hardware appliances. This "
4454
"chapter will cover installing and configuring "
4455
"<application>OpenVPN</application> to create a VPN between two servers."
4457
#: serverguide/C/vpn.xml:23(title)
4461
#: serverguide/C/vpn.xml:25(para)
4463
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
4464
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
4465
"clients through a bridge interface on the VPN server. This guide will assume "
4466
"that one VPN node, the server in this case, has a bridge interface "
4467
"configured. For more information on setting up a bridge see <xref "
4468
"linkend=\"bridging\"/>."
4470
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
4471
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
4472
"clients through a bridge interface on the VPN server. This guide will assume "
4473
"that one VPN node, the server in this case, has a bridge interface "
4474
"configured. For more information on setting up a bridge see <xref "
4475
"linkend=\"bridging\"/>."
4477
#: serverguide/C/vpn.xml:35(para)
4478
msgid "To install <application>openvpn</application> in a terminal enter:"
4479
msgstr "To install <application>openvpn</application> in a terminal enter:"
4481
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
4482
msgid "sudo apt-get install openvpn"
4483
msgstr "sudo apt-get install openvpn"
4485
#: serverguide/C/vpn.xml:45(title)
4486
msgid "Server Certificates"
4487
msgstr "Server Certificates"
4489
#: serverguide/C/vpn.xml:47(para)
4491
"Now that the <application>openvpn</application> package is installed, the "
4492
"certificates for the VPN server need to be created."
4494
"Now that the <application>openvpn</application> package is installed, the "
4495
"certificates for the VPN server need to be created."
4497
#: serverguide/C/vpn.xml:52(para)
4499
"First, copy the <filename>easy-rsa</filename> directory to "
4500
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
4501
"scripts will not be lost when the package is updated. You will also need to "
4502
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
4503
"the current user permission to create files. From a terminal enter:"
4505
"First, copy the <filename>easy-rsa</filename> directory to "
4506
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
4507
"scripts will not be lost when the package is updated. You will also need to "
4508
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
4509
"the current user permission to create files. From a terminal enter:"
4511
#: serverguide/C/vpn.xml:59(command)
4512
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
4513
msgstr "sudo mkdir /etc/openvpn/easy-rsa/"
4515
#: serverguide/C/vpn.xml:60(command)
4517
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
4520
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
4523
#: serverguide/C/vpn.xml:61(command)
4524
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
4525
msgstr "sudo chown -R $USER /etc/openvpn/easy-rsa/"
4527
#: serverguide/C/vpn.xml:64(para)
4529
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
4530
"following to your environment:"
4532
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
4533
"following to your environment:"
4535
#: serverguide/C/vpn.xml:68(programlisting)
4539
"export KEY_COUNTRY=\"US\"\n"
4540
"export KEY_PROVINCE=\"NC\"\n"
4541
"export KEY_CITY=\"Winston-Salem\"\n"
4542
"export KEY_ORG=\"Example Company\"\n"
4543
"export KEY_EMAIL=\"steve@example.com\"\n"
4546
"export KEY_COUNTRY=\"US\"\n"
4547
"export KEY_PROVINCE=\"NC\"\n"
4548
"export KEY_CITY=\"Winston-Salem\"\n"
4549
"export KEY_ORG=\"Example Company\"\n"
4550
"export KEY_EMAIL=\"steve@example.com\"\n"
4552
#: serverguide/C/vpn.xml:76(para)
4553
msgid "Enter the following to create the server certificates:"
4554
msgstr "Enter the following to create the server certificates:"
4556
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
4557
msgid "cd /etc/openvpn/easy-rsa/"
4558
msgstr "cd /etc/openvpn/easy-rsa/"
4560
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
4562
msgstr "source vars"
4564
#: serverguide/C/vpn.xml:83(command)
4566
msgstr "./clean-all"
4568
#: serverguide/C/vpn.xml:84(command)
4572
#: serverguide/C/vpn.xml:85(command)
4573
msgid "./pkitool --initca"
4574
msgstr "./pkitool --initca"
4576
#: serverguide/C/vpn.xml:86(command)
4577
msgid "./pkitool --server server"
4578
msgstr "./pkitool --server server"
4580
#: serverguide/C/vpn.xml:87(command)
4584
#: serverguide/C/vpn.xml:88(command)
4585
msgid "openvpn --genkey --secret ta.key"
4586
msgstr "openvpn --genkey --secret ta.key"
4588
#: serverguide/C/vpn.xml:89(command)
4589
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4590
msgstr "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4592
#: serverguide/C/vpn.xml:94(title)
4593
msgid "Client Certificates"
4594
msgstr "Client Certificates"
4596
#: serverguide/C/vpn.xml:96(para)
4598
"The VPN client will also need a certificate to authenticate itself to the "
4599
"server. To create the certificate, enter the following in a terminal:"
4601
"The VPN client will also need a certificate to authenticate itself to the "
4602
"server. To create the certificate, enter the following in a terminal:"
4604
#: serverguide/C/vpn.xml:104(command)
4605
msgid "./pkitool hostname"
4606
msgstr "./pkitool hostname"
4608
#: serverguide/C/vpn.xml:108(para)
4610
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4611
"machine connecting to the VPN."
4613
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4614
"machine connecting to the VPN."
4616
#: serverguide/C/vpn.xml:113(para)
4617
msgid "Copy the following files to the client:"
4618
msgstr "Copy the following files to the client:"
4620
#: serverguide/C/vpn.xml:118(para)
4621
msgid "/etc/openvpn/ca.crt"
4622
msgstr "/etc/openvpn/ca.crt"
4624
#: serverguide/C/vpn.xml:119(para)
4625
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
4626
msgstr "/etc/openvpn/easy-rsa/keys/hostname.crt"
4628
#: serverguide/C/vpn.xml:120(para)
4629
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
4630
msgstr "/etc/openvpn/easy-rsa/keys/hostname.key"
4632
#: serverguide/C/vpn.xml:121(para)
4633
msgid "/etc/openvpn/ta.key"
4634
msgstr "/etc/openvpn/ta.key"
4636
#: serverguide/C/vpn.xml:125(para)
4638
"Remember to adjust the above file names for your client machine's "
4639
"<emphasis>hostname</emphasis>."
4641
"Remember to adjust the above file names for your client machine's "
4642
"<emphasis>hostname</emphasis>."
4644
#: serverguide/C/vpn.xml:130(para)
4646
"It is best to use a secure method to copy the certificate and key files. The "
4647
"<application>scp</application> utility is a good choice, but copying the "
4648
"files to removable media then to the client, also works well."
4650
"It is best to use a secure method to copy the certificate and key files. The "
4651
"<application>scp</application> utility is a good choice, but copying the "
4652
"files to removable media then to the client, also works well."
4654
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4655
msgid "Server Configuration"
4656
msgstr "Server Configuration"
4658
#: serverguide/C/vpn.xml:143(para)
4660
"Now configure the <application>openvpn</application> server by creating "
4661
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4664
"Now configure the <application>openvpn</application> server by creating "
4665
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4668
#: serverguide/C/vpn.xml:149(command)
4670
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4673
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4676
#: serverguide/C/vpn.xml:150(command)
4677
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4678
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
4680
#: serverguide/C/vpn.xml:153(para)
4682
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4685
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4688
#: serverguide/C/vpn.xml:157(programlisting)
4692
"local 172.18.100.101\n"
4694
"up \"/etc/openvpn/up.sh br0\"\n"
4695
"down \"/etc/openvpn/down.sh br0\"\n"
4696
";server 10.8.0.0 255.255.255.0\n"
4697
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4698
"push \"route 172.18.100.1 255.255.255.0\"\n"
4699
"push \"dhcp-option DNS 172.18.100.20\"\n"
4700
"push \"dhcp-option DOMAIN example.com\"\n"
4701
"tls-auth ta.key 0 # This file is secret\n"
4706
"local 172.18.100.101\n"
4708
"up \"/etc/openvpn/up.sh br0\"\n"
4709
"down \"/etc/openvpn/down.sh br0\"\n"
4710
";server 10.8.0.0 255.255.255.0\n"
4711
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4712
"push \"route 172.18.100.1 255.255.255.0\"\n"
4713
"push \"dhcp-option DNS 172.18.100.20\"\n"
4714
"push \"dhcp-option DOMAIN example.com\"\n"
4715
"tls-auth ta.key 0 # This file is secret\n"
4719
#: serverguide/C/vpn.xml:174(para)
4721
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4723
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4725
#: serverguide/C/vpn.xml:179(para)
4727
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4728
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4729
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4730
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4733
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4734
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4735
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4736
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4739
#: serverguide/C/vpn.xml:186(para)
4741
"<emphasis>push</emphasis>: are directives to add networking options for "
4744
"<emphasis>push</emphasis>: are directives to add networking options for "
4747
#: serverguide/C/vpn.xml:191(para)
4749
"<emphasis>user and group</emphasis>: configure which user and group the "
4750
"<application>openvpn</application> daemon executes as."
4752
"<emphasis>user and group</emphasis>: configure which user and group the "
4753
"<application>openvpn</application> daemon executes as."
4755
#: serverguide/C/vpn.xml:198(para)
4757
"Replace all IP addresses and domain names above with those of your network."
4759
"Replace all IP addresses and domain names above with those of your network."
4761
#: serverguide/C/vpn.xml:203(para)
4763
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4764
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4766
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4767
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4769
#: serverguide/C/vpn.xml:207(programlisting)
4778
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4779
"/usr/sbin/brctl addif $BR $DEV\n"
4787
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4788
"/usr/sbin/brctl addif $BR $DEV\n"
4790
#: serverguide/C/vpn.xml:217(para)
4791
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4792
msgstr "And <filename>/etc/openvpn/down.sh</filename>:"
4794
#: serverguide/C/vpn.xml:221(programlisting)
4803
"/usr/sbin/brctl delif $BR $DEV\n"
4804
"/sbin/ifconfig $DEV down\n"
4812
"/usr/sbin/brctl delif $BR $DEV\n"
4813
"/sbin/ifconfig $DEV down\n"
4815
#: serverguide/C/vpn.xml:231(para)
4816
msgid "Then make them executable:"
4817
msgstr "Then make them executable:"
4819
#: serverguide/C/vpn.xml:236(command)
4820
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4821
msgstr "sudo chmod 755 /etc/openvpn/down.sh"
4823
#: serverguide/C/vpn.xml:237(command)
4824
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4825
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
4827
#: serverguide/C/vpn.xml:240(para)
4829
"After configuring the server, restart <application>openvpn</application> by "
4832
"After configuring the server, restart <application>openvpn</application> by "
4835
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4836
msgid "sudo /etc/init.d/openvpn restart"
4837
msgstr "sudo /etc/init.d/openvpn restart"
4839
#: serverguide/C/vpn.xml:250(title)
4840
msgid "Client Configuration"
4841
msgstr "Client Configuration"
4843
#: serverguide/C/vpn.xml:252(para)
4844
msgid "First, install <application>openvpn</application> on the client:"
4845
msgstr "First, install <application>openvpn</application> on the client:"
4847
#: serverguide/C/vpn.xml:260(para)
4849
"Then with the server configured and the client certificates copied to the "
4850
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4851
"file by copying the example. In a terminal on the client machine enter:"
4853
"Then with the server configured and the client certificates copied to the "
4854
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4855
"file by copying the example. In a terminal on the client machine enter:"
4857
#: serverguide/C/vpn.xml:266(command)
4859
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4862
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4865
#: serverguide/C/vpn.xml:269(para)
4867
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4868
"following options:"
4870
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4871
"following options:"
4873
#: serverguide/C/vpn.xml:273(programlisting)
4878
"remote vpn.example.com 1194\n"
4879
"cert hostname.crt\n"
4880
"key hostname.key\n"
4881
"tls-auth ta.key 1\n"
4885
"remote vpn.example.com 1194\n"
4886
"cert hostname.crt\n"
4887
"key hostname.key\n"
4888
"tls-auth ta.key 1\n"
4890
#: serverguide/C/vpn.xml:282(para)
4892
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4893
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4896
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4897
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4900
#: serverguide/C/vpn.xml:288(para)
4901
msgid "Finally, restart <application>openvpn</application>:"
4902
msgstr "Finally, restart <application>openvpn</application>:"
4904
#: serverguide/C/vpn.xml:296(para)
4905
msgid "You should now be able to connect to the remote LAN through the VPN."
4906
msgstr "You should now be able to connect to the remote LAN through the VPN."
4908
#: serverguide/C/vpn.xml:307(para)
4910
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4911
"additional information."
4913
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4914
"additional information."
4916
#: serverguide/C/vpn.xml:312(para)
4918
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4919
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4921
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4922
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4924
#: serverguide/C/vpn.xml:318(para)
4926
"Another source of further information is the <ulink "
4927
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4928
"OpenVPN</ulink> page."
4930
"Another source of further information is the <ulink "
4931
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4932
"OpenVPN</ulink> page."
4934
#: serverguide/C/virtualization.xml:13(title)
4935
msgid "Virtualization"
4936
msgstr "Virtualisation"
4938
#: serverguide/C/virtualization.xml:14(para)
4940
"Virtualization is being adopted in many different environments and "
4941
"situations. If you are a developer, virtualization can provide you with a "
4942
"contained environment where you can safely do almost any sort of development "
4943
"safe from messing up your main working environment. If you are a systems "
4944
"administrator, you can use virtualization to more easily separate your "
4945
"services and move them around based on demand."
4947
"Virtualisation is being adopted in many different environments and "
4948
"situations. If you are a developer, virtualisation can provide you with a "
4949
"contained environment where you can safely do almost any sort of development "
4950
"safe from messing up your main working environment. If you are a systems "
4951
"administrator, you can use virtualisation to more easily separate your "
4952
"services and move them around based on demand."
4954
#: serverguide/C/virtualization.xml:20(para)
4956
"The default virtualization technology supported in Ubuntu is "
4957
"<application>KVM</application>, a technology that takes advantage of "
4958
"virtualization extensions built into Intel and AMD hardware. For hardware "
4959
"without virtualization extensions <application>Xen</application> and "
4960
"<application>Qemu</application> are popular solutions."
4962
"The default virtualisation technology supported in Ubuntu is "
4963
"<application>KVM</application>, a technology that takes advantage of "
4964
"virtualisation extensions built into Intel and AMD hardware. For hardware "
4965
"without virtualisation extensions <application>Xen</application> and "
4966
"<application>Qemu</application> are popular solutions."
4968
#: serverguide/C/virtualization.xml:27(title)
4972
#: serverguide/C/virtualization.xml:28(para)
4974
"The <application>libvirt</application> library is used to interface with "
4975
"different virtualization technologies. Before getting started with "
4976
"<application>libvirt</application> it is best to make sure your hardware "
4977
"supports the necessary virtualization extensions for "
4978
"<application>KVM</application>. Enter the following from a terminal prompt:"
4980
"The <application>libvirt</application> library is used to interface with "
4981
"different virtualisation technologies. Before getting started with "
4982
"<application>libvirt</application> it is best to make sure your hardware "
4983
"supports the necessary virtualisation extensions for "
4984
"<application>KVM</application>. Enter the following from a terminal prompt:"
4986
#: serverguide/C/virtualization.xml:35(command)
4990
#: serverguide/C/virtualization.xml:37(para)
4992
"A message will be printed informing you if your CPU "
4993
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4996
"A message will be printed informing you if your CPU "
4997
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
5000
#: serverguide/C/virtualization.xml:41(para)
5002
"On most computer whose processor supports virtualization, it is necessary to "
5003
"activate an option in the BIOS to enable it."
5005
"On most computer whose processor supports virtualisation, it is necessary to "
5006
"activate an option in the BIOS to enable it."
5008
#: serverguide/C/virtualization.xml:47(title)
5009
msgid "Virtual Networking"
5010
msgstr "Virtual Networking"
5012
#: serverguide/C/virtualization.xml:49(para)
5014
"There are a few different ways to allow a virtual machine access to the "
5015
"external network. The default virtual network configuration is "
5016
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
5017
"traffic is NATed through the host interface to the outside network."
5019
"There are a few different ways to allow a virtual machine access to the "
5020
"external network. The default virtual network configuration is "
5021
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
5022
"traffic is NATed through the host interface to the outside network."
5024
#: serverguide/C/virtualization.xml:54(para)
5026
"To enable external hosts to directly access services on virtual machines a "
5027
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
5028
"interfaces to connect to the outside network through the physical interface, "
5029
"making them appear as normal hosts to the rest of the network. For "
5030
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
5032
"To enable external hosts to directly access services on virtual machines a "
5033
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
5034
"interfaces to connect to the outside network through the physical interface, "
5035
"making them appear as normal hosts to the rest of the network. For "
5036
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
5038
#: serverguide/C/virtualization.xml:63(para)
5039
msgid "To install the necessary packages, from a terminal prompt enter:"
5040
msgstr "To install the necessary packages, from a terminal prompt enter:"
5042
#: serverguide/C/virtualization.xml:67(command)
5043
msgid "sudo apt-get install kvm libvirt-bin"
5044
msgstr "sudo apt-get install kvm libvirt-bin"
5046
#: serverguide/C/virtualization.xml:69(para)
5048
"After installing <application>libvirt-bin</application>, the user used to "
5049
"manage virtual machines will need to be added to the "
5050
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
5051
"the advanced networking options."
5053
"After installing <application>libvirt-bin</application>, the user used to "
5054
"manage virtual machines will need to be added to the "
5055
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
5056
"the advanced networking options."
5058
#: serverguide/C/virtualization.xml:73(para)
5059
msgid "In a terminal enter:"
5060
msgstr "In a terminal enter:"
5062
#: serverguide/C/virtualization.xml:77(command)
5063
msgid "sudo adduser $USER libvirtd"
5064
msgstr "sudo adduser $USER libvirtd"
5066
#: serverguide/C/virtualization.xml:80(para)
5068
"If the user chosen is the current user, you will need to log out and back in "
5069
"for the new group membership to take effect."
5071
"If the user chosen is the current user, you will need to log out and back in "
5072
"for the new group membership to take effect."
5074
#: serverguide/C/virtualization.xml:84(para)
5076
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
5077
"Installing a virtual machine follows the same process as installing the "
5078
"operating system directly on the hardware. You either need a way to automate "
5079
"the installation, or a keyboard and monitor will need to be attached to the "
5082
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
5083
"Installing a virtual machine follows the same process as installing the "
5084
"operating system directly on the hardware. You either need a way to automate "
5085
"the installation, or a keyboard and monitor will need to be attached to the "
5088
#: serverguide/C/virtualization.xml:89(para)
5090
"In the case of virtual machines a Graphical User Interface (GUI) is "
5091
"analogous to using a physical keyboard and mouse. Instead of installing a "
5092
"GUI the <application>virt-viewer</application> application can be used to "
5093
"connect to a virtual machine's console using <application>VNC</application>. "
5094
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
5096
"In the case of virtual machines a Graphical User Interface (GUI) is "
5097
"analogous to using a physical keyboard and mouse. Instead of installing a "
5098
"GUI the <application>virt-viewer</application> application can be used to "
5099
"connect to a virtual machine's console using <application>VNC</application>. "
5100
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
5102
#: serverguide/C/virtualization.xml:94(para)
5104
"There are several ways to automate the Ubuntu installation process, for "
5105
"example using preseeds, kickstart, etc. Refer to the <ulink "
5106
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
5107
"Installation Guide</ulink> for details."
5109
"There are several ways to automate the Ubuntu installation process, for "
5110
"example using preseeds, kickstart, etc. Refer to the <ulink "
5111
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
5112
"Installation Guide</ulink> for details."
5114
#: serverguide/C/virtualization.xml:98(para)
5116
"Yet another way to install an Ubuntu virtual machine is to use "
5117
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
5118
"builder</application> allows you to setup advanced partitions, execute "
5119
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
5122
"Yet another way to install an Ubuntu virtual machine is to use "
5123
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
5124
"builder</application> allows you to setup advanced partitions, execute "
5125
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
5128
#: serverguide/C/virtualization.xml:104(title)
5129
msgid "virt-install"
5130
msgstr "virt-install"
5132
#: serverguide/C/virtualization.xml:105(para)
5134
"<application>virt-install</application> is part of the <application>python-"
5135
"virtinst</application> package. To install it, from a terminal prompt enter:"
5137
"<application>virt-install</application> is part of the <application>python-"
5138
"virtinst</application> package. To install it, from a terminal prompt enter:"
5140
#: serverguide/C/virtualization.xml:109(command)
5141
msgid "sudo apt-get install python-virtinst"
5142
msgstr "sudo apt-get install python-virtinst"
5144
#: serverguide/C/virtualization.xml:111(para)
5146
"There are several options available when using <application>virt-"
5147
"install</application>. For example:"
5149
"There are several options available when using <application>virt-"
5150
"install</application>. For example:"
5152
#: serverguide/C/virtualization.xml:115(command)
5154
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
5155
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
5157
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
5158
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
5160
#: serverguide/C/virtualization.xml:122(para)
5162
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
5163
"be <emphasis>web_devel</emphasis> in this example."
5165
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
5166
"be <emphasis>web_devel</emphasis> in this example."
5168
#: serverguide/C/virtualization.xml:127(para)
5170
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
5173
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
5176
#: serverguide/C/virtualization.xml:132(para)
5178
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
5179
"disk which can be a file, partition, or logical volume. In this example a "
5180
"file named <filename>web_devel.img</filename>."
5182
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
5183
"disk which can be a file, partition, or logical volume. In this example a "
5184
"file named <filename>web_devel.img</filename>."
5186
#: serverguide/C/virtualization.xml:138(para)
5187
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
5188
msgstr "<emphasis>-s 4:</emphasis> the size of the virtual disk."
5190
#: serverguide/C/virtualization.xml:143(para)
5192
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
5193
"file can be either an ISO file or the path to the host's CDROM device."
5195
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
5196
"file can be either an ISO file or the path to the host's CDROM device."
5198
#: serverguide/C/virtualization.xml:149(para)
5200
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
5203
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
5206
#: serverguide/C/virtualization.xml:154(para)
5208
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
5210
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
5212
#: serverguide/C/virtualization.xml:159(para)
5214
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
5215
"virtual machine's console."
5217
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
5218
"virtual machine's console."
5220
#: serverguide/C/virtualization.xml:164(para)
5221
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
5222
msgstr "<emphasis>-v:</emphasis> creates a fully virtualised guest."
5224
#: serverguide/C/virtualization.xml:169(para)
5226
"After launching <application>virt-install</application> you can connect to "
5227
"the virtual machine's console either locally using a GUI or with the "
5228
"<application>virt-viewer</application> utility."
5230
"After launching <application>virt-install</application> you can connect to "
5231
"the virtual machine's console either locally using a GUI or with the "
5232
"<application>virt-viewer</application> utility."
5234
#: serverguide/C/virtualization.xml:175(title)
5238
#: serverguide/C/virtualization.xml:176(para)
5240
"The <application>virt-clone</application> application can be used to copy "
5241
"one virtual machine to another. For example:"
5243
"The <application>virt-clone</application> application can be used to copy "
5244
"one virtual machine to another. For example:"
5246
#: serverguide/C/virtualization.xml:180(command)
5248
"sudo virt-clone -o web_devel -n database_devel -f "
5249
"/path/to/database_devel.img --connect=qemu:///system"
5251
"sudo virt-clone -o web_devel -n database_devel -f "
5252
"/path/to/database_devel.img --connect=qemu:///system"
5254
#: serverguide/C/virtualization.xml:184(para)
5255
msgid "<emphasis>-o:</emphasis> original virtual machine."
5256
msgstr "<emphasis>-o:</emphasis> original virtual machine."
5258
#: serverguide/C/virtualization.xml:189(para)
5259
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
5260
msgstr "<emphasis>-n:</emphasis> name of the new virtual machine."
5262
#: serverguide/C/virtualization.xml:194(para)
5264
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
5265
"be used by the new virtual machine."
5267
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
5268
"be used by the new virtual machine."
5270
#: serverguide/C/virtualization.xml:199(para)
5272
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
5274
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
5276
#: serverguide/C/virtualization.xml:204(para)
5278
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
5279
"help troubleshoot problems with <application>virt-clone</application>."
5281
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
5282
"help troubleshoot problems with <application>virt-clone</application>."
5284
#: serverguide/C/virtualization.xml:209(para)
5286
"Replace <emphasis>web_devel</emphasis> and "
5287
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
5289
"Replace <emphasis>web_devel</emphasis> and "
5290
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
5292
#: serverguide/C/virtualization.xml:215(title)
5293
msgid "Virtual Machine Management"
5294
msgstr "Virtual Machine Management"
5296
#: serverguide/C/virtualization.xml:217(title)
5300
#: serverguide/C/virtualization.xml:218(para)
5302
"There are several utilities available to manage virtual machines and "
5303
"<application>libvirt</application>. The <application>virsh</application> "
5304
"utility can be used from the command line. Some examples:"
5306
"There are several utilities available to manage virtual machines and "
5307
"<application>libvirt</application>. The <application>virsh</application> "
5308
"utility can be used from the command line. Some examples:"
5310
#: serverguide/C/virtualization.xml:224(para)
5311
msgid "To list running virtual machines:"
5312
msgstr "To list running virtual machines:"
5314
#: serverguide/C/virtualization.xml:228(command)
5315
msgid "virsh -c qemu:///system list"
5316
msgstr "virsh -c qemu:///system list"
5318
#: serverguide/C/virtualization.xml:232(para)
5319
msgid "To start a virtual machine:"
5320
msgstr "To start a virtual machine:"
5322
#: serverguide/C/virtualization.xml:236(command)
5323
msgid "virsh -c qemu:///system start web_devel"
5324
msgstr "virsh -c qemu:///system start web_devel"
5326
#: serverguide/C/virtualization.xml:240(para)
5327
msgid "Similarly, to start a virtual machine at boot:"
5328
msgstr "Similarly, to start a virtual machine at boot:"
5330
#: serverguide/C/virtualization.xml:244(command)
5331
msgid "virsh -c qemu:///system autostart web_devel"
5332
msgstr "virsh -c qemu:///system autostart web_devel"
5334
#: serverguide/C/virtualization.xml:248(para)
5335
msgid "Reboot a virtual machine with:"
5336
msgstr "Reboot a virtual machine with:"
5338
#: serverguide/C/virtualization.xml:252(command)
5339
msgid "virsh -c qemu:///system reboot web_devel"
5340
msgstr "virsh -c qemu:///system reboot web_devel"
5342
#: serverguide/C/virtualization.xml:256(para)
5344
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
5345
"order to be restored later. The following will save the virtual machine "
5346
"state into a file named according to the date:"
5348
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
5349
"order to be restored later. The following will save the virtual machine "
5350
"state into a file named according to the date:"
5352
#: serverguide/C/virtualization.xml:261(command)
5353
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
5354
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
5356
#: serverguide/C/virtualization.xml:263(para)
5357
msgid "Once saved the virtual machine will no longer be running."
5358
msgstr "Once saved the virtual machine will no longer be running."
5360
#: serverguide/C/virtualization.xml:268(para)
5361
msgid "A saved virtual machine can be restored using:"
5362
msgstr "A saved virtual machine can be restored using:"
5364
#: serverguide/C/virtualization.xml:272(command)
5365
msgid "virsh -c qemu:///system restore web_devel-022708.state"
5366
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
5368
#: serverguide/C/virtualization.xml:276(para)
5369
msgid "To shutdown a virtual machine do:"
5370
msgstr "To shutdown a virtual machine do:"
5372
#: serverguide/C/virtualization.xml:280(command)
5373
msgid "virsh -c qemu:///system shutdown web_devel"
5374
msgstr "virsh -c qemu:///system shutdown web_devel"
5376
#: serverguide/C/virtualization.xml:284(para)
5377
msgid "A CDROM device can be mounted in a virtual machine by entering:"
5378
msgstr "A CDROM device can be mounted in a virtual machine by entering:"
5380
#: serverguide/C/virtualization.xml:288(command)
5381
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
5383
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
5385
#: serverguide/C/virtualization.xml:293(para)
5387
"In the above examples replace <emphasis>web_devel</emphasis> with the "
5388
"appropriate virtual machine name, and <filename>web_devel-"
5389
"022708.state</filename> with a descriptive file name."
5391
"In the above examples replace <emphasis>web_devel</emphasis> with the "
5392
"appropriate virtual machine name, and <filename>web_devel-"
5393
"022708.state</filename> with a descriptive file name."
5395
#: serverguide/C/virtualization.xml:300(title)
5396
msgid "Virtual Machine Manager"
5397
msgstr "Virtual Machine Manager"
5399
#: serverguide/C/virtualization.xml:301(para)
5401
"The <application>virt-manager</application> package contains a graphical "
5402
"utility to manage local and remote virtual machines. To install virt-manager "
5405
"The <application>virt-manager</application> package contains a graphical "
5406
"utility to manage local and remote virtual machines. To install virt-manager "
5409
#: serverguide/C/virtualization.xml:306(command)
5410
msgid "sudo apt-get install virt-manager"
5411
msgstr "sudo apt-get install virt-manager"
5413
#: serverguide/C/virtualization.xml:308(para)
5415
"Since <application>virt-manager</application> requires a Graphical User "
5416
"Interface (GUI) environment it is recommended to be installed on a "
5417
"workstation or test machine instead of a production server. To connect to "
5418
"the local <application>libvirt</application> service enter:"
5420
"Since <application>virt-manager</application> requires a Graphical User "
5421
"Interface (GUI) environment it is recommended to be installed on a "
5422
"workstation or test machine instead of a production server. To connect to "
5423
"the local <application>libvirt</application> service enter:"
5425
#: serverguide/C/virtualization.xml:314(command)
5426
msgid "virt-manager -c qemu:///system"
5427
msgstr "virt-manager -c qemu:///system"
5429
#: serverguide/C/virtualization.xml:316(para)
5431
"You can connect to the <application>libvirt</application> service running on "
5432
"another host by entering the following in a terminal prompt:"
5434
"You can connect to the <application>libvirt</application> service running on "
5435
"another host by entering the following in a terminal prompt:"
5437
#: serverguide/C/virtualization.xml:320(command)
5438
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
5439
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
5441
#: serverguide/C/virtualization.xml:323(para)
5443
"The above example assumes that <application>SSH</application> connectivity "
5444
"between the management system and virtnode1.mydomain.com has already been "
5445
"configured, and uses SSH keys for authentication. SSH "
5446
"<emphasis>keys</emphasis> are needed because "
5447
"<application>libvirt</application> sends the password prompt to another "
5448
"process. For details on configuring <application>SSH</application> see <xref "
5449
"linkend=\"openssh-server\"/>"
5451
"The above example assumes that <application>SSH</application> connectivity "
5452
"between the management system and virtnode1.mydomain.com has already been "
5453
"configured, and uses SSH keys for authentication. SSH "
5454
"<emphasis>keys</emphasis> are needed because "
5455
"<application>libvirt</application> sends the password prompt to another "
5456
"process. For details on configuring <application>SSH</application> see <xref "
5457
"linkend=\"openssh-server\"/>"
5459
#: serverguide/C/virtualization.xml:333(title)
5460
msgid "Virtual Machine Viewer"
5461
msgstr "Virtual Machine Viewer"
5463
#: serverguide/C/virtualization.xml:334(para)
5465
"The <application>virt-viewer</application> application allows you to connect "
5466
"to a virtual machine's console. <application>virt-viewer</application> does "
5467
"require a Graphical User Interface (GUI) to interface with the virtual "
5470
"The <application>virt-viewer</application> application allows you to connect "
5471
"to a virtual machine's console. <application>virt-viewer</application> does "
5472
"require a Graphical User Interface (GUI) to interface with the virtual "
5475
#: serverguide/C/virtualization.xml:338(para)
5477
"To install <application>virt-viewer</application> from a terminal enter:"
5479
"To install <application>virt-viewer</application> from a terminal enter:"
5481
#: serverguide/C/virtualization.xml:342(command)
5482
msgid "sudo apt-get install virt-viewer"
5483
msgstr "sudo apt-get install virt-viewer"
5485
#: serverguide/C/virtualization.xml:344(para)
5487
"Once a virtual machine is installed and running you can connect to the "
5488
"virtual machine's console by using:"
5490
"Once a virtual machine is installed and running you can connect to the "
5491
"virtual machine's console by using:"
5493
#: serverguide/C/virtualization.xml:348(command)
5494
msgid "virt-viewer -c qemu:///system web_devel"
5495
msgstr "virt-viewer -c qemu:///system web_devel"
5497
#: serverguide/C/virtualization.xml:350(para)
5499
"Similar to <application>virt-manager</application>, <application>virt-"
5500
"viewer</application> can connect to a remote host using "
5501
"<emphasis>SSH</emphasis> with key authentication, as well:"
5503
"Similar to <application>virt-manager</application>, <application>virt-"
5504
"viewer</application> can connect to a remote host using "
5505
"<emphasis>SSH</emphasis> with key authentication, as well:"
5507
#: serverguide/C/virtualization.xml:355(command)
5508
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
5509
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
5511
#: serverguide/C/virtualization.xml:357(para)
5513
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
5514
"appropriate virtual machine name."
5516
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
5517
"appropriate virtual machine name."
5519
#: serverguide/C/virtualization.xml:360(para)
5521
"If configured to use a <emphasis>bridged</emphasis> network interface you "
5522
"can also setup <application>SSH</application> access to the virtual machine. "
5523
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
5526
"If configured to use a <emphasis>bridged</emphasis> network interface you "
5527
"can also setup <application>SSH</application> access to the virtual machine. "
5528
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
5531
#: serverguide/C/virtualization.xml:369(para)
5533
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
5536
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
5539
#: serverguide/C/virtualization.xml:374(para)
5541
"For more information on <application>libvirt</application> see the <ulink "
5542
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
5544
"For more information on <application>libvirt</application> see the <ulink "
5545
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
5547
#: serverguide/C/virtualization.xml:379(para)
5549
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
5550
"Manager</ulink> site has more information on <application>virt-"
5551
"manager</application> development."
5553
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
5554
"Manager</ulink> site has more information on <application>virt-"
5555
"manager</application> development."
5557
#: serverguide/C/virtualization.xml:385(para)
5559
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
5560
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
5561
"technology in Ubuntu."
5563
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
5564
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualisation "
5565
"technology in Ubuntu."
5567
#: serverguide/C/virtualization.xml:391(para)
5569
"Another good resource is the <ulink "
5570
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
5572
"Another good resource is the <ulink "
5573
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
5575
#: serverguide/C/virtualization.xml:399(title)
5576
msgid "JeOS and vmbuilder"
5577
msgstr "JeOS and vmbuilder"
5579
#: serverguide/C/virtualization.xml:405(title)
5580
msgid "What is JeOS"
5581
msgstr "What is JeOS"
5583
#: serverguide/C/virtualization.xml:407(para)
5585
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
5586
"variant of the Ubuntu Server operating system, configured specifically for "
5587
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
5588
"only as an option either:"
5590
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
5591
"variant of the Ubuntu Server operating system, configured specifically for "
5592
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
5593
"only as an option either:"
5595
#: serverguide/C/virtualization.xml:414(para)
5597
"While installing from the Server Edition ISO (pressing "
5598
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
5599
"installation\", which is the package selection equivalent to JeOS)."
5601
"While installing from the Server Edition ISO (pressing "
5602
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
5603
"installation\", which is the package selection equivalent to JeOS)."
5605
#: serverguide/C/virtualization.xml:420(para)
5606
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
5607
msgstr "Or to be built using Ubuntu's vmbuilder, which is described here."
5609
#: serverguide/C/virtualization.xml:426(para)
5611
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
5612
"kernel that only contains the base elements needed to run within a "
5613
"virtualized environment."
5615
"JeOS is a specialised installation of Ubuntu Server Edition with a tuned "
5616
"kernel that only contains the base elements needed to run within a "
5617
"virtualised environment."
5619
#: serverguide/C/virtualization.xml:431(para)
5621
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
5622
"in the latest virtualization products from VMware. This combination of "
5623
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
5624
"delivers a highly efficient use of server resources in large virtual "
5627
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
5628
"in the latest virtualisation products from VMware. This combination of "
5629
"reduced size and optimised performance ensures that Ubuntu JeOS Edition "
5630
"delivers a highly efficient use of server resources in large virtual "
5633
#: serverguide/C/virtualization.xml:437(para)
5635
"Without unnecessary drivers, and only the minimal required packages, ISVs "
5636
"can configure their supporting OS exactly as they require. They have the "
5637
"peace of mind that updates, whether for security or enhancement reasons, "
5638
"will be limited to the bare minimum of what is required in their specific "
5639
"environment. In turn, users deploying virtual appliances built on top of "
5640
"JeOS will have to go through fewer updates and therefore less maintenance "
5641
"than they would have had to with a standard full installation of a server."
5643
"Without unnecessary drivers, and only the minimal required packages, ISVs "
5644
"can configure their supporting OS exactly as they require. They have the "
5645
"peace of mind that updates, whether for security or enhancement reasons, "
5646
"will be limited to the bare minimum of what is required in their specific "
5647
"environment. In turn, users deploying virtual appliances built on top of "
5648
"JeOS will have to go through fewer updates and therefore less maintenance "
5649
"than they would have had to with a standard full installation of a server."
5651
#: serverguide/C/virtualization.xml:446(title)
5652
msgid "What is vmbuilder"
5653
msgstr "What is vmbuilder"
5655
#: serverguide/C/virtualization.xml:448(para)
5657
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
5658
"will fetch the various package and build a virtual machine tailored for your "
5659
"needs in about a minute. vmbuilder is a script that automates the process of "
5660
"creating a ready to use Linux based VM. The currently supported hypervisors "
5663
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
5664
"will fetch the various package and build a virtual machine tailored for your "
5665
"needs in about a minute. vmbuilder is a script that automates the process of "
5666
"creating a ready to use Linux based VM. The currently supported hypervisors "
5669
#: serverguide/C/virtualization.xml:454(para)
5671
"You can pass command line options to add extra packages, remove packages, "
5672
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
5673
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
5674
"a local mirror, you can bootstrap a VM in less than a minute."
5676
"You can pass command line options to add extra packages, remove packages, "
5677
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
5678
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
5679
"a local mirror, you can bootstrap a VM in less than a minute."
5681
#: serverguide/C/virtualization.xml:460(para)
5683
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
5684
"vm-builder</application> started with little emphasis as a hack to help "
5685
"developers test their new code in a virtual machine without having to "
5686
"restart from scratch each time. As a few Ubuntu administrators started to "
5687
"notice this script, a few of them went on improving it and adapting it for "
5688
"so many use case that Soren Hansen (the author of the script and Ubuntu "
5689
"virtualization specialist, not the golf player) decided to rewrite it from "
5690
"scratch for Intrepid as a python script with a few new design goals:"
5692
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
5693
"vm-builder</application> started with little emphasis as a hack to help "
5694
"developers test their new code in a virtual machine without having to "
5695
"restart from scratch each time. As a few Ubuntu administrators started to "
5696
"notice this script, a few of them went on improving it and adapting it for "
5697
"so many use case that Soren Hansen (the author of the script and Ubuntu "
5698
"virtualisation specialist, not the golf player) decided to rewrite it from "
5699
"scratch for Intrepid as a python script with a few new design goals:"
5701
#: serverguide/C/virtualization.xml:470(para)
5702
msgid "Develop it so that it can be reused by other distributions."
5703
msgstr "Develop it so that it can be reused by other distributions."
5705
#: serverguide/C/virtualization.xml:475(para)
5707
"Use a plugin mechanisms for all virtualization interactions so that others "
5708
"can easily add logic for other virtualization environments."
5710
"Use a plug-in mechanisms for all virtualisation interactions so that others "
5711
"can easily add logic for other virtualisation environments."
5713
#: serverguide/C/virtualization.xml:480(para)
5715
"Provide an easy to maintain web interface as an option to the command line "
5718
"Provide an easy to maintain web interface as an option to the command line "
5721
#: serverguide/C/virtualization.xml:486(para)
5722
msgid "But the general principles and commands remain the same."
5723
msgstr "But the general principles and commands remain the same."
5725
#: serverguide/C/virtualization.xml:493(title)
5726
msgid "Initial Setup"
5727
msgstr "Initial Setup"
5729
#: serverguide/C/virtualization.xml:495(para)
5731
"It is assumed that you have installed and configured "
5732
"<application>libvirt</application> and <application>KVM</application> "
5733
"locally on the machine you are using. For details on how to perform this, "
5736
"It is assumed that you have installed and configured "
5737
"<application>libvirt</application> and <application>KVM</application> "
5738
"locally on the machine you are using. For details on how to perform this, "
5741
#: serverguide/C/virtualization.xml:507(para)
5743
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
5746
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
5749
#: serverguide/C/virtualization.xml:513(para)
5751
"We also assume that you know how to use a text based text editor such as "
5752
"nano or vi. If you have not used any of them before, you can get an overview "
5753
"of the various text editors available by reading the <ulink "
5754
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5755
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
5756
"principle should remain on other virtualization technologies."
5758
"We also assume that you know how to use a text based text editor such as "
5759
"nano or vi. If you have not used any of them before, you can get an overview "
5760
"of the various text editors available by reading the <ulink "
5761
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5762
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
5763
"principle should remain on other virtualisation technologies."
5765
#: serverguide/C/virtualization.xml:521(title)
5766
msgid "Install vmbuilder"
5767
msgstr "Install vmbuilder"
5769
#: serverguide/C/virtualization.xml:523(para)
5771
"The name of the package that we need to install is <application>python-vm-"
5772
"builder</application>. In a terminal prompt enter:"
5774
"The name of the package that we need to install is <application>python-vm-"
5775
"builder</application>. In a terminal prompt enter:"
5777
#: serverguide/C/virtualization.xml:528(command)
5778
msgid "sudo apt-get install python-vm-builder"
5779
msgstr "sudo apt-get install python-vm-builder"
5781
#: serverguide/C/virtualization.xml:532(para)
5783
"If you are running Hardy, you can still perform most of this using the older "
5784
"version of the package named <application>ubuntu-vm-builder</application>, "
5785
"there are only a few changes to the syntax of the tool."
5787
"If you are running Hardy, you can still perform most of this using the older "
5788
"version of the package named <application>ubuntu-vm-builder</application>, "
5789
"there are only a few changes to the syntax of the tool."
5791
#: serverguide/C/virtualization.xml:541(title)
5792
msgid "Defining Your Virtual Machine"
5793
msgstr "Defining Your Virtual Machine"
5795
#: serverguide/C/virtualization.xml:543(para)
5797
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5798
"are a few thing to consider:"
5800
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5801
"are a few thing to consider:"
5803
#: serverguide/C/virtualization.xml:549(para)
5805
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5806
"will know how to extend disk size to fit their need, so either plan for a "
5807
"large virtual disk to allow for your appliance to grow, or explain fairly "
5808
"well in your documentation how to allocate more space. It might actually be "
5809
"a good idea to store data on some separate external storage."
5811
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5812
"will know how to extend disk size to fit their need, so either plan for a "
5813
"large virtual disk to allow for your appliance to grow, or explain fairly "
5814
"well in your documentation how to allocate more space. It might actually be "
5815
"a good idea to store data on some separate external storage."
5817
#: serverguide/C/virtualization.xml:556(para)
5819
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5820
"whatever you think is a safe minimum for your appliance."
5822
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5823
"whatever you think is a safe minimum for your appliance."
5825
#: serverguide/C/virtualization.xml:562(para)
5827
"The <application>vmbuilder</application> command has 2 main parameters: the "
5828
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
5829
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5830
"and can be found using the following command:"
5832
"The <application>vmbuilder</application> command has 2 main parameters: the "
5833
"<emphasis>virtualisation technology (hypervisor)</emphasis> and the targeted "
5834
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5835
"and can be found using the following command:"
5837
#: serverguide/C/virtualization.xml:568(command)
5838
msgid "vmbuilder --help"
5839
msgstr "vmbuilder --help"
5841
#: serverguide/C/virtualization.xml:572(title)
5842
msgid "Base Parameters"
5843
msgstr "Base Parameters"
5845
#: serverguide/C/virtualization.xml:574(para)
5847
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
5848
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
5849
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5851
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
5852
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
5853
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5855
#: serverguide/C/virtualization.xml:580(command)
5857
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5858
"-libvirt qemu:///system"
5860
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5861
"-libvirt qemu:///system"
5863
#: serverguide/C/virtualization.xml:583(para)
5865
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5866
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5867
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5868
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5869
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5870
"libvirt</emphasis> tells to inform the local virtualization environment to "
5871
"add the resulting VM to the list of available machines."
5873
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5874
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5875
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5876
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5877
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5878
"libvirt</emphasis> tells to inform the local virtualisation environment to "
5879
"add the resulting VM to the list of available machines."
5881
#: serverguide/C/virtualization.xml:591(para)
5885
#: serverguide/C/virtualization.xml:597(para)
5887
"Because of the nature of operations performed by vmbuilder, it needs to have "
5888
"root privilege, hence the use of sudo."
5890
"Because of the nature of operations performed by vmbuilder, it needs to have "
5891
"root privilege, hence the use of sudo."
5893
#: serverguide/C/virtualization.xml:602(para)
5895
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5896
"a 64 bit machine (--arch amd64)."
5898
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5899
"a 64 bit machine (--arch amd64)."
5901
#: serverguide/C/virtualization.xml:607(para)
5903
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5904
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5905
"use <emphasis>--flavour</emphasis> server instead."
5907
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5908
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5909
"use <emphasis>--flavour</emphasis> server instead."
5911
#: serverguide/C/virtualization.xml:615(title)
5912
msgid "JeOS Installation Parameters"
5913
msgstr "JeOS Installation Parameters"
5915
#: serverguide/C/virtualization.xml:618(title)
5916
msgid "JeOS Networking"
5917
msgstr "JeOS Networking"
5919
#: serverguide/C/virtualization.xml:621(title)
5920
msgid "Assigning a fixed IP address"
5921
msgstr "Assigning a fixed IP address"
5923
#: serverguide/C/virtualization.xml:623(para)
5925
"As a virtual appliance that may be deployed on various very different "
5926
"networks, it is very difficult to know what the actual network will look "
5927
"like. In order to simplify configuration, it is a good idea to take an "
5928
"approach similar to what network hardware vendors usually do, namely "
5929
"assigning an initial fixed IP address to the appliance in a private class "
5930
"network that you will provide in your documentation. An address in the range "
5931
"192.168.0.0/255 is usually a good choice."
5933
"As a virtual appliance that may be deployed on various very different "
5934
"networks, it is very difficult to know what the actual network will look "
5935
"like. In order to simplify configuration, it is a good idea to take an "
5936
"approach similar to what network hardware vendors usually do, namely "
5937
"assigning an initial fixed IP address to the appliance in a private class "
5938
"network that you will provide in your documentation. An address in the range "
5939
"192.168.0.0/255 is usually a good choice."
5941
#: serverguide/C/virtualization.xml:630(para)
5942
msgid "To do this we'll use the following parameters:"
5943
msgstr "To do this we'll use the following parameters:"
5945
#: serverguide/C/virtualization.xml:636(para)
5947
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5948
"dhcp if not specified)"
5950
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5951
"dhcp if not specified)"
5953
#: serverguide/C/virtualization.xml:641(para)
5955
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5958
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5961
#: serverguide/C/virtualization.xml:646(para)
5962
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5963
msgstr "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5965
#: serverguide/C/virtualization.xml:651(para)
5966
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5968
"<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5970
#: serverguide/C/virtualization.xml:656(para)
5971
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5973
"<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5975
#: serverguide/C/virtualization.xml:661(para)
5977
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5979
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5981
#: serverguide/C/virtualization.xml:667(para)
5983
"We assume for now that default values are good enough, so the resulting "
5984
"invocation becomes:"
5986
"We assume for now that default values are good enough, so the resulting "
5987
"invocation becomes:"
5989
#: serverguide/C/virtualization.xml:672(command)
5991
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5992
"-libvirt qemu:///system --ip 192.168.0.100"
5994
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5995
"-libvirt qemu:///system --ip 192.168.0.100"
5997
#: serverguide/C/virtualization.xml:677(title)
5998
msgid "Modifying the libvirt Template to use Bridging"
5999
msgstr "Modifying the libvirt Template to use Bridging"
6001
#: serverguide/C/virtualization.xml:679(para)
6003
"Because our appliance will be likely to need to be accessed by remote hosts, "
6004
"we need to configure libvirt so that the appliance uses bridge networking. "
6005
"To do this we use vmbuilder template mechanism to modify the default one."
6007
"Because our appliance will be likely to need to be accessed by remote hosts, "
6008
"we need to configure libvirt so that the appliance uses bridge networking. "
6009
"To do this we use vmbuilder template mechanism to modify the default one."
6011
#: serverguide/C/virtualization.xml:684(para)
6013
"In our working directory we create the template hierarchy and copy the "
6016
"In our working directory we create the template hierarchy and copy the "
6019
#: serverguide/C/virtualization.xml:689(command)
6020
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
6021
msgstr "mkdir -p VMBuilder/plugins/libvirt/templates"
6023
#: serverguide/C/virtualization.xml:690(command)
6024
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
6025
msgstr "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
6027
#: serverguide/C/virtualization.xml:693(para)
6030
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
6034
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
6037
#: serverguide/C/virtualization.xml:697(programlisting)
6041
" <interface type='network'>\n"
6042
" <source network='default'/>\n"
6043
" </interface>\n"
6046
" <interface type='network'>\n"
6047
" <source network='default'/>\n"
6048
" </interface>\n"
6050
#: serverguide/C/virtualization.xml:703(para)
6054
#: serverguide/C/virtualization.xml:707(programlisting)
6058
" <interface type='bridge'>\n"
6059
" <source bridge='br0'/>\n"
6060
" </interface>\n"
6063
" <interface type='bridge'>\n"
6064
" <source bridge='br0'/>\n"
6065
" </interface>\n"
6067
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
6068
msgid "Partitioning"
6069
msgstr "Partitioning"
6071
#: serverguide/C/virtualization.xml:719(para)
6073
"Partitioning of the virtual appliance will have to take into consideration "
6074
"what you are planning to do with is. Because most appliances want to have a "
6075
"separate storage for data, having a separate <filename>/var</filename> would "
6078
"Partitioning of the virtual appliance will have to take into consideration "
6079
"what you are planning to do with is. Because most appliances want to have a "
6080
"separate storage for data, having a separate <filename>/var</filename> would "
6083
#: serverguide/C/virtualization.xml:724(para)
6085
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
6087
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
6089
#: serverguide/C/virtualization.xml:728(programlisting)
6094
" Allows you to specify a partition table in a partition file, located at "
6095
"PATH. Each line of the partition file should specify\n"
6097
" mountpoint size\n"
6098
" where size is in megabytes. You can have up to 4 virtual disks, a new "
6099
"disk starts on a\n"
6100
" line with ’---’. ie :\n"
6110
" Allows you to specify a partition table in a partition file, located at "
6111
"PATH. Each line of the partition file should specify\n"
6113
" mountpoint size\n"
6114
" where size is in megabytes. You can have up to 4 virtual disks, a new "
6115
"disk starts on a\n"
6116
" line with ’---’. ie :\n"
6124
#: serverguide/C/virtualization.xml:743(para)
6126
"In our case we will define a text file name "
6127
"<filename>vmbuilder.partition</filename> which will contain the following:"
6129
"In our case we will define a text file name "
6130
"<filename>vmbuilder.partition</filename> which will contain the following:"
6132
#: serverguide/C/virtualization.xml:747(programlisting)
6147
#: serverguide/C/virtualization.xml:755(para)
6149
"Note that as we are using virtual disk images, the actual sizes that we put "
6150
"here are maximum sizes for these volumes."
6152
"Note that as we are using virtual disk images, the actual sizes that we put "
6153
"here are maximum sizes for these volumes."
6155
#: serverguide/C/virtualization.xml:760(para)
6156
msgid "Our command line now looks like:"
6157
msgstr "Our command line now looks like:"
6159
#: serverguide/C/virtualization.xml:765(command)
6161
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
6162
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
6164
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
6165
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
6167
#: serverguide/C/virtualization.xml:770(para)
6169
"Using a \"\\\" in a command will allow long command strings to wrap to the "
6172
"Using a \"\\\" in a command will allow long command strings to wrap to the "
6175
#: serverguide/C/virtualization.xml:777(title)
6176
msgid "User and Password"
6177
msgstr "User and Password"
6179
#: serverguide/C/virtualization.xml:779(para)
6181
"Again setting up a virtual appliance, you will need to provide a default "
6182
"user and password that is generic so that you can include it in your "
6183
"documentation. We will see later on in this tutorial how we will provide "
6184
"some security by defining a script that will be run the first time a user "
6185
"actually logs in the appliance, that will, among other things, ask him to "
6186
"change his password. In this example I will use <emphasis>'user'</emphasis> "
6187
"as my user name, and <emphasis>'default'</emphasis> as the password."
6189
"Again setting up a virtual appliance, you will need to provide a default "
6190
"user and password that is generic so that you can include it in your "
6191
"documentation. We will see later on in this tutorial how we will provide "
6192
"some security by defining a script that will be run the first time a user "
6193
"actually logs in the appliance, that will, among other things, ask him to "
6194
"change his password. In this example I will use <emphasis>'user'</emphasis> "
6195
"as my user name, and <emphasis>'default'</emphasis> as the password."
6197
#: serverguide/C/virtualization.xml:787(para)
6198
msgid "To do this we use the following optional parameters:"
6199
msgstr "To do this we use the following optional parameters:"
6201
#: serverguide/C/virtualization.xml:793(para)
6203
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
6206
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
6209
#: serverguide/C/virtualization.xml:798(para)
6211
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
6212
"added. Default: Ubuntu."
6214
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
6215
"added. Default: Ubuntu."
6217
#: serverguide/C/virtualization.xml:803(para)
6219
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
6222
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
6225
#: serverguide/C/virtualization.xml:809(para)
6226
msgid "Our resulting command line becomes:"
6227
msgstr "Our resulting command line becomes:"
6229
#: serverguide/C/virtualization.xml:814(command)
6231
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
6232
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
6233
"-user user --name user --pass default"
6235
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
6236
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
6237
"-user user --name user --pass default"
6239
#: serverguide/C/virtualization.xml:822(title)
6240
msgid "Installing Required Packages"
6241
msgstr "Installing Required Packages"
6243
#: serverguide/C/virtualization.xml:824(para)
6245
"In this example we will be installing a package "
6246
"<application>(Limesurvey)</application> that accesses a "
6247
"<application>MySQL</application> database and has a web interface. We will "
6248
"therefore require our OS to provide us with:"
6250
"In this example we will be installing a package "
6251
"<application>(Limesurvey)</application> that accesses a "
6252
"<application>MySQL</application> database and has a web interface. We will "
6253
"therefore require our OS to provide us with:"
6255
#: serverguide/C/virtualization.xml:831(para)
6259
#: serverguide/C/virtualization.xml:832(para)
6263
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
6267
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
6268
msgid "OpenSSH Server"
6269
msgstr "OpenSSH Server"
6271
#: serverguide/C/virtualization.xml:835(para)
6272
msgid "Limesurvey (as an example application that we have packaged)"
6273
msgstr "Limesurvey (as an example application that we have packaged)"
6275
#: serverguide/C/virtualization.xml:838(para)
6277
"This is done using vmbuilder by specifying the --addpkg option multiple "
6280
"This is done using vmbuilder by specifying the --addpkg option multiple "
6283
#: serverguide/C/virtualization.xml:842(programlisting)
6288
" Install PKG into the guest (can be specfied multiple times)\n"
6292
" Install PKG into the guest (can be specfied multiple times)\n"
6294
#: serverguide/C/virtualization.xml:847(para)
6296
"However, due to the way vmbuilder operates, packages that have to ask "
6297
"questions to the user during the post install phase are not supported and "
6298
"should instead be installed while interactivity can occur. This is the case "
6299
"of Limesurvey, which we will have to install later, once the user logs in."
6301
"However, due to the way vmbuilder operates, packages that have to ask "
6302
"questions to the user during the post install phase are not supported and "
6303
"should instead be installed while interactivity can occur. This is the case "
6304
"of Limesurvey, which we will have to install later, once the user logs in."
6306
#: serverguide/C/virtualization.xml:853(para)
6308
"Other packages that ask simple debconf question, such as <application>mysql-"
6309
"server</application> asking to set a password, the package can be installed "
6310
"immediately, but we will have to reconfigure it the first time the user logs "
6313
"Other packages that ask simple debconf question, such as <application>mysql-"
6314
"server</application> asking to set a password, the package can be installed "
6315
"immediately, but we will have to reconfigure it the first time the user logs "
6318
#: serverguide/C/virtualization.xml:859(para)
6320
"If some packages that we need to install are not in main, we need to enable "
6321
"the additional repositories using --comp and --ppa:"
6323
"If some packages that we need to install are not in main, we need to enable "
6324
"the additional repositories using --comp and --ppa:"
6326
#: serverguide/C/virtualization.xml:863(programlisting)
6330
"--components COMP1,COMP2,...,COMPN\n"
6331
" A comma separated list of distro components to include (e.g. "
6332
"main,universe). This defaults\n"
6334
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
6337
"--components COMP1,COMP2,...,COMPN\n"
6338
" A comma separated list of distro components to include (e.g. "
6339
"main,universe). This defaults\n"
6341
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
6343
#: serverguide/C/virtualization.xml:870(para)
6345
"Limesurvey not being part of the archive at the moment, we'll specify it's "
6346
"PPA (personal package archive) address so that it is added to the VM "
6347
"<filename>/etc/apt/source.list</filename>, so we add the following options "
6348
"to the command line:"
6350
"Limesurvey not being part of the archive at the moment, we'll specify it's "
6351
"PPA (personal package archive) address so that it is added to the VM "
6352
"<filename>/etc/apt/source.list</filename>, so we add the following options "
6353
"to the command line:"
6355
#: serverguide/C/virtualization.xml:876(command)
6357
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
6358
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
6359
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
6360
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
6361
"server --ppa nijaba"
6363
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
6364
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
6365
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
6366
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
6367
"server --ppa nijaba"
6369
#: serverguide/C/virtualization.xml:883(title)
6373
#: serverguide/C/virtualization.xml:885(para)
6375
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
6376
"it will allow our admins to access the appliance remotely. However, pushing "
6377
"in the wild an appliance with a pre-installed OpenSSH server is a big "
6378
"security risk as all these server will share the same secret key, making it "
6379
"very easy for hackers to target our appliance with all the tools they need "
6380
"to crack it open in a breeze. As for the user password, we will instead rely "
6381
"on a script that will install OpenSSH the first time a user logs in so that "
6382
"the key generated will be different for each appliance. For this we'll use a "
6383
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
6386
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
6387
"it will allow our admins to access the appliance remotely. However, pushing "
6388
"in the wild an appliance with a pre-installed OpenSSH server is a big "
6389
"security risk as all these server will share the same secret key, making it "
6390
"very easy for hackers to target our appliance with all the tools they need "
6391
"to crack it open in a breeze. As for the user password, we will instead rely "
6392
"on a script that will install OpenSSH the first time a user logs in so that "
6393
"the key generated will be different for each appliance. For this we'll use a "
6394
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
6397
#: serverguide/C/virtualization.xml:897(title)
6398
msgid "Speed Considerations"
6399
msgstr "Speed Considerations"
6401
#: serverguide/C/virtualization.xml:900(title)
6402
msgid "Package Caching"
6403
msgstr "Package Caching"
6405
#: serverguide/C/virtualization.xml:902(para)
6407
"When vmbuilder creates builds your system, it has to go fetch each one of "
6408
"the packages that composes it over the network to one of the official "
6409
"repositories, which, depending on your internet connection speed and the "
6410
"load of the mirror, can have a big impact on the actual build time. In order "
6411
"to reduce this, it is recommended to either have a local repository (which "
6412
"can be created using <application>apt-mirror</application>) or using a "
6413
"caching proxy such as <application>apt-proxy</application>. The later option "
6414
"being much simpler to implement and requiring less disk space, it is the one "
6415
"we will pick in this tutorial. To install it, simply type:"
6417
"When vmbuilder creates builds your system, it has to go fetch each one of "
6418
"the packages that composes it over the network to one of the official "
6419
"repositories, which, depending on your internet connection speed and the "
6420
"load of the mirror, can have a big impact on the actual build time. In order "
6421
"to reduce this, it is recommended to either have a local repository (which "
6422
"can be created using <application>apt-mirror</application>) or using a "
6423
"caching proxy such as <application>apt-proxy</application>. The later option "
6424
"being much simpler to implement and requiring less disk space, it is the one "
6425
"we will pick in this tutorial. To install it, simply type:"
6427
#: serverguide/C/virtualization.xml:912(command)
6428
msgid "sudo apt-get install apt-proxy"
6429
msgstr "sudo apt-get install apt-proxy"
6431
#: serverguide/C/virtualization.xml:915(para)
6433
"Once this is complete, your (empty) proxy is ready for use on "
6434
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
6435
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
6438
"Once this is complete, your (empty) proxy is ready for use on "
6439
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
6440
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
6443
#: serverguide/C/virtualization.xml:920(programlisting)
6447
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
6448
" is http://archive.ubuntu.com/ubuntu for official\n"
6449
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
6453
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
6454
" is http://archive.ubuntu.com/ubuntu for official\n"
6455
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
6458
#: serverguide/C/virtualization.xml:927(para)
6459
msgid "So we add to the command line:"
6460
msgstr "So we add to the command line:"
6462
#: serverguide/C/virtualization.xml:932(command)
6463
msgid "--mirror http://mirroraddress:9999/ubuntu"
6464
msgstr "--mirror http://mirroraddress:9999/ubuntu"
6466
#: serverguide/C/virtualization.xml:936(para)
6468
"The mirror address specified here will also be used in the "
6469
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
6470
"is useful to specify here an address that can be resolved by the guest or to "
6471
"plan on reseting this address later on, such as in a <emphasis>--"
6472
"firstboot</emphasis> script."
6474
"The mirror address specified here will also be used in the "
6475
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
6476
"is useful to specify here an address that can be resolved by the guest or to "
6477
"plan on reseting this address later on, such as in a <emphasis>--"
6478
"firstboot</emphasis> script."
6480
#: serverguide/C/virtualization.xml:945(title)
6481
msgid "Install a Local Mirror"
6482
msgstr "Install a Local Mirror"
6484
#: serverguide/C/virtualization.xml:947(para)
6486
"If we are in a larger environment, it may make sense to setup a local mirror "
6487
"of the Ubuntu repositories. The package apt-mirror provides you with a "
6488
"script that will handle the mirroring for you. You should plan on having "
6489
"about 20 gigabyte of free space per supported release and architecture."
6491
"If we are in a larger environment, it may make sense to setup a local mirror "
6492
"of the Ubuntu repositories. The package apt-mirror provides you with a "
6493
"script that will handle the mirroring for you. You should plan on having "
6494
"about 20 gigabyte of free space per supported release and architecture."
6496
#: serverguide/C/virtualization.xml:953(para)
6498
"By default, <application>apt-mirror</application> uses the configuration "
6499
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
6500
"replicate only the architecture of the local machine. If you would like to "
6501
"support other architectures on your mirror, simply duplicate the lines "
6502
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
6503
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
6504
"archives as well, you will have:"
6506
"By default, <application>apt-mirror</application> uses the configuration "
6507
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
6508
"replicate only the architecture of the local machine. If you would like to "
6509
"support other architectures on your mirror, simply duplicate the lines "
6510
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
6511
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
6512
"archives as well, you will have:"
6514
#: serverguide/C/virtualization.xml:960(programlisting)
6518
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
6520
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
6521
"universe multiverse\n"
6523
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
6524
"universe multiverse \n"
6525
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
6526
"universe multiverse \n"
6528
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
6529
"universe multiverse \n"
6530
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
6531
"restricted universe multiverse \n"
6533
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
6534
"universe multiverse \n"
6535
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
6536
"restricted universe multiverse \n"
6538
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
6539
"restricted/debian-installer universe/debian-installer multiverse/debian-"
6541
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
6542
"restricted/debian-installer universe/debian-installer multiverse/debian-"
6546
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
6548
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
6549
"universe multiverse\n"
6551
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
6552
"universe multiverse \n"
6553
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
6554
"universe multiverse \n"
6556
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
6557
"universe multiverse \n"
6558
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
6559
"restricted universe multiverse \n"
6561
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
6562
"universe multiverse \n"
6563
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
6564
"restricted universe multiverse \n"
6566
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
6567
"restricted/debian-installer universe/debian-installer multiverse/debian-"
6569
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
6570
"restricted/debian-installer universe/debian-installer multiverse/debian-"
6573
#: serverguide/C/virtualization.xml:977(para)
6575
"Notice that the source packages are not mirrored as they are seldom used "
6576
"compared to the binaries and they do take a lot more space, but they can be "
6577
"easily added to the list."
6579
"Notice that the source packages are not mirrored as they are seldom used "
6580
"compared to the binaries and they do take a lot more space, but they can be "
6581
"easily added to the list."
6583
#: serverguide/C/virtualization.xml:982(para)
6585
"Once the mirror has finished replicating (and this can be quite long), you "
6586
"need to configure Apache so that your mirror files (in "
6587
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
6588
"default), are published by your Apache server. For more information on "
6589
"Apache see <xref linkend=\"httpd\"/>."
6591
"Once the mirror has finished replicating (and this can be quite long), you "
6592
"need to configure Apache so that your mirror files (in "
6593
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
6594
"default), are published by your Apache server. For more information on "
6595
"Apache see <xref linkend=\"httpd\"/>."
6597
#: serverguide/C/virtualization.xml:991(title)
6598
msgid "Installing in a RAM Disk"
6599
msgstr "Installing in a RAM Disk"
6601
#: serverguide/C/virtualization.xml:993(para)
6603
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
6604
"faster than writing to disk. If you have some free memory, letting vmbuilder "
6605
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
6606
"-tmpfs</emphasis> will help you do just that:"
6608
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
6609
"faster than writing to disk. If you have some free memory, letting vmbuilder "
6610
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
6611
"-tmpfs</emphasis> will help you do just that:"
6613
#: serverguide/C/virtualization.xml:999(programlisting)
6617
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
6618
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
6621
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
6622
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
6624
#: serverguide/C/virtualization.xml:1004(para)
6626
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
6627
"have 1G of free ram."
6629
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
6630
"have 1G of free ram."
6632
#: serverguide/C/virtualization.xml:1011(title)
6633
msgid "Package the Application"
6634
msgstr "Package the Application"
6636
#: serverguide/C/virtualization.xml:1013(para)
6637
msgid "Two option are available to us:"
6638
msgstr "Two option are available to us:"
6640
#: serverguide/C/virtualization.xml:1019(para)
6642
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
6643
"package. Since this is outside of the scope of this tutorial, we will not "
6644
"perform this here and invite the reader to read the documentation on how to "
6645
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
6646
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
6647
"repository for your package so that updates can be conveniently pulled from "
6648
"it. See the <ulink url=\"http://www.debian-"
6649
"administration.org/articles/286\">Debian Administration</ulink> article for "
6650
"a tutorial on this."
6652
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
6653
"package. Since this is outside of the scope of this tutorial, we will not "
6654
"perform this here and invite the reader to read the documentation on how to "
6655
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
6656
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
6657
"repository for your package so that updates can be conveniently pulled from "
6658
"it. See the <ulink url=\"http://www.debian-"
6659
"administration.org/articles/286\">Debian Administration</ulink> article for "
6660
"a tutorial on this."
6662
#: serverguide/C/virtualization.xml:1028(para)
6664
"Manually install the application under <filename>/opt</filename> as "
6665
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
6666
"guidelines</ulink>."
6668
"Manually install the application under <filename>/opt</filename> as "
6669
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
6670
"guidelines</ulink>."
6672
#: serverguide/C/virtualization.xml:1035(para)
6674
"In our case we'll use <application>Limesurvey</application> as example web "
6675
"application for which we wish to provide a virtual appliance. As noted "
6676
"before, we've made a version of the package available in a PPA (Personal "
6679
"In our case we'll use <application>Limesurvey</application> as example web "
6680
"application for which we wish to provide a virtual appliance. As noted "
6681
"before, we've made a version of the package available in a PPA (Personal "
6684
#: serverguide/C/virtualization.xml:1042(title)
6685
msgid "Finishing Install"
6686
msgstr "Finishing Install"
6688
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
6692
#: serverguide/C/virtualization.xml:1047(para)
6694
"As we mentioned earlier, the first time the machine boots we'll need to "
6695
"install <application>openssh-server</application> so that the key generated "
6696
"for it is unique for each machine. To do this, we'll write a script called "
6697
"<filename>boot.sh</filename> as follows:"
6699
"As we mentioned earlier, the first time the machine boots we'll need to "
6700
"install <application>openssh-server</application> so that the key generated "
6701
"for it is unique for each machine. To do this, we'll write a script called "
6702
"<filename>boot.sh</filename> as follows:"
6704
#: serverguide/C/virtualization.xml:1053(programlisting)
6708
"# This script will run the first time the virtual machine boots\n"
6709
"# It is ran as root.\n"
6712
"apt-get install -qqy --force-yes openssh-server\n"
6715
"# This script will run the first time the virtual machine boots\n"
6716
"# It is ran as root.\n"
6719
"apt-get install -qqy --force-yes openssh-server\n"
6721
#: serverguide/C/virtualization.xml:1061(para)
6723
"And we add the <command>--firstboot boot.sh</command> option to our command "
6726
"And we add the <command>--firstboot boot.sh</command> option to our command "
6729
#: serverguide/C/virtualization.xml:1067(title)
6731
msgstr "First Login"
6733
#: serverguide/C/virtualization.xml:1069(para)
6735
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
6736
"set them up the first time a user logs in using a script named login.sh. "
6737
"We'll also use this script to let the user specify:"
6739
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
6740
"set them up the first time a user logs in using a script named login.sh. "
6741
"We'll also use this script to let the user specify:"
6743
#: serverguide/C/virtualization.xml:1075(para)
6744
msgid "His own password"
6745
msgstr "His own password"
6747
#: serverguide/C/virtualization.xml:1076(para)
6748
msgid "Define the keyboard and other locale info he wants to use"
6749
msgstr "Define the keyboard and other locale info he wants to use"
6751
#: serverguide/C/virtualization.xml:1079(para)
6752
msgid "So we'll define <filename>login.sh</filename> as follows:"
6753
msgstr "So we'll define <filename>login.sh</filename> as follows:"
6755
#: serverguide/C/virtualization.xml:1083(programlisting)
6759
"# This script is ran the first time a user logs in\n"
6761
"echo \"Your appliance is about to be finished to be set up.\"\n"
6762
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
6763
"echo \"starting by changing your user password.\"\n"
6767
"#give the opportunity to change the keyboard\n"
6768
"sudo dpkg-reconfigure console-setup\n"
6770
"#configure the mysql server root password\n"
6771
"sudo dpkg-reconfigure mysql-server-5.0\n"
6773
"#install limesurvey\n"
6774
"sudo apt-get install -qqy --force-yes limesurvey\n"
6776
"echo \"Your appliance is now configured. To use it point your\"\n"
6777
"echo \"browser to http://serverip/limesurvey/admin\"\n"
6780
"# This script is ran the first time a user logs in\n"
6782
"echo \"Your appliance is about to be finished to be set up.\"\n"
6783
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
6784
"echo \"starting by changing your user password.\"\n"
6788
"#give the opportunity to change the keyboard\n"
6789
"sudo dpkg-reconfigure console-setup\n"
6791
"#configure the mysql server root password\n"
6792
"sudo dpkg-reconfigure mysql-server-5.0\n"
6794
"#install limesurvey\n"
6795
"sudo apt-get install -qqy --force-yes limesurvey\n"
6797
"echo \"Your appliance is now configured. To use it point your\"\n"
6798
"echo \"browser to http://serverip/limesurvey/admin\"\n"
6800
#: serverguide/C/virtualization.xml:1105(para)
6802
"And we add the <command>--firstlogin login.sh</command> option to our "
6805
"And we add the <command>--firstlogin login.sh</command> option to our "
6808
#: serverguide/C/virtualization.xml:1112(title)
6809
msgid "Useful Additions"
6810
msgstr "Useful Additions"
6812
#: serverguide/C/virtualization.xml:1115(title)
6813
msgid "Configuring Automatic Updates"
6814
msgstr "Configuring Automatic Updates"
6816
#: serverguide/C/virtualization.xml:1117(para)
6818
"To have your system be configured to update itself on a regular basis, we "
6819
"will just install <application>unattended-upgrades</application>, so we add "
6820
"the following option to our command line:"
6822
"To have your system be configured to update itself on a regular basis, we "
6823
"will just install <application>unattended-upgrades</application>, so we add "
6824
"the following option to our command line:"
6826
#: serverguide/C/virtualization.xml:1123(command)
6827
msgid "--addpkg unattended-upgrades"
6828
msgstr "--addpkg unattended-upgrades"
6830
#: serverguide/C/virtualization.xml:1126(para)
6832
"As we have put our application package in a PPA, the process will update not "
6833
"only the system, but also the application each time we update the version in "
6836
"As we have put our application package in a PPA, the process will update not "
6837
"only the system, but also the application each time we update the version in "
6840
#: serverguide/C/virtualization.xml:1133(title)
6841
msgid "ACPI Event Handling"
6842
msgstr "ACPI Event Handling"
6844
#: serverguide/C/virtualization.xml:1135(para)
6846
"For your virtual machine to be able to handle restart and shutdown events it "
6847
"is being sent, it is a good idea to install the acpid package as well. To do "
6848
"this we just add the following option:"
6850
"For your virtual machine to be able to handle restart and shutdown events it "
6851
"is being sent, it is a good idea to install the acpid package as well. To do "
6852
"this we just add the following option:"
6854
#: serverguide/C/virtualization.xml:1141(command)
6855
msgid "--addpkg acpid"
6856
msgstr "--addpkg acpid"
6858
#: serverguide/C/virtualization.xml:1147(title)
6859
msgid "Final Command"
6860
msgstr "Final Command"
6862
#: serverguide/C/virtualization.xml:1149(para)
6863
msgid "Here is the command with all the options discussed above:"
6864
msgstr "Here is the command with all the options discussed above:"
6866
#: serverguide/C/virtualization.xml:1154(command)
6868
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
6869
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
6870
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
6871
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
6872
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
6873
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
6874
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
6875
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
6876
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
6877
"firstlogin login.sh"
6879
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
6880
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
6881
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
6882
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
6883
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
6884
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
6885
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
6886
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
6887
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
6888
"firstlogin login.sh"
6890
#: serverguide/C/virtualization.xml:1169(para)
6892
"If you are interested in learning more, have questions or suggestions, "
6893
"please contact the Ubuntu Server Team at:"
6895
"If you are interested in learning more, have questions or suggestions, "
6896
"please contact the Ubuntu Server Team at:"
6898
#: serverguide/C/virtualization.xml:1174(para)
6899
msgid "IRC: #ubuntu-server on freenode"
6900
msgstr "IRC: #ubuntu-server on freenode"
6902
#: serverguide/C/virtualization.xml:1179(para)
6904
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
6905
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
6907
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
6908
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
6910
#: serverguide/C/virtualization.xml:1184(para)
6912
"Also, see the <ulink "
6913
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
6914
"Wiki</ulink> page."
6916
"Also, see the <ulink "
6917
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
6918
"Wiki</ulink> page."
6920
#: serverguide/C/virtualization.xml:1192(title)
6924
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
6928
#: serverguide/C/virtualization.xml:1197(para)
6930
"This tutorial covers <application>UEC</application> installation from the "
6931
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
6932
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
6933
"and one or more nodes attached."
6935
"This tutorial covers <application>UEC</application> installation from the "
6936
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
6937
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
6938
"and one or more nodes attached."
6940
#: serverguide/C/virtualization.xml:1202(para)
6942
"From this Tutorial you will learn how to install, configure, register and "
6943
"perform several operations on a basic <application>UEC</application> setup "
6944
"that results in a cloud with a one controller <emphasis>\"front-"
6945
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
6946
"instances. You will also use examples to help get you started using your own "
6947
"private compute cloud."
6949
"From this Tutorial you will learn how to install, configure, register and "
6950
"perform several operations on a basic <application>UEC</application> setup "
6951
"that results in a cloud with a one controller <emphasis>\"front-"
6952
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
6953
"instances. You will also use examples to help get you started using your own "
6954
"private compute cloud."
6956
#: serverguide/C/virtualization.xml:1210(title)
6957
msgid "Prerequisites"
6958
msgstr "Prerequisites"
6960
#: serverguide/C/virtualization.xml:1212(para)
6962
"To deploy a minimal cloud infrastructure, you’ll need at least "
6963
"<emphasis>two</emphasis> dedicated systems:"
6965
"To deploy a minimal cloud infrastructure, you’ll need at least "
6966
"<emphasis>two</emphasis> dedicated systems:"
6968
#: serverguide/C/virtualization.xml:1218(para)
6969
msgid "A front end."
6970
msgstr "A front end."
6972
#: serverguide/C/virtualization.xml:1223(para)
6973
msgid "One or more node(s)."
6974
msgstr "One or more node(s)."
6976
#: serverguide/C/virtualization.xml:1229(para)
6978
"The following are recommendations, rather than fixed requirements. However, "
6979
"our experience in developing this documentation indicated the following "
6982
"The following are recommendations, rather than fixed requirements. However, "
6983
"our experience in developing this documentation indicated the following "
6986
#: serverguide/C/virtualization.xml:1234(title)
6987
msgid "Front End Requirements"
6988
msgstr "Front End Requirements"
6990
#: serverguide/C/virtualization.xml:1236(para)
6991
msgid "Use the following table for a system that will run one or more of:"
6992
msgstr "Use the following table for a system that will run one or more of:"
6994
#: serverguide/C/virtualization.xml:1241(para)
6995
msgid "Cloud Controller (CLC)"
6996
msgstr "Cloud Controller (CLC)"
6998
#: serverguide/C/virtualization.xml:1242(para)
6999
msgid "Cluster Controller (CC)"
7000
msgstr "Cluster Controller (CC)"
7002
#: serverguide/C/virtualization.xml:1243(para)
7003
msgid "Walrus (the S3-like storage service)"
7004
msgstr "Walrus (the S3-like storage service)"
7006
#: serverguide/C/virtualization.xml:1244(para)
7007
msgid "Storage Controller (SC)"
7008
msgstr "Storage Controller (SC)"
7010
#: serverguide/C/virtualization.xml:1248(title)
7011
msgid "UEC Front End Requirements"
7012
msgstr "UEC Front End Requirements"
7014
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
7018
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
7022
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
7026
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
7030
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
7034
#: serverguide/C/virtualization.xml:1265(para)
7038
#: serverguide/C/virtualization.xml:1266(para)
7042
#: serverguide/C/virtualization.xml:1267(para)
7044
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
7045
"a dual core processor."
7047
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
7048
"a dual core processor."
7050
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
7054
#: serverguide/C/virtualization.xml:1271(para)
7058
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
7062
#: serverguide/C/virtualization.xml:1273(para)
7063
msgid "The Java web front end benefits from lots of available memory."
7064
msgstr "The Java web front end benefits from lots of available memory."
7066
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
7070
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
7071
msgid "5400 RPM IDE"
7072
msgstr "5400 RPM IDE"
7074
#: serverguide/C/virtualization.xml:1278(para)
7075
msgid "7200 RPM SATA"
7076
msgstr "7200 RPM SATA"
7078
#: serverguide/C/virtualization.xml:1279(para)
7080
"Slower disks will work, but will yield much longer instance startup times."
7082
"Slower disks will work, but will yield much longer instance startup times."
7084
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
7088
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
7092
#: serverguide/C/virtualization.xml:1284(para)
7096
#: serverguide/C/virtualization.xml:1285(para)
7098
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
7099
"does not like to run out of disk space."
7101
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
7102
"does not like to run out of disk space."
7104
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
7108
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
7112
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
7116
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
7118
"Machine images are hundreds of MB, and need to be copied over the network to "
7121
"Machine images are hundreds of MB, and need to be copied over the network to "
7124
#: serverguide/C/virtualization.xml:1299(title)
7125
msgid "Node Requirements"
7126
msgstr "Node Requirements"
7128
#: serverguide/C/virtualization.xml:1301(para)
7129
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
7130
msgstr "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
7132
#: serverguide/C/virtualization.xml:1306(para)
7133
msgid "the Node Controller (NC)"
7134
msgstr "the Node Controller (NC)"
7136
#: serverguide/C/virtualization.xml:1310(title)
7137
msgid "UEC Node Requirements"
7138
msgstr "UEC Node Requirements"
7140
#: serverguide/C/virtualization.xml:1327(para)
7141
msgid "VT Extensions"
7142
msgstr "VT Extensions"
7144
#: serverguide/C/virtualization.xml:1328(para)
7145
msgid "VT, 64-bit, Multicore"
7146
msgstr "VT, 64-bit, Multicore"
7148
#: serverguide/C/virtualization.xml:1329(para)
7150
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
7151
"only run 1 VM per CPU core on a Node."
7153
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
7154
"only run 1 VM per CPU core on a Node."
7156
#: serverguide/C/virtualization.xml:1333(para)
7160
#: serverguide/C/virtualization.xml:1335(para)
7161
msgid "Additional memory means more, and larger guests."
7162
msgstr "Additional memory means more, and larger guests."
7164
#: serverguide/C/virtualization.xml:1340(para)
7165
msgid "7200 RPM SATA or SCSI"
7166
msgstr "7200 RPM SATA or SCSI"
7168
#: serverguide/C/virtualization.xml:1341(para)
7170
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
7173
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
7176
#: serverguide/C/virtualization.xml:1346(para)
7180
#: serverguide/C/virtualization.xml:1347(para)
7182
"Images will be cached locally, Eucalyptus does not like to run out of disk "
7185
"Images will be cached locally, Eucalyptus does not like to run out of disk "
7188
#: serverguide/C/virtualization.xml:1363(title)
7189
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
7190
msgstr "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
7192
#: serverguide/C/virtualization.xml:1367(para)
7193
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
7194
msgstr "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
7196
#: serverguide/C/virtualization.xml:1372(para)
7198
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
7199
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
7200
"components are present."
7202
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
7203
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
7204
"components are present."
7206
#: serverguide/C/virtualization.xml:1377(para)
7208
"You can then choose which components to install, based on your chosen <ulink "
7209
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
7211
"You can then choose which components to install, based on your chosen <ulink "
7212
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
7214
#: serverguide/C/virtualization.xml:1382(para)
7216
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
7217
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
7219
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
7220
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
7222
#: serverguide/C/virtualization.xml:1388(para)
7224
"It will ask two other cloud-specific questions during the course of the "
7227
"It will ask two other cloud-specific questions during the course of the "
7230
#: serverguide/C/virtualization.xml:1393(para)
7231
msgid "Name of your cluster."
7232
msgstr "Name of your cluster."
7234
#: serverguide/C/virtualization.xml:1396(para)
7235
msgid "e.g. <emphasis>cluster1</emphasis>."
7236
msgstr "e.g. <emphasis>cluster1</emphasis>."
7238
#: serverguide/C/virtualization.xml:1399(para)
7240
"A range of public IP addresses on the LAN that the cloud can allocate to "
7243
"A range of public IP addresses on the LAN that the cloud can allocate to "
7246
#: serverguide/C/virtualization.xml:1402(para)
7247
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
7248
msgstr "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
7250
#: serverguide/C/virtualization.xml:1410(title)
7251
msgid "Installing the Node Controller(s)"
7252
msgstr "Installing the Node Controller(s)"
7254
#: serverguide/C/virtualization.xml:1412(para)
7256
"The node controller install is even simpler. Just make sure that you are "
7257
"connected to the network on which the cloud/cluster controller is already "
7260
"The node controller install is even simpler. Just make sure that you are "
7261
"connected to the network on which the cloud/cluster controller is already "
7264
#: serverguide/C/virtualization.xml:1418(para)
7265
msgid "Boot from the same ISO on the node(s)."
7266
msgstr "Boot from the same ISO on the node(s)."
7268
#: serverguide/C/virtualization.xml:1423(para)
7270
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
7272
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
7274
#: serverguide/C/virtualization.xml:1428(para)
7275
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
7276
msgstr "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
7278
#: serverguide/C/virtualization.xml:1433(para)
7280
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
7283
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
7286
#: serverguide/C/virtualization.xml:1438(para)
7287
msgid "Confirm the partitioning scheme."
7288
msgstr "Confirm the partitioning scheme."
7290
#: serverguide/C/virtualization.xml:1443(para)
7292
"The rest of the installation should proceed uninterrupted; complete the "
7293
"installation and reboot the node."
7295
"The rest of the installation should proceed uninterrupted; complete the "
7296
"installation and reboot the node."
7298
#: serverguide/C/virtualization.xml:1451(title)
7299
msgid "Register the Node(s)"
7300
msgstr "Register the Node(s)"
7302
#: serverguide/C/virtualization.xml:1456(para)
7304
"Nodes are the physical systems within <application>UEC</application> that "
7305
"actually run the virtual machine instances of the cloud."
7307
"Nodes are the physical systems within <application>UEC</application> that "
7308
"actually run the virtual machine instances of the cloud."
7310
#: serverguide/C/virtualization.xml:1460(para)
7311
msgid "All component registration should be automatic, assuming:"
7312
msgstr "All component registrations should be automatic, assuming:"
7314
#: serverguide/C/virtualization.xml:1466(para)
7315
msgid "Public SSH keys have been exchanged properly."
7316
msgstr "Public SSH keys have been exchanged properly."
7318
#: serverguide/C/virtualization.xml:1471(para)
7319
msgid "The services are configured properly."
7320
msgstr "The services are configured properly."
7322
#: serverguide/C/virtualization.xml:1476(para)
7324
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
7326
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
7328
#: serverguide/C/virtualization.xml:1481(para)
7329
msgid "Verify Registration."
7330
msgstr "Verify Registration."
7332
#: serverguide/C/virtualization.xml:1487(para)
7334
"Steps a to e should only be required if you're using the <ulink "
7335
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
7336
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
7337
"should already be completed automatically for you, and therefore you can "
7338
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
7340
"Steps a to e should only be required if you're using the <ulink "
7341
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
7342
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
7343
"should already be completed automatically for you, and therefore you can "
7344
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
7346
#: serverguide/C/virtualization.xml:1495(para)
7347
msgid "Exchange Public Keys"
7348
msgstr "Exchange Public Keys"
7350
#: serverguide/C/virtualization.xml:1497(para)
7352
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
7353
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
7354
"Controller as the eucalyptus user."
7356
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
7357
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
7358
"Controller as the eucalyptus user."
7360
#: serverguide/C/virtualization.xml:1502(para)
7362
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
7365
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
7368
#: serverguide/C/virtualization.xml:1508(para)
7370
"On the target controller, temporarily set a password for the eucalyptus user:"
7372
"On the target controller, temporarily set a password for the eucalyptus user:"
7374
#: serverguide/C/virtualization.xml:1512(command)
7375
msgid "sudo passwd eucalyptus"
7376
msgstr "sudo passwd eucalyptus"
7378
#: serverguide/C/virtualization.xml:1516(para)
7379
msgid "Then, on the Cloud Controller:"
7380
msgstr "Then, on the Cloud Controller:"
7382
#: serverguide/C/virtualization.xml:1520(command)
7384
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
7385
"eucalyptus@<IP_OF_NODE>"
7387
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
7388
"eucalyptus@<IP_OF_NODE>"
7390
#: serverguide/C/virtualization.xml:1524(para)
7392
"You can now remove the password of the eucalyptus account on the target "
7393
"controller, if you wish:"
7395
"You can now remove the password of the eucalyptus account on the target "
7396
"controller, if you wish:"
7398
#: serverguide/C/virtualization.xml:1528(command)
7399
msgid "sudo passwd -d eucalyptus"
7400
msgstr "sudo passwd -d eucalyptus"
7402
#: serverguide/C/virtualization.xml:1535(para)
7403
msgid "Configuring the Services"
7404
msgstr "Configuring the Services"
7406
#: serverguide/C/virtualization.xml:1537(para)
7407
msgid "On the <emphasis>Cloud Controller</emphasis>:"
7408
msgstr "On the <emphasis>Cloud Controller</emphasis>:"
7410
#: serverguide/C/virtualization.xml:1543(para)
7411
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
7412
msgstr "For the <emphasis>Cluster Controller</emphasis> Registration:"
7414
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
7416
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
7417
"cc.conf</filename>"
7419
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
7420
"cc.conf</filename>"
7422
#: serverguide/C/virtualization.xml:1549(para)
7424
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
7425
"ipaddr.conf</filename>, as a space separated list of one or more IP "
7428
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
7429
"ipaddr.conf</filename>, as a space separated list of one or more IP "
7432
#: serverguide/C/virtualization.xml:1556(para)
7433
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
7434
msgstr "For the <emphasis>Walrus Controller</emphasis> Registration:"
7436
#: serverguide/C/virtualization.xml:1560(para)
7438
"Define the shell variable WALRUS_IP_ADDR in "
7439
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
7442
"Define the shell variable WALRUS_IP_ADDR in "
7443
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
7446
#: serverguide/C/virtualization.xml:1565(para)
7447
msgid "On the <emphasis>Cluster Controller</emphasis>:"
7448
msgstr "On the <emphasis>Cluster Controller</emphasis>:"
7450
#: serverguide/C/virtualization.xml:1571(para)
7451
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
7452
msgstr "For <emphasis>Storage Controller</emphasis> Registration:"
7454
#: serverguide/C/virtualization.xml:1577(para)
7456
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
7457
"ipaddr.conf</filename>, as a space separated list of one or more IP "
7460
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
7461
"ipaddr.conf</filename>, as a space separated list of one or more IP "
7464
#: serverguide/C/virtualization.xml:1587(para)
7468
#: serverguide/C/virtualization.xml:1589(para)
7469
msgid "Now start the publication services."
7470
msgstr "Now start the publication services."
7472
#: serverguide/C/virtualization.xml:1595(emphasis)
7473
msgid "Walrus Controller:"
7474
msgstr "Walrus Controller:"
7476
#: serverguide/C/virtualization.xml:1597(command)
7477
msgid "sudo start eucalyptus-walrus-publication"
7478
msgstr "sudo start eucalyptus-walrus-publication"
7480
#: serverguide/C/virtualization.xml:1601(emphasis)
7481
msgid "Cluster Controller:"
7482
msgstr "Cluster Controller:"
7484
#: serverguide/C/virtualization.xml:1603(command)
7485
msgid "sudo start eucalyptus-cc-publication"
7486
msgstr "sudo start eucalyptus-cc-publication"
7488
#: serverguide/C/virtualization.xml:1607(emphasis)
7489
msgid "Storage Controller:"
7490
msgstr "Storage Controller:"
7492
#: serverguide/C/virtualization.xml:1609(command)
7493
msgid "sudo start eucalyptus-sc-publication"
7494
msgstr "sudo start eucalyptus-sc-publication"
7496
#: serverguide/C/virtualization.xml:1613(emphasis)
7497
msgid "Node Controller:"
7498
msgstr "Node Controller:"
7500
#: serverguide/C/virtualization.xml:1615(command)
7501
msgid "sudo start eucalyptus-nc-publication"
7502
msgstr "sudo start eucalyptus-nc-publication"
7504
#: serverguide/C/virtualization.xml:1622(para)
7505
msgid "Start the Listener"
7506
msgstr "Start the Listener"
7508
#: serverguide/C/virtualization.xml:1624(para)
7510
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
7511
"Controller(s)</emphasis>, run:"
7513
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
7514
"Controller(s)</emphasis>, run:"
7516
#: serverguide/C/virtualization.xml:1629(command)
7517
msgid "sudo start uec-component-listener"
7518
msgstr "sudo start uec-component-listener"
7520
#: serverguide/C/virtualization.xml:1634(para)
7521
msgid "Verify Registration"
7522
msgstr "Verify Registration"
7524
#: serverguide/C/virtualization.xml:1637(command)
7525
msgid "cat /var/log/eucalyptus/registration.log"
7526
msgstr "cat /var/log/eucalyptus/registration.log"
7528
#: serverguide/C/virtualization.xml:1638(computeroutput)
7531
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
7533
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
7535
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
7536
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
7538
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
7539
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
7541
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
7543
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
7545
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
7547
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
7549
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
7550
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
7552
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
7553
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
7555
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
7557
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
7559
#: serverguide/C/virtualization.xml:1649(para)
7560
msgid "The output on your machine will vary from the example above."
7561
msgstr "The output on your machine will vary from the example above."
7563
#: serverguide/C/virtualization.xml:1659(title)
7564
msgid "Obtain Credentials"
7565
msgstr "Obtain Credentials"
7567
#: serverguide/C/virtualization.xml:1661(para)
7569
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
7570
"users of the cloud will need to retrieve their credentials. This can be done "
7571
"either through a web browser, or at the command line."
7573
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
7574
"users of the cloud will need to retrieve their credentials. This can be done "
7575
"either through a web browser, or at the command line."
7577
#: serverguide/C/virtualization.xml:1667(title)
7578
msgid "From a Web Browser"
7579
msgstr "From a Web Browser"
7581
#: serverguide/C/virtualization.xml:1671(para)
7583
"From your web browser (either remotely or on your Ubuntu server) access the "
7586
"From your web browser (either remotely or on your Ubuntu server) access the "
7589
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
7593
"https://<cloud-controller-ip-address>:8443/\n"
7596
"https://<cloud-controller-ip-address>:8443/\n"
7598
#: serverguide/C/virtualization.xml:1679(para)
7600
"You must use a secure connection, so make sure you use \"https\" not "
7601
"\"http\" in your URL. You will get a security certificate warning. You will "
7602
"have to add an exception to view the page. If you do not accept it you will "
7603
"not be able to view the Eucalyptus configuration page."
7605
"You must use a secure connection, so make sure you use \"https\" not "
7606
"\"http\" in your URL. You will get a security certificate warning. You will "
7607
"have to add an exception to view the page. If you do not accept it you will "
7608
"not be able to view the Eucalyptus configuration page."
7610
#: serverguide/C/virtualization.xml:1687(para)
7612
"Use username <emphasis>'admin'</emphasis> and password "
7613
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
7614
"to change your password)."
7616
"Use username <emphasis>'admin'</emphasis> and password "
7617
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
7618
"to change your password)."
7620
#: serverguide/C/virtualization.xml:1693(para)
7622
"Then follow the on-screen instructions to update the admin password and "
7625
"Then follow the on-screen instructions to update the admin password and e-"
7628
#: serverguide/C/virtualization.xml:1698(para)
7630
"Once the first time configuration process is completed, click the "
7631
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
7634
"Once the first time configuration process is completed, click the "
7635
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
7638
#: serverguide/C/virtualization.xml:1704(para)
7640
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
7643
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
7646
#: serverguide/C/virtualization.xml:1709(para)
7647
msgid "Save them to <filename>~/.euca</filename>."
7648
msgstr "Save them to <filename>~/.euca</filename>."
7650
#: serverguide/C/virtualization.xml:1714(para)
7652
"Unzip the downloaded zip file into a safe location "
7653
"(<filename>~/.euca</filename>)."
7655
"Unzip the downloaded zip file into a safe location "
7656
"(<filename>~/.euca</filename>)."
7658
#: serverguide/C/virtualization.xml:1718(command)
7659
msgid "unzip -d ~/.euca mycreds.zip"
7660
msgstr "unzip -d ~/.euca mycreds.zip"
7662
#: serverguide/C/virtualization.xml:1725(title)
7663
msgid "From a Command Line"
7664
msgstr "From a Command Line"
7666
#: serverguide/C/virtualization.xml:1729(para)
7668
"Alternatively, if you are on the command line of the <emphasis>Cloud "
7669
"Controller</emphasis>, you can run:"
7671
"Alternatively, if you are on the command line of the <emphasis>Cloud "
7672
"Controller</emphasis>, you can run:"
7674
#: serverguide/C/virtualization.xml:1733(command)
7675
msgid "mkdir -p ~/.euca"
7676
msgstr "mkdir -p ~/.euca"
7678
#: serverguide/C/virtualization.xml:1734(command)
7679
msgid "chmod 700 ~/.euca"
7680
msgstr "chmod 700 ~/.euca"
7682
#: serverguide/C/virtualization.xml:1735(command)
7686
#: serverguide/C/virtualization.xml:1736(command)
7687
msgid "sudo euca_conf --get-credentials mycreds.zip"
7688
msgstr "sudo euca_conf --get-credentials mycreds.zip"
7690
#: serverguide/C/virtualization.xml:1737(command)
7691
msgid "unzip mycreds.zip"
7692
msgstr "unzip mycreds.zip"
7694
#: serverguide/C/virtualization.xml:1738(command)
7695
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
7696
msgstr "ln -s ~/.euca/eucarc ~/.eucarc"
7698
#: serverguide/C/virtualization.xml:1739(command)
7702
#: serverguide/C/virtualization.xml:1746(title)
7703
msgid "Extracting and Using Your Credentials"
7704
msgstr "Extracting and Using Your Credentials"
7706
#: serverguide/C/virtualization.xml:1748(para)
7708
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
7711
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
7714
#: serverguide/C/virtualization.xml:1754(para)
7715
msgid "Install the required cloud user tools:"
7716
msgstr "Install the required cloud user tools:"
7718
#: serverguide/C/virtualization.xml:1758(command)
7719
msgid "sudo apt-get install euca2ools"
7720
msgstr "sudo apt-get install euca2ools"
7722
#: serverguide/C/virtualization.xml:1762(para)
7724
"To validate that everything is working correctly, get the local cluster "
7725
"availability details:"
7727
"To validate that everything is working correctly, get the local cluster "
7728
"availability details:"
7730
#: serverguide/C/virtualization.xml:1766(command)
7731
msgid ". ~/.euca/eucarc"
7732
msgstr ". ~/.euca/eucarc"
7734
#: serverguide/C/virtualization.xml:1767(command)
7735
msgid "euca-describe-availability-zones verbose"
7736
msgstr "euca-describe-availability-zones verbose"
7738
#: serverguide/C/virtualization.xml:1768(computeroutput)
7741
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
7742
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
7743
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
7744
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
7745
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
7746
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
7747
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
7749
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
7750
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
7751
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
7752
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
7753
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
7754
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
7755
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
7757
#: serverguide/C/virtualization.xml:1778(para)
7758
msgid "Your output from the above command will vary."
7759
msgstr "Your output from the above command will vary."
7761
#: serverguide/C/virtualization.xml:1788(title)
7762
msgid "Install an Image from the Store"
7763
msgstr "Install an Image from the Store"
7765
#: serverguide/C/virtualization.xml:1790(para)
7767
"The following is by far the simplest way to install an image. However, "
7768
"advanced users may be interested in learning how to <ulink "
7769
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
7770
"own image</ulink>."
7772
"The following is by far the simplest way to install an image. However, "
7773
"advanced users may be interested in learning how to <ulink "
7774
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
7775
"own image</ulink>."
7777
#: serverguide/C/virtualization.xml:1795(para)
7779
"The simplest way to add an image to <application>UEC</application> is to "
7780
"install it from the Image Store on the UEC web interface."
7782
"The simplest way to add an image to <application>UEC</application> is to "
7783
"install it from the Image Store on the UEC web interface."
7785
#: serverguide/C/virtualization.xml:1801(para)
7787
"Access the web interface at the following URL (Make sure you specify https):"
7789
"Access the web interface at the following URL (Make sure you specify https):"
7791
#: serverguide/C/virtualization.xml:1809(para)
7793
"Enter your login and password (if requested, as you may still be logged in "
7796
"Enter your login and password (if requested, as you may still be logged in "
7799
#: serverguide/C/virtualization.xml:1814(para)
7800
msgid "Click on the <emphasis>Store</emphasis> tab."
7801
msgstr "Click on the <emphasis>Store</emphasis> tab."
7803
#: serverguide/C/virtualization.xml:1819(para)
7804
msgid "Browse available images."
7805
msgstr "Browse available images."
7807
#: serverguide/C/virtualization.xml:1824(para)
7808
msgid "Click on <emphasis>install</emphasis> for the image you want."
7809
msgstr "Click on <emphasis>install</emphasis> for the image you want."
7811
#: serverguide/C/virtualization.xml:1830(para)
7813
"Once the image has been downloaded and installed, you can click on "
7814
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
7815
"button to view the command to execute to instantiate (start) this image. The "
7816
"image will also appear on the list given on the <emphasis>Image</emphasis> "
7819
"Once the image has been downloaded and installed, you can click on "
7820
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
7821
"button to view the command to execute to instantiate (start) this image. The "
7822
"image will also appear on the list given on the <emphasis>Image</emphasis> "
7825
#: serverguide/C/virtualization.xml:1838(title)
7826
msgid "Run an Image"
7827
msgstr "Run an Image"
7829
#: serverguide/C/virtualization.xml:1840(para)
7830
msgid "There are multiple ways to instantiate an image in UEC:"
7831
msgstr "There are multiple ways to instantiate an image in UEC:"
7833
#: serverguide/C/virtualization.xml:1845(para)
7834
msgid "Use the command line."
7835
msgstr "Use the command line."
7837
#: serverguide/C/virtualization.xml:1846(para)
7839
"Use one of the UEC compatible management tools such as "
7840
"<emphasis>Landscape</emphasis>."
7842
"Use one of the UEC compatible management tools such as "
7843
"<emphasis>Landscape</emphasis>."
7845
#: serverguide/C/virtualization.xml:1848(para)
7848
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
7849
"extension to Firefox."
7852
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
7853
"extension to Firefox."
7855
#: serverguide/C/virtualization.xml:1854(para)
7856
msgid "Here we will describe the process from the command line:"
7857
msgstr "Here we will describe the process from the command line:"
7859
#: serverguide/C/virtualization.xml:1860(para)
7861
"Before running an instance of your image, you should first create a "
7862
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
7863
"instance as root, once it boots. The key is stored, so you will only have to "
7866
"Before running an instance of your image, you should first create a "
7867
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
7868
"instance as root, once it boots. The key is stored, so you will only have to "
7871
#: serverguide/C/virtualization.xml:1864(para)
7872
msgid "Run the following command:"
7873
msgstr "Run the following command:"
7875
#: serverguide/C/virtualization.xml:1867(programlisting)
7879
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
7880
" mkdir -p -m 700 ~/.euca\n"
7881
" touch ~/.euca/mykey.priv\n"
7882
" chmod 0600 ~/.euca/mykey.priv\n"
7883
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
7887
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
7888
" mkdir -p -m 700 ~/.euca\n"
7889
" touch ~/.euca/mykey.priv\n"
7890
" chmod 0600 ~/.euca/mykey.priv\n"
7891
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
7894
#: serverguide/C/virtualization.xml:1876(para)
7896
"You can call your key whatever you like (in this example, the key is called "
7897
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
7898
"forget, you can always run <command>euca-describe-keypairs</command> to get "
7899
"a list of created keys stored in the system."
7901
"You can call your key whatever you like (in this example, the key is called "
7902
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
7903
"forget, you can always run <command>euca-describe-keypairs</command> to get "
7904
"a list of created keys stored in the system."
7906
#: serverguide/C/virtualization.xml:1883(para)
7907
msgid "You must also allow access to port 22 in your instances:"
7908
msgstr "You must also allow access to port 22 in your instances:"
7910
#: serverguide/C/virtualization.xml:1887(command)
7911
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
7912
msgstr "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
7914
#: serverguide/C/virtualization.xml:1891(para)
7915
msgid "Next, you can create instances of your registered image:"
7916
msgstr "Next, you can create instances of your registered image:"
7918
#: serverguide/C/virtualization.xml:1895(command)
7919
msgid "euca-run-instances $EMI -k mykey -t m1.small"
7920
msgstr "euca-run-instances $EMI -k mykey -t m1.small"
7922
#: serverguide/C/virtualization.xml:1898(para)
7924
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
7925
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
7926
"on the <emphasis>Store</emphasis> page to see the sample command."
7928
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
7929
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
7930
"on the <emphasis>Store</emphasis> page to see the sample command."
7932
#: serverguide/C/virtualization.xml:1905(para)
7934
"The first time you run an instance, the system will be setting up caches for "
7935
"the image from which it will be created. This can often take some time the "
7936
"first time an instance is run given that VM images are usually quite large."
7938
"The first time you run an instance, the system will be setting up caches for "
7939
"the image from which it will be created. This can often take some time the "
7940
"first time an instance is run given that VM images are usually quite large."
7942
#: serverguide/C/virtualization.xml:1909(para)
7943
msgid "To monitor the state of your instance, run:"
7944
msgstr "To monitor the state of your instance, run:"
7946
#: serverguide/C/virtualization.xml:1913(command)
7947
msgid "watch -n5 euca-describe-instances"
7948
msgstr "watch -n5 euca-describe-instances"
7950
#: serverguide/C/virtualization.xml:1915(para)
7952
"In the output, you should see information about the instance, including its "
7953
"state. While first-time caching is being performed, the instance's state "
7954
"will be <emphasis>'pending'</emphasis>."
7956
"In the output, you should see information about the instance, including its "
7957
"state. While first-time caching is being performed, the instance's state "
7958
"will be <emphasis>'pending'</emphasis>."
7960
#: serverguide/C/virtualization.xml:1921(para)
7962
"When the instance is fully started, the above state will become "
7963
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
7964
"instance in the output, then connect to it:"
7966
"When the instance is fully started, the above state will become "
7967
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
7968
"instance in the output, then connect to it:"
7970
#: serverguide/C/virtualization.xml:1926(command)
7972
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
7975
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
7978
#: serverguide/C/virtualization.xml:1927(command)
7979
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
7980
msgstr "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
7982
#: serverguide/C/virtualization.xml:1931(para)
7984
"And when you are done with this instance, exit your SSH connection, then "
7985
"terminate your instance:"
7987
"And when you are done with this instance, exit your SSH connection, then "
7988
"terminate your instance:"
7990
#: serverguide/C/virtualization.xml:1935(command)
7992
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
7995
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
7998
#: serverguide/C/virtualization.xml:1936(command)
7999
msgid "euca-terminate-instances $INSTANCEID"
8000
msgstr "euca-terminate-instances $INSTANCEID"
8002
#: serverguide/C/virtualization.xml:1944(para)
8004
"The <application>cloud-init</application> package provides \"first boot\" "
8005
"functionality for the Ubuntu UEC images. It is in charge of taking the "
8006
"generic filesystem image that is booting and customizing it for this "
8007
"particular instance. That includes things like:"
8009
"The <application>cloud-init</application> package provides \"first boot\" "
8010
"functionality for the Ubuntu UEC images. It is in charge of taking the "
8011
"generic file system image that is booting and customizing it for this "
8012
"particular instance. That includes things like:"
8014
#: serverguide/C/virtualization.xml:1952(para)
8015
msgid "Setting the hostname."
8016
msgstr "Setting the host name."
8018
#: serverguide/C/virtualization.xml:1957(para)
8020
"Putting the provided ssh public keys into "
8021
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
8023
"Putting the provided SSH public keys into "
8024
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
8026
#: serverguide/C/virtualization.xml:1962(para)
8027
msgid "Running a user provided script, or otherwise modifying the image."
8028
msgstr "Running a user provided script, or otherwise modifying the image."
8030
#: serverguide/C/virtualization.xml:1968(para)
8032
"Setting hostname and configuring a system so the person who launched it can "
8033
"actually log into it are not terribly interesting. The interesting things "
8034
"that can be done with <application>cloud-init</application> are made "
8035
"possible by data provided at launch time called <ulink "
8036
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
8037
"85\">user-data</ulink>."
8039
"Setting host name and configuring a system so the person who launched it can "
8040
"actually log into it are not terribly interesting. The interesting things "
8041
"that can be done with <application>cloud-init</application> are made "
8042
"possible by data provided at launch time called <ulink "
8043
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
8044
"85\">user-data</ulink>."
8046
#: serverguide/C/virtualization.xml:1974(para)
8047
msgid "First, install the <application>cloud-init</application> package:"
8048
msgstr "First, install the <application>cloud-init</application> package:"
8050
#: serverguide/C/virtualization.xml:1979(command)
8051
msgid "sudo apt-get install cloud-init"
8052
msgstr "sudo apt-get install cloud-init"
8054
#: serverguide/C/virtualization.xml:1982(para)
8056
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
8057
"stored and executed as root late in the boot process of the instance's first "
8058
"boot (similar to a traditional 'rc.local' script). Output from the script is "
8059
"directed to the console."
8061
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
8062
"stored and executed as root late in the boot process of the instance's first "
8063
"boot (similar to a traditional 'rc.local' script). Output from the script is "
8064
"directed to the console."
8066
#: serverguide/C/virtualization.xml:1987(para)
8068
"For example, create a file named <filename>ud.txt</filename> containing:"
8070
"For example, create a file named <filename>ud.txt</filename> containing:"
8072
#: serverguide/C/virtualization.xml:1991(programlisting)
8077
"echo ========== Hello World: $(date) ==========\n"
8078
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
8082
"echo ========== Hello World: $(date) ==========\n"
8083
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
8085
#: serverguide/C/virtualization.xml:1997(para)
8087
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
8089
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
8091
#: serverguide/C/virtualization.xml:2002(command)
8092
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
8093
msgstr "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
8095
#: serverguide/C/virtualization.xml:2005(para)
8097
"Wait now for the system to come up and console to be available. To see the "
8098
"result of the data file commands enter:"
8100
"Wait now for the system to come up and console to be available. To see the "
8101
"result of the data file commands enter:"
8103
#: serverguide/C/virtualization.xml:2010(command)
8104
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
8105
msgstr "euca-get-console-output $EMI | grep --after-context=1 Hello"
8107
#: serverguide/C/virtualization.xml:2011(computeroutput)
8110
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
8111
"I have been up for 28.26 sec"
8113
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
8114
"I have been up for 28.26 sec"
8116
#: serverguide/C/virtualization.xml:2016(para)
8117
msgid "Your output may vary."
8118
msgstr "Your output may vary."
8120
#: serverguide/C/virtualization.xml:2021(para)
8122
"The simple approach shown above gives a great deal of power. The user-data "
8123
"can contain a script in any language where an interpreter already exists in "
8124
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
8127
"The simple approach shown above gives a great deal of power. The user-data "
8128
"can contain a script in any language where an interpreter already exists in "
8129
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
8132
#: serverguide/C/virtualization.xml:2026(para)
8134
"For many cases, the user may not be interested in writing a program. For "
8135
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
8136
"configuration based approach towards customization. To utilize the cloud-"
8137
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
8138
"config'</emphasis>."
8140
"For many cases, the user may not be interested in writing a program. For "
8141
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
8142
"configuration based approach towards customization. To utilize the cloud-"
8143
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
8144
"config'</emphasis>."
8146
#: serverguide/C/virtualization.xml:2031(para)
8148
"For example, create a text file named <filename>clout-config.txt</filename> "
8151
"For example, create a text file named <filename>clout-config.txt</filename> "
8154
#: serverguide/C/virtualization.xml:2035(programlisting)
8159
"apt_upgrade: true\n"
8161
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
8164
"- build-essential\n"
8168
"- echo ======= Hello World =====\n"
8169
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
8173
"apt_upgrade: true\n"
8175
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
8178
"- build-essential\n"
8182
"- echo ======= Hello World =====\n"
8183
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
8185
#: serverguide/C/virtualization.xml:2050(para)
8186
msgid "Create a new instance:"
8187
msgstr "Create a new instance:"
8189
#: serverguide/C/virtualization.xml:2055(command)
8191
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
8194
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
8197
#: serverguide/C/virtualization.xml:2058(para)
8198
msgid "Now, when the above system is booted, it will have:"
8199
msgstr "Now, when the above system is booted, it will have:"
8201
#: serverguide/C/virtualization.xml:2063(para)
8202
msgid "Added the Apache Edgers PPA."
8203
msgstr "Added the Apache Edgers PPA."
8205
#: serverguide/C/virtualization.xml:2064(para)
8206
msgid "Run an upgrade to get all updates available"
8207
msgstr "Run an upgrade to get all updates available"
8209
#: serverguide/C/virtualization.xml:2065(para)
8210
msgid "Installed the 'build-essential' and 'pastebinit' packages"
8211
msgstr "Installed the 'build-essential' and 'pastebinit' packages"
8213
#: serverguide/C/virtualization.xml:2066(para)
8214
msgid "Printed a similar message to the script above"
8215
msgstr "Printed a similar message to the script above"
8217
#: serverguide/C/virtualization.xml:2070(para)
8219
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
8220
"the latest version of Apache from upstream source repositories. Package "
8221
"versions in the PPA are unsupported, and depending on your situation, this "
8222
"may or may not be desirable. See the <ulink "
8223
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
8224
"Edgers</ulink> web page for more details."
8226
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
8227
"the latest version of Apache from upstream source repositories. Package "
8228
"versions in the PPA are unsupported, and depending on your situation, this "
8229
"may or may not be desirable. See the <ulink "
8230
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
8231
"Edgers</ulink> web page for more details."
8233
#: serverguide/C/virtualization.xml:2077(para)
8235
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
8236
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
8237
"It is present to allow you to get the full power of a scripting language if "
8238
"you need it without abandoning <emphasis>cloud-config</emphasis>."
8240
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
8241
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
8242
"It is present to allow you to get the full power of a scripting language if "
8243
"you need it without abandoning <emphasis>cloud-config</emphasis>."
8245
#: serverguide/C/virtualization.xml:2082(para)
8247
"For more information on what kinds of things can be done with "
8248
"<application>cloud-config</application>, see <ulink "
8249
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
8250
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
8252
"For more information on what kinds of things can be done with "
8253
"<application>cloud-config</application>, see <ulink "
8254
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
8255
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
8257
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
8258
msgid "More Information"
8259
msgstr "More Information"
8261
#: serverguide/C/virtualization.xml:2093(para)
8263
"How to use the <ulink "
8264
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
8265
"Controller</ulink>"
8267
"How to use the <ulink "
8268
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
8269
"Controller</ulink>"
8271
#: serverguide/C/virtualization.xml:2097(para)
8272
msgid "Controlling eucalyptus services:"
8273
msgstr "Controlling eucalyptus services:"
8275
#: serverguide/C/virtualization.xml:2102(para)
8277
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
8279
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
8281
#: serverguide/C/virtualization.xml:2103(para)
8282
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
8283
msgstr "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
8285
#: serverguide/C/virtualization.xml:2106(para)
8286
msgid "Locations of some important files:"
8287
msgstr "Locations of some important files:"
8289
#: serverguide/C/virtualization.xml:2113(emphasis)
8293
#: serverguide/C/virtualization.xml:2116(para)
8294
msgid "/var/log/eucalyptus"
8295
msgstr "/var/log/eucalyptus"
8297
#: serverguide/C/virtualization.xml:2121(emphasis)
8298
msgid "Configuration files:"
8299
msgstr "Configuration files:"
8301
#: serverguide/C/virtualization.xml:2124(para)
8302
msgid "/etc/eucalyptus"
8303
msgstr "/etc/eucalyptus"
8305
#: serverguide/C/virtualization.xml:2129(emphasis)
8309
#: serverguide/C/virtualization.xml:2132(para)
8310
msgid "/var/lib/eucalyptus/db"
8311
msgstr "/var/lib/eucalyptus/db"
8313
#: serverguide/C/virtualization.xml:2137(emphasis)
8317
#: serverguide/C/virtualization.xml:2140(para)
8318
msgid "/var/lib/eucalyptus"
8319
msgstr "/var/lib/eucalyptus"
8321
#: serverguide/C/virtualization.xml:2141(para)
8322
msgid "/var/lib/eucalyptus/.ssh"
8323
msgstr "/var/lib/eucalyptus/.ssh"
8325
#: serverguide/C/virtualization.xml:2147(para)
8327
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
8328
"running the client tools."
8330
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
8331
"running the client tools."
8333
#: serverguide/C/virtualization.xml:2158(para)
8335
"For information on loading instances see the <ulink "
8336
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
8339
"For information on loading instances see the <ulink "
8340
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
8343
#: serverguide/C/virtualization.xml:2163(para)
8345
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
8346
"documentation, downloads)</ulink>."
8348
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
8349
"documentation, downloads)</ulink>."
8351
#: serverguide/C/virtualization.xml:2168(para)
8353
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
8354
"(bugs, code)</ulink>."
8356
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
8357
"(bugs, code)</ulink>."
8359
#: serverguide/C/virtualization.xml:2173(para)
8362
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
8363
"ptus Troubleshooting (1.5)</ulink>."
8366
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
8367
"ptus Troubleshooting (1.5)</ulink>."
8369
#: serverguide/C/virtualization.xml:2178(para)
8371
"<ulink url=\"http://support.rightscale.com/2._References/02-"
8372
"Cloud_Infrastructures/Eucalyptus/03-"
8373
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
8374
"RightScale</ulink>."
8376
"<ulink url=\"http://support.rightscale.com/2._References/02-"
8377
"Cloud_Infrastructures/Eucalyptus/03-"
8378
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
8379
"RightScale</ulink>."
8381
#: serverguide/C/virtualization.xml:2184(para)
8383
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
8384
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
8385
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
8387
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
8388
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
8389
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
8391
#: serverguide/C/virtualization.xml:2193(title)
8395
#: serverguide/C/virtualization.xml:2195(para)
8397
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
8398
"unfamiliar to some readers. This page is intended to provide a glossary of "
8399
"such terms and acronyms."
8401
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
8402
"unfamiliar to some readers. This page is intended to provide a glossary of "
8403
"such terms and acronyms."
8405
#: serverguide/C/virtualization.xml:2202(para)
8407
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
8408
"computing resources through virtual machines, provisioned and recollected "
8411
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
8412
"computing resources through virtual machines, provisioned and recollected "
8415
#: serverguide/C/virtualization.xml:2208(para)
8417
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
8418
"provides the web UI (an https server on port 8443), and implements the "
8419
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
8420
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
8421
"cloud</application> package."
8423
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
8424
"provides the web UI (an https server on port 8443), and implements the "
8425
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
8426
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
8427
"cloud</application> package."
8429
#: serverguide/C/virtualization.xml:2215(para)
8431
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
8432
"Cluster Controller. There can be more than one Cluster in an installation of "
8433
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
8436
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
8437
"Cluster Controller. There can be more than one Cluster in an installation of "
8438
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
8441
#: serverguide/C/virtualization.xml:2221(para)
8443
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
8444
"manages collections of node resources. This service is provided by the "
8445
"Ubuntu <application>eucalyptus-cc</application> package."
8447
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
8448
"manages collections of node resources. This service is provided by the "
8449
"Ubuntu <application>eucalyptus-cc</application> package."
8451
#: serverguide/C/virtualization.xml:2227(para)
8452
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
8453
msgstr "<emphasis>EBS</emphasis> - Elastic Block Storage."
8455
#: serverguide/C/virtualization.xml:2232(para)
8457
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
8458
"pay-by-the-gigabyte public cloud computing offering."
8460
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
8461
"pay-by-the-gigabyte public cloud computing offering."
8463
#: serverguide/C/virtualization.xml:2237(para)
8464
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
8465
msgstr "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
8467
#: serverguide/C/virtualization.xml:2242(para)
8468
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
8469
msgstr "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
8471
#: serverguide/C/virtualization.xml:2247(para)
8472
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
8473
msgstr "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
8475
#: serverguide/C/virtualization.xml:2252(para)
8477
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
8478
"Linking Your Programs To Useful Systems. An open source project originally "
8479
"from the University of California at Santa Barbara, now supported by "
8480
"Eucalyptus Systems, a Canonical Partner."
8482
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
8483
"Linking Your Programs To Useful Systems. An open source project originally "
8484
"from the University of California at Santa Barbara, now supported by "
8485
"Eucalyptus Systems, a Canonical Partner."
8487
#: serverguide/C/virtualization.xml:2259(para)
8489
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
8490
"the high level Eucalyptus components (cloud, walrus, storage controller, "
8491
"cluster controller)."
8493
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
8494
"the high level Eucalyptus components (cloud, walrus, storage controller, "
8495
"cluster controller)."
8497
#: serverguide/C/virtualization.xml:2265(para)
8499
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
8500
"running virtual machines, running a node controller. Within Ubuntu, this "
8501
"generally means that the CPU has VT extensions, and can run the KVM "
8504
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
8505
"running virtual machines, running a node controller. Within Ubuntu, this "
8506
"generally means that the CPU has VT extensions, and can run the KVM "
8509
#: serverguide/C/virtualization.xml:2271(para)
8511
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
8512
"on nodes which host the virtual machines that comprise the cloud. This "
8513
"service is provided by the Ubuntu package <application>eucalyptus-"
8516
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
8517
"on nodes which host the virtual machines that comprise the cloud. This "
8518
"service is provided by the Ubuntu package <application>eucalyptus-"
8521
#: serverguide/C/virtualization.xml:2277(para)
8523
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
8524
"gigabyte persistent storage solution for EC2."
8526
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
8527
"gigabyte persistent storage solution for EC2."
8529
#: serverguide/C/virtualization.xml:2282(para)
8531
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
8532
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
8533
"installation can have its own Storage Controller. This component is provided "
8534
"by the <application>eucalyptus-sc</application> package."
8536
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
8537
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
8538
"installation can have its own Storage Controller. This component is provided "
8539
"by the <application>eucalyptus-sc</application> package."
8541
#: serverguide/C/virtualization.xml:2289(para)
8543
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
8544
"solution, based on Eucalyptus."
8546
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
8547
"solution, based on Eucalyptus."
8549
#: serverguide/C/virtualization.xml:2294(para)
8550
msgid "<emphasis>VM</emphasis> - Virtual Machine."
8551
msgstr "<emphasis>VM</emphasis> - Virtual Machine."
8553
#: serverguide/C/virtualization.xml:2299(para)
8555
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
8556
"some modern CPUs, allowing for accelerated virtual machine hosting."
8558
"<emphasis>VT</emphasis> - Virtualisation Technology. An optional feature of "
8559
"some modern CPUs, allowing for accelerated virtual machine hosting."
8561
#: serverguide/C/virtualization.xml:2304(para)
8563
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
8564
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
8565
"put/get abstractions."
8567
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
8568
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
8569
"put/get abstractions."
8571
#: serverguide/C/vcs.xml:13(title)
8572
msgid "Version Control System"
8573
msgstr "Version Control System"
8575
#: serverguide/C/vcs.xml:14(para)
8577
"Version control is the art of managing changes to information. It has long "
8578
"been a critical tool for programmers, who typically spend their time making "
8579
"small changes to software and then undoing those changes the next day. But "
8580
"the usefulness of version control software extends far beyond the bounds of "
8581
"the software development world. Anywhere you can find people using computers "
8582
"to manage information that changes often, there is room for version control."
8584
"Version control is the art of managing changes to information. It has long "
8585
"been a critical tool for programmers, who typically spend their time making "
8586
"small changes to software and then undoing those changes the next day. But "
8587
"the usefulness of version control software extends far beyond the bounds of "
8588
"the software development world. Anywhere you can find people using computers "
8589
"to manage information that changes often, there is room for version control."
8591
#: serverguide/C/vcs.xml:17(title)
8595
#: serverguide/C/vcs.xml:18(para)
8597
"Bazaar is a new version control system sponsored by Canonical, the "
8598
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
8599
"support a central repository model, Bazaar also supports "
8600
"<emphasis>distributed version control</emphasis>, giving people the ability "
8601
"to collaborate more efficiently. In particular, Bazaar is designed to "
8602
"maximize the level of community participation in open source projects."
8604
"Bazaar is a new version control system sponsored by Canonical, the "
8605
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
8606
"support a central repository model, Bazaar also supports "
8607
"<emphasis>distributed version control</emphasis>, giving people the ability "
8608
"to collaborate more efficiently. In particular, Bazaar is designed to "
8609
"maximise the level of community participation in open source projects."
8611
#: serverguide/C/vcs.xml:29(para)
8613
"At a terminal prompt, enter the following command to install "
8614
"<application>bzr</application>: <screen>\n"
8615
"<command>sudo apt-get install bzr</command>\n"
8618
"At a terminal prompt, enter the following command to install "
8619
"<application>bzr</application>: <screen>\n"
8620
"<command>sudo apt-get install bzr</command>\n"
8623
#: serverguide/C/vcs.xml:40(para)
8625
"To introduce yourself to <application>bzr</application>, use the "
8626
"<emphasis>whoami</emphasis> command like this: <screen>\n"
8627
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
8630
"To introduce yourself to <application>bzr</application>, use the "
8631
"<emphasis>whoami</emphasis> command like this: <screen>\n"
8632
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
8635
#: serverguide/C/vcs.xml:49(title)
8636
msgid "Learning Bazaar"
8637
msgstr "Learning Bazaar"
8639
#: serverguide/C/vcs.xml:50(para)
8641
"Bazaar comes with bundled documentation installed into "
8642
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
8643
"is a good place to start. The <application>bzr</application> command also "
8644
"comes with built-in help: <screen>\n"
8645
"<command>$ bzr help</command>\n"
8648
"Bazaar comes with bundled documentation installed into "
8649
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
8650
"is a good place to start. The <application>bzr</application> command also "
8651
"comes with built-in help: <screen>\n"
8652
"<command>$ bzr help</command>\n"
8655
#: serverguide/C/vcs.xml:60(para)
8657
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
8658
"<command>$ bzr help foo</command>\n"
8661
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
8662
"<command>$ bzr help foo</command>\n"
8665
#: serverguide/C/vcs.xml:68(title)
8666
msgid "Launchpad Integration"
8667
msgstr "Launchpad Integration"
8669
#: serverguide/C/vcs.xml:69(para)
8671
"While highly useful as a stand-alone system, Bazaar has good, optional "
8672
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
8673
"the collaborative development system used by Canonical and the broader open "
8674
"source community to manage and extend Ubuntu itself. For information on how "
8675
"Bazaar can be used with Launchpad to collaborate on open source projects, "
8676
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
8677
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
8679
"While highly useful as a stand-alone system, Bazaar has good, optional "
8680
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
8681
"the collaborative development system used by Canonical and the broader open "
8682
"source community to manage and extend Ubuntu itself. For information on how "
8683
"Bazaar can be used with Launchpad to collaborate on open source projects, "
8684
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
8685
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
8687
#: serverguide/C/vcs.xml:81(title)
8691
#: serverguide/C/vcs.xml:82(para)
8693
"Subversion is an open source version control system. Using Subversion, you "
8694
"can record the history of source files and documents. It manages files and "
8695
"directories over time. A tree of files is placed into a central repository. "
8696
"The repository is much like an ordinary file server, except that it "
8697
"remembers every change ever made to files and directories."
8699
"Subversion is an open source version control system. Using Subversion, you "
8700
"can record the history of source files and documents. It manages files and "
8701
"directories over time. A tree of files is placed into a central repository. "
8702
"The repository is much like an ordinary file server, except that it "
8703
"remembers every change ever made to files and directories."
8705
#: serverguide/C/vcs.xml:87(para)
8707
"To access Subversion repository using the HTTP protocol, you must install "
8708
"and configure a web server. Apache2 is proven to work with Subversion. "
8709
"Please refer to the HTTP subsection in the Apache2 section to install and "
8710
"configure Apache2. To access the Subversion repository using the HTTPS "
8711
"protocol, you must install and configure a digital certificate in your "
8712
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
8713
"section to install and configure the digital certificate."
8715
"To access Subversion repository using the HTTP protocol, you must install "
8716
"and configure a web server. Apache2 is proven to work with Subversion. "
8717
"Please refer to the HTTP subsection in the Apache2 section to install and "
8718
"configure Apache2. To access the Subversion repository using the HTTPS "
8719
"protocol, you must install and configure a digital certificate in your "
8720
"Apache 2 Web server. Please refer to the HTTPS subsection in the Apache2 "
8721
"section to install and configure the digital certificate."
8723
#: serverguide/C/vcs.xml:96(para)
8725
"To install Subversion, run the following command from a terminal prompt:"
8727
"To install Subversion, run the following command from a terminal prompt:"
8729
#: serverguide/C/vcs.xml:101(command)
8730
msgid "sudo apt-get install subversion libapache2-svn"
8731
msgstr "sudo apt-get install subversion libapache2-svn"
8733
#: serverguide/C/vcs.xml:108(para)
8735
"This step assumes you have installed above mentioned packages on your "
8736
"system. This section explains how to create a Subversion repository and "
8737
"access the project."
8739
"This step assumes you have installed above mentioned packages on your "
8740
"system. This section explains how to create a Subversion repository and "
8741
"access the project."
8743
#: serverguide/C/vcs.xml:111(title)
8744
msgid "Create Subversion Repository"
8745
msgstr "Create Subversion Repository"
8747
#: serverguide/C/vcs.xml:112(para)
8749
"The Subversion repository can be created using the following command from a "
8752
"The Subversion repository can be created using the following command from a "
8755
#: serverguide/C/vcs.xml:116(command)
8756
msgid "svnadmin create /path/to/repos/project"
8757
msgstr "svnadmin create /path/to/repos/project"
8759
#: serverguide/C/vcs.xml:121(title)
8760
msgid "Importing Files"
8761
msgstr "Importing Files"
8763
#: serverguide/C/vcs.xml:122(para)
8765
"Once you create the repository you can <emphasis>import</emphasis> files "
8766
"into the repository. To import a directory, enter the following from a "
8767
"terminal prompt: <screen>\n"
8768
"<command>svn import /path/to/import/directory "
8769
"file:///path/to/repos/project</command>\n"
8772
"Once you create the repository you can <emphasis>import</emphasis> files "
8773
"into the repository. To import a directory, enter the following from a "
8774
"terminal prompt: <screen>\n"
8775
"<command>svn import /path/to/import/directory "
8776
"file:///path/to/repos/project</command>\n"
8779
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
8780
msgid "Access Methods"
8781
msgstr "Access Methods"
8783
#: serverguide/C/vcs.xml:135(para)
8785
"Subversion repositories can be accessed (checked out) through many different "
8786
"methods --on local disk, or through various network protocols. A repository "
8787
"location, however, is always a URL. The table describes how different URL "
8788
"schemes map to the available access methods."
8790
"Subversion repositories can be accessed (checked out) through many different "
8791
"methods --on local disk, or through various network protocols. A repository "
8792
"location, however, is always a URL. The table describes how different URL "
8793
"schemes map to the available access methods."
8795
#: serverguide/C/vcs.xml:146(para)
8799
#: serverguide/C/vcs.xml:147(para)
8800
msgid "Access Method"
8801
msgstr "Access Method"
8803
#: serverguide/C/vcs.xml:152(para)
8807
#: serverguide/C/vcs.xml:153(para)
8808
msgid "direct repository access (on local disk)"
8809
msgstr "direct repository access (on local disk)"
8811
#: serverguide/C/vcs.xml:156(para)
8815
#: serverguide/C/vcs.xml:157(para)
8816
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
8817
msgstr "Access via WebDAV protocol to Subversion-aware Apache2 Web server"
8819
#: serverguide/C/vcs.xml:160(para)
8823
#: serverguide/C/vcs.xml:161(para)
8824
msgid "Same as http://, but with SSL encryption"
8825
msgstr "Same as http://, but with SSL encryption"
8827
#: serverguide/C/vcs.xml:164(para)
8831
#: serverguide/C/vcs.xml:165(para)
8832
msgid "Access via custom protocol to an svnserve server"
8833
msgstr "Access via custom protocol to an svnserve server"
8835
#: serverguide/C/vcs.xml:168(para)
8839
#: serverguide/C/vcs.xml:169(para)
8840
msgid "Same as svn://, but through an SSH tunnel"
8841
msgstr "Same as svn://, but through an SSH tunnel"
8843
#: serverguide/C/vcs.xml:175(para)
8845
"In this section, we will see how to configure Subversion for all these "
8846
"access methods. Here, we cover the basics. For more advanced usage details, "
8847
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
8849
"In this section, we will see how to configure Subversion for all these "
8850
"access methods. Here, we cover the basics. For more advanced usage details, "
8851
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
8853
#: serverguide/C/vcs.xml:182(title)
8854
msgid "Direct repository access (file://)"
8855
msgstr "Direct repository access (file://)"
8857
#: serverguide/C/vcs.xml:183(para)
8859
"This is the simplest of all access methods. It does not require any "
8860
"Subversion server process to be running. This access method is used to "
8861
"access Subversion from the same machine. The syntax of the command, entered "
8862
"at a terminal prompt, is as follows:"
8864
"This is the simplest of all access methods. It does not require any "
8865
"Subversion server process to be running. This access method is used to "
8866
"access Subversion from the same machine. The syntax of the command, entered "
8867
"at a terminal prompt, is as follows:"
8869
#: serverguide/C/vcs.xml:190(command)
8870
msgid "svn co file:///path/to/repos/project"
8871
msgstr "svn co file:///path/to/repos/project"
8873
#: serverguide/C/vcs.xml:193(para)
8877
#: serverguide/C/vcs.xml:196(command)
8878
msgid "svn co file://localhost/path/to/repos/project"
8879
msgstr "svn co file://localhost/path/to/repos/project"
8881
#: serverguide/C/vcs.xml:200(para)
8883
"If you do not specify the hostname, there are three forward slashes (///) -- "
8884
"two for the protocol (file, in this case) plus the leading slash in the "
8885
"path. If you specify the hostname, you must use two forward slashes (//)."
8887
"If you do not specify the hostname, there are three forward slashes (///) -- "
8888
"two for the protocol (file, in this case) plus the leading slash in the "
8889
"path. If you specify the hostname, you must use two forward slashes (//)."
8891
#: serverguide/C/vcs.xml:202(para)
8893
"The repository permissions depend on filesystem permissions. If the user has "
8894
"read/write permission, he can checkout from and commit to the repository."
8896
"The repository permissions depend on filesystem permissions. If the user has "
8897
"read/write permission, he can checkout from and commit to the repository."
8899
#: serverguide/C/vcs.xml:205(title)
8900
msgid "Access via WebDAV protocol (http://)"
8901
msgstr "Access via WebDAV protocol (http://)"
8903
#: serverguide/C/vcs.xml:206(para)
8905
"To access the Subversion repository via WebDAV protocol, you must configure "
8906
"your Apache 2 web server. Add the following snippet between the "
8907
"<emphasis><VirtualHost></emphasis> and "
8908
"<emphasis></VirtualHost></emphasis> elements in "
8909
"<filename>/etc/apache2/sites-available/default</filename>, or another "
8912
"To access the Subversion repository via WebDAV protocol, you must configure "
8913
"your Apache 2 web server. Add the following snippet between the "
8914
"<emphasis><VirtualHost></emphasis> and "
8915
"<emphasis></VirtualHost></emphasis> elements in "
8916
"<filename>/etc/apache2/sites-available/default</filename>, or another "
8919
#: serverguide/C/vcs.xml:212(programlisting)
8923
" <Location /svn>\n"
8925
" SVNPath /home/svn\n"
8927
" AuthName \"Your repository name\"\n"
8928
" AuthUserFile /etc/subversion/passwd\n"
8929
" Require valid-user\n"
8930
" </Location> \n"
8933
" <Location /svn>\n"
8935
" SVNPath /home/svn\n"
8937
" AuthName \"Your repository name\"\n"
8938
" AuthUserFile /etc/subversion/passwd\n"
8939
" Require valid-user\n"
8940
" </Location> \n"
8942
#: serverguide/C/vcs.xml:223(para)
8944
"The above configuration snippet assumes that Subversion repositories are "
8945
"created under <filename>/home/svn/</filename> directory using "
8946
"<command>svnadmin</command> command. They can be accessible using "
8947
"<command>http://hostname/svn/repos_name</command> url."
8949
"The above configuration snippet assumes that Subversion repositories are "
8950
"created under <filename>/home/svn/</filename> directory using "
8951
"<command>svnadmin</command> command. They can be accessible using "
8952
"<command>http://hostname/svn/repos_name</command> url."
8954
#: serverguide/C/vcs.xml:229(para)
8956
"To import or commit files to your Subversion repository over HTTP, the "
8957
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
8958
"HTTP user is <command>www-data</command>. To change the ownership of the "
8959
"repository files enter the following command from terminal prompt:"
8961
"To import or commit files to your Subversion repository over HTTP, the "
8962
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
8963
"HTTP user is <command>www-data</command>. To change the ownership of the "
8964
"repository files enter the following command from terminal prompt:"
8966
#: serverguide/C/vcs.xml:238(command)
8967
msgid "sudo chown -R www-data:www-data /path/to/repos"
8968
msgstr "sudo chown -R www-data:www-data /path/to/repos"
8970
#: serverguide/C/vcs.xml:241(para)
8972
"By changing the ownership of repository as <command>www-data</command> you "
8973
"will not be able to import or commit files into the repository by running "
8974
"<command>svn import file:///</command> command as any user other than "
8975
"<command>www-data</command>."
8977
"By changing the ownership of repository as <command>www-data</command> you "
8978
"will not be able to import or commit files into the repository by running "
8979
"<command>svn import file:///</command> command as any user other than "
8980
"<command>www-data</command>."
8982
#: serverguide/C/vcs.xml:250(para)
8984
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
8985
"that will contain user authentication details. To create a file issue the "
8986
"following command at a command prompt (which will create the file and add "
8989
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
8990
"that will contain user authentication details. To create a file issue the "
8991
"following command at a command prompt (which will create the file and add "
8994
#: serverguide/C/vcs.xml:256(command)
8995
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
8996
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
8998
#: serverguide/C/vcs.xml:259(para)
9000
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
9001
"option replaces the old file. Instead use this form:"
9003
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
9004
"option replaces the old file. Instead use this form:"
9006
#: serverguide/C/vcs.xml:264(command)
9007
msgid "sudo htpasswd /etc/subversion/password user_name"
9008
msgstr "sudo htpasswd /etc/subversion/password user_name"
9010
#: serverguide/C/vcs.xml:268(para)
9012
"This command will prompt you to enter the password. Once you enter the "
9013
"password, the user is added. Now, to access the repository you can run the "
9014
"following command:"
9016
"This command will prompt you to enter the password. Once you enter the "
9017
"password, the user is added. Now, to access the repository you can run the "
9018
"following command:"
9020
#: serverguide/C/vcs.xml:269(command)
9021
msgid "svn co http://servername/svn"
9022
msgstr "svn co http://servername/svn"
9024
#: serverguide/C/vcs.xml:271(para)
9026
"The password is transmitted as plain text. If you are worried about password "
9027
"snooping, you are advised to use SSL encryption. For details, please refer "
9030
"The password is transmitted as plain text. If you are worried about password "
9031
"snooping, you are advised to use SSL encryption. For details, please refer "
9034
#: serverguide/C/vcs.xml:277(title)
9035
msgid "Access via WebDAV protocol with SSL encryption (https://)"
9036
msgstr "Access via WebDAV protocol with SSL encryption (https://)"
9038
#: serverguide/C/vcs.xml:278(para)
9040
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
9041
"(https://) is similar to http:// except that you must install and configure "
9042
"the digital certificate in your Apache2 web server. To use SSL with "
9043
"Subversion add the above Apache2 configuration to "
9044
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
9045
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
9046
"configuration\"/>."
9048
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
9049
"(https://) is similar to http:// except that you must install and configure "
9050
"the digital certificate in your Apache2 web server. To use SSL with "
9051
"Subversion add the above Apache2 configuration to "
9052
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
9053
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
9054
"configuration\"/>."
9056
#: serverguide/C/vcs.xml:287(para)
9058
"You can install a digital certificate issued by a signing authority. "
9059
"Alternatively, you can install your own self-signed certificate."
9061
"You can install a digital certificate issued by a signing authority. "
9062
"Alternatively, you can install your own self-signed certificate."
9064
#: serverguide/C/vcs.xml:292(para)
9066
"This step assumes you have installed and configured a digital certificate in "
9067
"your Apache 2 web server. Now, to access the Subversion repository, please "
9068
"refer to the above section! The access methods are exactly the same, except "
9069
"the protocol. You must use https:// to access the Subversion repository."
9071
"This step assumes you have installed and configured a digital certificate in "
9072
"your Apache 2 Web server. Now, to access the Subversion repository, please "
9073
"refer to the above section! The access methods are exactly the same, except "
9074
"the protocol. You must use https:// to access the Subversion repository."
9076
#: serverguide/C/vcs.xml:302(title)
9077
msgid "Access via custom protocol (svn://)"
9078
msgstr "Access via custom protocol (svn://)"
9080
#: serverguide/C/vcs.xml:303(para)
9082
"Once the Subversion repository is created, you can configure the access "
9083
"control. You can edit the <filename> "
9084
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
9085
"access control. For example, to set up authentication, you can uncomment the "
9086
"following lines in the configuration file:"
9088
"Once the Subversion repository is created, you can configure the access "
9089
"control. You can edit the <filename> "
9090
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
9091
"access control. For example, to set up authentication, you can uncomment the "
9092
"following lines in the configuration file:"
9094
#: serverguide/C/vcs.xml:310(programlisting)
9098
"# password-db = passwd"
9101
"# password-db = passwd"
9103
#: serverguide/C/vcs.xml:313(para)
9105
"After uncommenting the above lines, you can maintain the user list in the "
9106
"passwd file. So, edit the file <filename>passwd </filename> in the same "
9107
"directory and add the new user. The syntax is as follows:"
9109
"After uncommenting the above lines, you can maintain the user list in the "
9110
"passwd file. So, edit the file <filename>passwd </filename> in the same "
9111
"directory and add the new user. The syntax is as follows:"
9113
#: serverguide/C/vcs.xml:319(programlisting)
9115
msgid "username = password"
9116
msgstr "username = password"
9118
#: serverguide/C/vcs.xml:320(para)
9119
msgid "For more details, please refer to the file."
9120
msgstr "For more details, please refer to the file."
9122
#: serverguide/C/vcs.xml:324(para)
9124
"Now, to access Subversion via the svn:// custom protocol, either from the "
9125
"same machine or a different machine, you can run svnserver using svnserve "
9126
"command. The syntax is as follows:"
9128
"Now, to access Subversion via the svn:// custom protocol, either from the "
9129
"same machine or a different machine, you can run svnserver using svnserve "
9130
"command. The syntax is as follows:"
9132
#: serverguide/C/vcs.xml:329(programlisting)
9135
"$ svnserve -d --foreground -r /path/to/repos\n"
9136
"# -d -- daemon mode\n"
9137
"# --foreground -- run in foreground (useful for debugging)\n"
9138
"# -r -- root of directory to serve\n"
9140
"For more usage details, please refer to:\n"
9143
"$ svnserve -d --foreground -r /path/to/repos\n"
9144
"# -d -- daemon mode\n"
9145
"# --foreground -- run in foreground (useful for debugging)\n"
9146
"# -r -- root of directory to serve\n"
9148
"For more usage details, please refer to:\n"
9151
#: serverguide/C/vcs.xml:337(para)
9153
"Once you run this command, Subversion starts listening on default port "
9154
"(3690). To access the project repository, you must run the following command "
9155
"from a terminal prompt:"
9157
"Once you run this command, Subversion starts listening on default port "
9158
"(3690). To access the project repository, you must run the following command "
9159
"from a terminal prompt:"
9161
#: serverguide/C/vcs.xml:340(command)
9162
msgid "svn co svn://hostname/project project --username user_name"
9163
msgstr "svn co svn://hostname/project project --username user_name"
9165
#: serverguide/C/vcs.xml:343(para)
9167
"Based on server configuration, it prompts for password. Once you are "
9168
"authenticated, it checks out the code from Subversion repository. To "
9169
"synchronize the project repository with the local copy, you can run the "
9170
"<command>update</command> sub-command. The syntax of the command, entered at "
9171
"a terminal prompt, is as follows:"
9173
"Based on server configuration, it prompts for password. Once you are "
9174
"authenticated, it checks out the code from Subversion repository. To "
9175
"synchronise the project repository with the local copy, you can run the "
9176
"<command>update</command> sub-command. The syntax of the command, entered at "
9177
"a terminal prompt, is as follows:"
9179
#: serverguide/C/vcs.xml:351(command)
9180
msgid "cd project_dir ; svn update"
9181
msgstr "cd project_dir ; svn update"
9183
#: serverguide/C/vcs.xml:354(para)
9185
"For more details about using each Subversion sub-command, you can refer to "
9186
"the manual. For example, to learn more about the co (checkout) command, "
9187
"please run the following command from a terminal prompt:"
9189
"For more details about using each Subversion sub-command, you can refer to "
9190
"the manual. For example, to learn more about the co (checkout) command, "
9191
"please run the following command from a terminal prompt:"
9193
#: serverguide/C/vcs.xml:358(command)
9195
msgstr "svn co help"
9197
#: serverguide/C/vcs.xml:362(title)
9198
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
9199
msgstr "Access via custom protocol with SSL encryption (svn+ssh://)"
9201
#: serverguide/C/vcs.xml:363(para)
9203
"The configuration and server process is same as in the svn:// method. For "
9204
"details, please refer to the above section. This step assumes you have "
9205
"followed the above step and started the Subversion server using "
9206
"<application>svnserve</application> command."
9208
"The configuration and server process is same as in the svn:// method. For "
9209
"details, please refer to the above section. This step assumes you have "
9210
"followed the above step and started the Subversion server using "
9211
"<application>svnserve</application> command."
9213
#: serverguide/C/vcs.xml:369(para)
9215
"It is also assumed that the ssh server is running on that machine and that "
9216
"it is allowing incoming connections. To confirm, please try to login to that "
9217
"machine using ssh. If you can login, everything is perfect. If you cannot "
9218
"login, please address it before continuing further."
9220
"It is also assumed that the ssh server is running on that machine and that "
9221
"it is allowing incoming connections. To confirm, please try to login to that "
9222
"machine using ssh. If you can login, everything is perfect. If you cannot "
9223
"login, please address it before continuing further."
9225
#: serverguide/C/vcs.xml:375(para)
9227
"The svn+ssh:// protocol is used to access the Subversion repository using "
9228
"SSL encryption. The data transfer is encrypted using this method. To access "
9229
"the project repository (for example with a checkout), you must use the "
9230
"following command syntax:"
9232
"The svn+ssh:// protocol is used to access the Subversion repository using "
9233
"SSL encryption. The data transfer is encrypted using this method. To access "
9234
"the project repository (for example with a checkout), you must use the "
9235
"following command syntax:"
9237
#: serverguide/C/vcs.xml:382(command)
9238
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
9239
msgstr "svn co svn+ssh://hostname/var/svn/repos/project"
9241
#: serverguide/C/vcs.xml:386(para)
9243
"You must use the full path (/path/to/repos/project) to access the Subversion "
9244
"repository using this access method."
9246
"You must use the full path (/path/to/repos/project) to access the Subversion "
9247
"repository using this access method."
9249
#: serverguide/C/vcs.xml:389(para)
9251
"Based on server configuration, it prompts for password. You must enter the "
9252
"password you use to login via ssh. Once you are authenticated, it checks out "
9253
"the code from the Subversion repository."
9255
"Based on server configuration, it prompts for password. You must enter the "
9256
"password you use to login via ssh. Once you are authenticated, it checks out "
9257
"the code from the Subversion repository."
9259
#: serverguide/C/vcs.xml:399(title)
9263
#: serverguide/C/vcs.xml:400(para)
9265
"CVS is a version control system. You can use it to record the history of "
9268
"CVS is a version control system. You can use it to record the history of "
9271
#: serverguide/C/vcs.xml:406(para)
9273
"To install <application>CVS</application>, run the following command from a "
9274
"terminal prompt: <screen>\n"
9275
"<command>sudo apt-get install cvs</command>\n"
9276
"</screen> After you install <application>cvs</application>, you should "
9277
"install <application>xinetd</application> to start/stop the cvs server. At "
9278
"the prompt, enter the following command to install "
9279
"<application>xinetd</application>: <screen>\n"
9280
"<command>sudo apt-get install xinetd</command>\n"
9283
"To install <application>CVS</application>, run the following command from a "
9284
"terminal prompt: <screen>\n"
9285
"<command>sudo apt-get install cvs</command>\n"
9286
"</screen> After you install <application>cvs</application>, you should "
9287
"install <application>xinetd</application> to start/stop the cvs server. At "
9288
"the prompt, enter the following command to install "
9289
"<application>xinetd</application>: <screen>\n"
9290
"<command>sudo apt-get install xinetd</command>\n"
9293
#: serverguide/C/vcs.xml:439(programlisting)
9297
"service cvspserver\n"
9300
" socket_type = stream\n"
9304
" type = UNLISTED\n"
9305
" server = /usr/bin/cvs\n"
9306
" server_args = -f --allow-root /var/lib/cvs pserver\n"
9311
"service cvspserver\n"
9314
" socket_type = stream\n"
9318
" type = UNLISTED\n"
9319
" server = /usr/bin/cvs\n"
9320
" server_args = -f --allow-root /var/lib/cvs pserver\n"
9324
#: serverguide/C/vcs.xml:455(para)
9326
"Be sure to edit the repository if you have changed the default repository "
9327
"(<application>/var/lib/cvs</application>) directory."
9329
"Be sure to edit the repository if you have changed the default repository "
9330
"(<application>/var/lib/cvs</application>) directory."
9332
#: serverguide/C/vcs.xml:424(para)
9334
"Once you install cvs, the repository will be automatically initialized. By "
9335
"default, the repository resides under the "
9336
"<application>/var/lib/cvs</application> directory. You can change this path "
9337
"by running following command: <screen>\n"
9338
"<command>cvs -d /your/new/cvs/repo init</command>\n"
9339
"</screen> Once the initial repository is set up, you can configure "
9340
"<application>xinetd</application> to start the CVS server. You can copy the "
9341
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
9342
"<placeholder-1/><placeholder-2/> Once you have configured "
9343
"<application>xinetd</application> you can start the cvs server by running "
9344
"following command: <screen>\n"
9345
"<command>sudo /etc/init.d/xinetd restart</command>\n"
9348
"Once you install cvs, the repository will be automatically initialised. By "
9349
"default, the repository resides under the "
9350
"<application>/var/lib/cvs</application> directory. You can change this path "
9351
"by running following command: <screen>\n"
9352
"<command>cvs -d /your/new/cvs/repo init</command>\n"
9353
"</screen> Once the initial repository is set up, you can configure "
9354
"<application>xinetd</application> to start the CVS server. You can copy the "
9355
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
9356
"<placeholder-1/><placeholder-2/> Once you have configured "
9357
"<application>xinetd</application> you can start the cvs server by running "
9358
"following command: <screen>\n"
9359
"<command>sudo /etc/init.d/xinetd restart</command>\n"
9362
#: serverguide/C/vcs.xml:468(para)
9364
"You can confirm that the CVS server is running by issuing the following "
9367
"You can confirm that the CVS server is running by issuing the following "
9370
#: serverguide/C/vcs.xml:475(command)
9371
msgid "sudo netstat -tap | grep cvs"
9372
msgstr "sudo netstat -tap | grep cvs"
9374
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
9376
"When you run this command, you should see the following line or something "
9379
"When you run this command, you should see the following line or something "
9382
#: serverguide/C/vcs.xml:484(programlisting)
9386
"tcp 0 0 *:cvspserver *:* LISTEN \n"
9389
"tcp 0 0 *:cvspserver *:* LISTEN \n"
9391
#: serverguide/C/vcs.xml:488(para)
9393
"From here you can continue to add users, add new projects, and manage the "
9396
"From here you can continue to add users, add new projects, and manage the "
9399
#: serverguide/C/vcs.xml:493(para)
9401
"CVS allows the user to add users independently of the underlying OS "
9402
"installation. Probably the easiest way is to use the Linux Users for CVS, "
9403
"although it has potential security issues. Please refer to the CVS manual "
9406
"CVS allows the user to add users independently of the underlying OS "
9407
"installation. Probably the easiest way is to use the Linux Users for CVS, "
9408
"although it has potential security issues. Please refer to the CVS manual "
9411
#: serverguide/C/vcs.xml:503(title)
9412
msgid "Add Projects"
9413
msgstr "Add Projects"
9415
#: serverguide/C/vcs.xml:515(para)
9417
"You can use the CVSROOT environment variable to store the CVS root "
9418
"directory. Once you export the CVSROOT environment variable, you can avoid "
9419
"using -d option in the above cvs command."
9421
"You can use the CVSROOT environment variable to store the CVS root "
9422
"directory. Once you export the CVSROOT environment variable, you can avoid "
9423
"using -d option in the above cvs command."
9425
#: serverguide/C/vcs.xml:527(para)
9427
"When you add a new project, the CVS user you use must have write access to "
9428
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
9429
"the <application>src</application> group has write access to the CVS "
9430
"repository. So, you can add the user to this group, and he can then add and "
9431
"manage projects in the CVS repository."
9433
"When you add a new project, the CVS user you use must have write access to "
9434
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
9435
"the <application>src</application> group has write access to the CVS "
9436
"repository. So, you can add the user to this group, and he can then add and "
9437
"manage projects in the CVS repository."
9439
#: serverguide/C/vcs.xml:504(para)
9441
"This section explains how to add new project to the CVS repository. Create "
9442
"the directory and add necessary document and source files to the directory. "
9443
"Now, run the following command to add this project to CVS repository: "
9445
"<command>cd your/project</command>\n"
9446
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
9447
"\"Importing my project to CVS repository\" . new_project start</command>\n"
9448
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
9449
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
9450
"purpose in this context, but since CVS requires them, they must be present. "
9453
"This section explains how to add new project to the CVS repository. Create "
9454
"the directory and add necessary document and source files to the directory. "
9455
"Now, run the following command to add this project to CVS repository: "
9457
"<command>cd your/project</command>\n"
9458
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
9459
"\"Importing my project to CVS repository\" . new_project start</command>\n"
9460
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
9461
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
9462
"purpose in this context, but since CVS requires them, they must be present. "
9465
#: serverguide/C/vcs.xml:540(ulink)
9466
msgid "Bazaar Home Page"
9467
msgstr "Bazaar Home Page"
9469
#: serverguide/C/vcs.xml:541(ulink)
9473
#: serverguide/C/vcs.xml:542(ulink)
9474
msgid "Subversion Home Page"
9475
msgstr "Subversion Home Page"
9477
#: serverguide/C/vcs.xml:543(ulink)
9478
msgid "Subversion Book"
9479
msgstr "Subversion Book"
9481
#: serverguide/C/vcs.xml:545(ulink)
9485
#: serverguide/C/vcs.xml:546(ulink)
9486
msgid "Easy Bazaar Ubuntu Wiki page"
9487
msgstr "Easy Bazaar Ubuntu Wiki page"
9489
#: serverguide/C/vcs.xml:547(ulink)
9490
msgid "Ubuntu Wiki Subversion page"
9491
msgstr "Ubuntu Wiki Subversion page"
9493
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
9494
msgid "Credits and License"
9495
msgstr "Credits and Licence"
9497
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
9499
"This document is maintained by the Ubuntu documentation team "
9500
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
9501
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
9503
"This document is maintained by the Ubuntu documentation team "
9504
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
9505
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
9507
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
9509
"This document is made available under the Creative Commons ShareAlike 2.5 "
9510
"License (CC-BY-SA)."
9512
"This document is made available under the Creative Commons ShareAlike 2.5 "
9513
"Licence (CC-BY-SA)."
9515
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
9517
"You are free to modify, extend, and improve the Ubuntu documentation source "
9518
"code under the terms of this license. All derivative works must be released "
9519
"under this license."
9521
"You are free to modify, extend, and improve the Ubuntu documentation source "
9522
"code under the terms of this licence. All derivative works must be released "
9523
"under this licence."
9525
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
9527
"This documentation is distributed in the hope that it will be useful, but "
9528
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
9529
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
9531
"This documentation is distributed in the hope that it will be useful, but "
9532
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
9533
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
9535
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
9537
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
9538
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
9540
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
9541
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
9543
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
9547
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
9548
msgid "Ubuntu Documentation Project"
9549
msgstr "Ubuntu Documentation Project"
9551
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
9552
msgid "Canonical Ltd. and members of the <placeholder-1/>"
9553
msgstr "Canonical Ltd. and members of the <placeholder-1/>"
9555
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
9556
msgid "The Ubuntu Documentation Project"
9557
msgstr "The Ubuntu Documentation Project"
9559
#: serverguide/C/serverguide.xml:17(para)
9561
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
9562
"information on how to install and configure various server applications on "
9563
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
9564
"guide for configuring and customizing your system."
9566
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
9567
"information on how to install and configure various server applications on "
9568
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
9569
"guide for configuring and customising your system."
9571
#: serverguide/C/security.xml:13(title)
9575
#: serverguide/C/security.xml:14(para)
9577
"Security should always be considered when installing, deploying, and using "
9578
"any type of computer system. Although a fresh installation of Ubuntu is "
9579
"relatively safe for immediate use on the Internet, it is important to have a "
9580
"balanced understanding of your systems security posture based on how it will "
9581
"be used after deployment."
9583
"Security should always be considered when installing, deploying, and using "
9584
"any type of computer system. Although a fresh installation of Ubuntu is "
9585
"relatively safe for immediate use on the Internet, it is important to have a "
9586
"balanced understanding of your systems security posture based on how it will "
9587
"be used after deployment."
9589
#: serverguide/C/security.xml:17(para)
9591
"This chapter provides an overview of security related topics as they pertain "
9592
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
9593
"protect your server and network from any number of potential security "
9596
"This chapter provides an overview of security related topics as they pertain "
9597
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
9598
"protect your server and network from any number of potential security "
9601
#: serverguide/C/security.xml:21(title)
9602
msgid "User Management"
9603
msgstr "User Management"
9605
#: serverguide/C/security.xml:22(para)
9607
"User management is a critical part of maintaining a secure system. "
9608
"Ineffective user and privilege management often lead many systems into being "
9609
"compromised. Therefore, it is important that you understand how you can "
9610
"protect your server through simple and effective user account management "
9613
"User management is a critical part of maintaining a secure system. "
9614
"Ineffective user and privilege management often lead many systems into being "
9615
"compromised. Therefore, it is important that you understand how you can "
9616
"protect your server through simple and effective user account management "
9619
#: serverguide/C/security.xml:26(title)
9620
msgid "Where is root?"
9621
msgstr "Where is root?"
9623
#: serverguide/C/security.xml:27(para)
9625
"Ubuntu developers made a conscientious decision to disable the "
9626
"administrative root account by default in all Ubuntu installations. This "
9627
"does not mean that the root account has been deleted or that it may not be "
9628
"accessed. It merely has been given a password which matches no possible "
9629
"encrypted value, therefore may not log in directly by itself."
9631
"Ubuntu developers made a conscientious decision to disable the "
9632
"administrative root account by default in all Ubuntu installations. This "
9633
"does not mean that the root account has been deleted or that it may not be "
9634
"accessed. It merely has been given a password which matches no possible "
9635
"encrypted value, therefore may not log in directly by itself."
9637
#: serverguide/C/security.xml:30(para)
9639
"Instead, users are encouraged to make use of a tool by the name of "
9640
"<application>sudo</application> to carry out system administrative duties. "
9641
"<application>Sudo</application> allows an authorized user to temporarily "
9642
"elevate their privileges using their own password instead of having to know "
9643
"the password belonging to the root account. This simple yet effective "
9644
"methodology provides accountability for all user actions, and gives the "
9645
"administrator granular control over which actions a user can perform with "
9648
"Instead, users are encouraged to make use of a tool by the name of "
9649
"<application>sudo</application> to carry out system administrative duties. "
9650
"<application>Sudo</application> allows an authorised user to temporarily "
9651
"elevate their privileges using their own password instead of having to know "
9652
"the password belonging to the root account. This simple yet effective "
9653
"methodology provides accountability for all user actions, and gives the "
9654
"administrator granular control over which actions a user can perform with "
9657
#: serverguide/C/security.xml:35(para)
9659
"If for some reason you wish to enable the root account, simply give it a "
9662
"If for some reason you wish to enable the root account, simply give it a "
9665
#: serverguide/C/security.xml:39(command)
9667
msgstr "sudo passwd"
9669
#: serverguide/C/security.xml:41(para)
9671
"Sudo will prompt you for your password, and then ask you to supply a new "
9672
"password for root as shown below:"
9674
"Sudo will prompt you for your password, and then ask you to supply a new "
9675
"password for root as shown below:"
9677
#: serverguide/C/security.xml:44(userinput)
9679
msgid "(enter your own password)"
9680
msgstr "(enter your own password)"
9682
#: serverguide/C/security.xml:45(userinput)
9684
msgid "(enter a new password for root)"
9685
msgstr "(enter a new password for root)"
9687
#: serverguide/C/security.xml:46(userinput)
9689
msgid "(repeat new password for root)"
9690
msgstr "(repeat new password for root)"
9692
#: serverguide/C/security.xml:44(computeroutput)
9695
"[sudo] password for username: <placeholder-1/>\n"
9696
"Enter new UNIX password: <placeholder-2/>\n"
9697
"Retype new UNIX password: <placeholder-3/>\n"
9698
"passwd: password updated successfully"
9700
"[sudo] password for username: <placeholder-1/>\n"
9701
"Enter new UNIX password: <placeholder-2/>\n"
9702
"Retype new UNIX password: <placeholder-3/>\n"
9703
"passwd: password updated successfully"
9705
#: serverguide/C/security.xml:51(para)
9706
msgid "To disable the root account, use the following passwd syntax:"
9707
msgstr "To disable the root account, use the following passwd syntax:"
9709
#: serverguide/C/security.xml:55(command)
9710
msgid "sudo passwd -l root"
9711
msgstr "sudo passwd -l root"
9713
#: serverguide/C/security.xml:59(para)
9715
"You should read more on <application>Sudo</application> by checking out it's "
9718
"You should read more on <application>Sudo</application> by checking out it's "
9721
#: serverguide/C/security.xml:63(command)
9725
#: serverguide/C/security.xml:67(para)
9727
"By default, the initial user created by the Ubuntu installer is a member of "
9728
"the group \"admin\" which is added to the file "
9729
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
9730
"give any other account full root access through "
9731
"<application>sudo</application>, simply add them to the admin group."
9733
"By default, the initial user created by the Ubuntu installer is a member of "
9734
"the group \"admin\" which is added to the file "
9735
"<filename>/etc/sudoers</filename> as an authorised sudo user. If you wish to "
9736
"give any other account full root access through "
9737
"<application>sudo</application>, simply add them to the admin group."
9739
#: serverguide/C/security.xml:73(title)
9740
msgid "Adding and Deleting Users"
9741
msgstr "Adding and Deleting Users"
9743
#: serverguide/C/security.xml:74(para)
9745
"The process for managing local users and groups is straight forward and "
9746
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
9747
"other Debian based distributions, encourage the use of the \"adduser\" "
9748
"package for account management."
9750
"The process for managing local users and groups is straight forward and "
9751
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
9752
"other Debian based distributions, encourage the use of the \"adduser\" "
9753
"package for account management."
9755
#: serverguide/C/security.xml:79(para)
9757
"To add a user account, use the following syntax, and follow the prompts to "
9758
"give the account a password and identifiable characteristics such as a full "
9759
"name, phone number, etc."
9761
"To add a user account, use the following syntax, and follow the prompts to "
9762
"give the account a password and identifiable characteristics such as a full "
9763
"name, phone number, etc."
9765
#: serverguide/C/security.xml:83(command)
9766
msgid "sudo adduser username"
9767
msgstr "sudo adduser username"
9769
#: serverguide/C/security.xml:87(para)
9771
"To delete a user account and its primary group, use the following syntax:"
9773
"To delete a user account and its primary group, use the following syntax:"
9775
#: serverguide/C/security.xml:91(command)
9776
msgid "sudo deluser username"
9777
msgstr "sudo deluser username"
9779
#: serverguide/C/security.xml:93(para)
9781
"Deleting an account does not remove their respective home folder. It is up "
9782
"to you whether or not you wish to delete the folder manually or keep it "
9783
"according to your desired retention policies."
9785
"Deleting an account does not remove their respective home folder. It is up "
9786
"to you whether or not you wish to delete the folder manually or keep it "
9787
"according to your desired retention policies."
9789
#: serverguide/C/security.xml:96(para)
9791
"Remember, any user added later on with the same UID/GID as the previous "
9792
"owner will now have access to this folder if you have not taken the "
9793
"necessary precautions."
9795
"Remember, any user added later on with the same UID/GID as the previous "
9796
"owner will now have access to this folder if you have not taken the "
9797
"necessary precautions."
9799
#: serverguide/C/security.xml:99(para)
9801
"You may want to change these UID/GID values to something more appropriate, "
9802
"such as the root account, and perhaps even relocate the folder to avoid "
9805
"You may want to change these UID/GID values to something more appropriate, "
9806
"such as the root account, and perhaps even relocate the folder to avoid "
9809
#: serverguide/C/security.xml:103(command)
9810
msgid "sudo chown -R root:root /home/username/"
9811
msgstr "sudo chown -R root:root /home/username/"
9813
#: serverguide/C/security.xml:104(command)
9814
msgid "sudo mkdir /home/archived_users/"
9815
msgstr "sudo mkdir /home/archived_users/"
9817
#: serverguide/C/security.xml:105(command)
9818
msgid "sudo mv /home/username /home/archived_users/"
9819
msgstr "sudo mv /home/username /home/archived_users/"
9821
#: serverguide/C/security.xml:109(para)
9823
"To temporarily lock or unlock a user account, use the following syntax, "
9826
"To temporarily lock or unlock a user account, use the following syntax, "
9829
#: serverguide/C/security.xml:113(command)
9830
msgid "sudo passwd -l username"
9831
msgstr "sudo passwd -l username"
9833
#: serverguide/C/security.xml:114(command)
9834
msgid "sudo passwd -u username"
9835
msgstr "sudo passwd -u username"
9837
#: serverguide/C/security.xml:118(para)
9839
"To add or delete a personalized group, use the following syntax, "
9842
"To add or delete a personalised group, use the following syntax, "
9845
#: serverguide/C/security.xml:122(command)
9846
msgid "sudo addgroup groupname"
9847
msgstr "sudo addgroup groupname"
9849
#: serverguide/C/security.xml:123(command)
9850
msgid "sudo delgroup groupname"
9851
msgstr "sudo delgroup groupname"
9853
#: serverguide/C/security.xml:127(para)
9854
msgid "To add a user to a group, use the following syntax:"
9855
msgstr "To add a user to a group, use the following syntax:"
9857
#: serverguide/C/security.xml:131(command)
9858
msgid "sudo adduser username groupname"
9859
msgstr "sudo adduser username groupname"
9861
#: serverguide/C/security.xml:138(title)
9862
msgid "User Profile Security"
9863
msgstr "User Profile Security"
9865
#: serverguide/C/security.xml:139(para)
9867
"When a new user is created, the adduser utility creates a brand new home "
9868
"directory named <filename class=\"directory\">/home/username</filename>, "
9869
"respectively. The default profile is modeled after the contents found in the "
9870
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
9871
"includes all profile basics."
9873
"When a new user is created, the adduser utility creates a brand new home "
9874
"directory named <filename class=\"directory\">/home/username</filename>, "
9875
"respectively. The default profile is modelled after the contents found in "
9876
"the directory of <filename class=\"directory\">/etc/skel</filename>, which "
9877
"includes all profile basics."
9879
#: serverguide/C/security.xml:142(para)
9881
"If your server will be home to multiple users, you should pay close "
9882
"attention to the user home directory permissions to ensure confidentiality. "
9883
"By default, user home directories in Ubuntu are created with world "
9884
"read/execute permissions. This means that all users can browse and access "
9885
"the contents of other users home directories. This may not be suitable for "
9888
"If your server will be home to multiple users, you should pay close "
9889
"attention to the user home directory permissions to ensure confidentiality. "
9890
"By default, user home directories in Ubuntu are created with world "
9891
"read/execute permissions. This means that all users can browse and access "
9892
"the contents of other users home directories. This may not be suitable for "
9895
#: serverguide/C/security.xml:147(para)
9897
"To verify your current users home directory permissions, use the following "
9900
"To verify your current users home directory permissions, use the following "
9903
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
9904
msgid "ls -ld /home/username"
9905
msgstr "ls -ld /home/username"
9907
#: serverguide/C/security.xml:153(para)
9909
"The following output shows that the directory <filename "
9910
"class=\"directory\">/home/username</filename> has world readable permissions:"
9912
"The following output shows that the directory <filename "
9913
"class=\"directory\">/home/username</filename> has world readable permissions:"
9915
#: serverguide/C/security.xml:156(computeroutput)
9917
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
9918
msgstr "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
9920
#: serverguide/C/security.xml:160(para)
9922
"You can remove the world readable permissions using the following syntax:"
9924
"You can remove the world readable permissions using the following syntax:"
9926
#: serverguide/C/security.xml:164(command)
9927
msgid "sudo chmod 0750 /home/username"
9928
msgstr "sudo chmod 0750 /home/username"
9930
#: serverguide/C/security.xml:167(para)
9932
"Some people tend to use the recursive option (-R) indiscriminately which "
9933
"modifies all child folders and files, but this is not necessary, and may "
9934
"yield other undesirable results. The parent directory alone is sufficient "
9935
"for preventing unauthorized access to anything below the parent."
9937
"Some people tend to use the recursive option (-R) indiscriminately which "
9938
"modifies all child folders and files, but this is not necessary, and may "
9939
"yield other undesirable results. The parent directory alone is sufficient "
9940
"for preventing unauthorised access to anything below the parent."
9942
#: serverguide/C/security.xml:171(para)
9944
"A much more efficient approach to the matter would be to modify the "
9945
"<application>adduser</application> global default permissions when creating "
9946
"user home folders. Simply edit the file "
9947
"<filename>/etc/adduser.conf</filename> and modify the "
9948
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
9949
"new home directories will receive the correct permissions."
9951
"A much more efficient approach to the matter would be to modify the "
9952
"<application>adduser</application> global default permissions when creating "
9953
"user home folders. Simply edit the file "
9954
"<filename>/etc/adduser.conf</filename> and modify the "
9955
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
9956
"new home directories will receive the correct permissions."
9958
#: serverguide/C/security.xml:174(programlisting)
9967
#: serverguide/C/security.xml:179(para)
9969
"After correcting the directory permissions using any of the previously "
9970
"mentioned techniques, verify the results using the following syntax:"
9972
"After correcting the directory permissions using any of the previously "
9973
"mentioned techniques, verify the results using the following syntax:"
9975
#: serverguide/C/security.xml:185(para)
9977
"The results below show that world readable permissions have been removed:"
9979
"The results below show that world readable permissions have been removed:"
9981
#: serverguide/C/security.xml:188(computeroutput)
9983
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
9984
msgstr "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
9986
#: serverguide/C/security.xml:195(title)
9987
msgid "Password Policy"
9988
msgstr "Password Policy"
9990
#: serverguide/C/security.xml:196(para)
9992
"A strong password policy is one of the most important aspects of your "
9993
"security posture. Many successful security breaches involve simple brute "
9994
"force and dictionary attacks against weak passwords. If you intend to offer "
9995
"any form of remote access involving your local password system, make sure "
9996
"you adequately address minimum password complexity requirements, maximum "
9997
"password lifetimes, and frequent audits of your authentication systems."
9999
"A strong password policy is one of the most important aspects of your "
10000
"security posture. Many successful security breaches involve simple brute "
10001
"force and dictionary attacks against weak passwords. If you intend to offer "
10002
"any form of remote access involving your local password system, make sure "
10003
"you adequately address minimum password complexity requirements, maximum "
10004
"password lifetimes, and frequent audits of your authentication systems."
10006
#: serverguide/C/security.xml:200(title)
10007
msgid "Minimum Password Length"
10008
msgstr "Minimum Password Length"
10010
#: serverguide/C/security.xml:201(para)
10012
"By default, Ubuntu requires a minimum password length of 6 characters, as "
10013
"well as some basic entropy checks. These values are controlled in the file "
10014
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
10016
"By default, Ubuntu requires a minimum password length of 6 characters, as "
10017
"well as some basic entropy checks. These values are controlled in the file "
10018
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
10020
#: serverguide/C/security.xml:204(programlisting)
10024
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
10027
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
10029
#: serverguide/C/security.xml:207(para)
10031
"If you would like to adjust the minimum length to 8 characters, change the "
10032
"appropriate variable to min=8. The modification is outlined below."
10034
"If you would like to adjust the minimum length to 8 characters, change the "
10035
"appropriate variable to min=8. The modification is outlined below."
10037
#: serverguide/C/security.xml:210(programlisting)
10041
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
10045
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
10048
#: serverguide/C/security.xml:215(title)
10049
msgid "Password Expiration"
10050
msgstr "Password Expiration"
10052
#: serverguide/C/security.xml:216(para)
10054
"When creating user accounts, you should make it a policy to have a minimum "
10055
"and maximum password age forcing users to change their passwords when they "
10058
"When creating user accounts, you should make it a policy to have a minimum "
10059
"and maximum password age forcing users to change their passwords when they "
10062
#: serverguide/C/security.xml:221(para)
10064
"To easily view the current status of a user account, use the following "
10067
"To easily view the current status of a user account, use the following "
10070
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
10071
msgid "sudo chage -l username"
10072
msgstr "sudo chage -l username"
10074
#: serverguide/C/security.xml:227(para)
10076
"The output below shows interesting facts about the user account, namely that "
10077
"there are no policies applied:"
10079
"The output below shows interesting facts about the user account, namely that "
10080
"there are no policies applied:"
10082
#: serverguide/C/security.xml:230(computeroutput)
10085
"Last password change : Jan 20, 2008\n"
10086
"Password expires : never\n"
10087
"Password inactive : never\n"
10088
"Account expires : never\n"
10089
"Minimum number of days between password change : 0\n"
10090
"Maximum number of days between password change : 99999\n"
10091
"Number of days of warning before password expires : 7"
10093
"Last password change : Jan 20, 2008\n"
10094
"Password expires : never\n"
10095
"Password inactive : never\n"
10096
"Account expires : never\n"
10097
"Minimum number of days between password change : 0\n"
10098
"Maximum number of days between password change : 99999\n"
10099
"Number of days of warning before password expires : 7"
10101
#: serverguide/C/security.xml:240(para)
10103
"To set any of these values, simply use the following syntax, and follow the "
10104
"interactive prompts:"
10106
"To set any of these values, simply use the following syntax, and follow the "
10107
"interactive prompts:"
10109
#: serverguide/C/security.xml:244(command)
10110
msgid "sudo chage username"
10111
msgstr "sudo chage username"
10113
#: serverguide/C/security.xml:246(para)
10115
"The following is also an example of how you can manually change the explicit "
10116
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
10117
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
10118
"password expiration, and a warning time period (-W) of 14 days before "
10119
"password expiration."
10121
"The following is also an example of how you can manually change the explicit "
10122
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
10123
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
10124
"password expiration, and a warning time period (-W) of 14 days before "
10125
"password expiration."
10127
#: serverguide/C/security.xml:250(command)
10128
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
10129
msgstr "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
10131
#: serverguide/C/security.xml:254(para)
10132
msgid "To verify changes, use the same syntax as mentioned previously:"
10133
msgstr "To verify changes, use the same syntax as mentioned previously:"
10135
#: serverguide/C/security.xml:260(para)
10137
"The output below shows the new policies that have been established for the "
10140
"The output below shows the new policies that have been established for the "
10143
#: serverguide/C/security.xml:263(computeroutput)
10146
"Last password change : Jan 20, 2008\n"
10147
"Password expires : Apr 19, 2008\n"
10148
"Password inactive : May 19, 2008\n"
10149
"Account expires : Jan 31, 2008\n"
10150
"Minimum number of days between password change : 5\n"
10151
"Maximum number of days between password change : 90\n"
10152
"Number of days of warning before password expires : 14"
10154
"Last password change : Jan 20, 2008\n"
10155
"Password expires : Apr 19, 2008\n"
10156
"Password inactive : May 19, 2008\n"
10157
"Account expires : Jan 31, 2008\n"
10158
"Minimum number of days between password change : 5\n"
10159
"Maximum number of days between password change : 90\n"
10160
"Number of days of warning before password expires : 14"
10162
#: serverguide/C/security.xml:279(title)
10163
msgid "Other Security Considerations"
10164
msgstr "Other Security Considerations"
10166
#: serverguide/C/security.xml:280(para)
10168
"Many applications use alternate authentication mechanisms that can be easily "
10169
"overlooked by even experienced system administrators. Therefore, it is "
10170
"important to understand and control how users authenticate and gain access "
10171
"to services and applications on your server."
10173
"Many applications use alternate authentication mechanisms that can be easily "
10174
"overlooked by even experienced system administrators. Therefore, it is "
10175
"important to understand and control how users authenticate and gain access "
10176
"to services and applications on your server."
10178
#: serverguide/C/security.xml:285(title)
10179
msgid "SSH Access by Disabled Users"
10180
msgstr "SSH Access by Disabled Users"
10182
#: serverguide/C/security.xml:286(para)
10184
"Simply disabling/locking a user account will not prevent a user from logging "
10185
"into your server remotely if they have previously set up RSA public key "
10186
"authentication. They will still be able to gain shell access to the server, "
10187
"without the need for any password. Remember to check the users home "
10188
"directory for files that will allow for this type of authenticated SSH "
10189
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
10191
"Simply disabling/locking a user account will not prevent a user from logging "
10192
"into your server remotely if they have previously set up RSA public key "
10193
"authentication. They will still be able to gain shell access to the server, "
10194
"without the need for any password. Remember to check the users home "
10195
"directory for files that will allow for this type of authenticated SSH "
10196
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
10198
#: serverguide/C/security.xml:289(para)
10200
"Remove or rename the directory <filename "
10201
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
10202
"further SSH authentication capabilities."
10204
"Remove or rename the directory <filename "
10205
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
10206
"further SSH authentication capabilities."
10208
#: serverguide/C/security.xml:292(para)
10210
"Be sure to check for any established SSH connections by the disabled user, "
10211
"as it is possible they may have existing inbound or outbound connections. "
10212
"Kill any that are found."
10214
"Be sure to check for any established SSH connections by the disabled user, "
10215
"as it is possible they may have existing inbound or outbound connections. "
10216
"Kill any that are found."
10218
#: serverguide/C/security.xml:295(para)
10220
"Restrict SSH access to only user accounts that should have it. For example, "
10221
"you may create a group called \"sshlogin\" and add the group name as the "
10222
"value associated with the <varname>AllowGroups</varname> variable located in "
10223
"the file <filename>/etc/ssh/sshd_config</filename>."
10225
"Restrict SSH access to only user accounts that should have it. For example, "
10226
"you may create a group called \"sshlogin\" and add the group name as the "
10227
"value associated with the <varname>AllowGroups</varname> variable located in "
10228
"the file <filename>/etc/ssh/sshd_config</filename>."
10230
#: serverguide/C/security.xml:298(programlisting)
10234
"AllowGroups sshlogin\n"
10237
"AllowGroups sshlogin\n"
10239
#: serverguide/C/security.xml:301(para)
10241
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
10244
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
10247
#: serverguide/C/security.xml:305(command)
10248
msgid "sudo adduser username sshlogin"
10249
msgstr "sudo adduser username sshlogin"
10251
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
10252
msgid "sudo /etc/init.d/ssh restart"
10253
msgstr "sudo /etc/init.d/ssh restart"
10255
#: serverguide/C/security.xml:310(title)
10256
msgid "External User Database Authentication"
10257
msgstr "External User Database Authentication"
10259
#: serverguide/C/security.xml:311(para)
10261
"Most enterprise networks require centralized authentication and access "
10262
"controls for all system resources. If you have configured your server to "
10263
"authenticate users against external databases, be sure to disable the user "
10264
"accounts both externally and locally, this way you ensure that local "
10265
"fallback authentication is not possible."
10267
"Most enterprise networks require centralised authentication and access "
10268
"controls for all system resources. If you have configured your server to "
10269
"authenticate users against external databases, be sure to disable the user "
10270
"accounts both externally and locally, this way you ensure that local "
10271
"fallback authentication is not possible."
10273
#: serverguide/C/security.xml:320(title)
10274
msgid "Console Security"
10275
msgstr "Console Security"
10277
#: serverguide/C/security.xml:321(para)
10279
"As with any other security barrier you put in place to protect your server, "
10280
"it is pretty tough to defend against untold damage caused by someone with "
10281
"physical access to your environment, for example, theft of hard drives, "
10282
"power or service disruption and so on. Therefore, console security should be "
10283
"addressed merely as one component of your overall physical security "
10284
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
10285
"very least slow down a determined one, so it is still advisable to perform "
10286
"basic precautions with regard to console security."
10288
"As with any other security barrier you put in place to protect your server, "
10289
"it is pretty tough to defend against untold damage caused by someone with "
10290
"physical access to your environment, for example, theft of hard drives, "
10291
"power or service disruption and so on. Therefore, console security should be "
10292
"addressed merely as one component of your overall physical security "
10293
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
10294
"very least slow down a determined one, so it is still advisable to perform "
10295
"basic precautions with regard to console security."
10297
#: serverguide/C/security.xml:324(para)
10299
"The following instructions will help defend your server against issues that "
10300
"could otherwise yield very serious consequences."
10302
"The following instructions will help defend your server against issues that "
10303
"could otherwise yield very serious consequences."
10305
#: serverguide/C/security.xml:329(title)
10306
msgid "Disable Ctrl+Alt+Delete"
10307
msgstr "Disable Ctrl+Alt+Delete"
10309
#: serverguide/C/security.xml:330(para)
10311
"First and foremost, anyone that has physical access to the keyboard can "
10313
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
10314
"eycombo> key combination to reboot the server without having to log on. "
10315
"Sure, someone could simply unplug the power source, but you should still "
10316
"prevent the use of this key combination on a production server. This forces "
10317
"an attacker to take more drastic measures to reboot the server, and will "
10318
"prevent accidental reboots at the same time."
10320
"First and foremost, anyone that has physical access to the keyboard can "
10322
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
10323
"eycombo> key combination to reboot the server without having to log on. "
10324
"Sure, someone could simply unplug the power source, but you should still "
10325
"prevent the use of this key combination on a production server. This forces "
10326
"an attacker to take more drastic measures to reboot the server, and will "
10327
"prevent accidental reboots at the same time."
10329
#: serverguide/C/security.xml:335(para)
10331
"To disable the reboot action taken by pressing the "
10332
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
10333
"eycombo> key combination, comment out the following line in the file "
10334
"<filename>/etc/init/control-alt-delete.conf</filename>."
10336
"To disable the reboot action taken by pressing the "
10337
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
10338
"eycombo> key combination, comment out the following line in the file "
10339
"<filename>/etc/init/control-alt-delete.conf</filename>."
10341
#: serverguide/C/security.xml:338(programlisting)
10345
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
10348
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
10350
#: serverguide/C/security.xml:347(title)
10354
#: serverguide/C/security.xml:350(para)
10356
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
10357
"which is used to manipulate or decide the fate of network traffic headed "
10358
"into or through your server. All modern Linux firewall solutions use this "
10359
"system for packet filtering."
10361
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
10362
"which is used to manipulate or decide the fate of network traffic headed "
10363
"into or through your server. All modern Linux firewall solutions use this "
10364
"system for packet filtering."
10366
#: serverguide/C/security.xml:355(para)
10368
"The kernel's packet filtering system would be of little use to "
10369
"administrators without a userspace interface to manage it. This is the "
10370
"purpose of iptables. When a packet reaches your server, it will be handed "
10371
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
10372
"based on the rules supplied to it from userspace via iptables. Thus, "
10373
"iptables is all you need to manage your firewall if you're familiar with it, "
10374
"but many frontends are available to simplify the task."
10376
"The kernel's packet filtering system would be of little use to "
10377
"administrators without a userspace interface to manage it. This is the "
10378
"purpose of iptables. When a packet reaches your server, it will be handed "
10379
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
10380
"based on the rules supplied to it from userspace via iptables. Thus, "
10381
"iptables is all you need to manage your firewall if you're familiar with it, "
10382
"but many frontends are available to simplify the task."
10384
#: serverguide/C/security.xml:365(title)
10385
msgid "ufw - Uncomplicated Firewall"
10386
msgstr "ufw - Uncomplicated Firewall"
10388
#: serverguide/C/security.xml:366(para)
10390
"The default firewall configuration tool for Ubuntu is "
10391
"<application>ufw</application>. Developed to ease iptables firewall "
10392
"configuration, <application>ufw</application> provides a user friendly way "
10393
"to create an IPv4 or IPv6 host-based firewall."
10395
"The default firewall configuration tool for Ubuntu is "
10396
"<application>ufw</application>. Developed to ease iptables firewall "
10397
"configuration, <application>ufw</application> provides a user friendly way "
10398
"to create an IPv4 or IPv6 host-based firewall."
10400
#: serverguide/C/security.xml:370(para)
10402
"<application>ufw</application> by default is initially disabled. From the "
10403
"<application>ufw</application> man page:"
10405
"<application>ufw</application> by default is initially disabled. From the "
10406
"<application>ufw</application> man page:"
10408
#: serverguide/C/security.xml:374(quote)
10410
"ufw is not intended to provide complete firewall functionality via its "
10411
"command interface, but instead provides an easy way to add or remove simple "
10412
"rules. It is currently mainly used for host-based firewalls."
10414
"ufw is not intended to provide complete firewall functionality via its "
10415
"command interface, but instead provides an easy way to add or remove simple "
10416
"rules. It is currently mainly used for host-based firewalls."
10418
#: serverguide/C/security.xml:378(para)
10420
"The following are some examples of how to use <application>ufw</application>:"
10422
"The following are some examples of how to use <application>ufw</application>:"
10424
#: serverguide/C/security.xml:383(para)
10426
"First, <application>ufw</application> needs to be enabled. From a terminal "
10429
"First, <application>ufw</application> needs to be enabled. From a terminal "
10432
#: serverguide/C/security.xml:387(command)
10433
msgid "sudo ufw enable"
10434
msgstr "sudo ufw enable"
10436
#: serverguide/C/security.xml:391(para)
10437
msgid "To open a port (ssh in this example):"
10438
msgstr "To open a port (ssh in this example):"
10440
#: serverguide/C/security.xml:395(command)
10441
msgid "sudo ufw allow 22"
10442
msgstr "sudo ufw allow 22"
10444
#: serverguide/C/security.xml:399(para)
10445
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
10447
"Rules can also be added using a <emphasis>numbered</emphasis> format:"
10449
#: serverguide/C/security.xml:403(command)
10450
msgid "sudo ufw insert 1 allow 80"
10451
msgstr "sudo ufw insert 1 allow 80"
10453
#: serverguide/C/security.xml:407(para)
10454
msgid "Similarly, to close an opened port:"
10455
msgstr "Similarly, to close an opened port:"
10457
#: serverguide/C/security.xml:411(command)
10458
msgid "sudo ufw deny 22"
10459
msgstr "sudo ufw deny 22"
10461
#: serverguide/C/security.xml:415(para)
10462
msgid "To remove a rule, use delete followed by the rule:"
10463
msgstr "To remove a rule, use delete followed by the rule:"
10465
#: serverguide/C/security.xml:419(command)
10466
msgid "sudo ufw delete deny 22"
10467
msgstr "sudo ufw delete deny 22"
10469
#: serverguide/C/security.xml:423(para)
10471
"It is also possible to allow access from specific hosts or networks to a "
10472
"port. The following example allows ssh access from host 192.168.0.2 to any "
10473
"ip address on this host:"
10475
"It is also possible to allow access from specific hosts or networks to a "
10476
"port. The following example allows ssh access from host 192.168.0.2 to any "
10477
"ip address on this host:"
10479
#: serverguide/C/security.xml:428(command)
10480
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
10481
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
10483
#: serverguide/C/security.xml:430(para)
10485
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
10488
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
10491
#: serverguide/C/security.xml:436(para)
10493
"Adding the <emphasis>--dry-run</emphasis> option to a "
10494
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
10495
"apply them. For example, the following is what would be applied if opening "
10498
"Adding the <emphasis>--dry-run</emphasis> option to a "
10499
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
10500
"apply them. For example, the following is what would be applied if opening "
10503
#: serverguide/C/security.xml:442(command)
10504
msgid "sudo ufw --dry-run allow http"
10505
msgstr "sudo ufw --dry-run allow http"
10507
#: serverguide/C/security.xml:446(computeroutput)
10511
":ufw-user-input - [0:0]\n"
10512
":ufw-user-output - [0:0]\n"
10513
":ufw-user-forward - [0:0]\n"
10514
":ufw-user-limit - [0:0]\n"
10515
":ufw-user-limit-accept - [0:0]\n"
10518
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
10519
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
10521
"### END RULES ###\n"
10522
"-A ufw-user-input -j RETURN\n"
10523
"-A ufw-user-output -j RETURN\n"
10524
"-A ufw-user-forward -j RETURN\n"
10525
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
10527
"-A ufw-user-limit -j REJECT\n"
10528
"-A ufw-user-limit-accept -j ACCEPT\n"
10533
":ufw-user-input - [0:0]\n"
10534
":ufw-user-output - [0:0]\n"
10535
":ufw-user-forward - [0:0]\n"
10536
":ufw-user-limit - [0:0]\n"
10537
":ufw-user-limit-accept - [0:0]\n"
10540
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
10541
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
10543
"### END RULES ###\n"
10544
"-A ufw-user-input -j RETURN\n"
10545
"-A ufw-user-output -j RETURN\n"
10546
"-A ufw-user-forward -j RETURN\n"
10547
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
10549
"-A ufw-user-limit -j REJECT\n"
10550
"-A ufw-user-limit-accept -j ACCEPT\n"
10554
#: serverguide/C/security.xml:470(para)
10555
msgid "<application>ufw</application> can be disabled by:"
10556
msgstr "<application>ufw</application> can be disabled by:"
10558
#: serverguide/C/security.xml:474(command)
10559
msgid "sudo ufw disable"
10560
msgstr "sudo ufw disable"
10562
#: serverguide/C/security.xml:478(para)
10563
msgid "To see the firewall status, enter:"
10564
msgstr "To see the firewall status, enter:"
10566
#: serverguide/C/security.xml:482(command)
10567
msgid "sudo ufw status"
10568
msgstr "sudo ufw status"
10570
#: serverguide/C/security.xml:486(para)
10571
msgid "And for more verbose status information use:"
10572
msgstr "And for more verbose status information use:"
10574
#: serverguide/C/security.xml:490(command)
10575
msgid "sudo ufw status verbose"
10576
msgstr "sudo ufw status verbose"
10578
#: serverguide/C/security.xml:494(para)
10579
msgid "To view the <emphasis>numbered</emphasis> format:"
10580
msgstr "To view the <emphasis>numbered</emphasis> format:"
10582
#: serverguide/C/security.xml:498(command)
10583
msgid "sudo ufw status numbered"
10584
msgstr "sudo ufw status numbered"
10586
#: serverguide/C/security.xml:503(para)
10588
"If the port you want to open or close is defined in "
10589
"<filename>/etc/services</filename>, you can use the port name instead of the "
10590
"number. In the above examples, replace <emphasis>22</emphasis> with "
10591
"<emphasis>ssh</emphasis>."
10593
"If the port you want to open or close is defined in "
10594
"<filename>/etc/services</filename>, you can use the port name instead of the "
10595
"number. In the above examples, replace <emphasis>22</emphasis> with "
10596
"<emphasis>ssh</emphasis>."
10598
#: serverguide/C/security.xml:509(para)
10600
"This is a quick introduction to using <application>ufw</application>. Please "
10601
"refer to the <application>ufw</application> man page for more information."
10603
"This is a quick introduction to using <application>ufw</application>. Please "
10604
"refer to the <application>ufw</application> man page for more information."
10606
#: serverguide/C/security.xml:515(title)
10607
msgid "ufw Application Integration"
10608
msgstr "ufw Application Integration"
10610
#: serverguide/C/security.xml:517(para)
10612
"Applications that open ports can include an <application>ufw</application> "
10613
"profile, which details the ports needed for the application to function "
10614
"properly. The profiles are kept in <filename "
10615
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
10616
"the default ports have been changed."
10618
"Applications that open ports can include an <application>ufw</application> "
10619
"profile, which details the ports needed for the application to function "
10620
"properly. The profiles are kept in <filename "
10621
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
10622
"the default ports have been changed."
10624
#: serverguide/C/security.xml:526(para)
10626
"To view which applications have installed a profile, enter the following in "
10629
"To view which applications have installed a profile, enter the following in "
10632
#: serverguide/C/security.xml:531(command)
10633
msgid "sudo ufw app list"
10634
msgstr "sudo ufw app list"
10636
#: serverguide/C/security.xml:537(para)
10638
"Similar to allowing traffic to a port, using an application profile is "
10639
"accomplished by entering:"
10641
"Similar to allowing traffic to a port, using an application profile is "
10642
"accomplished by entering:"
10644
#: serverguide/C/security.xml:542(command)
10645
msgid "sudo ufw allow Samba"
10646
msgstr "sudo ufw allow Samba"
10648
#: serverguide/C/security.xml:548(para)
10649
msgid "An extended syntax is available as well:"
10650
msgstr "An extended syntax is available as well:"
10652
#: serverguide/C/security.xml:553(command)
10653
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
10654
msgstr "ufw allow from 192.168.0.0/24 to any app Samba"
10656
#: serverguide/C/security.xml:556(para)
10658
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
10659
"with the application profile you are using and the IP range for your network."
10661
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
10662
"with the application profile you are using and the IP range for your network."
10664
#: serverguide/C/security.xml:562(para)
10666
"There is no need to specify the <emphasis>protocol</emphasis> for the "
10667
"application, because that information is detailed in the profile. Also, note "
10668
"that the <emphasis>app</emphasis> name replaces the "
10669
"<emphasis>port</emphasis> number."
10671
"There is no need to specify the <emphasis>protocol</emphasis> for the "
10672
"application, because that information is detailed in the profile. Also, note "
10673
"that the <emphasis>app</emphasis> name replaces the "
10674
"<emphasis>port</emphasis> number."
10676
#: serverguide/C/security.xml:571(para)
10678
"To view details about which ports, protocols, etc are defined for an "
10679
"application, enter:"
10681
"To view details about which ports, protocols, etc are defined for an "
10682
"application, enter:"
10684
#: serverguide/C/security.xml:576(command)
10685
msgid "sudo ufw app info Samba"
10686
msgstr "sudo ufw app info Samba"
10688
#: serverguide/C/security.xml:582(para)
10690
"Not all applications that require opening a network port come with "
10691
"<application>ufw</application> profiles, but if you have profiled an "
10692
"application and want the file to be included with the package, please file a "
10693
"bug against the package in <ulink "
10694
"url=\"https://launchpad.net/\">Launchpad</ulink>."
10696
"Not all applications that require opening a network port come with "
10697
"<application>ufw</application> profiles, but if you have profiled an "
10698
"application and want the file to be included with the package, please file a "
10699
"bug against the package in <ulink "
10700
"url=\"https://launchpad.net/\">Launchpad</ulink>."
10702
#: serverguide/C/security.xml:591(title)
10703
msgid "IP Masquerading"
10704
msgstr "IP Masquerading"
10706
#: serverguide/C/security.xml:592(para)
10708
"The purpose of IP Masquerading is to allow machines with private, non-"
10709
"routable IP addresses on your network to access the Internet through the "
10710
"machine doing the masquerading. Traffic from your private network destined "
10711
"for the Internet must be manipulated for replies to be routable back to the "
10712
"machine that made the request. To do this, the kernel must modify the "
10713
"<emphasis>source</emphasis> IP address of each packet so that replies will "
10714
"be routed back to it, rather than to the private IP address that made the "
10715
"request, which is impossible over the Internet. Linux uses "
10716
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
10717
"connections belong to which machines and reroute each return packet "
10718
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
10719
"having originated from your Ubuntu gateway machine. This process is referred "
10720
"to in Microsoft documentation as Internet Connection Sharing."
10722
"The purpose of IP Masquerading is to allow machines with private, non-"
10723
"routable IP addresses on your network to access the Internet through the "
10724
"machine doing the masquerading. Traffic from your private network destined "
10725
"for the Internet must be manipulated for replies to be routable back to the "
10726
"machine that made the request. To do this, the kernel must modify the "
10727
"<emphasis>source</emphasis> IP address of each packet so that replies will "
10728
"be routed back to it, rather than to the private IP address that made the "
10729
"request, which is impossible over the Internet. Linux uses "
10730
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
10731
"connections belong to which machines and reroute each return packet "
10732
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
10733
"having originated from your Ubuntu gateway machine. This process is referred "
10734
"to in Microsoft documentation as Internet Connection Sharing."
10736
#: serverguide/C/security.xml:608(title)
10737
msgid "ufw Masquerading"
10738
msgstr "ufw Masquerading"
10740
#: serverguide/C/security.xml:609(para)
10742
"IP Masquerading can be achieved using custom <application>ufw</application> "
10743
"rules. This is possible because the current back-end for "
10744
"<application>ufw</application> is <application>iptables-"
10745
"restore</application> with the rules files located in "
10746
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
10747
"legacy iptables rules used without <application>ufw</application>, and rules "
10748
"that are more network gateway or bridge related."
10750
"IP Masquerading can be achieved using custom <application>ufw</application> "
10751
"rules. This is possible because the current back-end for "
10752
"<application>ufw</application> is <application>iptables-"
10753
"restore</application> with the rules files located in "
10754
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
10755
"legacy iptables rules used without <application>ufw</application>, and rules "
10756
"that are more network gateway or bridge related."
10758
#: serverguide/C/security.xml:615(para)
10760
"The rules are split into two different files, rules that should be executed "
10761
"before <application>ufw</application> command line rules, and rules that are "
10762
"executed after <application>ufw</application> command line rules."
10764
"The rules are split into two different files, rules that should be executed "
10765
"before <application>ufw</application> command line rules, and rules that are "
10766
"executed after <application>ufw</application> command line rules."
10768
#: serverguide/C/security.xml:621(para)
10770
"First, packet forwarding needs to be enabled in "
10771
"<application>ufw</application>. Two configuration files will need to be "
10772
"adjusted, in <filename>/etc/default/ufw</filename> change the "
10773
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
10775
"First, packet forwarding needs to be enabled in "
10776
"<application>ufw</application>. Two configuration files will need to be "
10777
"adjusted, in <filename>/etc/default/ufw</filename> change the "
10778
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
10780
#: serverguide/C/security.xml:625(programlisting)
10784
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
10787
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
10789
#: serverguide/C/security.xml:628(para)
10790
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
10791
msgstr "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
10793
#: serverguide/C/security.xml:631(programlisting)
10797
"net/ipv4/ip_forward=1\n"
10800
"net/ipv4/ip_forward=1\n"
10802
#: serverguide/C/security.xml:634(para)
10803
msgid "Similarly, for IPv6 forwarding uncomment:"
10804
msgstr "Similarly, for IPv6 forwarding uncomment:"
10806
#: serverguide/C/security.xml:637(programlisting)
10810
"net/ipv6/conf/default/forwarding=1\n"
10813
"net/ipv6/conf/default/forwarding=1\n"
10815
#: serverguide/C/security.xml:642(para)
10817
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
10818
"file. The default rules only configure the <emphasis>filter</emphasis> "
10819
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
10820
"need to be configured. Add the following to the top of the file just after "
10821
"the header comments:"
10823
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
10824
"file. The default rules only configure the <emphasis>filter</emphasis> "
10825
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
10826
"need to be configured. Add the following to the top of the file just after "
10827
"the header comments:"
10829
#: serverguide/C/security.xml:647(programlisting)
10833
"# nat Table rules\n"
10835
":POSTROUTING ACCEPT [0:0]\n"
10837
"# Forward traffic from eth1 through eth0.\n"
10838
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
10840
"# don't delete the 'COMMIT' line or these nat table rules won't be "
10845
"# nat Table rules\n"
10847
":POSTROUTING ACCEPT [0:0]\n"
10849
"# Forward traffic from eth1 through eth0.\n"
10850
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
10852
"# don't delete the 'COMMIT' line or these nat table rules won't be "
10856
#: serverguide/C/security.xml:658(para)
10858
"The comments are not strictly necessary, but it is considered good practice "
10859
"to document your configuration. Also, when modifying any of the "
10860
"<emphasis>rules</emphasis> files in <filename "
10861
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
10862
"line for each table modified:"
10864
"The comments are not strictly necessary, but it is considered good practice "
10865
"to document your configuration. Also, when modifying any of the "
10866
"<emphasis>rules</emphasis> files in <filename "
10867
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
10868
"line for each table modified:"
10870
#: serverguide/C/security.xml:664(programlisting)
10874
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
10878
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
10881
#: serverguide/C/security.xml:669(para)
10883
"For each <emphasis>Table</emphasis> a corresponding "
10884
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
10885
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
10886
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
10887
"<emphasis>mangle</emphasis> tables."
10889
"For each <emphasis>Table</emphasis> a corresponding "
10890
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
10891
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
10892
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
10893
"<emphasis>mangle</emphasis> tables."
10895
#: serverguide/C/security.xml:676(para)
10897
"In the above example replace <emphasis>eth0</emphasis>, "
10898
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
10899
"appropriate interfaces and IP range for your network."
10901
"In the above example replace <emphasis>eth0</emphasis>, "
10902
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
10903
"appropriate interfaces and IP range for your network."
10905
#: serverguide/C/security.xml:684(para)
10907
"Finally, disable and re-enable <application>ufw</application> to apply the "
10910
"Finally, disable and re-enable <application>ufw</application> to apply the "
10913
#: serverguide/C/security.xml:688(command)
10914
msgid "sudo ufw disable && sudo ufw enable"
10915
msgstr "sudo ufw disable && sudo ufw enable"
10917
#: serverguide/C/security.xml:692(para)
10919
"IP Masquerading should now be enabled. You can also add any additional "
10920
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
10921
"recommended that these additional rules be added to the <emphasis>ufw-before-"
10922
"forward</emphasis> chain."
10924
"IP Masquerading should now be enabled. You can also add any additional "
10925
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
10926
"recommended that these additional rules be added to the <emphasis>ufw-before-"
10927
"forward</emphasis> chain."
10929
#: serverguide/C/security.xml:699(title)
10930
msgid "iptables Masquerading"
10931
msgstr "iptables Masquerading"
10933
#: serverguide/C/security.xml:700(para)
10935
"<application>iptables</application> can also be used to enable masquerading."
10937
"<application>iptables</application> can also be used to enable masquerading."
10939
#: serverguide/C/security.xml:705(para)
10941
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
10942
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
10943
"uncomment the following line"
10945
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
10946
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
10947
"uncomment the following line"
10949
#: serverguide/C/security.xml:709(programlisting)
10953
"net.ipv4.ip_forward=1\n"
10956
"net.ipv4.ip_forward=1\n"
10958
#: serverguide/C/security.xml:712(para)
10959
msgid "If you wish to enable IPv6 forwarding also uncomment:"
10960
msgstr "If you wish to enable IPv6 forwarding also uncomment:"
10962
#: serverguide/C/security.xml:715(programlisting)
10966
"net.ipv6.conf.default.forwarding=1\n"
10969
"net.ipv6.conf.default.forwarding=1\n"
10971
#: serverguide/C/security.xml:720(para)
10973
"Next, execute the <application>sysctl</application> command to enable the "
10974
"new settings in the configuration file:"
10976
"Next, execute the <application>sysctl</application> command to enable the "
10977
"new settings in the configuration file:"
10979
#: serverguide/C/security.xml:724(command)
10980
msgid "sudo sysctl -p"
10981
msgstr "sudo sysctl -p"
10983
#: serverguide/C/security.xml:728(para)
10985
"IP Masquerading can now be accomplished with a single iptables rule, which "
10986
"may differ slightly based on your network configuration:"
10988
"IP Masquerading can now be accomplished with a single iptables rule, which "
10989
"may differ slightly based on your network configuration:"
10991
#: serverguide/C/security.xml:731(screen)
10995
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
10998
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
11000
#: serverguide/C/security.xml:734(para)
11002
"The above command assumes that your private address space is 192.168.0.0/16 "
11003
"and that your Internet-facing device is ppp0. The syntax is broken down as "
11006
"The above command assumes that your private address space is 192.168.0.0/16 "
11007
"and that your Internet-facing device is ppp0. The syntax is broken down as "
11010
#: serverguide/C/security.xml:739(para)
11011
msgid "-t nat -- the rule is to go into the nat table"
11012
msgstr "-t nat -- the rule is to go into the nat table"
11014
#: serverguide/C/security.xml:740(para)
11016
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
11018
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
11020
#: serverguide/C/security.xml:741(para)
11022
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
11023
"specified address space"
11025
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
11026
"specified address space"
11028
#: serverguide/C/security.xml:742(para)
11030
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
11031
"specified network device"
11033
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
11034
"specified network device"
11036
#: serverguide/C/security.xml:744(para)
11038
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
11039
"MASQUERADE target to be manipulated as described above"
11041
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
11042
"MASQUERADE target to be manipulated as described above"
11044
#: serverguide/C/security.xml:752(para)
11046
"Also, each chain in the filter table (the default table, and where most or "
11047
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
11048
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
11049
"you may have set the policies to DROP or REJECT, in which case your "
11050
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
11051
"above rule to work:"
11053
"Also, each chain in the filter table (the default table, and where most or "
11054
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
11055
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
11056
"you may have set the policies to DROP or REJECT, in which case your "
11057
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
11058
"above rule to work:"
11060
#: serverguide/C/security.xml:759(screen)
11064
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
11065
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
11066
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
11069
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
11070
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
11071
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
11073
#: serverguide/C/security.xml:763(para)
11075
"The above commands will allow all connections from your local network to the "
11076
"Internet and all traffic related to those connections to return to the "
11077
"machine that initiated them."
11079
"The above commands will allow all connections from your local network to the "
11080
"Internet and all traffic related to those connections to return to the "
11081
"machine that initiated them."
11083
#: serverguide/C/security.xml:770(para)
11085
"If you want masquerading to be enabled on reboot, which you probably do, "
11086
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
11087
"example add the first command with no filtering:"
11089
"If you want masquerading to be enabled on reboot, which you probably do, "
11090
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
11091
"example add the first command with no filtering:"
11093
#: serverguide/C/security.xml:774(screen)
11097
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
11100
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
11102
#: serverguide/C/security.xml:782(title)
11106
#: serverguide/C/security.xml:783(para)
11108
"Firewall logs are essential for recognizing attacks, troubleshooting your "
11109
"firewall rules, and noticing unusual activity on your network. You must "
11110
"include logging rules in your firewall for them to be generated, though, and "
11111
"logging rules must come before any applicable terminating rule (a rule with "
11112
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
11115
"Firewall logs are essential for recognising attacks, troubleshooting your "
11116
"firewall rules, and noticing unusual activity on your network. You must "
11117
"include logging rules in your firewall for them to be generated, though, and "
11118
"logging rules must come before any applicable terminating rule (a rule with "
11119
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
11122
#: serverguide/C/security.xml:790(para)
11124
"If you are using <application>ufw</application>, you can turn on logging by "
11125
"entering the following in a terminal:"
11127
"If you are using <application>ufw</application>, you can turn on logging by "
11128
"entering the following in a terminal:"
11130
#: serverguide/C/security.xml:794(command)
11131
msgid "sudo ufw logging on"
11132
msgstr "sudo ufw logging on"
11134
#: serverguide/C/security.xml:796(para)
11136
"To turn logging off in <application>ufw</application>, simply replace "
11137
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
11138
"role=\"italic\">off</emphasis> in the above command."
11140
"To turn logging off in <application>ufw</application>, simply replace "
11141
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
11142
"role=\"italic\">off</emphasis> in the above command."
11144
#: serverguide/C/security.xml:799(para)
11146
"If using <application>iptables</application> instead of "
11147
"<application>ufw</application>, enter:"
11149
"If using <application>iptables</application> instead of "
11150
"<application>ufw</application>, enter:"
11152
#: serverguide/C/security.xml:802(screen)
11156
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
11157
"prefix \"NEW_HTTP_CONN: \"\n"
11160
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
11161
"prefix \"NEW_HTTP_CONN: \"\n"
11163
#: serverguide/C/security.xml:805(para)
11165
"A request on port 80 from the local machine, then, would generate a log in "
11166
"dmesg that looks like this:"
11168
"A request on port 80 from the local machine, then, would generate a log in "
11169
"dmesg that looks like this:"
11171
#: serverguide/C/security.xml:810(programlisting)
11174
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
11175
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
11176
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
11177
"WINDOW=32767 RES=0x00 SYN URGP=0"
11179
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
11180
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
11181
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
11182
"WINDOW=32767 RES=0x00 SYN URGP=0"
11184
#: serverguide/C/security.xml:812(para)
11186
"The above log will also appear in <filename>/var/log/messages</filename>, "
11187
"<filename>/var/log/syslog</filename>, and "
11188
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
11189
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
11190
"and configuring <application>ulogd</application> and using the ULOG target "
11191
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
11192
"server that listens for logging instructions from the kernel specifically "
11193
"for firewalls, and can log to any file you like, or even to a "
11194
"<application>PostgreSQL</application> or <application>MySQL</application> "
11195
"database. Making sense of your firewall logs can be simplified by using a "
11196
"log analyzing tool such as <application>fwanalog</application>, "
11197
"<application> fwlogwatch</application>, or <application>lire</application>."
11199
"The above log will also appear in <filename>/var/log/messages</filename>, "
11200
"<filename>/var/log/syslog</filename>, and "
11201
"<filename>/var/log/kern.log</filename>. This behaviour can be modified by "
11202
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
11203
"and configuring <application>ulogd</application> and using the ULOG target "
11204
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
11205
"server that listens for logging instructions from the kernel specifically "
11206
"for firewalls, and can log to any file you like, or even to a "
11207
"<application>PostgreSQL</application> or <application>MySQL</application> "
11208
"database. Making sense of your firewall logs can be simplified by using a "
11209
"log analysing tool such as <application>fwanalog</application>, "
11210
"<application> fwlogwatch</application>, or <application>lire</application>."
11212
#: serverguide/C/security.xml:827(title)
11213
msgid "Other Tools"
11214
msgstr "Other Tools"
11216
#: serverguide/C/security.xml:828(para)
11218
"There are many tools available to help you construct a complete firewall "
11219
"without intimate knowledge of iptables. For the GUI-inclined:"
11221
"There are many tools available to help you construct a complete firewall "
11222
"without intimate knowledge of iptables. For the GUI-inclined:"
11224
#: serverguide/C/security.xml:834(para)
11226
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
11227
"popular and easy to use."
11229
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
11230
"popular and easy to use."
11232
#: serverguide/C/security.xml:839(para)
11234
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
11235
"and will look familiar to an administrator who has used a commercial "
11236
"firewall utility such as <application>Checkpoint FireWall-1</application>."
11238
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
11239
"and will look familiar to an administrator who has used a commercial "
11240
"firewall utility such as <application>Checkpoint FireWall-1</application>."
11242
#: serverguide/C/security.xml:845(para)
11244
"If you prefer a command-line tool with plain-text configuration files:"
11246
"If you prefer a command-line tool with plain-text configuration files:"
11248
#: serverguide/C/security.xml:850(para)
11250
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
11251
"powerful solution to help you configure an advanced firewall for any network."
11253
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
11254
"powerful solution to help you configure an advanced firewall for any network."
11256
#: serverguide/C/security.xml:856(para)
11258
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
11259
"a working firewall \"out of the box\" with zero configuration, and will "
11260
"allow you to easily set up a more advanced firewall by editing simple, well-"
11261
"documented configuration files."
11263
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
11264
"a working firewall \"out of the box\" with zero configuration, and will "
11265
"allow you to easily set up a more advanced firewall by editing simple, well-"
11266
"documented configuration files."
11268
#: serverguide/C/security.xml:863(para)
11270
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
11271
"designed to be a desktop firewall application. It is made up of a server "
11272
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
11273
"like many popular interactive firewall applications for Windows."
11275
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
11276
"designed to be a desktop firewall application. It is made up of a server "
11277
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
11278
"like many popular interactive firewall applications for Windows."
11280
#: serverguide/C/security.xml:875(para)
11282
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
11283
"Firewall</ulink> wiki page contains information on the development of "
11284
"<application>ufw</application>."
11286
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
11287
"Firewall</ulink> wiki page contains information on the development of "
11288
"<application>ufw</application>."
11290
#: serverguide/C/security.xml:881(para)
11292
"Also, the <application>ufw</application> manual page contains some very "
11293
"useful information: <command>man ufw</command>."
11295
"Also, the <application>ufw</application> manual page contains some very "
11296
"useful information: <command>man ufw</command>."
11298
#: serverguide/C/security.xml:886(para)
11300
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
11301
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
11302
"on using <application>iptables</application>."
11304
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
11305
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
11306
"on using <application>iptables</application>."
11308
#: serverguide/C/security.xml:892(para)
11310
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
11311
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
11313
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
11314
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
11316
#: serverguide/C/security.xml:898(para)
11318
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
11319
"HowTo</ulink> in the Ubuntu wiki is a great resource."
11321
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
11322
"HowTo</ulink> in the Ubuntu wiki is a great resource."
11324
#: serverguide/C/security.xml:906(title)
11328
#: serverguide/C/security.xml:907(para)
11330
"<application>AppArmor</application> is a Linux Security Module "
11331
"implementation of name-based mandatory access controls. AppArmor confines "
11332
"individual programs to a set of listed files and posix 1003.1e draft "
11335
"<application>AppArmor</application> is a Linux Security Module "
11336
"implementation of name-based mandatory access controls. AppArmor confines "
11337
"individual programs to a set of listed files and POSIX 1003.1e draft "
11340
#: serverguide/C/security.xml:911(para)
11342
"<application>AppArmor</application> is installed and loaded by default. It "
11343
"uses <emphasis>profiles</emphasis> of an application to determine what files "
11344
"and permissions the application requires. Some packages will install their "
11345
"own profiles, and additional profiles can be found in the "
11346
"<application>apparmor-profiles</application> package."
11348
"<application>AppArmor</application> is installed and loaded by default. It "
11349
"uses <emphasis>profiles</emphasis> of an application to determine what files "
11350
"and permissions the application requires. Some packages will install their "
11351
"own profiles, and additional profiles can be found in the "
11352
"<application>apparmor-profiles</application> package."
11354
#: serverguide/C/security.xml:916(para)
11356
"To install the <application>apparmor-profiles</application> package from a "
11359
"To install the <application>apparmor-profiles</application> package from a "
11362
#: serverguide/C/security.xml:922(para)
11363
msgid "AppArmor profiles have two modes of execution:"
11364
msgstr "AppArmor profiles have two modes of execution:"
11366
#: serverguide/C/security.xml:927(para)
11368
"Complaining/Learning: profile violations are permitted and logged. Useful "
11369
"for testing and developing new profiles."
11371
"Complaining/Learning: profile violations are permitted and logged. Useful "
11372
"for testing and developing new profiles."
11374
#: serverguide/C/security.xml:932(para)
11376
"Enforced/Confined: enforces profile policy as well as logging the violation."
11378
"Enforced/Confined: enforces profile policy as well as logging the violation."
11380
#: serverguide/C/security.xml:938(title)
11381
msgid "Using AppArmor"
11382
msgstr "Using AppArmor"
11384
#: serverguide/C/security.xml:939(para)
11386
"The <application>apparmor-utils</application> package contains command line "
11387
"utilities that you can use to change the <application>AppArmor</application> "
11388
"execution mode, find the status of a profile, create new profiles, etc."
11390
"The <application>apparmor-utils</application> package contains command line "
11391
"utilities that you can use to change the <application>AppArmor</application> "
11392
"execution mode, find the status of a profile, create new profiles, etc."
11394
#: serverguide/C/security.xml:945(para)
11396
"<application>apparmor_status</application> is used to view the current "
11397
"status of AppArmor profiles."
11399
"<application>apparmor_status</application> is used to view the current "
11400
"status of AppArmor profiles."
11402
#: serverguide/C/security.xml:949(command)
11403
msgid "sudo apparmor_status"
11404
msgstr "sudo apparmor_status"
11406
#: serverguide/C/security.xml:953(para)
11408
"<application>aa-complain</application> places a profile into "
11409
"<emphasis>complain</emphasis> mode."
11411
"<application>aa-complain</application> places a profile into "
11412
"<emphasis>complain</emphasis> mode."
11414
#: serverguide/C/security.xml:957(command)
11415
msgid "sudo aa-complain /path/to/bin"
11416
msgstr "sudo aa-complain /path/to/bin"
11418
#: serverguide/C/security.xml:961(para)
11420
"<application>aa-enforce</application> places a profile into "
11421
"<emphasis>enforce</emphasis> mode."
11423
"<application>aa-enforce</application> places a profile into "
11424
"<emphasis>enforce</emphasis> mode."
11426
#: serverguide/C/security.xml:965(command)
11427
msgid "sudo aa-enforce /path/to/bin"
11428
msgstr "sudo aa-enforce /path/to/bin"
11430
#: serverguide/C/security.xml:969(para)
11432
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
11433
"profiles are located. It can be used to manipulate the "
11434
"<emphasis>mode</emphasis> of all profiles."
11436
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
11437
"profiles are located. It can be used to manipulate the "
11438
"<emphasis>mode</emphasis> of all profiles."
11440
#: serverguide/C/security.xml:973(para)
11441
msgid "Enter the following to place all profiles into complain mode:"
11442
msgstr "Enter the following to place all profiles into complain mode:"
11444
#: serverguide/C/security.xml:977(command)
11445
msgid "sudo aa-complain /etc/apparmor.d/*"
11446
msgstr "sudo aa-complain /etc/apparmor.d/*"
11448
#: serverguide/C/security.xml:979(para)
11449
msgid "To place all profiles in enforce mode:"
11450
msgstr "To place all profiles in enforce mode:"
11452
#: serverguide/C/security.xml:983(command)
11453
msgid "sudo aa-enforce /etc/apparmor.d/*"
11454
msgstr "sudo aa-enforce /etc/apparmor.d/*"
11456
#: serverguide/C/security.xml:987(para)
11458
"<application>apparmor_parser</application> is used to load a profile into "
11459
"the kernel. It can also be used to reload a currently loaded profile using "
11460
"the <emphasis>-r</emphasis> option. To load a profile:"
11462
"<application>apparmor_parser</application> is used to load a profile into "
11463
"the kernel. It can also be used to reload a currently loaded profile using "
11464
"the <emphasis>-r</emphasis> option. To load a profile:"
11466
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
11467
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
11468
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
11470
#: serverguide/C/security.xml:994(para)
11471
msgid "To reload a profile:"
11472
msgstr "To reload a profile:"
11474
#: serverguide/C/security.xml:998(command)
11475
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
11476
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
11478
#: serverguide/C/security.xml:1002(para)
11480
"<filename>/etc/init.d/apparmor</filename> can be used to "
11481
"<emphasis>reload</emphasis> all profiles:"
11483
"<filename>/etc/init.d/apparmor</filename> can be used to "
11484
"<emphasis>reload</emphasis> all profiles:"
11486
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
11487
msgid "sudo /etc/init.d/apparmor reload"
11488
msgstr "sudo /etc/init.d/apparmor reload"
11490
#: serverguide/C/security.xml:1010(para)
11492
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
11493
"with the <application>apparmor_parser -R</application> option to "
11494
"<emphasis>disable</emphasis> a profile."
11496
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
11497
"with the <application>apparmor_parser -R</application> option to "
11498
"<emphasis>disable</emphasis> a profile."
11500
#: serverguide/C/security.xml:1015(command)
11501
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
11502
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
11504
#: serverguide/C/security.xml:1016(command)
11505
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
11506
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
11508
#: serverguide/C/security.xml:1018(para)
11510
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
11511
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
11512
"load the profile using the <emphasis>-a</emphasis> option."
11514
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
11515
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
11516
"load the profile using the <emphasis>-a</emphasis> option."
11518
#: serverguide/C/security.xml:1023(command)
11519
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
11520
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
11522
#: serverguide/C/security.xml:1028(para)
11524
"<application>AppArmor</application> can be disabled, and the kernel module "
11525
"unloaded by entering the following:"
11527
"<application>AppArmor</application> can be disabled, and the kernel module "
11528
"unloaded by entering the following:"
11530
#: serverguide/C/security.xml:1032(command)
11531
msgid "sudo /etc/init.d/apparmor stop"
11532
msgstr "sudo /etc/init.d/apparmor stop"
11534
#: serverguide/C/security.xml:1033(command)
11535
msgid "sudo update-rc.d -f apparmor remove"
11536
msgstr "sudo update-rc.d -f apparmor remove"
11538
#: serverguide/C/security.xml:1037(para)
11539
msgid "To re-enable <application>AppArmor</application> enter:"
11540
msgstr "To re-enable <application>AppArmor</application> enter:"
11542
#: serverguide/C/security.xml:1041(command)
11543
msgid "sudo /etc/init.d/apparmor start"
11544
msgstr "sudo /etc/init.d/apparmor start"
11546
#: serverguide/C/security.xml:1042(command)
11547
msgid "sudo update-rc.d apparmor defaults"
11548
msgstr "sudo update-rc.d apparmor defaults"
11550
#: serverguide/C/security.xml:1047(para)
11552
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
11553
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
11554
"the actual executable file path. For example for the "
11555
"<application>ping</application> command use <filename>/bin/ping</filename>"
11557
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
11558
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
11559
"the actual executable file path. For example for the "
11560
"<application>ping</application> command use <filename>/bin/ping</filename>"
11562
#: serverguide/C/security.xml:1055(title)
11566
#: serverguide/C/security.xml:1056(para)
11568
"<application>AppArmor</application> profiles are simple text files located "
11569
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
11570
"path to the executable they profile replacing the \"/\" with \".\". For "
11571
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
11572
"profile for the <filename>/bin/ping</filename> command."
11574
"<application>AppArmor</application> profiles are simple text files located "
11575
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
11576
"path to the executable they profile replacing the \"/\" with \".\". For "
11577
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
11578
"profile for the <filename>/bin/ping</filename> command."
11580
#: serverguide/C/security.xml:1062(para)
11581
msgid "There are two main type of rules used in profiles:"
11582
msgstr "There are two main type of rules used in profiles:"
11584
#: serverguide/C/security.xml:1067(para)
11586
"<emphasis>Path entries:</emphasis> which detail which files an application "
11587
"can access in the file system."
11589
"<emphasis>Path entries:</emphasis> which detail which files an application "
11590
"can access in the file system."
11592
#: serverguide/C/security.xml:1072(para)
11594
"<emphasis>Capability entries:</emphasis> determine what privileges a "
11595
"confined process is allowed to use."
11597
"<emphasis>Capability entries:</emphasis> determine what privileges a "
11598
"confined process is allowed to use."
11600
#: serverguide/C/security.xml:1077(para)
11602
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
11604
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
11606
#: serverguide/C/security.xml:1080(programlisting)
11610
"#include <tunables/global>\n"
11611
"/bin/ping flags=(complain) {\n"
11612
" #include <abstractions/base>\n"
11613
" #include <abstractions/consoles>\n"
11614
" #include <abstractions/nameservice>\n"
11616
" capability net_raw,\n"
11617
" capability setuid,\n"
11618
" network inet raw,\n"
11620
" /bin/ping mixr,\n"
11621
" /etc/modules.conf r,\n"
11625
"#include <tunables/global>\n"
11626
"/bin/ping flags=(complain) {\n"
11627
" #include <abstractions/base>\n"
11628
" #include <abstractions/consoles>\n"
11629
" #include <abstractions/nameservice>\n"
11631
" capability net_raw,\n"
11632
" capability setuid,\n"
11633
" network inet raw,\n"
11635
" /bin/ping mixr,\n"
11636
" /etc/modules.conf r,\n"
11639
#: serverguide/C/security.xml:1097(para)
11641
"<emphasis>#include <tunables/global>:</emphasis> include statements "
11642
"from other files. This allows statements pertaining to multiple applications "
11643
"to be placed in a common file."
11645
"<emphasis>#include <tunables/global>:</emphasis> include statements "
11646
"from other files. This allows statements pertaining to multiple applications "
11647
"to be placed in a common file."
11649
#: serverguide/C/security.xml:1103(para)
11651
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
11652
"program, also setting the mode to <emphasis>complain</emphasis>."
11654
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
11655
"program, also setting the mode to <emphasis>complain</emphasis>."
11657
#: serverguide/C/security.xml:1109(para)
11659
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
11660
"the CAP_NET_RAW Posix.1e capability."
11662
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
11663
"the CAP_NET_RAW Posix.1e capability."
11665
#: serverguide/C/security.xml:1114(para)
11667
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
11668
"execute access to the file."
11670
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
11671
"execute access to the file."
11673
#: serverguide/C/security.xml:1120(para)
11675
"After editing a profile file the profile must be reloaded. See <xref "
11676
"linkend=\"apparmor-usage\"/> for details."
11678
"After editing a profile file the profile must be reloaded. See <xref "
11679
"linkend=\"apparmor-usage\"/> for details."
11681
#: serverguide/C/security.xml:1125(title)
11682
msgid "Creating a Profile"
11683
msgstr "Creating a Profile"
11685
#: serverguide/C/security.xml:1128(para)
11687
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
11688
"application should be exercised. The test plan should be divided into small "
11689
"test cases. Each test case should have a small description and list the "
11692
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
11693
"application should be exercised. The test plan should be divided into small "
11694
"test cases. Each test case should have a small description and list the "
11697
#: serverguide/C/security.xml:1132(para)
11698
msgid "Some standard test cases are:"
11699
msgstr "Some standard test cases are:"
11701
#: serverguide/C/security.xml:1137(para)
11702
msgid "Starting the program."
11703
msgstr "Starting the program."
11705
#: serverguide/C/security.xml:1142(para)
11706
msgid "Stopping the program."
11707
msgstr "Stopping the program."
11709
#: serverguide/C/security.xml:1147(para)
11710
msgid "Reloading the program."
11711
msgstr "Reloading the program."
11713
#: serverguide/C/security.xml:1152(para)
11714
msgid "Testing all the commands supported by the init script."
11715
msgstr "Testing all the commands supported by the init script."
11717
#: serverguide/C/security.xml:1159(para)
11719
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
11720
"genprof</application> to generate a new profile. From a terminal:"
11722
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
11723
"genprof</application> to generate a new profile. From a terminal:"
11725
#: serverguide/C/security.xml:1164(command)
11726
msgid "sudo aa-genprof executable"
11727
msgstr "sudo aa-genprof executable"
11729
#: serverguide/C/security.xml:1166(para)
11730
msgid "For example:"
11731
msgstr "For example:"
11733
#: serverguide/C/security.xml:1170(command)
11734
msgid "sudo aa-genprof slapd"
11735
msgstr "sudo aa-genprof slapd"
11737
#: serverguide/C/security.xml:1174(para)
11739
"To get your new profile included in the <application>apparmor-"
11740
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
11741
"against the <ulink "
11742
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
11745
"To get your new profile included in the <application>apparmor-"
11746
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
11747
"against the <ulink "
11748
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
11751
#: serverguide/C/security.xml:1181(para)
11752
msgid "Include your test plan and test cases."
11753
msgstr "Include your test plan and test cases."
11755
#: serverguide/C/security.xml:1186(para)
11756
msgid "Attach your new profile to the bug."
11757
msgstr "Attach your new profile to the bug."
11759
#: serverguide/C/security.xml:1195(title)
11760
msgid "Updating Profiles"
11761
msgstr "Updating Profiles"
11763
#: serverguide/C/security.xml:1196(para)
11765
"When the program is misbehaving, audit messages are sent to the log files. "
11766
"The program <application>aa-logprof</application> can be used to scan log "
11767
"files for <application>AppArmor</application> audit messages, review them "
11768
"and update the profiles. From a terminal:"
11770
"When the program is misbehaving, audit messages are sent to the log files. "
11771
"The program <application>aa-logprof</application> can be used to scan log "
11772
"files for <application>AppArmor</application> audit messages, review them "
11773
"and update the profiles. From a terminal:"
11775
#: serverguide/C/security.xml:1201(command)
11776
msgid "sudo aa-logprof"
11777
msgstr "sudo aa-logprof"
11779
#: serverguide/C/security.xml:1209(para)
11782
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
11783
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
11784
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
11785
"configuration options."
11788
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
11789
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
11790
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
11791
"configuration options."
11793
#: serverguide/C/security.xml:1216(para)
11795
"For details using AppArmor with other Ubuntu releases see the <ulink "
11796
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
11797
"Wiki</ulink> page."
11799
"For details using AppArmor with other Ubuntu releases see the <ulink "
11800
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
11801
"Wiki</ulink> page."
11803
#: serverguide/C/security.xml:1224(para)
11805
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
11806
"page is another introduction to AppArmor."
11808
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
11809
"page is another introduction to AppArmor."
11811
#: serverguide/C/security.xml:1231(para)
11813
"A great place to ask for <application>AppArmor</application> assistance, and "
11814
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
11815
"server</emphasis> IRC channel on <ulink "
11816
"url=\"http://freenode.net\">freenode</ulink>."
11818
"A great place to ask for <application>AppArmor</application> assistance, and "
11819
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
11820
"server</emphasis> IRC channel on <ulink "
11821
"url=\"http://freenode.net\">freenode</ulink>."
11823
#: serverguide/C/security.xml:1241(title)
11824
msgid "Certificates"
11825
msgstr "Certificates"
11827
#: serverguide/C/security.xml:1242(para)
11829
"One of the most common forms of cryptography today is <emphasis>public-"
11830
"key</emphasis> cryptography. Public-key cryptography utilizes a "
11831
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
11832
"system works by <emphasis>encrypting</emphasis> information using the public "
11833
"key. The information can then only be <emphasis>decrypted</emphasis> using "
11836
"One of the most common forms of cryptography today is <emphasis>public-"
11837
"key</emphasis> cryptography. Public-key cryptography utilises a "
11838
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
11839
"system works by <emphasis>encrypting</emphasis> information using the public "
11840
"key. The information can then only be <emphasis>decrypted</emphasis> using "
11843
#: serverguide/C/security.xml:1248(para)
11845
"A common use for public-key cryptography is encrypting application traffic "
11846
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
11847
"connection. For example, configuring Apache to provide "
11848
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
11849
"encrypt traffic using a protocol that does not itself provide encryption."
11851
"A common use for public-key cryptography is encrypting application traffic "
11852
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
11853
"connection. For example, configuring Apache to provide "
11854
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
11855
"encrypt traffic using a protocol that does not itself provide encryption."
11857
#: serverguide/C/security.xml:1253(para)
11859
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
11860
"<emphasis>public key</emphasis> and other information about a server and the "
11861
"organization who is responsible for it. Certificates can be digitally signed "
11862
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
11863
"third party that has confirmed that the information contained in the "
11864
"certificate is accurate."
11866
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
11867
"<emphasis>public key</emphasis> and other information about a server and the "
11868
"organisation who is responsible for it. Certificates can be digitally signed "
11869
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
11870
"third party that has confirmed that the information contained in the "
11871
"certificate is accurate."
11873
#: serverguide/C/security.xml:1260(title)
11874
msgid "Types of Certificates"
11875
msgstr "Types of Certificates"
11877
#: serverguide/C/security.xml:1261(para)
11879
"To set up a secure server using public-key cryptography, in most cases, you "
11880
"send your certificate request (including your public key), proof of your "
11881
"company's identity, and payment to a CA. The CA verifies the certificate "
11882
"request and your identity, and then sends back a certificate for your secure "
11883
"server. Alternatively, you can create your own <emphasis>self-"
11884
"signed</emphasis> certificate."
11886
"To set up a secure server using public-key cryptography, in most cases, you "
11887
"send your certificate request (including your public key), proof of your "
11888
"company's identity, and payment to a CA. The CA verifies the certificate "
11889
"request and your identity, and then sends back a certificate for your secure "
11890
"server. Alternatively, you can create your own <emphasis>self-"
11891
"signed</emphasis> certificate."
11893
#: serverguide/C/security.xml:1271(para)
11895
"Note, that self-signed certificates should not be used in most production "
11898
"Note, that self-signed certificates should not be used in most production "
11901
#: serverguide/C/security.xml:1275(para)
11903
"Continuing the HTTPS example, a CA-signed certificate provides two important "
11904
"capabilities that a self-signed certificate does not:"
11906
"Continuing the HTTPS example, a CA-signed certificate provides two important "
11907
"capabilities that a self-signed certificate does not:"
11909
#: serverguide/C/security.xml:1282(para)
11911
"Browsers (usually) automatically recognize the certificate and allow a "
11912
"secure connection to be made without prompting the user."
11914
"Browsers (usually) automatically recognise the certificate and allow a "
11915
"secure connection to be made without prompting the user."
11917
#: serverguide/C/security.xml:1289(para)
11919
"When a CA issues a signed certificate, it is guaranteeing the identity of "
11920
"the organization that is providing the web pages to the browser."
11922
"When a CA issues a signed certificate, it is guaranteeing the identity of "
11923
"the organisation that is providing the web pages to the browser."
11925
#: serverguide/C/security.xml:1297(para)
11927
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
11928
"certificates they automatically accept. If a browser encounters a "
11929
"certificate whose authorizing CA is not in the list, the browser asks the "
11930
"user to either accept or decline the connection. Also, other applications "
11931
"may generate an error message when using a self-singed certificate."
11933
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
11934
"certificates they automatically accept. If a browser encounters a "
11935
"certificate whose authorising CA is not in the list, the browser asks the "
11936
"user to either accept or decline the connection. Also, other applications "
11937
"may generate an error message when using a self-signed certificate."
11939
#: serverguide/C/security.xml:1305(para)
11941
"The process of getting a certificate from a CA is fairly easy. A quick "
11942
"overview is as follows:"
11944
"The process of getting a certificate from a CA is fairly easy. A quick "
11945
"overview is as follows:"
11947
#: serverguide/C/security.xml:1312(para)
11948
msgid "Create a private and public encryption key pair."
11949
msgstr "Create a private and public encryption key pair."
11951
#: serverguide/C/security.xml:1315(para)
11953
"Create a certificate request based on the public key. The certificate "
11954
"request contains information about your server and the company hosting it."
11956
"Create a certificate request based on the public key. The certificate "
11957
"request contains information about your server and the company hosting it."
11959
#: serverguide/C/security.xml:1320(para)
11961
"Send the certificate request, along with documents proving your identity, to "
11962
"a CA. We cannot tell you which certificate authority to choose. Your "
11963
"decision may be based on your past experiences, or on the experiences of "
11964
"your friends or colleagues, or purely on monetary factors."
11966
"Send the certificate request, along with documents proving your identity, to "
11967
"a CA. We cannot tell you which certificate authority to choose. Your "
11968
"decision may be based on your past experiences, or on the experiences of "
11969
"your friends or colleagues, or purely on monetary factors."
11971
#: serverguide/C/security.xml:1326(para)
11973
"Once you have decided upon a CA, you need to follow the instructions they "
11974
"provide on how to obtain a certificate from them."
11976
"Once you have decided upon a CA, you need to follow the instructions they "
11977
"provide on how to obtain a certificate from them."
11979
#: serverguide/C/security.xml:1331(para)
11981
"When the CA is satisfied that you are indeed who you claim to be, they send "
11982
"you a digital certificate."
11984
"When the CA is satisfied that you are indeed who you claim to be, they send "
11985
"you a digital certificate."
11987
#: serverguide/C/security.xml:1335(para)
11989
"Install this certificate on your secure server, and configure the "
11990
"appropriate applications to use the certificate."
11992
"Install this certificate on your secure server, and configure the "
11993
"appropriate applications to use the certificate."
11995
#: serverguide/C/security.xml:1344(title)
11996
msgid "Generating a Certificate Signing Request (CSR)"
11997
msgstr "Generating a Certificate Signing Request (CSR)"
11999
#: serverguide/C/security.xml:1346(para)
12001
"Whether you are getting a certificate from a CA or generating your own self-"
12002
"signed certificate, the first step is to generate a key."
12004
"Whether you are getting a certificate from a CA or generating your own self-"
12005
"signed certificate, the first step is to generate a key."
12007
#: serverguide/C/security.xml:1351(para)
12009
"If the certificate will be used by service daemons, such as Apache, Postfix, "
12010
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
12011
"passphrase allows the services to start without manual intervention, usually "
12012
"the preferred way to start a daemon."
12014
"If the certificate will be used by service daemons, such as Apache, Postfix, "
12015
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
12016
"passphrase allows the services to start without manual intervention, usually "
12017
"the preferred way to start a daemon."
12019
#: serverguide/C/security.xml:1357(para)
12021
"This section will cover generating a key with a passphrase, and one without. "
12022
"The non-passphrase key will then be used to generate a certificate that can "
12023
"be used with various service daemons."
12025
"This section will cover generating a key with a passphrase, and one without. "
12026
"The non-passphrase key will then be used to generate a certificate that can "
12027
"be used with various service daemons."
12029
#: serverguide/C/security.xml:1363(para)
12031
"Running your secure service without a passphrase is convenient because you "
12032
"will not need to enter the passphrase every time you start your secure "
12033
"service. But it is insecure and a compromise of the key means a compromise "
12034
"of the server as well."
12036
"Running your secure service without a passphrase is convenient because you "
12037
"will not need to enter the passphrase every time you start your secure "
12038
"service. But it is insecure and a compromise of the key means a compromise "
12039
"of the server as well."
12041
#: serverguide/C/security.xml:1370(para)
12043
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
12044
"Request (CSR) run the following command from a terminal prompt:"
12046
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
12047
"Request (CSR) run the following command from a terminal prompt:"
12049
#: serverguide/C/security.xml:1376(command)
12050
msgid "openssl genrsa -des3 -out server.key 1024"
12051
msgstr "openssl genrsa -des3 -out server.key 1024"
12053
#: serverguide/C/security.xml:1379(programlisting)
12057
"Generating RSA private key, 1024 bit long modulus\n"
12058
".....................++++++\n"
12059
".................++++++\n"
12060
"unable to write 'random state'\n"
12061
"e is 65537 (0x10001)\n"
12062
"Enter pass phrase for server.key:\n"
12065
"Generating RSA private key, 1024 bit long modulus\n"
12066
".....................++++++\n"
12067
".................++++++\n"
12068
"unable to write 'random state'\n"
12069
"e is 65537 (0x10001)\n"
12070
"Enter pass phrase for server.key:\n"
12072
#: serverguide/C/security.xml:1388(para)
12074
"You can now enter your passphrase. For best security, it should at least "
12075
"contain eight characters. The minimum length when specifying -des3 is four "
12076
"characters. It should include numbers and/or punctuation and not be a word "
12077
"in a dictionary. Also remember that your passphrase is case-sensitive."
12079
"You can now enter your passphrase. For best security, it should at least "
12080
"contain eight characters. The minimum length when specifying -des3 is four "
12081
"characters. It should include numbers and/or punctuation and not be a word "
12082
"in a dictionary. Also remember that your passphrase is case-sensitive."
12084
#: serverguide/C/security.xml:1396(para)
12086
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
12087
"server key is generated and stored in the <filename>server.key</filename> "
12090
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
12091
"server key is generated and stored in the <filename>server.key</filename> "
12094
#: serverguide/C/security.xml:1402(para)
12096
"Now create the insecure key, the one without a passphrase, and shuffle the "
12099
"Now create the insecure key, the one without a passphrase, and shuffle the "
12102
#: serverguide/C/security.xml:1408(command)
12103
msgid "openssl rsa -in server.key -out server.key.insecure"
12104
msgstr "openssl rsa -in server.key -out server.key.insecure"
12106
#: serverguide/C/security.xml:1409(command)
12107
msgid "mv server.key server.key.secure"
12108
msgstr "mv server.key server.key.secure"
12110
#: serverguide/C/security.xml:1410(command)
12111
msgid "mv server.key.insecure server.key"
12112
msgstr "mv server.key.insecure server.key"
12114
#: serverguide/C/security.xml:1413(para)
12116
"The insecure key is now named <filename>server.key</filename>, and you can "
12117
"use this file to generate the CSR without passphrase."
12119
"The insecure key is now named <filename>server.key</filename>, and you can "
12120
"use this file to generate the CSR without passphrase."
12122
#: serverguide/C/security.xml:1418(para)
12123
msgid "To create the CSR, run the following command at a terminal prompt:"
12124
msgstr "To create the CSR, run the following command at a terminal prompt:"
12126
#: serverguide/C/security.xml:1423(command)
12127
msgid "openssl req -new -key server.key -out server.csr"
12128
msgstr "openssl req -new -key server.key -out server.csr"
12130
#: serverguide/C/security.xml:1426(para)
12132
"It will prompt you enter the passphrase. If you enter the correct "
12133
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
12134
"etc. Once you enter all these details, your CSR will be created and it will "
12135
"be stored in the <filename>server.csr</filename> file."
12137
"It will prompt you enter the passphrase. If you enter the correct "
12138
"passphrase, it will prompt you to enter Company Name, Site Name, E-mail Id, "
12139
"etc. Once you enter all these details, your CSR will be created and it will "
12140
"be stored in the <filename>server.csr</filename> file."
12142
#: serverguide/C/security.xml:1434(para)
12144
"You can now submit this CSR file to a CA for processing. The CA will use "
12145
"this CSR file and issue the certificate. On the other hand, you can create "
12146
"self-signed certificate using this CSR."
12148
"You can now submit this CSR file to a CA for processing. The CA will use "
12149
"this CSR file and issue the certificate. On the other hand, you can create "
12150
"self-signed certificate using this CSR."
12152
#: serverguide/C/security.xml:1442(title)
12153
msgid "Creating a Self-Signed Certificate"
12154
msgstr "Creating a Self-Signed Certificate"
12156
#: serverguide/C/security.xml:1443(para)
12158
"To create the self-signed certificate, run the following command at a "
12161
"To create the self-signed certificate, run the following command at a "
12164
#: serverguide/C/security.xml:1448(command)
12166
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
12169
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
12172
#: serverguide/C/security.xml:1451(para)
12174
"The above command will prompt you to enter the passphrase. Once you enter "
12175
"the correct passphrase, your certificate will be created and it will be "
12176
"stored in the <filename>server.crt</filename> file."
12178
"The above command will prompt you to enter the passphrase. Once you enter "
12179
"the correct passphrase, your certificate will be created and it will be "
12180
"stored in the <filename>server.crt</filename> file."
12182
#: serverguide/C/security.xml:1456(para)
12184
"If your secure server is to be used in a production environment, you "
12185
"probably need a CA-signed certificate. It is not recommended to use self-"
12186
"signed certificate."
12188
"If your secure server is to be used in a production environment, you "
12189
"probably need a CA-signed certificate. It is not recommended to use self-"
12190
"signed certificate."
12192
#: serverguide/C/security.xml:1464(title)
12193
msgid "Installing the Certificate"
12194
msgstr "Installing the Certificate"
12196
#: serverguide/C/security.xml:1466(para)
12198
"You can install the key file <filename>server.key</filename> and certificate "
12199
"file <filename>server.crt</filename>, or the certificate file issued by your "
12200
"CA, by running following commands at a terminal prompt:"
12202
"You can install the key file <filename>server.key</filename> and certificate "
12203
"file <filename>server.crt</filename>, or the certificate file issued by your "
12204
"CA, by running following commands at a terminal prompt:"
12206
#: serverguide/C/security.xml:1472(command)
12207
msgid "sudo cp server.crt /etc/ssl/certs"
12208
msgstr "sudo cp server.crt /etc/ssl/certs"
12210
#: serverguide/C/security.xml:1473(command)
12211
msgid "sudo cp server.key /etc/ssl/private"
12212
msgstr "sudo cp server.key /etc/ssl/private"
12214
#: serverguide/C/security.xml:1475(para)
12216
"Now simply configure any applications, with the ability to use public-key "
12217
"cryptography, to use the <emphasis>certificate</emphasis> and "
12218
"<emphasis>key</emphasis> files. For example, "
12219
"<application>Apache</application> can provide HTTPS, "
12220
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
12222
"Now simply configure any applications, with the ability to use public-key "
12223
"cryptography, to use the <emphasis>certificate</emphasis> and "
12224
"<emphasis>key</emphasis> files. For example, "
12225
"<application>Apache</application> can provide HTTPS, "
12226
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
12228
#: serverguide/C/security.xml:1482(title)
12229
msgid "Certification Authority"
12230
msgstr "Certification Authority"
12232
#: serverguide/C/security.xml:1484(para)
12234
"If the services on your network require more than a few self-signed "
12235
"certificates it may be worth the additional effort to setup your own "
12236
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
12237
"certificates signed by your own CA, allows the various services using the "
12238
"certificates to easily trust other services using certificates issued from "
12241
"If the services on your network require more than a few self-signed "
12242
"certificates it may be worth the additional effort to setup your own "
12243
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
12244
"certificates signed by your own CA, allows the various services using the "
12245
"certificates to easily trust other services using certificates issued from "
12248
#: serverguide/C/security.xml:1494(para)
12250
"First, create the directories to hold the CA certificate and related files:"
12252
"First, create the directories to hold the CA certificate and related files:"
12254
#: serverguide/C/security.xml:1499(command)
12255
msgid "sudo mkdir /etc/ssl/CA"
12256
msgstr "sudo mkdir /etc/ssl/CA"
12258
#: serverguide/C/security.xml:1500(command)
12259
msgid "sudo mkdir /etc/ssl/newcerts"
12260
msgstr "sudo mkdir /etc/ssl/newcerts"
12262
#: serverguide/C/security.xml:1506(para)
12264
"The CA needs a few additional files to operate, one to keep track of the "
12265
"last serial number used by the CA, each certificate must have a unique "
12266
"serial number, and another file to record which certificates have been "
12269
"The CA needs a few additional files to operate, one to keep track of the "
12270
"last serial number used by the CA, each certificate must have a unique "
12271
"serial number, and another file to record which certificates have been "
12274
#: serverguide/C/security.xml:1513(command)
12275
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
12276
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
12278
#: serverguide/C/security.xml:1514(command)
12279
msgid "sudo touch /etc/ssl/CA/index.txt"
12280
msgstr "sudo touch /etc/ssl/CA/index.txt"
12282
#: serverguide/C/security.xml:1520(para)
12284
"The third file is a CA configuration file. Though not strictly necessary, it "
12285
"is very convenient when issuing multiple certificates. Edit "
12286
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
12287
"]</emphasis> change:"
12289
"The third file is a CA configuration file. Though not strictly necessary, it "
12290
"is very convenient when issuing multiple certificates. Edit "
12291
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
12292
"]</emphasis> change:"
12294
#: serverguide/C/security.xml:1526(programlisting)
12298
"dir = /etc/ssl/ # Where everything is kept\n"
12299
"database = $dir/CA/index.txt # database index file.\n"
12300
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
12301
"serial = $dir/CA/serial # The current serial number\n"
12302
"private_key = $dir/private/cakey.pem# The private key\n"
12305
"dir = /etc/ssl/ # Where everything is kept\n"
12306
"database = $dir/CA/index.txt # database index file.\n"
12307
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
12308
"serial = $dir/CA/serial # The current serial number\n"
12309
"private_key = $dir/private/cakey.pem# The private key\n"
12311
#: serverguide/C/security.xml:1537(para)
12312
msgid "Next, create the self-singed root certificate:"
12313
msgstr "Next, create the self-singed root certificate:"
12315
#: serverguide/C/security.xml:1542(command)
12317
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
12320
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
12323
#: serverguide/C/security.xml:1545(para)
12324
msgid "You will then be asked to enter the details about the certificate."
12325
msgstr "You will then be asked to enter the details about the certificate."
12327
#: serverguide/C/security.xml:1552(para)
12328
msgid "Now install the root certificate and key:"
12329
msgstr "Now install the root certificate and key:"
12331
#: serverguide/C/security.xml:1557(command)
12332
msgid "sudo mv cakey.pem /etc/ssl/private/"
12333
msgstr "sudo mv cakey.pem /etc/ssl/private/"
12335
#: serverguide/C/security.xml:1558(command)
12336
msgid "sudo mv cacert.pem /etc/ssl/certs/"
12337
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
12339
#: serverguide/C/security.xml:1564(para)
12341
"You are now ready to start signing certificates. The first item needed is a "
12342
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
12343
"for details. Once you have a CSR, enter the following to generate a "
12344
"certificate signed by the CA:"
12346
"You are now ready to start signing certificates. The first item needed is a "
12347
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
12348
"for details. Once you have a CSR, enter the following to generate a "
12349
"certificate signed by the CA:"
12351
#: serverguide/C/security.xml:1571(command)
12352
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
12353
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
12355
#: serverguide/C/security.xml:1574(para)
12357
"After entering the password for the CA key, you will be prompted to sign the "
12358
"certificate, and again to commit the new certificate. You should then see a "
12359
"somewhat large amount of output related to the certificate creation."
12361
"After entering the password for the CA key, you will be prompted to sign the "
12362
"certificate, and again to commit the new certificate. You should then see a "
12363
"somewhat large amount of output related to the certificate creation."
12365
#: serverguide/C/security.xml:1583(para)
12367
"There should now be a new file, "
12368
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
12369
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
12370
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
12371
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
12372
"the server where the certificate will be installed. For example "
12373
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
12375
"There should now be a new file, "
12376
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
12377
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
12378
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
12379
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
12380
"the server where the certificate will be installed. For example "
12381
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
12383
#: serverguide/C/security.xml:1591(para)
12385
"Subsequent certificates will be named <filename>02.pem</filename>, "
12386
"<filename>03.pem</filename>, etc."
12388
"Subsequent certificates will be named <filename>02.pem</filename>, "
12389
"<filename>03.pem</filename>, etc."
12391
#: serverguide/C/security.xml:1596(para)
12393
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
12396
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
12399
#: serverguide/C/security.xml:1604(para)
12401
"Finally, copy the new certificate to the host that needs it, and configure "
12402
"the appropriate applications to use it. The default location to install "
12403
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
12404
"enables multiple services to use the same certificate without overly "
12405
"complicated file permissions."
12407
"Finally, copy the new certificate to the host that needs it, and configure "
12408
"the appropriate applications to use it. The default location to install "
12409
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
12410
"enables multiple services to use the same certificate without overly "
12411
"complicated file permissions."
12413
#: serverguide/C/security.xml:1610(para)
12415
"For applications that can be configured to use a CA certificate, you should "
12416
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
12417
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
12420
"For applications that can be configured to use a CA certificate, you should "
12421
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
12422
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
12425
#: serverguide/C/security.xml:1624(para)
12427
"For more detailed instructions on using cryptography see the <ulink "
12428
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
12429
"Certificates HOWTO</ulink> by tlpd.org"
12431
"For more detailed instructions on using cryptography see the <ulink "
12432
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
12433
"Certificates HOWTO</ulink> by tlpd.org"
12435
#: serverguide/C/security.xml:1630(para)
12437
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
12438
"of Certificate Authorities."
12440
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
12441
"of Certificate Authorities."
12443
#: serverguide/C/security.xml:1635(para)
12445
"The Wikipedia <ulink "
12446
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
12447
"information regarding HTTPS."
12449
"The Wikipedia <ulink "
12450
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
12451
"information regarding HTTPS."
12453
#: serverguide/C/security.xml:1640(para)
12455
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
12456
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
12458
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
12459
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
12461
#: serverguide/C/security.xml:1645(para)
12463
"Also, O'Reilly's <ulink "
12464
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
12465
"OpenSSL</ulink> is a good in depth reference."
12467
"Also, O'Reilly's <ulink "
12468
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
12469
"OpenSSL</ulink> is a good in depth reference."
12471
#: serverguide/C/security.xml:1654(title)
12475
#: serverguide/C/security.xml:1656(para)
12477
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
12478
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
12479
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
12480
"filesystem, partition type, etc."
12482
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
12483
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
12484
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
12485
"filesystem, partition type, etc."
12487
#: serverguide/C/security.xml:1662(para)
12489
"During installation there is an option to encrypt the <filename "
12490
"role=\"directory\">/home</filename> partition. This will automatically "
12491
"configure everything needed to encrypt and mount the partition."
12493
"During installation there is an option to encrypt the <filename "
12494
"role=\"directory\">/home</filename> partition. This will automatically "
12495
"configure everything needed to encrypt and mount the partition."
12497
#: serverguide/C/security.xml:1667(para)
12499
"As an example, this section will cover configuring <filename "
12500
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
12502
"As an example, this section will cover configuring <filename "
12503
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
12505
#: serverguide/C/security.xml:1672(title)
12506
msgid "Using eCryptfs"
12507
msgstr "Using eCryptfs"
12509
#: serverguide/C/security.xml:1674(para)
12510
msgid "First, install the necessary packages. From a terminal prompt enter:"
12511
msgstr "First, install the necessary packages. From a terminal prompt enter:"
12513
#: serverguide/C/security.xml:1679(command)
12514
msgid "sudo apt-get install ecryptfs-utils"
12515
msgstr "sudo apt-get install ecryptfs-utils"
12517
#: serverguide/C/security.xml:1682(para)
12518
msgid "Now mount the partition to be encrypted:"
12519
msgstr "Now mount the partition to be encrypted:"
12521
#: serverguide/C/security.xml:1687(command)
12522
msgid "sudo mount -t ecryptfs /srv /srv"
12523
msgstr "sudo mount -t ecryptfs /srv /srv"
12525
#: serverguide/C/security.xml:1690(para)
12527
"You will then be prompted for some details on how "
12528
"<application>ecryptfs</application> should encrypt the data."
12530
"You will then be prompted for some details on how "
12531
"<application>ecryptfs</application> should encrypt the data."
12533
#: serverguide/C/security.xml:1694(para)
12535
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
12536
"copy the <filename>/etc/default</filename> folder to "
12537
"<filename>/srv</filename>:"
12539
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
12540
"copy the <filename>/etc/default</filename> folder to "
12541
"<filename>/srv</filename>:"
12543
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
12544
msgid "sudo cp -r /etc/default /srv"
12545
msgstr "sudo cp -r /etc/default /srv"
12547
#: serverguide/C/security.xml:1703(para)
12548
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
12549
msgstr "Now unmount <filename>/srv</filename>, and try to view a file:"
12551
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
12552
msgid "sudo umount /srv"
12553
msgstr "sudo umount /srv"
12555
#: serverguide/C/security.xml:1709(command)
12556
msgid "cat /srv/default/cron"
12557
msgstr "cat /srv/default/cron"
12559
#: serverguide/C/security.xml:1712(para)
12561
"Remounting <filename>/srv</filename> using "
12562
"<application>ecryptfs</application> will make the data viewable once again."
12564
"Remounting <filename>/srv</filename> using "
12565
"<application>ecryptfs</application> will make the data viewable once again."
12567
#: serverguide/C/security.xml:1718(title)
12568
msgid "Automatically Mounting Encrypted Partitions"
12569
msgstr "Automatically Mounting Encrypted Partitions"
12571
#: serverguide/C/security.xml:1720(para)
12573
"There are a couple of ways to automatically mount an "
12574
"<application>ecryptfs</application> encrypted filesystem at boot. This "
12575
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
12576
"mount options, along with a passphrase file residing on a USB key."
12578
"There are a couple of ways to automatically mount an "
12579
"<application>ecryptfs</application> encrypted filesystem at boot. This "
12580
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
12581
"mount options, along with a passphrase file residing on a USB key."
12583
#: serverguide/C/security.xml:1726(para)
12584
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
12585
msgstr "First, create <filename>/root/.ecryptfsrc</filename> containing:"
12587
#: serverguide/C/security.xml:1730(programlisting)
12591
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
12592
"ecryptfs_sig=5826dd62cf81c615\n"
12593
"ecryptfs_cipher=aes\n"
12594
"ecryptfs_key_bytes=16\n"
12595
"ecryptfs_passthrough=n\n"
12596
"ecryptfs_enable_filename_crypto=n\n"
12599
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
12600
"ecryptfs_sig=5826dd62cf81c615\n"
12601
"ecryptfs_cipher=aes\n"
12602
"ecryptfs_key_bytes=16\n"
12603
"ecryptfs_passthrough=n\n"
12604
"ecryptfs_enable_filename_crypto=n\n"
12606
#: serverguide/C/security.xml:1740(para)
12608
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
12609
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
12611
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
12612
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
12614
#: serverguide/C/security.xml:1745(para)
12616
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
12619
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
12622
#: serverguide/C/security.xml:1749(programlisting)
12626
"passphrase_passwd=[secrets]\n"
12629
"passphrase_passwd=[secrets]\n"
12631
#: serverguide/C/security.xml:1753(para)
12632
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
12633
msgstr "Now add the necessary lines to <filename>/etc/fstab</filename>:"
12635
#: serverguide/C/security.xml:1757(programlisting)
12639
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
12640
"/srv /srv ecryptfs defaults 0 0\n"
12643
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
12644
"/srv /srv ecryptfs defaults 0 0\n"
12646
#: serverguide/C/security.xml:1762(para)
12647
msgid "Make sure the USB drive is mounted before the encrypted partition."
12648
msgstr "Make sure the USB drive is mounted before the encrypted partition."
12650
#: serverguide/C/security.xml:1766(para)
12652
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
12655
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
12658
#: serverguide/C/security.xml:1774(para)
12660
"The <application>ecryptfs-utils</application> package includes several other "
12661
"useful utilities:"
12663
"The <application>ecryptfs-utils</application> package includes several other "
12664
"useful utilities:"
12666
#: serverguide/C/security.xml:1780(para)
12668
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
12669
"<filename>~/Private</filename> directory to contain encrypted information. "
12670
"This utility can be run by unprivileged users to keep data private from "
12671
"other users on the system."
12673
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
12674
"<filename>~/Private</filename> directory to contain encrypted information. "
12675
"This utility can be run by unprivileged users to keep data private from "
12676
"other users on the system."
12678
#: serverguide/C/security.xml:1787(para)
12680
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
12681
"will mount and unmount respectively, a users <filename>~/Private</filename> "
12684
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
12685
"will mount and unmount respectively, a users <filename>~/Private</filename> "
12688
#: serverguide/C/security.xml:1793(para)
12690
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
12693
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
12696
#: serverguide/C/security.xml:1798(para)
12698
"<emphasis>ecryptfs-manager:</emphasis> manages "
12699
"<application>eCryptfs</application> objects such as keys."
12701
"<emphasis>ecryptfs-manager:</emphasis> manages "
12702
"<application>eCryptfs</application> objects such as keys."
12704
#: serverguide/C/security.xml:1803(para)
12706
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
12707
"<application>ecryptfs</application> meta information for a file."
12709
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
12710
"<application>ecryptfs</application> meta information for a file."
12712
#: serverguide/C/security.xml:1816(para)
12714
"For more information on eCryptfs see the <ulink "
12715
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
12717
"For more information on eCryptfs see the <ulink "
12718
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
12720
#: serverguide/C/security.xml:1821(para)
12722
"There is also a <ulink "
12723
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
12724
"article covering eCryptfs."
12726
"There is also a <ulink "
12727
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
12728
"article covering eCryptfs."
12730
#: serverguide/C/security.xml:1826(para)
12732
"Also, for more <application>ecryptfs</application> options see the <ulink "
12733
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
12734
"ecryptfs man page</ulink>."
12736
"Also, for more <application>ecryptfs</application> options see the <ulink "
12737
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
12738
"ecryptfs man page</ulink>."
12740
#: serverguide/C/security.xml:1832(para)
12742
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
12743
"Ubuntu Wiki</ulink> page also has more details."
12745
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
12746
"Ubuntu Wiki</ulink> page also has more details."
12748
#: serverguide/C/reporting-bugs.xml:13(title)
12752
#: serverguide/C/reporting-bugs.xml:16(title)
12753
msgid "Reporting Bugs in Ubuntu Server Edition"
12754
msgstr "Reporting Bugs in Ubuntu Server Edition"
12756
#: serverguide/C/reporting-bugs.xml:18(para)
12758
"While the Ubuntu Project attempts to release software with as few bugs as "
12759
"possible, they do occur. You can help fix these bugs by reporting ones that "
12760
"you find to the project. The Ubuntu Project uses <ulink "
12761
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
12762
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
12763
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
12766
"While the Ubuntu Project attempts to release software with as few bugs as "
12767
"possible, they do occur. You can help fix these bugs by reporting ones that "
12768
"you find to the project. The Ubuntu Project uses <ulink "
12769
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
12770
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
12771
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
12774
#: serverguide/C/reporting-bugs.xml:30(title)
12775
msgid "Reporting Bugs With ubuntu-bug"
12776
msgstr "Reporting Bugs With ubuntu-bug"
12778
#: serverguide/C/reporting-bugs.xml:32(para)
12780
"The preferred way to report a bug is with the <application>ubuntu-"
12781
"bug</application> command. The ubuntu-bug tool gathers information about the "
12782
"system useful to developers in diagnosing the reported problem that will "
12783
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
12784
"need to be filed against a specific software package, thus the name of the "
12785
"package that the bug occurs in needs to be given to ubuntu-bug:"
12787
"The preferred way to report a bug is with the <application>ubuntu-"
12788
"bug</application> command. The ubuntu-bug tool gathers information about the "
12789
"system useful to developers in diagnosing the reported problem that will "
12790
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
12791
"need to be filed against a specific software package, thus the name of the "
12792
"package that the bug occurs in needs to be given to ubuntu-bug:"
12794
#: serverguide/C/reporting-bugs.xml:43(command)
12795
msgid "ubuntu-bug PACKAGENAME"
12796
msgstr "ubuntu-bug PACKAGENAME"
12798
#: serverguide/C/reporting-bugs.xml:46(para)
12800
"For example, to file a bug against the openssh-server package, you would do:"
12802
"For example, to file a bug against the openssh-server package, you would do:"
12804
#: serverguide/C/reporting-bugs.xml:51(command)
12805
msgid "ubuntu-bug openssh-server"
12806
msgstr "ubuntu-bug openssh-server"
12808
#: serverguide/C/reporting-bugs.xml:54(para)
12810
"You can specify either a binary package or the source package for ubuntu-"
12811
"bug. Again using openssh-server as an example, you could also generate the "
12812
"report against the source package for openssh-server, openssh:"
12814
"You can specify either a binary package or the source package for ubuntu-"
12815
"bug. Again using openssh-server as an example, you could also generate the "
12816
"report against the source package for openssh-server, openssh:"
12818
#: serverguide/C/reporting-bugs.xml:62(command)
12819
msgid "ubuntu-bug openssh"
12820
msgstr "ubuntu-bug openssh"
12822
#: serverguide/C/reporting-bugs.xml:66(para)
12824
"See <xref linkend=\"package-management\"/> for more information about "
12825
"packages in Ubuntu."
12827
"See <xref linkend=\"package-management\"/> for more information about "
12828
"packages in Ubuntu."
12830
#: serverguide/C/reporting-bugs.xml:72(para)
12832
"The ubuntu-bug command will gather information about the system in question, "
12833
"possibly including information specific to the specified package, and then "
12834
"ask you what you would like to do with collected information:"
12836
"The ubuntu-bug command will gather information about the system in question, "
12837
"possibly including information specific to the specified package, and then "
12838
"ask you what you would like to do with collected information:"
12840
#: serverguide/C/reporting-bugs.xml:80(command)
12841
msgid "ubuntu-bug postgresql"
12842
msgstr "ubuntu-bug postgresql"
12844
#: serverguide/C/reporting-bugs.xml:79(screen)
12848
"<placeholder-1/>\n"
12850
"*** Collecting problem information\n"
12852
"The collected information can be sent to the developers to improve the\n"
12853
"application. This might take a few minutes.\n"
12856
"*** Send problem report to the developers?\n"
12858
"After the problem report has been sent, please fill out the form in the\n"
12859
"automatically opened web browser.\n"
12861
"What would you like to do? Your options are:\n"
12862
" S: Send report (1.7 KiB)\n"
12863
" V: View report\n"
12864
" K: Keep report file for sending later or copying to somewhere else\n"
12866
"Please choose (S/V/K/C):\n"
12869
"<placeholder-1/>\n"
12871
"*** Collecting problem information\n"
12873
"The collected information can be sent to the developers to improve the\n"
12874
"application. This might take a few minutes.\n"
12877
"*** Send problem report to the developers?\n"
12879
"After the problem report has been sent, please fill out the form in the\n"
12880
"automatically opened web browser.\n"
12882
"What would you like to do? Your options are:\n"
12883
" S: Send report (1.7 KiB)\n"
12884
" V: View report\n"
12885
" K: Keep report file for sending later or copying to somewhere else\n"
12887
"Please choose (S/V/K/C):\n"
12889
#: serverguide/C/reporting-bugs.xml:101(para)
12890
msgid "The options available are:"
12891
msgstr "The options available are:"
12893
#: serverguide/C/reporting-bugs.xml:108(para)
12895
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
12896
"the collected information to Launchpad as part of the the process of filing "
12897
"a bug report. You will be given the opportunity to describe the situation "
12898
"that led up to the occurrence of the bug."
12900
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
12901
"the collected information to Launchpad as part of the the process of filing "
12902
"a bug report. You will be given the opportunity to describe the situation "
12903
"that led up to the occurrence of the bug."
12905
#: serverguide/C/reporting-bugs.xml:115(screen)
12909
"*** Uploading problem information\n"
12911
"The collected information is being sent to the bug tracking system.\n"
12912
"This might take a few minutes.\n"
12915
"*** To continue, you must visit the following URL:\n"
12917
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
12918
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
12920
"You can launch a browser now, or copy this URL into a browser on another\n"
12924
" 1: Launch a browser now\n"
12926
"Please choose (1/C):\n"
12929
"*** Uploading problem information\n"
12931
"The collected information is being sent to the bug tracking system.\n"
12932
"This might take a few minutes.\n"
12935
"*** To continue, you must visit the following URL:\n"
12937
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
12938
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
12940
"You can launch a browser now, or copy this URL into a browser on another\n"
12944
" 1: Launch a browser now\n"
12946
"Please choose (1/C):\n"
12948
#: serverguide/C/reporting-bugs.xml:135(para)
12950
"If you choose to start a browser, by default the text based web browser "
12951
"<application>w3m</application> will be used to finish filing the bug report. "
12952
"Alternately, you can copy the given URL to a currently running web browser."
12954
"If you choose to start a browser, by default the text based web browser "
12955
"<application>w3m</application> will be used to finish filing the bug report. "
12956
"Alternately, you can copy the given URL to a currently running web browser."
12958
#: serverguide/C/reporting-bugs.xml:144(para)
12960
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
12961
"the collected information to be displayed to the terminal for review."
12963
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
12964
"the collected information to be displayed to the terminal for review."
12966
#: serverguide/C/reporting-bugs.xml:150(screen)
12970
"Package: postgresql 8.4.2-2\n"
12971
"PackageArchitecture: all\n"
12973
"ProblemType: Bug\n"
12975
" LANG=en_US.UTF-8\n"
12976
" SHELL=/bin/bash\n"
12977
"Uname: Linux 2.6.32-16-server x86_64\n"
12979
" adduser 3.112ubuntu1\n"
12980
" base-files 5.0.0ubuntu10\n"
12981
" base-passwd 3.5.22\n"
12982
" coreutils 7.4-2ubuntu2\n"
12986
"Package: postgresql 8.4.2-2\n"
12987
"PackageArchitecture: all\n"
12989
"ProblemType: Bug\n"
12991
" LANG=en_US.UTF-8\n"
12992
" SHELL=/bin/bash\n"
12993
"Uname: Linux 2.6.32-16-server x86_64\n"
12995
" adduser 3.112ubuntu1\n"
12996
" base-files 5.0.0ubuntu10\n"
12997
" base-passwd 3.5.22\n"
12998
" coreutils 7.4-2ubuntu2\n"
13001
#: serverguide/C/reporting-bugs.xml:167(para)
13003
"After viewing the report, you will be brought back to the same menu asking "
13004
"what you would like to do with the report."
13006
"After viewing the report, you will be brought back to the same menu asking "
13007
"what you would like to do with the report."
13009
#: serverguide/C/reporting-bugs.xml:174(para)
13011
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
13012
"File causes the gathered information to be written to a file. This file can "
13013
"then be used to later file a bug report or transferred to a different Ubuntu "
13014
"system for reporting. To submit the report file, simply give it as an "
13015
"argument to the ubuntu-bug command:"
13017
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
13018
"File causes the gathered information to be written to a file. This file can "
13019
"then be used to later file a bug report or transferred to a different Ubuntu "
13020
"system for reporting. To submit the report file, simply give it as an "
13021
"argument to the ubuntu-bug command:"
13023
#: serverguide/C/reporting-bugs.xml:189(userinput)
13028
#: serverguide/C/reporting-bugs.xml:192(command)
13029
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
13030
msgstr "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
13032
#: serverguide/C/reporting-bugs.xml:183(screen)
13036
"What would you like to do? Your options are:\n"
13037
" S: Send report (1.7 KiB)\n"
13038
" V: View report\n"
13039
" K: Keep report file for sending later or copying to somewhere else\n"
13041
"Please choose (S/V/K/C): <placeholder-1/>\n"
13042
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
13044
"<placeholder-2/>\n"
13046
"*** Send problem report to the developers?\n"
13050
"What would you like to do? Your options are:\n"
13051
" S: Send report (1.7 KiB)\n"
13052
" V: View report\n"
13053
" K: Keep report file for sending later or copying to somewhere else\n"
13055
"Please choose (S/V/K/C): <placeholder-1/>\n"
13056
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
13058
"<placeholder-2/>\n"
13060
"*** Send problem report to the developers?\n"
13063
#: serverguide/C/reporting-bugs.xml:200(para)
13065
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
13066
"collected information to be discarded."
13068
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
13069
"collected information to be discarded."
13071
#: serverguide/C/reporting-bugs.xml:210(title)
13072
msgid "Reporting Application Crashes"
13073
msgstr "Reporting Application Crashes"
13075
#: serverguide/C/reporting-bugs.xml:212(para)
13077
"The software package that provides the ubuntu-bug utility, "
13078
"<application>apport</application>, can be configured to trigger when "
13079
"applications crash. This is disabled by default, as capturing a crash can be "
13080
"resource intensive depending on how much memory the application that crashed "
13081
"was using as apport captures and processes the core dump."
13083
"The software package that provides the ubuntu-bug utility, "
13084
"<application>apport</application>, can be configured to trigger when "
13085
"applications crash. This is disabled by default, as capturing a crash can be "
13086
"resource intensive depending on how much memory the application that crashed "
13087
"was using as apport captures and processes the core dump."
13089
#: serverguide/C/reporting-bugs.xml:221(para)
13091
"Configuring apport to capture information about crashing applications "
13092
"requires a couple of steps. First, <application>gdb</application> needs to "
13093
"be installed; it is not installed by default in Ubuntu Server Edition."
13095
"Configuring apport to capture information about crashing applications "
13096
"requires a couple of steps. First, <application>gdb</application> needs to "
13097
"be installed; it is not installed by default in Ubuntu Server Edition."
13099
#: serverguide/C/reporting-bugs.xml:229(command)
13100
msgid "sudo apt-get install gdb"
13101
msgstr "sudo apt-get install gdb"
13103
#: serverguide/C/reporting-bugs.xml:232(para)
13105
"See <xref linkend=\"package-management\"/> for more information about "
13106
"managing packages in Ubuntu."
13108
"See <xref linkend=\"package-management\"/> for more information about "
13109
"managing packages in Ubuntu."
13111
#: serverguide/C/reporting-bugs.xml:237(para)
13113
"Once you have ensured that gdb is installed, open the file "
13114
"<filename>/etc/default/apport</filename> in your text editor, and change the "
13115
"<emphasis>enabled</emphasis> setting to be <emphasis "
13116
"role=\"bold\">1</emphasis> like so:"
13118
"Once you have ensured that gdb is installed, open the file "
13119
"<filename>/etc/default/apport</filename> in your text editor, and change the "
13120
"<emphasis>enabled</emphasis> setting to be <emphasis "
13121
"role=\"bold\">1</emphasis> like so:"
13123
#: serverguide/C/reporting-bugs.xml:244(programlisting)
13127
"# set this to 0 to disable apport, or to 1 to enable it\n"
13128
"# you can temporarily override this with\n"
13129
"# sudo service apport start force_start=1\n"
13130
"enabled=<userinput>1</userinput>\n"
13132
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
13133
"maxsize=209715200\n"
13136
"# set this to 0 to disable apport, or to 1 to enable it\n"
13137
"# you can temporarily override this with\n"
13138
"# sudo service apport start force_start=1\n"
13139
"enabled=<userinput>1</userinput>\n"
13141
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
13142
"maxsize=209715200\n"
13144
#: serverguide/C/reporting-bugs.xml:254(para)
13146
"Once you have completed editing <filename>/etc/default/apport</filename>, "
13147
"start the apport service:"
13149
"Once you have completed editing <filename>/etc/default/apport</filename>, "
13150
"start the apport service:"
13152
#: serverguide/C/reporting-bugs.xml:261(command)
13153
msgid "sudo start apport"
13154
msgstr "sudo start apport"
13156
#: serverguide/C/reporting-bugs.xml:264(para)
13158
"After an application crashes, use the <application>apport-cli</application> "
13159
"command to search for the existing saved crash report information:"
13161
"After an application crashes, use the <application>apport-cli</application> "
13162
"command to search for the existing saved crash report information:"
13164
#: serverguide/C/reporting-bugs.xml:271(command)
13166
msgstr "apport-cli"
13168
#: serverguide/C/reporting-bugs.xml:270(screen)
13172
"<placeholder-1/>\n"
13174
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
13176
"If you were not doing anything confidential (entering passwords or other\n"
13177
"private information), you can help to improve the application by\n"
13181
"What would you like to do? Your options are:\n"
13182
" R: Report Problem...\n"
13183
" I: Cancel and ignore future crashes of this program version\n"
13185
"Please choose (R/I/C):\n"
13188
"<placeholder-1/>\n"
13190
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
13192
"If you were not doing anything confidential (entering passwords or other\n"
13193
"private information), you can help to improve the application by\n"
13197
"What would you like to do? Your options are:\n"
13198
" R: Report Problem...\n"
13199
" I: Cancel and ignore future crashes of this program version\n"
13201
"Please choose (R/I/C):\n"
13203
#: serverguide/C/reporting-bugs.xml:287(para)
13205
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
13206
"steps as when using ubuntu-bug. One important difference is that a crash "
13207
"report will be marked as private when filed on Launchpad, meaning that it "
13208
"will be visible to only a limited set of bug triagers. These triagers will "
13209
"review the gathered data for private information before making the bug "
13210
"report publicly visible."
13212
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
13213
"steps as when using ubuntu-bug. One important difference is that a crash "
13214
"report will be marked as private when filed on Launchpad, meaning that it "
13215
"will be visible to only a limited set of bug triagers. These triagers will "
13216
"review the gathered data for private information before making the bug "
13217
"report publicly visible."
13219
#: serverguide/C/reporting-bugs.xml:307(para)
13222
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
13223
"Bugs</ulink> Ubuntu wiki page."
13226
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
13227
"Bugs</ulink> Ubuntu wiki page."
13229
#: serverguide/C/reporting-bugs.xml:313(para)
13231
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
13232
"has some useful information. Though some of it pertains to using a GUI."
13234
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
13235
"has some useful information. Though some of it pertains to using a GUI."
13237
#: serverguide/C/remote-administration.xml:13(title)
13238
msgid "Remote Administration"
13239
msgstr "Remote Administration"
13241
#: serverguide/C/remote-administration.xml:14(para)
13243
"There are many ways to remotely administer a Linux server. This chapter will "
13244
"cover one of the most popular <application>OpenSSH</application>."
13246
"There are many ways to remotely administer a Linux server. This chapter will "
13247
"cover one of the most popular <application>OpenSSH</application>."
13249
#: serverguide/C/remote-administration.xml:22(para)
13251
"This section of the Ubuntu Server Guide introduces a powerful collection of "
13252
"tools for the remote control of networked computers and transfer of data "
13253
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
13254
"also learn about some of the configuration settings possible with the "
13255
"OpenSSH server application and how to change them on your Ubuntu system."
13257
"This section of the Ubuntu Server Guide introduces a powerful collection of "
13258
"tools for the remote control of networked computers and transfer of data "
13259
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
13260
"also learn about some of the configuration settings possible with the "
13261
"OpenSSH server application and how to change them on your Ubuntu system."
13263
#: serverguide/C/remote-administration.xml:29(para)
13265
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
13266
"family of tools for remotely controlling a computer or transferring files "
13267
"between computers. Traditional tools used to accomplish these functions, "
13268
"such as <application>telnet</application> or <application>rcp</application>, "
13269
"are insecure and transmit the user's password in cleartext when used. "
13270
"OpenSSH provides a server daemon and client tools to facilitate secure, "
13271
"encrypted remote control and file transfer operations, effectively replacing "
13272
"the legacy tools."
13274
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
13275
"family of tools for remotely controlling a computer or transferring files "
13276
"between computers. Traditional tools used to accomplish these functions, "
13277
"such as <application>telnet</application> or <application>rcp</application>, "
13278
"are insecure and transmit the user's password in cleartext when used. "
13279
"OpenSSH provides a server daemon and client tools to facilitate secure, "
13280
"encrypted remote control and file transfer operations, effectively replacing "
13281
"the legacy tools."
13283
#: serverguide/C/remote-administration.xml:38(para)
13285
"The OpenSSH server component, <application>sshd</application>, listens "
13286
"continuously for client connections from any of the client tools. When a "
13287
"connection request occurs, <application>sshd</application> sets up the "
13288
"correct connection depending on the type of client tool connecting. For "
13289
"example, if the remote computer is connecting with the "
13290
"<application>ssh</application> client application, the OpenSSH server sets "
13291
"up a remote control session after authentication. If a remote user connects "
13292
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
13293
"daemon initiates a secure copy of files between the server and client after "
13294
"authentication. OpenSSH can use many authentication methods, including plain "
13295
"password, public key, and <application>Kerberos</application> tickets."
13297
"The OpenSSH server component, <application>sshd</application>, listens "
13298
"continuously for client connections from any of the client tools. When a "
13299
"connection request occurs, <application>sshd</application> sets up the "
13300
"correct connection depending on the type of client tool connecting. For "
13301
"example, if the remote computer is connecting with the "
13302
"<application>ssh</application> client application, the OpenSSH server sets "
13303
"up a remote control session after authentication. If a remote user connects "
13304
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
13305
"daemon initiates a secure copy of files between the server and client after "
13306
"authentication. OpenSSH can use many authentication methods, including plain "
13307
"password, public key, and <application>Kerberos</application> tickets."
13309
#: serverguide/C/remote-administration.xml:52(para)
13311
"Installation of the OpenSSH client and server applications is simple. To "
13312
"install the OpenSSH client applications on your Ubuntu system, use this "
13313
"command at a terminal prompt:"
13315
"Installation of the OpenSSH client and server applications is simple. To "
13316
"install the OpenSSH client applications on your Ubuntu system, use this "
13317
"command at a terminal prompt:"
13319
#: serverguide/C/remote-administration.xml:58(command)
13320
msgid "sudo apt-get install openssh-client"
13321
msgstr "sudo apt-get install openssh-client"
13323
#: serverguide/C/remote-administration.xml:60(para)
13325
"To install the OpenSSH server application, and related support files, use "
13326
"this command at a terminal prompt:"
13328
"To install the OpenSSH server application, and related support files, use "
13329
"this command at a terminal prompt:"
13331
#: serverguide/C/remote-administration.xml:65(command)
13332
msgid "sudo apt-get install openssh-server"
13333
msgstr "sudo apt-get install openssh-server"
13335
#: serverguide/C/remote-administration.xml:67(para)
13337
"The <application>openssh-server</application> package can also be selected "
13338
"to install during the Server Edition installation process."
13340
"The <application>openssh-server</application> package can also be selected "
13341
"to install during the Server Edition installation process."
13343
#: serverguide/C/remote-administration.xml:74(para)
13345
"You may configure the default behavior of the OpenSSH server application, "
13346
"<application>sshd</application>, by editing the file "
13347
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
13348
"configuration directives used in this file, you may view the appropriate "
13349
"manual page with the following command, issued at a terminal prompt:"
13351
"You may configure the default behaviour of the OpenSSH server application, "
13352
"<application>sshd</application>, by editing the file "
13353
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
13354
"configuration directives used in this file, you may view the appropriate "
13355
"manual page with the following command, issued at a terminal prompt:"
13357
#: serverguide/C/remote-administration.xml:82(command)
13358
msgid "man sshd_config"
13359
msgstr "man sshd_config"
13361
#: serverguide/C/remote-administration.xml:84(para)
13363
"There are many directives in the <application>sshd</application> "
13364
"configuration file controlling such things as communication settings and "
13365
"authentication modes. The following are examples of configuration directives "
13366
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
13369
"There are many directives in the <application>sshd</application> "
13370
"configuration file controlling such things as communication settings and "
13371
"authentication modes. The following are examples of configuration directives "
13372
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
13375
#: serverguide/C/remote-administration.xml:91(para)
13377
"Prior to editing the configuration file, you should make a copy of the "
13378
"original file and protect it from writing so you will have the original "
13379
"settings as a reference and to reuse as necessary."
13381
"Prior to editing the configuration file, you should make a copy of the "
13382
"original file and protect it from writing so you will have the original "
13383
"settings as a reference and to reuse as necessary."
13385
#: serverguide/C/remote-administration.xml:95(para)
13387
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
13388
"writing with the following commands, issued at a terminal prompt:"
13390
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
13391
"writing with the following commands, issued at a terminal prompt:"
13393
#: serverguide/C/remote-administration.xml:100(command)
13394
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
13395
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
13397
#: serverguide/C/remote-administration.xml:101(command)
13398
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
13399
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
13401
#: serverguide/C/remote-administration.xml:103(para)
13403
"The following are examples of configuration directives you may change:"
13405
"The following are examples of configuration directives you may change:"
13407
#: serverguide/C/remote-administration.xml:108(para)
13409
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
13410
"port 22, change the Port directive as such:"
13412
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
13413
"port 22, change the Port directive as such:"
13415
#: serverguide/C/remote-administration.xml:112(para)
13419
#: serverguide/C/remote-administration.xml:117(para)
13421
"To have <application>sshd</application> allow public key-based login "
13422
"credentials, simply add or modify the line:"
13424
"To have <application>sshd</application> allow public key-based login "
13425
"credentials, simply add or modify the line:"
13427
#: serverguide/C/remote-administration.xml:121(para)
13428
msgid "PubkeyAuthentication yes"
13429
msgstr "PubkeyAuthentication yes"
13431
#: serverguide/C/remote-administration.xml:124(para)
13433
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
13434
"present, ensure the line is not commented out."
13436
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
13437
"present, ensure the line is not commented out."
13439
#: serverguide/C/remote-administration.xml:130(para)
13441
"To make your OpenSSH server display the contents of the "
13442
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
13443
"or modify the line:"
13445
"To make your OpenSSH server display the contents of the "
13446
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
13447
"or modify the line:"
13449
#: serverguide/C/remote-administration.xml:135(para)
13450
msgid "Banner /etc/issue.net"
13451
msgstr "Banner /etc/issue.net"
13453
#: serverguide/C/remote-administration.xml:138(para)
13454
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
13455
msgstr "In the <filename>/etc/ssh/sshd_config</filename> file."
13457
#: serverguide/C/remote-administration.xml:143(para)
13459
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
13460
"save the file, and restart the <application>sshd</application> server "
13461
"application to effect the changes using the following command at a terminal "
13464
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
13465
"save the file, and restart the <application>sshd</application> server "
13466
"application to effect the changes using the following command at a terminal "
13469
#: serverguide/C/remote-administration.xml:152(para)
13471
"Many other configuration directives for <application>sshd</application> are "
13472
"available for changing the server application's behavior to fit your needs. "
13473
"Be advised, however, if your only method of access to a server is "
13474
"<application>ssh</application>, and you make a mistake in configuring "
13475
"<application>sshd</application> via the "
13476
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
13477
"out of the server upon restarting it, or that the "
13478
"<application>sshd</application> server refuses to start due to an incorrect "
13479
"configuration directive, so be extra careful when editing this file on a "
13482
"Many other configuration directives for <application>sshd</application> are "
13483
"available for changing the server application's behaviour to fit your needs. "
13484
"Be advised, however, if your only method of access to a server is "
13485
"<application>ssh</application>, and you make a mistake in configuring "
13486
"<application>sshd</application> via the "
13487
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
13488
"out of the server upon restarting it, or that the "
13489
"<application>sshd</application> server refuses to start due to an incorrect "
13490
"configuration directive, so be extra careful when editing this file on a "
13493
#: serverguide/C/remote-administration.xml:167(title)
13497
#: serverguide/C/remote-administration.xml:168(para)
13499
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
13500
"the need of a password. SSH key authentication uses two keys a "
13501
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
13503
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
13504
"the need of a password. SSH key authentication uses two keys a "
13505
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
13507
#: serverguide/C/remote-administration.xml:172(para)
13508
msgid "To generate the keys, from a terminal prompt enter:"
13509
msgstr "To generate the keys, from a terminal prompt enter:"
13511
#: serverguide/C/remote-administration.xml:176(command)
13512
msgid "ssh-keygen -t dsa"
13513
msgstr "ssh-keygen -t dsa"
13515
#: serverguide/C/remote-administration.xml:178(para)
13517
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
13518
"identity of the user. During the process you will be prompted for a "
13519
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
13522
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
13523
"identity of the user. During the process you will be prompted for a "
13524
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
13527
#: serverguide/C/remote-administration.xml:182(para)
13529
"By default the <emphasis>public</emphasis> key is saved in the file "
13530
"<filename>~/.ssh/id_dsa.pub</filename>, while "
13531
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
13532
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
13533
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
13535
"By default the <emphasis>public</emphasis> key is saved in the file "
13536
"<filename>~/.ssh/id_dsa.pub</filename>, while "
13537
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
13538
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
13539
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
13541
#: serverguide/C/remote-administration.xml:188(command)
13542
msgid "ssh-copy-id username@remotehost"
13543
msgstr "ssh-copy-id username@remotehost"
13545
#: serverguide/C/remote-administration.xml:190(para)
13547
"Finally, double check the permissions on the "
13548
"<filename>authorized_keys</filename> file, only the authenticated user "
13549
"should have read and write permissions. If the permissions are not correct "
13552
"Finally, double check the permissions on the "
13553
"<filename>authorized_keys</filename> file, only the authenticated user "
13554
"should have read and write permissions. If the permissions are not correct "
13557
#: serverguide/C/remote-administration.xml:195(command)
13558
msgid "chmod 600 .ssh/authorized_keys"
13559
msgstr "chmod 600 .ssh/authorized_keys"
13561
#: serverguide/C/remote-administration.xml:197(para)
13563
"You should now be able to SSH to the host without being prompted for a "
13566
"You should now be able to SSH to the host without being prompted for a "
13569
#: serverguide/C/remote-administration.xml:206(para)
13571
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
13574
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
13577
#: serverguide/C/remote-administration.xml:212(ulink)
13578
msgid "OpenSSH Website"
13579
msgstr "OpenSSH Website"
13581
#: serverguide/C/remote-administration.xml:217(ulink)
13582
msgid "Advanced OpenSSH Wiki Page"
13583
msgstr "Advanced OpenSSH Wiki Page"
13585
#: serverguide/C/package-management.xml:13(title)
13586
msgid "Package Management"
13587
msgstr "Package Management"
13589
#: serverguide/C/package-management.xml:14(para)
13591
"Ubuntu features a comprehensive package management system for the "
13592
"installation, upgrade, configuration, and removal of software. In addition "
13593
"to providing access to an organized base of over 24,000 software packages "
13594
"for your Ubuntu computer, the package management facilities also feature "
13595
"dependency resolution capabilities and software update checking."
13597
"Ubuntu features a comprehensive package management system for the "
13598
"installation, upgrade, configuration, and removal of software. In addition "
13599
"to providing access to an organised base of over 24,000 software packages "
13600
"for your Ubuntu computer, the package management facilities also feature "
13601
"dependency resolution capabilities and software update checking."
13603
#: serverguide/C/package-management.xml:16(para)
13605
"Several tools are available for interacting with Ubuntu's package management "
13606
"system, from simple command-line utilities which may be easily automated by "
13607
"system administrators, to a simple graphical interface which is easy to use "
13608
"by those new to Ubuntu."
13610
"Several tools are available for interacting with Ubuntu's package management "
13611
"system, from simple command-line utilities which may be easily automated by "
13612
"system administrators, to a simple graphical interface which is easy to use "
13613
"by those new to Ubuntu."
13615
#: serverguide/C/package-management.xml:21(para)
13617
"Ubuntu's package management system is derived from the same system used by "
13618
"the Debian GNU/Linux distribution. The package files contain all of the "
13619
"necessary files, meta-data, and instructions to implement a particular "
13620
"functionality or software application on your Ubuntu computer."
13622
"Ubuntu's package management system is derived from the same system used by "
13623
"the Debian GNU/Linux distribution. The package files contain all of the "
13624
"necessary files, meta-data, and instructions to implement a particular "
13625
"functionality or software application on your Ubuntu computer."
13627
#: serverguide/C/package-management.xml:24(para)
13629
"Debian package files typically have the extension '.deb', and typically "
13630
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
13631
"collections of packages found on various media, such as CD-ROM discs, or "
13632
"online. Packages are normally of the pre-compiled binary format; thus "
13633
"installation is quick and requires no compiling of software."
13635
"Debian package files typically have the extension '.deb', and typically "
13636
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
13637
"collections of packages found on various media, such as CD-ROM discs, or "
13638
"online. Packages are normally of the pre-compiled binary format; thus "
13639
"installation is quick and requires no compiling of software."
13641
#: serverguide/C/package-management.xml:27(para)
13643
"Many complex packages use the concept of <emphasis "
13644
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
13645
"packages required by the principal package in order to function properly. "
13646
"For example, the speech synthesis package "
13647
"<application>Festival</application> depends upon the package "
13648
"<application>libasound2</application>, which is a package supplying the "
13649
"<application>ALSA</application> sound library needed for audio playback. In "
13650
"order for <application>Festival</application> to function, it and all of its "
13651
"dependencies must be installed. The software management tools in Ubuntu will "
13652
"do this automatically."
13654
"Many complex packages use the concept of <emphasis "
13655
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
13656
"packages required by the principal package in order to function properly. "
13657
"For example, the speech synthesis package "
13658
"<application>Festival</application> depends upon the package "
13659
"<application>libasound2</application>, which is a package supplying the "
13660
"<application>ALSA</application> sound library needed for audio playback. In "
13661
"order for <application>Festival</application> to function, it and all of its "
13662
"dependencies must be installed. The software management tools in Ubuntu will "
13663
"do this automatically."
13665
#: serverguide/C/package-management.xml:32(title)
13669
#: serverguide/C/package-management.xml:34(para)
13671
"<application>dpkg</application> is a package manager for "
13672
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
13673
"packages, but unlike other package management system's it can not "
13674
"automatically download and install packages and their dependencies. This "
13675
"section covers using <application>dpkg</application> to manage locally "
13676
"installed packages:"
13678
"<application>dpkg</application> is a package manager for "
13679
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
13680
"packages, but unlike other package management system's it can not "
13681
"automatically download and install packages and their dependencies. This "
13682
"section covers using <application>dpkg</application> to manage locally "
13683
"installed packages:"
13685
#: serverguide/C/package-management.xml:43(para)
13687
"To list all packages installed on the system, from a terminal prompt enter:"
13689
"To list all packages installed on the system, from a terminal prompt enter:"
13691
#: serverguide/C/package-management.xml:48(command)
13695
#: serverguide/C/package-management.xml:54(para)
13697
"Depending on the amount of packages on your system, this can generate a "
13698
"large amount of output. Pipe the output through "
13699
"<application>grep</application> to see if a specific package is installed:"
13701
"Depending on the amount of packages on your system, this can generate a "
13702
"large amount of output. Pipe the output through "
13703
"<application>grep</application> to see if a specific package is installed:"
13705
#: serverguide/C/package-management.xml:60(command)
13706
msgid "dpkg -l | grep apache2"
13707
msgstr "dpkg -l | grep apache2"
13709
#: serverguide/C/package-management.xml:63(para)
13711
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
13712
"package name, or other regular expression."
13714
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
13715
"package name, or other regular expression."
13717
#: serverguide/C/package-management.xml:70(para)
13719
"To list the files installed by a package, in this case the "
13720
"<application>ufw</application> package, enter:"
13722
"To list the files installed by a package, in this case the "
13723
"<application>ufw</application> package, enter:"
13725
#: serverguide/C/package-management.xml:75(command)
13726
msgid "dpkg -L ufw"
13727
msgstr "dpkg -L ufw"
13729
#: serverguide/C/package-management.xml:81(para)
13731
"If you are not sure which package installed a file, <application>dpkg -"
13732
"S</application> may be able to tell you. For example:"
13734
"If you are not sure which package installed a file, <application>dpkg -"
13735
"S</application> may be able to tell you. For example:"
13737
#: serverguide/C/package-management.xml:87(command)
13738
msgid "dpkg -S /etc/host.conf"
13739
msgstr "dpkg -S /etc/host.conf"
13741
#: serverguide/C/package-management.xml:88(computeroutput)
13743
msgid "base-files: /etc/host.conf"
13744
msgstr "base-files: /etc/host.conf"
13746
#: serverguide/C/package-management.xml:91(para)
13748
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
13749
"<application>base-files</application> package."
13751
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
13752
"<application>base-files</application> package."
13754
#: serverguide/C/package-management.xml:96(para)
13756
"Many files are automatically generated during the package install process, "
13757
"and even though they are on the filesystem <command>dpkg -S</command> may "
13758
"not know which package they belong to."
13760
"Many files are automatically generated during the package install process, "
13761
"and even though they are on the filesystem <command>dpkg -S</command> may "
13762
"not know which package they belong to."
13764
#: serverguide/C/package-management.xml:105(para)
13765
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
13766
msgstr "You can install a local <emphasis>.deb</emphasis> file by entering:"
13768
#: serverguide/C/package-management.xml:110(command)
13769
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
13770
msgstr "sudo dpkg -i zip_2.32-1_i386.deb"
13772
#: serverguide/C/package-management.xml:113(para)
13774
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
13775
"the local .deb file."
13777
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
13778
"the local .deb file."
13780
#: serverguide/C/package-management.xml:120(para)
13781
msgid "Uninstalling a package can be accomplished by:"
13782
msgstr "Uninstalling a package can be accomplished by:"
13784
#: serverguide/C/package-management.xml:125(command)
13785
msgid "sudo dpkg -r zip"
13786
msgstr "sudo dpkg -r zip"
13788
#: serverguide/C/package-management.xml:129(para)
13790
"Uninstalling packages using <application>dpkg</application>, in most cases, "
13791
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
13792
"manager that handles dependencies, to ensure that the system is in a "
13793
"consistent state. For example using <command>dpkg -r</command> you can "
13794
"remove the <application>zip</application> package, but any packages that "
13795
"depend on it will still be installed and may no longer function correctly."
13797
"Uninstalling packages using <application>dpkg</application>, in most cases, "
13798
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
13799
"manager that handles dependencies, to ensure that the system is in a "
13800
"consistent state. For example using <command>dpkg -r</command> you can "
13801
"remove the <application>zip</application> package, but any packages that "
13802
"depend on it will still be installed and may no longer function correctly."
13804
#: serverguide/C/package-management.xml:140(para)
13806
"For more <application>dpkg</application> options see the man page: "
13807
"<command>man dpkg</command>."
13809
"For more <application>dpkg</application> options see the man page: "
13810
"<command>man dpkg</command>."
13812
#: serverguide/C/package-management.xml:146(title)
13816
#: serverguide/C/package-management.xml:147(para)
13818
"The <application>apt-get</application> command is a powerful command-line "
13819
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
13820
"(APT) performing such functions as installation of new software packages, "
13821
"upgrade of existing software packages, updating of the package list index, "
13822
"and even upgrading the entire Ubuntu system."
13824
"The <application>apt-get</application> command is a powerful command-line "
13825
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
13826
"(APT) performing such functions as installation of new software packages, "
13827
"upgrade of existing software packages, updating of the package list index, "
13828
"and even upgrading the entire Ubuntu system."
13830
#: serverguide/C/package-management.xml:150(para)
13832
"Being a simple command-line tool, <application>apt-get</application> has "
13833
"numerous advantages over other package management tools available in Ubuntu "
13834
"for server administrators. Some of these advantages include ease of use over "
13835
"simple terminal connections (SSH) and the ability to be used in system "
13836
"administration scripts, which can in turn be automated by the "
13837
"<application>cron</application> scheduling utility."
13839
"Being a simple command-line tool, <application>apt-get</application> has "
13840
"numerous advantages over other package management tools available in Ubuntu "
13841
"for server administrators. Some of these advantages include ease of use over "
13842
"simple terminal connections (SSH) and the ability to be used in system "
13843
"administration scripts, which can in turn be automated by the "
13844
"<application>cron</application> scheduling utility."
13846
#: serverguide/C/package-management.xml:157(para)
13848
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
13849
"packages using the <application>apt-get</application> tool is quite simple. "
13850
"For example, to install the network scanner <emphasis "
13851
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
13852
"<command>sudo apt-get install nmap</command>\n"
13855
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
13856
"packages using the <application>apt-get</application> tool is quite simple. "
13857
"For example, to install the network scanner <emphasis "
13858
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
13859
"<command>sudo apt-get install nmap</command>\n"
13862
#: serverguide/C/package-management.xml:165(para)
13864
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
13865
"packages is also a straightforward and simple process. To remove the nmap "
13866
"package installed in the previous example, type the following: <screen>\n"
13867
"<command>sudo apt-get remove nmap</command>\n"
13870
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
13871
"packages is also a straightforward and simple process. To remove the nmap "
13872
"package installed in the previous example, type the following: <screen>\n"
13873
"<command>sudo apt-get remove nmap</command>\n"
13876
#: serverguide/C/package-management.xml:172(para)
13878
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
13879
"multiple packages to be installed or removed, separated by spaces."
13881
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
13882
"multiple packages to be installed or removed, separated by spaces."
13884
#: serverguide/C/package-management.xml:175(para)
13886
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
13887
"remove</command> will remove the package configuration files as well. This "
13888
"may or may not be the desired effect so use with caution."
13890
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
13891
"remove</command> will remove the package configuration files as well. This "
13892
"may or may not be the desired effect so use with caution."
13894
#: serverguide/C/package-management.xml:181(para)
13896
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
13897
"index is essentially a database of available packages from the repositories "
13898
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
13899
"the local package index with the latest changes made in repositories, type "
13900
"the following: <screen>\n"
13901
"<command>sudo apt-get update</command>\n"
13904
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
13905
"index is essentially a database of available packages from the repositories "
13906
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
13907
"the local package index with the latest changes made in repositories, type "
13908
"the following: <screen>\n"
13909
"<command>sudo apt-get update</command>\n"
13912
#: serverguide/C/package-management.xml:189(para)
13914
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
13915
"versions of packages currently installed on your computer may become "
13916
"available from the package repositories (for example security updates). To "
13917
"upgrade your system, first update your package index as outlined above, and "
13918
"then type: <screen>\n"
13919
"<command>sudo apt-get upgrade</command>\n"
13922
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
13923
"versions of packages currently installed on your computer may become "
13924
"available from the package repositories (for example security updates). To "
13925
"upgrade your system, first update your package index as outlined above, and "
13926
"then type: <screen>\n"
13927
"<command>sudo apt-get upgrade</command>\n"
13930
#: serverguide/C/package-management.xml:195(para)
13932
"For information on upgrading to a new Ubuntu release see <xref "
13933
"linkend=\"installing-upgrading\"/>."
13935
"For information on upgrading to a new Ubuntu release see <xref "
13936
"linkend=\"installing-upgrading\"/>."
13938
#: serverguide/C/package-management.xml:153(para)
13940
"Some examples of popular uses for the <application>apt-get</application> "
13941
"utility: <placeholder-1/>"
13943
"Some examples of popular uses for the <application>apt-get</application> "
13944
"utility: <placeholder-1/>"
13946
#: serverguide/C/package-management.xml:201(para)
13948
"Actions of the <application>apt-get</application> command, such as "
13949
"installation and removal of packages, are logged in the /var/log/dpkg.log "
13952
"Actions of the <application>apt-get</application> command, such as "
13953
"installation and removal of packages, are logged in the /var/log/dpkg.log "
13956
#: serverguide/C/package-management.xml:204(para)
13958
"For further information about the use of <application>APT</application>, "
13959
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
13960
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
13963
"For further information about the use of <application>APT</application>, "
13964
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
13965
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
13968
#: serverguide/C/package-management.xml:208(title)
13972
#: serverguide/C/package-management.xml:209(para)
13974
"<application>Aptitude</application> is a menu-driven, text-based front-end "
13975
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
13976
"the common package management functions, such as installation, removal, and "
13977
"upgrade, are performed in <application>Aptitude</application> with single-"
13978
"key commands, which are typically lowercase letters."
13980
"<application>Aptitude</application> is a menu-driven, text-based front-end "
13981
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
13982
"the common package management functions, such as installation, removal, and "
13983
"upgrade, are performed in <application>Aptitude</application> with single-"
13984
"key commands, which are typically lowercase letters."
13986
#: serverguide/C/package-management.xml:212(para)
13988
"<application>Aptitude</application> is best suited for use in a non-"
13989
"graphical terminal environment to ensure proper functioning of the command "
13990
"keys. You may start <application>Aptitude</application> as a normal user "
13991
"with the following command at a terminal prompt: <screen>\n"
13992
"<command>sudo aptitude</command>\n"
13995
"<application>Aptitude</application> is best suited for use in a non-"
13996
"graphical terminal environment to ensure proper functioning of the command "
13997
"keys. You may start <application>Aptitude</application> as a normal user "
13998
"with the following command at a terminal prompt: <screen>\n"
13999
"<command>sudo aptitude</command>\n"
14002
#: serverguide/C/package-management.xml:219(para)
14004
"When <application>Aptitude</application> starts, you will see a menu bar at "
14005
"the top of the screen and two panes below the menu bar. The top pane "
14006
"contains package categories, such as <emphasis role=\"italics\">New "
14007
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
14008
"Packages</emphasis>. The bottom pane contains information related to the "
14009
"packages and package categories."
14011
"When <application>Aptitude</application> starts, you will see a menu bar at "
14012
"the top of the screen and two panes below the menu bar. The top pane "
14013
"contains package categories, such as <emphasis role=\"italics\">New "
14014
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
14015
"Packages</emphasis>. The bottom pane contains information related to the "
14016
"packages and package categories."
14018
#: serverguide/C/package-management.xml:222(para)
14020
"Using <application>Aptitude</application> for package management is "
14021
"relatively straightforward, and the user interface makes common tasks simple "
14022
"to perform. The following are examples of common package management "
14023
"functions as performed in <application>Aptitude</application>:"
14025
"Using <application>Aptitude</application> for package management is "
14026
"relatively straightforward, and the user interface makes common tasks simple "
14027
"to perform. The following are examples of common package management "
14028
"functions as performed in <application>Aptitude</application>:"
14030
#: serverguide/C/package-management.xml:226(para)
14032
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
14033
"locate the package via the Not Installed Packages package category, for "
14034
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
14035
"key, and highlight the package you wish to install. After highlighting the "
14036
"package you wish to install, press the <keycap>+</keycap> key, and the "
14037
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
14038
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
14039
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
14040
"again, and you will be prompted to become root to complete the installation. "
14041
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
14042
"your user password to become root. Finally, press <keycap>g</keycap> once "
14043
"more and you'll be prompted to download the package. Press "
14044
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
14045
"prompt, and downloading and installation of the package will commence."
14047
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
14048
"locate the package via the Not Installed Packages package category, for "
14049
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
14050
"key, and highlight the package you wish to install. After highlighting the "
14051
"package you wish to install, press the <keycap>+</keycap> key, and the "
14052
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
14053
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
14054
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
14055
"again, and you will be prompted to become root to complete the installation. "
14056
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
14057
"your user password to become root. Finally, press <keycap>g</keycap> once "
14058
"more and you'll be prompted to download the package. Press "
14059
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
14060
"prompt, and downloading and installation of the package will commence."
14062
#: serverguide/C/package-management.xml:230(para)
14064
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
14065
"locate the package via the Installed Packages package category, for example, "
14066
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
14067
"highlight the package you wish to remove. After highlighting the package you "
14068
"wish to install, press the <keycap>-</keycap> key, and the package entry "
14069
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
14070
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
14071
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
14072
"prompted to become root to complete the installation. Press "
14073
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
14074
"user password to become root. Finally, press <keycap>g</keycap> once more, "
14075
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
14076
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
14077
"the package will commence."
14079
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
14080
"locate the package via the Installed Packages package category, for example, "
14081
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
14082
"highlight the package you wish to remove. After highlighting the package you "
14083
"wish to install, press the <keycap>-</keycap> key, and the package entry "
14084
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
14085
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
14086
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
14087
"prompted to become root to complete the installation. Press "
14088
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
14089
"user password to become root. Finally, press <keycap>g</keycap> once more, "
14090
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
14091
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
14092
"the package will commence."
14094
#: serverguide/C/package-management.xml:234(para)
14096
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
14097
"package index, simply press the <keycap>u</keycap> key and you will be "
14098
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
14099
"which will result in a Password: prompt. Enter your user password to become "
14100
"root. Updating of the package index will commence. Press "
14101
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
14102
"presented to complete the process."
14104
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
14105
"package index, simply press the <keycap>u</keycap> key and you will be "
14106
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
14107
"which will result in a Password: prompt. Enter your user password to become "
14108
"root. Updating of the package index will commence. Press "
14109
"<keycap>ENTER</keycap> on the OK prompt when the download dialogue is "
14110
"presented to complete the process."
14112
#: serverguide/C/package-management.xml:238(para)
14114
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
14115
"perform the update of the package index as detailed above, and then press "
14116
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
14117
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
14118
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
14119
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
14120
"result in a Password: prompt. Enter your user password to become root. "
14121
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
14122
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
14123
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
14126
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
14127
"perform the update of the package index as detailed above, and then press "
14128
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
14129
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
14130
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
14131
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
14132
"result in a Password: prompt. Enter your user password to become root. "
14133
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
14134
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
14135
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
14138
#: serverguide/C/package-management.xml:245(para)
14139
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
14140
msgstr "<emphasis role=\"bold\">i</emphasis>: Installed package"
14142
#: serverguide/C/package-management.xml:250(para)
14144
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
14145
"configuration remains on system"
14147
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
14148
"configuration remains on system"
14150
#: serverguide/C/package-management.xml:254(para)
14151
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
14152
msgstr "<emphasis role=\"bold\">p</emphasis>: Purged from system"
14154
#: serverguide/C/package-management.xml:258(para)
14155
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
14156
msgstr "<emphasis role=\"bold\">v</emphasis>: Virtual package"
14158
#: serverguide/C/package-management.xml:262(para)
14159
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
14160
msgstr "<emphasis role=\"bold\">B</emphasis>: Broken package"
14162
#: serverguide/C/package-management.xml:266(para)
14164
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
14167
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
14170
#: serverguide/C/package-management.xml:270(para)
14172
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
14175
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
14178
#: serverguide/C/package-management.xml:274(para)
14180
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
14183
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
14186
#: serverguide/C/package-management.xml:242(para)
14188
"The first column of information displayed in the package list in the top "
14189
"pane, when actually viewing packages lists the current state of the package, "
14190
"and uses the following key to describe the state of the package: "
14193
"The first column of information displayed in the package list in the top "
14194
"pane, when actually viewing packages lists the current state of the package, "
14195
"and uses the following key to describe the state of the package: "
14198
#: serverguide/C/package-management.xml:280(para)
14200
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
14201
"wish to exit. Many other functions are available from the Aptitude menu by "
14202
"pressing the <keycap>F10</keycap> key."
14204
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
14205
"wish to exit. Many other functions are available from the Aptitude menu by "
14206
"pressing the <keycap>F10</keycap> key."
14208
#: serverguide/C/package-management.xml:285(title)
14209
msgid "Automatic Updates"
14210
msgstr "Automatic Updates"
14212
#: serverguide/C/package-management.xml:287(para)
14214
"The <application>unattended-upgrades</application> package can be used to "
14215
"automatically install updated packages, and can be configured to update all "
14216
"packages or just install security updates. First, install the package by "
14217
"entering the following in a terminal:"
14219
"The <application>unattended-upgrades</application> package can be used to "
14220
"automatically install updated packages, and can be configured to update all "
14221
"packages or just install security updates. First, install the package by "
14222
"entering the following in a terminal:"
14224
#: serverguide/C/package-management.xml:293(command)
14225
msgid "sudo apt-get install unattended-upgrades"
14226
msgstr "sudo apt-get install unattended-upgrades"
14228
#: serverguide/C/package-management.xml:296(para)
14230
"To configure <application>unattended-upgrades</application>, edit "
14231
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
14232
"the following to fit your needs:"
14234
"To configure <application>unattended-upgrades</application>, edit "
14235
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
14236
"the following to fit your needs:"
14238
#: serverguide/C/package-management.xml:301(programlisting)
14242
"Unattended-Upgrade::Allowed-Origins {\n"
14243
" \"Ubuntu maverick-security\";\n"
14244
"// \"Ubuntu maverick-updates\";\n"
14248
"Unattended-Upgrade::Allowed-Origins {\n"
14249
" \"Ubuntu maverick-security\";\n"
14250
"// \"Ubuntu maverick-updates\";\n"
14253
#: serverguide/C/package-management.xml:308(para)
14255
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
14256
"will not be automatically updated. To blacklist a package, add it to the "
14259
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
14260
"will not be automatically updated. To blacklist a package, add it to the "
14263
#: serverguide/C/package-management.xml:313(programlisting)
14267
"Unattended-Upgrade::Package-Blacklist {\n"
14270
"// \"libc6-dev\";\n"
14271
"// \"libc6-i686\";\n"
14275
"Unattended-Upgrade::Package-Blacklist {\n"
14278
"// \"libc6-dev\";\n"
14279
"// \"libc6-i686\";\n"
14282
#: serverguide/C/package-management.xml:323(para)
14284
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
14285
"whatever follows \"//\" will not be evaluated."
14287
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
14288
"whatever follows \"//\" will not be evaluated."
14290
#: serverguide/C/package-management.xml:328(para)
14292
"To enable automatic updates, edit "
14293
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
14294
"<application>apt</application> configuration options:"
14296
"To enable automatic updates, edit "
14297
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
14298
"<application>apt</application> configuration options:"
14300
#: serverguide/C/package-management.xml:332(programlisting)
14304
"APT::Periodic::Update-Package-Lists \"1\";\n"
14305
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
14306
"APT::Periodic::AutocleanInterval \"7\";\n"
14307
"APT::Periodic::Unattended-Upgrade \"1\";\n"
14310
"APT::Periodic::Update-Package-Lists \"1\";\n"
14311
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
14312
"APT::Periodic::AutocleanInterval \"7\";\n"
14313
"APT::Periodic::Unattended-Upgrade \"1\";\n"
14315
#: serverguide/C/package-management.xml:339(para)
14317
"The above configuration updates the package list, downloads, and installs "
14318
"available upgrades every day. The local download archive is cleaned every "
14321
"The above configuration updates the package list, downloads, and installs "
14322
"available upgrades every day. The local download archive is cleaned every "
14325
#: serverguide/C/package-management.xml:345(para)
14327
"You can read more about <application>apt</application> Periodic "
14328
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
14331
"You can read more about <application>apt</application> Periodic "
14332
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
14335
#: serverguide/C/package-management.xml:350(para)
14337
"The results of <application>unattended-upgrades</application> will be logged "
14338
"to <filename>/var/log/unattended-upgrades</filename>."
14340
"The results of <application>unattended-upgrades</application> will be logged "
14341
"to <filename>/var/log/unattended-upgrades</filename>."
14343
#: serverguide/C/package-management.xml:355(title)
14344
msgid "Notifications"
14345
msgstr "Notifications"
14347
#: serverguide/C/package-management.xml:357(para)
14349
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
14350
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
14351
"<application>unattended-upgrades</application> to email an administrator "
14352
"detailing any packages that need upgrading or have problems."
14354
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
14355
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
14356
"<application>unattended-upgrades</application> to e-mail an administrator "
14357
"detailing any packages that need upgrading or have problems."
14359
#: serverguide/C/package-management.xml:362(para)
14361
"Another useful package is <application>apticron</application>. "
14362
"<application>apticron</application> will configure a "
14363
"<application>cron</application> job to email an administrator information "
14364
"about any packages on the system that have updates available, as well as a "
14365
"summary of changes in each package."
14367
"Another useful package is <application>apticron</application>. "
14368
"<application>apticron</application> will configure a "
14369
"<application>cron</application> job to e-mail an administrator information "
14370
"about any packages on the system that have updates available, as well as a "
14371
"summary of changes in each package."
14373
#: serverguide/C/package-management.xml:368(para)
14375
"To install the <application>apticron</application> package, in a terminal "
14378
"To install the <application>apticron</application> package, in a terminal "
14381
#: serverguide/C/package-management.xml:373(command)
14382
msgid "sudo apt-get install apticron"
14383
msgstr "sudo apt-get install apticron"
14385
#: serverguide/C/package-management.xml:376(para)
14387
"Once the package is installed edit "
14388
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
14389
"and other options:"
14391
"Once the package is installed edit "
14392
"<filename>/etc/apticron/apticron.conf</filename>, to set the e-mail address "
14393
"and other options:"
14395
#: serverguide/C/package-management.xml:380(programlisting)
14399
"EMAIL=\"root@example.com\"\n"
14402
"EMAIL=\"root@example.com\"\n"
14404
#: serverguide/C/package-management.xml:389(para)
14406
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
14407
"system repositories is stored in the /etc/apt/sources.list configuration "
14408
"file. An example of this file is referenced here, along with information on "
14409
"adding or removing repository references from the file."
14411
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
14412
"system repositories is stored in the /etc/apt/sources.list configuration "
14413
"file. An example of this file is referenced here, along with information on "
14414
"adding or removing repository references from the file."
14416
#: serverguide/C/package-management.xml:395(para)
14418
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
14419
"typical <filename>/etc/apt/sources.list</filename> file."
14421
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
14422
"typical <filename>/etc/apt/sources.list</filename> file."
14424
#: serverguide/C/package-management.xml:399(para)
14426
"You may edit the file to enable repositories or disable them. For example, "
14427
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
14428
"operations occur, simply comment out the appropriate line for the CD-ROM, "
14429
"which appears at the top of the file:"
14431
"You may edit the file to enable repositories or disable them. For example, "
14432
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
14433
"operations occur, simply comment out the appropriate line for the CD-ROM, "
14434
"which appears at the top of the file:"
14436
#: serverguide/C/package-management.xml:404(screen)
14440
"# no more prompting for CD-ROM please\n"
14441
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
14442
"main restricted\n"
14445
"# no more prompting for CD-ROM please\n"
14446
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
14447
"main restricted\n"
14449
#: serverguide/C/package-management.xml:410(title)
14450
msgid "Extra Repositories"
14451
msgstr "Extra Repositories"
14453
#: serverguide/C/package-management.xml:411(para)
14455
"In addition to the officially supported package repositories available for "
14456
"Ubuntu, there exist additional community-maintained repositories which add "
14457
"thousands more potential packages for installation. Two of the most popular "
14458
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
14459
"repositories. These repositories are not officially supported by Ubuntu, but "
14460
"because they are maintained by the community they generally provide packages "
14461
"which are safe for use with your Ubuntu computer."
14463
"In addition to the officially supported package repositories available for "
14464
"Ubuntu, there exists additional community-maintained repositories which add "
14465
"thousands more potential packages for installation. Two of the most popular "
14466
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
14467
"repositories. These repositories are not officially supported by Ubuntu, but "
14468
"because they are maintained by the community they generally provide packages "
14469
"which are safe for use with your Ubuntu computer."
14471
#: serverguide/C/package-management.xml:414(para)
14473
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
14474
"licensing issues that prevent them from being distributed with a free "
14475
"operating system, and they may be illegal in your locality."
14477
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
14478
"licensing issues that prevent them from being distributed with a free "
14479
"operating system, and they may be illegal in your locality."
14481
#: serverguide/C/package-management.xml:416(para)
14483
"Be advised that neither the <emphasis>Universe</emphasis> or "
14484
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
14485
"packages. In particular, there may not be security updates for these "
14488
"Be advised that neither the <emphasis>Universe</emphasis> or "
14489
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
14490
"packages. In particular, there may not be security updates for these "
14493
#: serverguide/C/package-management.xml:420(para)
14495
"Many other package sources are available, sometimes even offering only one "
14496
"package, as in the case of package sources provided by the developer of a "
14497
"single application. You should always be very careful and cautious when "
14498
"using non-standard package sources, however. Research the source and "
14499
"packages carefully before performing any installation, as some package "
14500
"sources and their packages could render your system unstable or non-"
14501
"functional in some respects."
14503
"Many other package sources are available, sometimes even offering only one "
14504
"package, as in the case of package sources provided by the developer of a "
14505
"single application. You should always be very careful and cautious when "
14506
"using non-standard package sources, however. Research the source and "
14507
"packages carefully before performing any installation, as some package "
14508
"sources and their packages could render your system unstable or non-"
14509
"functional in some respects."
14511
#: serverguide/C/package-management.xml:423(para)
14513
"By default, the <emphasis>Universe</emphasis> and "
14514
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
14515
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
14516
"comment the following lines:"
14518
"By default, the <emphasis>Universe</emphasis> and "
14519
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
14520
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
14521
"comment the following lines:"
14523
#: serverguide/C/package-management.xml:430(programlisting)
14527
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
14528
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
14530
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
14531
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
14532
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
14533
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
14535
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
14536
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
14537
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
14538
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
14540
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
14541
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
14542
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
14543
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
14546
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
14547
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
14549
"deb http://gb.archive.ubuntu.com/ubuntu/ maverick universe\n"
14550
"deb-src http://gb.archive.ubuntu.com/ubuntu/ maverick universe\n"
14551
"deb http://gb.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
14552
"deb-src http://gb.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
14554
"deb http://gb.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
14555
"deb-src http://gb.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
14556
"deb http://gb.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
14557
"deb-src http://gb.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
14559
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
14560
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
14561
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
14562
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
14564
#: serverguide/C/package-management.xml:456(para)
14566
"Most of the material covered in this chapter is available in "
14567
"<application>man</application> pages, many of which are available online."
14569
"Most of the material covered in this chapter is available in "
14570
"<application>man</application> pages, many of which are available online."
14572
#: serverguide/C/package-management.xml:463(para)
14575
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
14576
"re</ulink> Ubuntu wiki page has more information."
14579
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
14580
"re</ulink> Ubuntu wiki page has more information."
14582
#: serverguide/C/package-management.xml:468(para)
14584
"For more <application>dpkg</application> details see the <ulink "
14585
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
14586
" man page</ulink>."
14588
"For more <application>dpkg</application> details see the <ulink "
14589
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
14590
" man page</ulink>."
14592
#: serverguide/C/package-management.xml:474(para)
14594
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
14595
"HOWTO</ulink> and <ulink "
14596
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
14597
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
14598
"<application>apt-get</application> usage."
14600
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
14601
"HOWTO</ulink> and <ulink "
14602
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
14603
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
14604
"<application>apt-get</application> usage."
14606
#: serverguide/C/package-management.xml:481(para)
14609
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
14610
"itude man page</ulink> for more <application>aptitude</application> options."
14613
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
14614
"itude man page</ulink> for more <application>aptitude</application> options."
14616
#: serverguide/C/package-management.xml:487(para)
14619
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
14620
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
14621
"adding repositories."
14624
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
14625
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
14626
"adding repositories."
14628
#: serverguide/C/other-apps.xml:13(title)
14629
msgid "Other Useful Applications"
14630
msgstr "Other Useful Applications"
14632
#: serverguide/C/other-apps.xml:15(para)
14634
"There are many very useful applications developed by the Ubuntu Server Team, "
14635
"and others that are well integrated with Ubuntu Server Edition, that might "
14636
"not be well known. This chapter will showcase some useful applications that "
14637
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
14640
"There are many very useful applications developed by the Ubuntu Server Team, "
14641
"and others that are well integrated with Ubuntu Server Edition, that might "
14642
"not be well known. This chapter will showcase some useful applications that "
14643
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
14646
#: serverguide/C/other-apps.xml:23(title)
14650
#: serverguide/C/other-apps.xml:25(para)
14652
"When logging into an Ubuntu server you may have noticed the informative "
14653
"Message Of The Day (MOTD). This information is obtained and displayed using "
14654
"a couple of packages:"
14656
"When logging into an Ubuntu server you may have noticed the informative "
14657
"Message Of The Day (MOTD). This information is obtained and displayed using "
14658
"a couple of packages:"
14660
#: serverguide/C/other-apps.xml:32(para)
14662
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
14663
"<application>landscape-client</application>, which can be used to manage "
14664
"systems using the web based <emphasis>Landscape</emphasis> application. The "
14665
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
14666
"utility which is used to gather the information displayed in the MOTD."
14668
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
14669
"<application>landscape-client</application>, which can be used to manage "
14670
"systems using the web based <emphasis>Landscape</emphasis> application. The "
14671
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
14672
"utility which is used to gather the information displayed in the MOTD."
14674
#: serverguide/C/other-apps.xml:40(para)
14676
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
14677
"the MOTD via <application>pam_motd</application> module."
14679
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
14680
"the MOTD via <application>pam_motd</application> module."
14682
#: serverguide/C/other-apps.xml:46(para)
14684
"<application>pam_motd</application> executes the scripts in "
14685
"<filename>/etc/update-motd.d</filename> in order based on the number "
14686
"prepended to the script. The output of the scripts is written to "
14687
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
14688
"concatenated with <filename>/etc/motd.tail</filename>."
14690
"<application>pam_motd</application> executes the scripts in "
14691
"<filename>/etc/update-motd.d</filename> in order based on the number "
14692
"prepended to the script. The output of the scripts is written to "
14693
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
14694
"concatenated with <filename>/etc/motd.tail</filename>."
14696
#: serverguide/C/other-apps.xml:52(para)
14698
"You can add your own dynamic information to the MOTD. For example, to add "
14699
"local weather information:"
14701
"You can add your own dynamic information to the MOTD. For example, to add "
14702
"local weather information:"
14704
#: serverguide/C/other-apps.xml:58(para)
14705
msgid "First, install the <application>weather-util</application> package:"
14706
msgstr "First, install the <application>weather-util</application> package:"
14708
#: serverguide/C/other-apps.xml:63(command)
14709
msgid "sudo apt-get install weather-util"
14710
msgstr "sudo apt-get install weather-util"
14712
#: serverguide/C/other-apps.xml:68(para)
14714
"The <application>weather</application> utility uses METAR data from the "
14715
"National Oceanic and Atmospheric Administration and forecasts from the "
14716
"National Weather Service. In order to find local information you will need "
14717
"the 4-character ICAO location indicator. This can be determined by browsing "
14718
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
14719
"Weather Service</ulink> site."
14721
"The <application>weather</application> utility uses METAR data from the "
14722
"National Oceanic and Atmospheric Administration and forecasts from the "
14723
"National Weather Service. In order to find local information you will need "
14724
"the 4-character ICAO location indicator. This can be determined by browsing "
14725
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
14726
"Weather Service</ulink> site."
14728
#: serverguide/C/other-apps.xml:75(para)
14730
"Although the National Weather Service is a United States government agency "
14731
"there are weather stations available world wide. However, local weather "
14732
"information for all locations outside the U.S. may not be available."
14734
"Although the National Weather Service is a United States government agency "
14735
"there are weather stations available world wide. However, local weather "
14736
"information for all locations outside the U.S. may not be available."
14738
#: serverguide/C/other-apps.xml:81(para)
14740
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
14741
"script to use <application>weather</application> with your local ICAO "
14744
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
14745
"script to use <application>weather</application> with your local ICAO "
14748
#: serverguide/C/other-apps.xml:86(programlisting)
14755
"# Prints the local weather information for the MOTD.\n"
14759
"# Replace KINT with your local weather station.\n"
14760
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
14763
"weather -i KINT\n"
14771
"# Prints the local weather information for the MOTD.\n"
14775
"# Replace KINT with your local weather station.\n"
14776
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
14779
"weather -i KINT\n"
14783
#: serverguide/C/other-apps.xml:104(para)
14784
msgid "Make the script executable:"
14785
msgstr "Make the script executable:"
14787
#: serverguide/C/other-apps.xml:109(command)
14788
msgid "sudo chmod 755 /usr/local/bin/local-weather"
14789
msgstr "sudo chmod 755 /usr/local/bin/local-weather"
14791
#: serverguide/C/other-apps.xml:113(para)
14793
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
14794
"weather</filename>:"
14796
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
14797
"weather</filename>:"
14799
#: serverguide/C/other-apps.xml:118(command)
14801
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
14803
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
14805
#: serverguide/C/other-apps.xml:122(para)
14806
msgid "Finally, exit the server and re-login to view the new MOTD."
14807
msgstr "Finally, exit the server and re-login to view the new MOTD."
14809
#: serverguide/C/other-apps.xml:128(para)
14811
"You should now be greeted with some useful information, and some information "
14812
"about the local weather that may not be quite so useful. Hopefully the "
14813
"<application>local-weather</application> example demonstrates the "
14814
"flexibility of <application>pam_motd</application>."
14816
"You should now be greeted with some useful information, and some information "
14817
"about the local weather that may not be quite so useful. Hopefully the "
14818
"<application>local-weather</application> example demonstrates the "
14819
"flexibility of <application>pam_motd</application>."
14821
#: serverguide/C/other-apps.xml:136(title)
14825
#: serverguide/C/other-apps.xml:138(para)
14827
"<application>etckeeper</application> allows the contents of <filename "
14828
"role=\"directory\">/etc</filename> be easily stored in Version Control "
14829
"System (VCS) repository. It hooks into <application>apt</application> to "
14830
"automatically commit changes to <filename>/etc</filename> when packages are "
14831
"installed or upgraded. Placing <filename>/etc</filename> under version "
14832
"control is considered an industry best practice, and the goal of "
14833
"<application>etckeeper</application> is to make this process as painless as "
14836
"<application>etckeeper</application> allows the contents of <filename "
14837
"role=\"directory\">/etc</filename> be easily stored in Version Control "
14838
"System (VCS) repository. It hooks into <application>apt</application> to "
14839
"automatically commit changes to <filename>/etc</filename> when packages are "
14840
"installed or upgraded. Placing <filename>/etc</filename> under version "
14841
"control is considered an industry best practice, and the goal of "
14842
"<application>etckeeper</application> is to make this process as painless as "
14845
#: serverguide/C/other-apps.xml:146(para)
14847
"Install <application>etckeeper</application> by entering the following in a "
14850
"Install <application>etckeeper</application> by entering the following in a "
14853
#: serverguide/C/other-apps.xml:151(command)
14854
msgid "sudo apt-get install etckeeper"
14855
msgstr "sudo apt-get install etckeeper"
14857
#: serverguide/C/other-apps.xml:154(para)
14859
"The main configuration file, "
14860
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
14861
"main option is which VCS to use. By default "
14862
"<application>etckeeper</application> is configured to use "
14863
"<application>bzr</application> for version control. The repository is "
14864
"automatically initialized (and committed for the first time) during package "
14865
"installation. It is possible to undo this by entering the following command:"
14867
"The main configuration file, "
14868
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
14869
"main option is which VCS to use. By default "
14870
"<application>etckeeper</application> is configured to use "
14871
"<application>bzr</application> for version control. The repository is "
14872
"automatically initialised (and committed for the first time) during package "
14873
"installation. It is possible to undo this by entering the following command:"
14875
#: serverguide/C/other-apps.xml:164(command)
14876
msgid "sudo etckeeper uninit"
14877
msgstr "sudo etckeeper uninit"
14879
#: serverguide/C/other-apps.xml:167(para)
14881
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
14882
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
14883
"It will also automatically commit changes before and after package "
14884
"installation. For a more precise tracking of changes, it is recommended to "
14885
"commit your changes manually, together with a commit message, using:"
14887
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
14888
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
14889
"It will also automatically commit changes before and after package "
14890
"installation. For a more precise tracking of changes, it is recommended to "
14891
"commit your changes manually, together with a commit message, using:"
14893
#: serverguide/C/other-apps.xml:176(command)
14894
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
14895
msgstr "sudo etckeeper commit \"..Reason for configuration change..\""
14897
#: serverguide/C/other-apps.xml:179(para)
14899
"Using the VCS commands you can view log information about files in "
14900
"<filename>/etc</filename>:"
14902
"Using the VCS commands you can view log information about files in "
14903
"<filename>/etc</filename>:"
14905
#: serverguide/C/other-apps.xml:184(command)
14906
msgid "sudo bzr log /etc/passwd"
14907
msgstr "sudo bzr log /etc/passwd"
14909
#: serverguide/C/other-apps.xml:187(para)
14911
"To demonstrate the integration with the package management system, install "
14912
"<application>postfix</application>:"
14914
"To demonstrate the integration with the package management system, install "
14915
"<application>postfix</application>:"
14917
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
14918
msgid "sudo apt-get install postfix"
14919
msgstr "sudo apt-get install postfix"
14921
#: serverguide/C/other-apps.xml:195(para)
14923
"When the installation is finished, all the "
14924
"<application>postfix</application> configuration files should be committed "
14925
"to the repository:"
14927
"When the installation is finished, all the "
14928
"<application>postfix</application> configuration files should be committed "
14929
"to the repository:"
14931
#: serverguide/C/other-apps.xml:201(computeroutput)
14934
"Committing to: /etc/\n"
14935
"added aliases.db\n"
14937
"modified group-\n"
14938
"modified gshadow\n"
14939
"modified gshadow-\n"
14940
"modified passwd\n"
14941
"modified passwd-\n"
14943
"added resolvconf\n"
14944
"added rsyslog.d\n"
14945
"modified shadow\n"
14946
"modified shadow-\n"
14947
"added init.d/postfix\n"
14948
"added network/if-down.d/postfix\n"
14949
"added network/if-up.d/postfix\n"
14950
"added postfix/dynamicmaps.cf\n"
14951
"added postfix/main.cf\n"
14952
"added postfix/master.cf\n"
14953
"added postfix/post-install\n"
14954
"added postfix/postfix-files\n"
14955
"added postfix/postfix-script\n"
14956
"added postfix/sasl\n"
14957
"added ppp/ip-down.d\n"
14958
"added ppp/ip-down.d/postfix\n"
14959
"added ppp/ip-up.d/postfix\n"
14960
"added rc0.d/K20postfix\n"
14961
"added rc1.d/K20postfix\n"
14962
"added rc2.d/S20postfix\n"
14963
"added rc3.d/S20postfix\n"
14964
"added rc4.d/S20postfix\n"
14965
"added rc5.d/S20postfix\n"
14966
"added rc6.d/K20postfix\n"
14967
"added resolvconf/update-libc.d\n"
14968
"added resolvconf/update-libc.d/postfix\n"
14969
"added rsyslog.d/postfix.conf\n"
14970
"added ufw/applications.d/postfix\n"
14971
"Committed revision 2."
14973
"Committing to: /etc/\n"
14974
"added aliases.db\n"
14976
"modified group-\n"
14977
"modified gshadow\n"
14978
"modified gshadow-\n"
14979
"modified passwd\n"
14980
"modified passwd-\n"
14982
"added resolvconf\n"
14983
"added rsyslog.d\n"
14984
"modified shadow\n"
14985
"modified shadow-\n"
14986
"added init.d/postfix\n"
14987
"added network/if-down.d/postfix\n"
14988
"added network/if-up.d/postfix\n"
14989
"added postfix/dynamicmaps.cf\n"
14990
"added postfix/main.cf\n"
14991
"added postfix/master.cf\n"
14992
"added postfix/post-install\n"
14993
"added postfix/postfix-files\n"
14994
"added postfix/postfix-script\n"
14995
"added postfix/sasl\n"
14996
"added ppp/ip-down.d\n"
14997
"added ppp/ip-down.d/postfix\n"
14998
"added ppp/ip-up.d/postfix\n"
14999
"added rc0.d/K20postfix\n"
15000
"added rc1.d/K20postfix\n"
15001
"added rc2.d/S20postfix\n"
15002
"added rc3.d/S20postfix\n"
15003
"added rc4.d/S20postfix\n"
15004
"added rc5.d/S20postfix\n"
15005
"added rc6.d/K20postfix\n"
15006
"added resolvconf/update-libc.d\n"
15007
"added resolvconf/update-libc.d/postfix\n"
15008
"added rsyslog.d/postfix.conf\n"
15009
"added ufw/applications.d/postfix\n"
15010
"Committed revision 2."
15012
#: serverguide/C/other-apps.xml:241(para)
15014
"For an example of how <application>etckeeper</application> tracks manual "
15015
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
15016
"<application>bzr</application> you can see which files have been modified:"
15018
"For an example of how <application>etckeeper</application> tracks manual "
15019
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
15020
"<application>bzr</application> you can see which files have been modified:"
15022
#: serverguide/C/other-apps.xml:247(command)
15023
msgid "sudo bzr status /etc/"
15024
msgstr "sudo bzr status /etc/"
15026
#: serverguide/C/other-apps.xml:248(computeroutput)
15035
#: serverguide/C/other-apps.xml:252(para)
15036
msgid "Now commit the changes:"
15037
msgstr "Now commit the changes:"
15039
#: serverguide/C/other-apps.xml:257(command)
15040
msgid "sudo etckeeper commit \"new host\""
15041
msgstr "sudo etckeeper commit \"new host\""
15043
#: serverguide/C/other-apps.xml:260(para)
15045
"For more information on <application>bzr</application> see <xref "
15046
"linkend=\"bazaar\"/>."
15048
"For more information on <application>bzr</application> see <xref "
15049
"linkend=\"bazaar\"/>."
15051
#: serverguide/C/other-apps.xml:266(title)
15055
#: serverguide/C/other-apps.xml:268(para)
15057
"One of the most useful applications for any system administrator is "
15058
"<application>screen</application>. It allows the execution of multiple "
15059
"shells in one terminal. To make some of the advanced "
15060
"<application>screen</application> features more user friendly, and provide "
15061
"some useful information about the system, the "
15062
"<application>byobu</application> package was created."
15064
"One of the most useful applications for any system administrator is "
15065
"<application>screen</application>. It allows the execution of multiple "
15066
"shells in one terminal. To make some of the advanced "
15067
"<application>screen</application> features more user friendly, and provide "
15068
"some useful information about the system, the "
15069
"<application>byobu</application> package was created."
15071
#: serverguide/C/other-apps.xml:275(para)
15073
"When executing <application>byobu</application> pressing the "
15074
"<emphasis>F9</emphasis> key will bring up the "
15075
"<application>Configuration</application> menu. This menu will allow you to:"
15077
"When executing <application>byobu</application> pressing the "
15078
"<emphasis>F9</emphasis> key will bring up the "
15079
"<application>Configuration</application> menu. This menu will allow you to:"
15081
#: serverguide/C/other-apps.xml:281(para)
15082
msgid "View the Help menu"
15083
msgstr "View the Help menu"
15085
#: serverguide/C/other-apps.xml:282(para)
15086
msgid "Change Byobu's background color"
15087
msgstr "Change Byobu's background colour"
15089
#: serverguide/C/other-apps.xml:283(para)
15090
msgid "Change Byobu's foreground color"
15091
msgstr "Change Byobu's foreground colour"
15093
#: serverguide/C/other-apps.xml:284(para)
15094
msgid "Toggle status notifications"
15095
msgstr "Toggle status notifications"
15097
#: serverguide/C/other-apps.xml:285(para)
15098
msgid "Change the key binding set"
15099
msgstr "Change the key binding set"
15101
#: serverguide/C/other-apps.xml:286(para)
15102
msgid "Change the escape sequence"
15103
msgstr "Change the escape sequence"
15105
#: serverguide/C/other-apps.xml:287(para)
15106
msgid "Create new windows"
15107
msgstr "Create new windows"
15109
#: serverguide/C/other-apps.xml:288(para)
15110
msgid "Manage the default windows"
15111
msgstr "Manage the default windows"
15113
#: serverguide/C/other-apps.xml:289(para)
15114
msgid "Byobu currently does not launch at login (toggle on)"
15115
msgstr "Byobu currently does not launch at login (toggle on)"
15117
#: serverguide/C/other-apps.xml:292(para)
15119
"The <emphasis>key bindings</emphasis> determine such things as the escape "
15120
"sequence, new window, change window, etc. There are two key binding sets to "
15121
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
15122
"keys</emphasis>. If you wish to use the original key bindings choose the "
15123
"<emphasis>none</emphasis> set."
15125
"The <emphasis>key bindings</emphasis> determine such things as the escape "
15126
"sequence, new window, change window, etc. There are two key binding sets to "
15127
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
15128
"keys</emphasis>. If you wish to use the original key bindings choose the "
15129
"<emphasis>none</emphasis> set."
15131
#: serverguide/C/other-apps.xml:298(para)
15133
"<application>byobu</application> provides a menu which displays the Ubuntu "
15134
"release, processor information, memory information, and the time and date. "
15135
"The effect is similar to a desktop menu."
15137
"<application>byobu</application> provides a menu which displays the Ubuntu "
15138
"release, processor information, memory information, and the time and date. "
15139
"The effect is similar to a desktop menu."
15141
#: serverguide/C/other-apps.xml:303(para)
15143
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
15144
"on)\"</emphasis> option will cause <application>byobu</application> to be "
15145
"executed any time a terminal is opened. Changes made to "
15146
"<application>byobu</application> are on a per user basis, and will not "
15147
"affect other users on the system."
15149
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
15150
"on)\"</emphasis> option will cause <application>byobu</application> to be "
15151
"executed any time a terminal is opened. Changes made to "
15152
"<application>byobu</application> are on a per user basis, and will not "
15153
"affect other users on the system."
15155
#: serverguide/C/other-apps.xml:309(para)
15157
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
15158
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
15159
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
15160
"commands. Here is a quick list of movement commands:"
15162
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
15163
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
15164
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
15165
"commands. Here is a quick list of movement commands:"
15167
#: serverguide/C/other-apps.xml:316(para)
15168
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
15169
msgstr "<emphasis>h</emphasis> - Move the cursor left by one character"
15171
#: serverguide/C/other-apps.xml:317(para)
15172
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
15173
msgstr "<emphasis>j</emphasis> - Move the cursor down by one line"
15175
#: serverguide/C/other-apps.xml:318(para)
15176
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
15177
msgstr "<emphasis>k</emphasis> - Move the cursor up by one line"
15179
#: serverguide/C/other-apps.xml:319(para)
15180
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
15181
msgstr "<emphasis>l</emphasis> - Move the cursor right by one character"
15183
#: serverguide/C/other-apps.xml:320(para)
15184
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
15185
msgstr "<emphasis>0</emphasis> - Move to the beginning of the current line"
15187
#: serverguide/C/other-apps.xml:321(para)
15188
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
15189
msgstr "<emphasis>$</emphasis> - Move to the end of the current line"
15191
#: serverguide/C/other-apps.xml:322(para)
15193
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
15196
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
15199
#: serverguide/C/other-apps.xml:323(para)
15200
msgid "<emphasis>/</emphasis> - Search forward"
15201
msgstr "<emphasis>/</emphasis> - Search forward"
15203
#: serverguide/C/other-apps.xml:324(para)
15204
msgid "<emphasis>?</emphasis> - Search backward"
15205
msgstr "<emphasis>?</emphasis> - Search backward"
15207
#: serverguide/C/other-apps.xml:325(para)
15209
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
15211
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
15213
#: serverguide/C/other-apps.xml:334(para)
15216
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
15217
"motd.1.html\">update-motd man page</ulink> for more options available to "
15218
"<application>update-motd</application>."
15221
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
15222
"motd.1.html\">update-motd man page</ulink> for more options available to "
15223
"<application>update-motd</application>."
15225
#: serverguide/C/other-apps.xml:340(para)
15227
"The Debian Package of the Day <ulink "
15228
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
15229
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
15230
"details about using the <application>weather</application>utility."
15232
"The Debian Package of the Day <ulink "
15233
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
15234
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
15235
"details about using the <application>weather</application>utility."
15237
#: serverguide/C/other-apps.xml:347(para)
15240
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
15241
"more details on using <application>etckeeper</application>."
15244
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
15245
"more details on using <application>etckeeper</application>."
15247
#: serverguide/C/other-apps.xml:353(para)
15249
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
15250
"Ubuntu Wiki</ulink> page."
15252
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
15253
"Ubuntu Wiki</ulink> page."
15255
#: serverguide/C/other-apps.xml:358(para)
15257
"For the latest news and information about <application>bzr</application> see "
15258
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
15260
"For the latest news and information about <application>bzr</application> see "
15261
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
15263
#: serverguide/C/other-apps.xml:363(para)
15265
"For more information on <application>screen</application> see the <ulink "
15266
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
15268
"For more information on <application>screen</application> see the <ulink "
15269
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
15271
#: serverguide/C/other-apps.xml:368(para)
15273
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
15274
"screen</ulink> page."
15276
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
15277
"screen</ulink> page."
15279
#: serverguide/C/other-apps.xml:373(para)
15281
"Also, see the <application>byobu</application><ulink "
15282
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
15285
"Also, see the <application>byobu</application><ulink "
15286
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
15289
#: serverguide/C/network-config.xml:14(para)
15291
"Networks consist of two or more devices, such as computer systems, printers, "
15292
"and related equipment which are connected by either physical cabling or "
15293
"wireless links for the purpose of sharing and distributing information among "
15294
"the connected devices."
15296
"Networks consist of two or more devices, such as computer systems, printers, "
15297
"and related equipment which are connected by either physical cabling or "
15298
"wireless links for the purpose of sharing and distributing information among "
15299
"the connected devices."
15301
#: serverguide/C/network-config.xml:20(para)
15303
"This section provides general and specific information pertaining to "
15304
"networking, including an overview of network concepts and detailed "
15305
"discussion of popular network protocols."
15307
"This section provides general and specific information pertaining to "
15308
"networking, including an overview of network concepts and detailed "
15309
"discussion of popular network protocols."
15311
#: serverguide/C/network-config.xml:27(title)
15312
msgid "Network Configuration"
15313
msgstr "Network Configuration"
15315
#: serverguide/C/network-config.xml:28(para)
15317
"Ubuntu ships with a number of graphical utilities to configure your network "
15318
"devices. This document is geared toward server administrators and will focus "
15319
"on managing your network on the command line."
15321
"Ubuntu ships with a number of graphical utilities to configure your network "
15322
"devices. This document is geared towards server administrators and will "
15323
"focus on managing your network on the command line."
15325
#: serverguide/C/network-config.xml:35(title)
15326
msgid "Ethernet Interfaces"
15327
msgstr "Ethernet Interfaces"
15329
#: serverguide/C/network-config.xml:36(para)
15331
"Ethernet interfaces are identified by the system using the naming convention "
15332
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
15333
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
15334
"interface is typically identified as <emphasis "
15335
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
15336
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
15339
"Ethernet interfaces are identified by the system using the naming convention "
15340
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
15341
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
15342
"interface is typically identified as <emphasis "
15343
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
15344
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
15347
#: serverguide/C/network-config.xml:46(title)
15348
msgid "Identify Ethernet Interfaces"
15349
msgstr "Identify Ethernet Interfaces"
15351
#: serverguide/C/network-config.xml:47(para)
15353
"To quickly identify all available Ethernet interfaces, you can use the "
15354
"<application>ifconfig</application> command as shown below."
15356
"To quickly identify all available Ethernet interfaces, you can use the "
15357
"<application>ifconfig</application> command as shown below."
15359
#: serverguide/C/network-config.xml:52(userinput)
15361
msgid "ifconfig -a | grep eth"
15362
msgstr "ifconfig -a | grep eth"
15364
#: serverguide/C/network-config.xml:51(screen)
15368
"<placeholder-1/>\n"
15369
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
15372
"<placeholder-1/>\n"
15373
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
15375
#: serverguide/C/network-config.xml:55(para)
15377
"Another application that can help identify all network interfaces available "
15378
"to your system is the <application>lshw</application> command. In the "
15379
"example below, <application>lshw</application> shows a single Ethernet "
15380
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
15381
"along with bus information, driver details and all supported capabilities."
15383
"Another application that can help identify all network interfaces available "
15384
"to your system is the <application>lshw</application> command. In the "
15385
"example below, <application>lshw</application> shows a single Ethernet "
15386
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
15387
"along with bus information, driver details and all supported capabilities."
15389
#: serverguide/C/network-config.xml:62(userinput)
15391
msgid "sudo lshw -class network"
15392
msgstr "sudo lshw -class network"
15394
#: serverguide/C/network-config.xml:61(screen)
15398
"<placeholder-1/>\n"
15400
" description: Ethernet interface\n"
15401
" product: BCM4401-B0 100Base-TX\n"
15402
" vendor: Broadcom Corporation\n"
15403
" physical id: 0\n"
15404
" bus info: pci@0000:03:00.0\n"
15405
" logical name: eth0\n"
15407
" serial: 00:15:c5:4a:16:5a\n"
15409
" capacity: 100MB/s\n"
15410
" width: 32 bits\n"
15412
" capabilities: (snipped for brevity)\n"
15413
" configuration: (snipped for brevity)\n"
15414
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
15417
"<placeholder-1/>\n"
15419
" description: Ethernet interface\n"
15420
" product: BCM4401-B0 100Base-TX\n"
15421
" vendor: Broadcom Corporation\n"
15422
" physical id: 0\n"
15423
" bus info: pci@0000:03:00.0\n"
15424
" logical name: eth0\n"
15426
" serial: 00:15:c5:4a:16:5a\n"
15428
" capacity: 100MB/s\n"
15429
" width: 32 bits\n"
15431
" capabilities: (snipped for brevity)\n"
15432
" configuration: (snipped for brevity)\n"
15433
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
15435
#: serverguide/C/network-config.xml:83(title)
15436
msgid "Ethernet Interface Logical Names"
15437
msgstr "Ethernet Interface Logical Names"
15439
#: serverguide/C/network-config.xml:84(para)
15441
"Interface logical names are configured in the file "
15442
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
15443
"like control which interface receives a particular logical name, find the "
15444
"line matching the interfaces physical MAC address and modify the value of "
15445
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
15446
"Reboot the system to commit your changes."
15448
"Interface logical names are configured in the file "
15449
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
15450
"like control which interface receives a particular logical name, find the "
15451
"line matching the interfaces physical MAC address and modify the value of "
15452
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
15453
"Reboot the system to commit your changes."
15455
#: serverguide/C/network-config.xml:92(programlisting)
15459
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
15460
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
15461
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
15462
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
15463
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
15464
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
15467
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
15468
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
15469
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
15470
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
15471
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
15472
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
15474
#: serverguide/C/network-config.xml:99(title)
15475
msgid "Ethernet Interface Settings"
15476
msgstr "Ethernet Interface Settings"
15478
#: serverguide/C/network-config.xml:100(para)
15480
"<application>ethtool</application> is a program that displays and changes "
15481
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
15482
"and Wake-on-LAN. It is not installed by default, but is available for "
15483
"installation in the repositories."
15485
"<application>ethtool</application> is a program that displays and changes "
15486
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
15487
"and Wake-on-LAN. It is not installed by default, but is available for "
15488
"installation in the repositories."
15490
#: serverguide/C/network-config.xml:106(userinput)
15492
msgid "sudo apt-get install ethtool"
15493
msgstr "sudo apt-get install ethtool"
15495
#: serverguide/C/network-config.xml:108(para)
15497
"The following is an example of how to view supported features and configured "
15498
"settings of an Ethernet interface."
15500
"The following is an example of how to view supported features and configured "
15501
"settings of an Ethernet interface."
15503
#: serverguide/C/network-config.xml:113(userinput)
15505
msgid "sudo ethtool eth0"
15506
msgstr "sudo ethtool eth0"
15508
#: serverguide/C/network-config.xml:112(screen)
15512
"<placeholder-1/>\n"
15513
"Settings for eth0:\n"
15514
" Supported ports: [ TP ]\n"
15515
" Supported link modes: 10baseT/Half 10baseT/Full \n"
15516
" 100baseT/Half 100baseT/Full \n"
15517
" 1000baseT/Half 1000baseT/Full \n"
15518
" Supports auto-negotiation: Yes\n"
15519
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
15520
" 100baseT/Half 100baseT/Full \n"
15521
" 1000baseT/Half 1000baseT/Full \n"
15522
" Advertised auto-negotiation: Yes\n"
15523
" Speed: 1000Mb/s\n"
15525
" Port: Twisted Pair\n"
15527
" Transceiver: internal\n"
15528
" Auto-negotiation: on\n"
15529
" Supports Wake-on: g\n"
15531
" Current message level: 0x000000ff (255)\n"
15532
" Link detected: yes\n"
15535
"<placeholder-1/>\n"
15536
"Settings for eth0:\n"
15537
" Supported ports: [ TP ]\n"
15538
" Supported link modes: 10baseT/Half 10baseT/Full \n"
15539
" 100baseT/Half 100baseT/Full \n"
15540
" 1000baseT/Half 1000baseT/Full \n"
15541
" Supports auto-negotiation: Yes\n"
15542
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
15543
" 100baseT/Half 100baseT/Full \n"
15544
" 1000baseT/Half 1000baseT/Full \n"
15545
" Advertised auto-negotiation: Yes\n"
15546
" Speed: 1000Mb/s\n"
15548
" Port: Twisted Pair\n"
15550
" Transceiver: internal\n"
15551
" Auto-negotiation: on\n"
15552
" Supports Wake-on: g\n"
15554
" Current message level: 0x000000ff (255)\n"
15555
" Link detected: yes\n"
15557
#: serverguide/C/network-config.xml:135(para)
15559
"Changes made with the <application>ethtool</application> command are "
15560
"temporary and will be lost after a reboot. If you would like to retain "
15561
"settings, simply add the desired <application>ethtool</application> command "
15562
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
15563
"configuration file <filename>/etc/network/interfaces</filename>."
15565
"Changes made with the <application>ethtool</application> command are "
15566
"temporary and will be lost after a reboot. If you would like to retain "
15567
"settings, simply add the desired <application>ethtool</application> command "
15568
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
15569
"configuration file <filename>/etc/network/interfaces</filename>."
15571
#: serverguide/C/network-config.xml:141(para)
15573
"The following is an example of how the interface identified as <emphasis "
15574
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
15575
"speed of 1000Mb/s running in full duplex mode."
15577
"The following is an example of how the interface identified as <emphasis "
15578
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
15579
"speed of 1000Mb/s running in full duplex mode."
15581
#: serverguide/C/network-config.xml:145(programlisting)
15586
"iface eth0 inet static\n"
15587
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
15591
"iface eth0 inet static\n"
15592
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
15594
#: serverguide/C/network-config.xml:151(para)
15596
"Although the example above shows the interface configured to use the "
15597
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
15598
"other methods as well, such as DHCP. The example is meant to demonstrate "
15599
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
15600
"statement in relation to the rest of the interface configuration."
15602
"Although the example above shows the interface configured to use the "
15603
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
15604
"other methods as well, such as DHCP. The example is meant to demonstrate "
15605
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
15606
"statement in relation to the rest of the interface configuration."
15608
#: serverguide/C/network-config.xml:163(title)
15609
msgid "IP Addressing"
15610
msgstr "IP Addressing"
15612
#: serverguide/C/network-config.xml:164(para)
15614
"The following section describes the process of configuring your systems IP "
15615
"address and default gateway needed for communicating on a local area network "
15616
"and the Internet."
15618
"The following section describes the process of configuring your systems IP "
15619
"address and default gateway needed for communicating on a local area network "
15620
"and the Internet."
15622
#: serverguide/C/network-config.xml:171(title)
15623
msgid "Temporary IP Address Assignment"
15624
msgstr "Temporary IP Address Assignment"
15626
#: serverguide/C/network-config.xml:172(para)
15628
"For temporary network configurations, you can use standard commands such as "
15629
"<application>ip</application>, <application>ifconfig</application> and "
15630
"<application>route</application>, which are also found on most other "
15631
"GNU/Linux operating systems. These commands allow you to configure settings "
15632
"which take effect immediately, however they are not persistent and will be "
15633
"lost after a reboot."
15635
"For temporary network configurations, you can use standard commands such as "
15636
"<application>ip</application>, <application>ifconfig</application> and "
15637
"<application>route</application>, which are also found on most other "
15638
"GNU/Linux operating systems. These commands allow you to configure settings "
15639
"which take effect immediately, however they are not persistent and will be "
15640
"lost after a reboot."
15642
#: serverguide/C/network-config.xml:180(para)
15644
"To temporarily configure an IP address, you can use the "
15645
"<application>ifconfig</application> command in the following manner. Just "
15646
"modify the IP address and subnet mask to match your network requirements."
15648
"To temporarily configure an IP address, you can use the "
15649
"<application>ifconfig</application> command in the following manner. Just "
15650
"modify the IP address and subnet mask to match your network requirements."
15652
#: serverguide/C/network-config.xml:186(userinput)
15654
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
15655
msgstr "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
15657
#: serverguide/C/network-config.xml:188(para)
15659
"To verify the IP address configuration of <application>eth0</application>, "
15660
"you can use the <application>ifconfig</application> command in the following "
15663
"To verify the IP address configuration of <application>eth0</application>, "
15664
"you can use the <application>ifconfig</application> command in the following "
15667
#: serverguide/C/network-config.xml:193(userinput)
15669
msgid "ifconfig eth0"
15670
msgstr "ifconfig eth0"
15672
#: serverguide/C/network-config.xml:192(screen)
15676
"<placeholder-1/>\n"
15677
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
15678
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
15679
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
15680
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
15681
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
15682
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
15683
" collisions:0 txqueuelen:1000 \n"
15684
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
15688
"<placeholder-1/>\n"
15689
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
15690
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
15691
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
15692
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
15693
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
15694
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
15695
" collisions:0 txqueuelen:1000 \n"
15696
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
15699
#: serverguide/C/network-config.xml:204(para)
15701
"To configure a default gateway, you can use the "
15702
"<application>route</application> command in the following manner. Modify the "
15703
"default gateway address to match your network requirements."
15705
"To configure a default gateway, you can use the "
15706
"<application>route</application> command in the following manner. Modify the "
15707
"default gateway address to match your network requirements."
15709
#: serverguide/C/network-config.xml:210(userinput)
15711
msgid "sudo route add default gw 10.0.0.1 eth0"
15712
msgstr "sudo route add default gw 10.0.0.1 eth0"
15714
#: serverguide/C/network-config.xml:212(para)
15716
"To verify your default gateway configuration, you can use the "
15717
"<application>route</application> command in the following manner."
15719
"To verify your default gateway configuration, you can use the "
15720
"<application>route</application> command in the following manner."
15722
#: serverguide/C/network-config.xml:217(userinput)
15727
#: serverguide/C/network-config.xml:216(screen)
15731
"<placeholder-1/>\n"
15732
"Kernel IP routing table\n"
15733
"Destination Gateway Genmask Flags Metric Ref Use "
15735
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
15737
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
15741
"<placeholder-1/>\n"
15742
"Kernel IP routing table\n"
15743
"Destination Gateway Genmask Flags Metric Ref Use "
15745
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
15747
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
15750
#: serverguide/C/network-config.xml:223(para)
15752
"If you require DNS for your temporary network configuration, you can add DNS "
15753
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
15754
"example below shows how to enter two DNS servers to "
15755
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
15756
"appropriate for your network. A more lengthy description of DNS client "
15757
"configuration is in a following section."
15759
"If you require DNS for your temporary network configuration, you can add DNS "
15760
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
15761
"example below shows how to enter two DNS servers to "
15762
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
15763
"appropriate for your network. A more lengthy description of DNS client "
15764
"configuration is in a following section."
15766
#: serverguide/C/network-config.xml:230(programlisting)
15770
"nameserver 8.8.8.8\n"
15771
"nameserver 8.8.4.4\n"
15774
"nameserver 8.8.8.8\n"
15775
"nameserver 8.8.4.4\n"
15777
#: serverguide/C/network-config.xml:234(para)
15779
"If you no longer need this configuration and wish to purge all IP "
15780
"configuration from an interface, you can use the "
15781
"<application>ip</application> command with the flush option as shown below."
15783
"If you no longer need this configuration and wish to purge all IP "
15784
"configuration from an interface, you can use the "
15785
"<application>ip</application> command with the flush option as shown below."
15787
#: serverguide/C/network-config.xml:240(userinput)
15789
msgid "ip addr flush eth0"
15790
msgstr "ip addr flush eth0"
15792
#: serverguide/C/network-config.xml:243(para)
15794
"Flushing the IP configuration using the <application>ip</application> "
15795
"command does not clear the contents of "
15796
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
15797
"entries manually."
15799
"Flushing the IP configuration using the <application>ip</application> "
15800
"command does not clear the contents of "
15801
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
15802
"entries manually."
15804
#: serverguide/C/network-config.xml:251(title)
15805
msgid "Dynamic IP Address Assignment (DHCP Client)"
15806
msgstr "Dynamic IP Address Assignment (DHCP Client)"
15808
#: serverguide/C/network-config.xml:252(para)
15810
"To configure your server to use DHCP for dynamic address assignment, add the "
15811
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
15812
"statement for the appropriate interface in the file "
15813
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
15814
"are configuring your first Ethernet interface identified as <emphasis "
15815
"role=\"italic\">eth0</emphasis>."
15817
"To configure your server to use DHCP for dynamic address assignment, add the "
15818
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
15819
"statement for the appropriate interface in the file "
15820
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
15821
"are configuring your first Ethernet interface identified as <emphasis "
15822
"role=\"italic\">eth0</emphasis>."
15824
#: serverguide/C/network-config.xml:259(programlisting)
15829
"iface eth0 inet dhcp\n"
15833
"iface eth0 inet dhcp\n"
15835
#: serverguide/C/network-config.xml:263(para)
15837
"By adding an interface configuration as shown above, you can manually enable "
15838
"the interface through the <application>ifup</application> command which "
15839
"initiates the DHCP process via <application>dhclient</application>."
15841
"By adding an interface configuration as shown above, you can manually enable "
15842
"the interface through the <application>ifup</application> command which "
15843
"initiates the DHCP process via <application>dhclient</application>."
15845
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
15847
msgid "sudo ifup eth0"
15848
msgstr "sudo ifup eth0"
15850
#: serverguide/C/network-config.xml:271(para)
15852
"To manually disable the interface, you can use the "
15853
"<application>ifdown</application> command, which in turn will initiate the "
15854
"DHCP release process and shut down the interface."
15856
"To manually disable the interface, you can use the "
15857
"<application>ifdown</application> command, which in turn will initiate the "
15858
"DHCP release process and shut down the interface."
15860
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
15862
msgid "sudo ifdown eth0"
15863
msgstr "sudo ifdown eth0"
15865
#: serverguide/C/network-config.xml:282(title)
15866
msgid "Static IP Address Assignment"
15867
msgstr "Static IP Address Assignment"
15869
#: serverguide/C/network-config.xml:283(para)
15871
"To configure your system to use a static IP address assignment, add the "
15872
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
15873
"family statement for the appropriate interface in the file "
15874
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
15875
"are configuring your first Ethernet interface identified as <emphasis "
15876
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
15877
"role=\"italic\">address</emphasis>, <emphasis "
15878
"role=\"italic\">netmask</emphasis>, and <emphasis "
15879
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
15882
"To configure your system to use a static IP address assignment, add the "
15883
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
15884
"family statement for the appropriate interface in the file "
15885
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
15886
"are configuring your first Ethernet interface identified as <emphasis "
15887
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
15888
"role=\"italic\">address</emphasis>, <emphasis "
15889
"role=\"italic\">netmask</emphasis>, and <emphasis "
15890
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
15893
#: serverguide/C/network-config.xml:292(programlisting)
15898
"iface eth0 inet static\n"
15899
"address 10.0.0.100\n"
15900
"netmask 255.255.255.0\n"
15901
"gateway 10.0.0.1\n"
15905
"iface eth0 inet static\n"
15906
"address 10.0.0.100\n"
15907
"netmask 255.255.255.0\n"
15908
"gateway 10.0.0.1\n"
15910
#: serverguide/C/network-config.xml:299(para)
15912
"By adding an interface configuration as shown above, you can manually enable "
15913
"the interface through the <application>ifup</application> command."
15915
"By adding an interface configuration as shown above, you can manually enable "
15916
"the interface through the <application>ifup</application> command."
15918
#: serverguide/C/network-config.xml:306(para)
15920
"To manually disable the interface, you can use the "
15921
"<application>ifdown</application> command."
15923
"To manually disable the interface, you can use the "
15924
"<application>ifdown</application> command."
15926
#: serverguide/C/network-config.xml:316(title)
15927
msgid "Loopback Interface"
15928
msgstr "Loopback Interface"
15930
#: serverguide/C/network-config.xml:317(para)
15932
"The loopback interface is identified by the system as <emphasis "
15933
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
15934
"can be viewed using the ifconfig command."
15936
"The loopback interface is identified by the system as <emphasis "
15937
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
15938
"can be viewed using the ifconfig command."
15940
#: serverguide/C/network-config.xml:322(userinput)
15942
msgid "ifconfig lo"
15943
msgstr "ifconfig lo"
15945
#: serverguide/C/network-config.xml:321(screen)
15949
"<placeholder-1/>\n"
15950
"lo Link encap:Local Loopback \n"
15951
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
15952
" inet6 addr: ::1/128 Scope:Host\n"
15953
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
15954
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
15955
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
15956
" collisions:0 txqueuelen:0 \n"
15957
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
15960
"<placeholder-1/>\n"
15961
"lo Link encap:Local Loopback \n"
15962
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
15963
" inet6 addr: ::1/128 Scope:Host\n"
15964
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
15965
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
15966
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
15967
" collisions:0 txqueuelen:0 \n"
15968
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
15970
#: serverguide/C/network-config.xml:332(para)
15972
"By default, there should be two lines in "
15973
"<filename>/etc/network/interfaces</filename> responsible for automatically "
15974
"configuring your loopback interface. It is recommended that you keep the "
15975
"default settings unless you have a specific purpose for changing them. An "
15976
"example of the two default lines are shown below."
15978
"By default, there should be two lines in "
15979
"<filename>/etc/network/interfaces</filename> responsible for automatically "
15980
"configuring your loopback interface. It is recommended that you keep the "
15981
"default settings unless you have a specific purpose for changing them. An "
15982
"example of the two default lines are shown below."
15984
#: serverguide/C/network-config.xml:338(programlisting)
15989
"iface lo inet loopback\n"
15993
"iface lo inet loopback\n"
15995
#: serverguide/C/network-config.xml:347(title)
15996
msgid "Name Resolution"
15997
msgstr "Name Resolution"
15999
#: serverguide/C/network-config.xml:348(para)
16001
"Name resolution as it relates to IP networking is the process of mapping IP "
16002
"addresses to hostnames, making it easier to identify resources on a network. "
16003
"The following section will explain how to properly configure your system for "
16004
"name resolution using DNS and static hostname records."
16006
"Name resolution as it relates to IP networking is the process of mapping IP "
16007
"addresses to hostnames, making it easier to identify resources on a network. "
16008
"The following section will explain how to properly configure your system for "
16009
"name resolution using DNS and static hostname records."
16011
#: serverguide/C/network-config.xml:356(title)
16012
msgid "DNS Client Configuration"
16013
msgstr "DNS Client Configuration"
16015
#: serverguide/C/network-config.xml:357(para)
16017
"To configure your system to use DNS for name resolution, add the IP "
16018
"addresses of the DNS servers that are appropriate for your network in the "
16019
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
16020
"suffix search-lists to match your network domain names."
16022
"To configure your system to use DNS for name resolution, add the IP "
16023
"addresses of the DNS servers that are appropriate for your network in the "
16024
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
16025
"suffix search-lists to match your network domain names."
16027
#: serverguide/C/network-config.xml:362(para)
16029
"Below is an example of a typical configuration of "
16030
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
16031
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
16033
"Below is an example of a typical configuration of "
16034
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
16035
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
16037
#: serverguide/C/network-config.xml:367(programlisting)
16041
"search example.com\n"
16042
"nameserver 8.8.8.8\n"
16043
"nameserver 8.8.4.4\n"
16046
"search example.com\n"
16047
"nameserver 8.8.8.8\n"
16048
"nameserver 8.8.4.4\n"
16050
#: serverguide/C/network-config.xml:372(para)
16052
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
16053
"multiple domain names so that DNS queries will be appended in the order in "
16054
"which they are entered. For example, your network may have multiple sub-"
16055
"domains to search; a parent domain of <emphasis "
16056
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
16057
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
16058
"role=\"italic\">dev.example.com</emphasis>."
16060
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
16061
"multiple domain names so that DNS queries will be appended in the order in "
16062
"which they are entered. For example, your network may have multiple sub-"
16063
"domains to search; a parent domain of <emphasis "
16064
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
16065
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
16066
"role=\"italic\">dev.example.com</emphasis>."
16068
#: serverguide/C/network-config.xml:380(para)
16070
"If you have multiple domains you wish to search, your configuration might "
16071
"look like the following."
16073
"If you have multiple domains you wish to search, your configuration might "
16074
"look like the following."
16076
#: serverguide/C/network-config.xml:383(programlisting)
16080
"search example.com sales.example.com dev.example.com\n"
16081
"nameserver 8.8.8.8\n"
16082
"nameserver 8.8.4.4\n"
16085
"search example.com sales.example.com dev.example.com\n"
16086
"nameserver 8.8.8.8\n"
16087
"nameserver 8.8.4.4\n"
16089
#: serverguide/C/network-config.xml:388(para)
16091
"If you try to ping a host with the name of <emphasis "
16092
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
16093
"for its Fully Qualified Domain Name (FQDN) in the following order:"
16095
"If you try to ping a host with the name of <emphasis "
16096
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
16097
"for its Fully Qualified Domain Name (FQDN) in the following order:"
16099
#: serverguide/C/network-config.xml:394(para)
16100
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
16101
msgstr "server1<emphasis role=\"bold\">.example.com</emphasis>"
16103
#: serverguide/C/network-config.xml:399(para)
16104
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
16105
msgstr "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
16107
#: serverguide/C/network-config.xml:404(para)
16108
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
16109
msgstr "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
16111
#: serverguide/C/network-config.xml:409(para)
16113
"If no matches are found, the DNS server will provide a result of <emphasis "
16114
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
16116
"If no matches are found, the DNS server will provide a result of <emphasis "
16117
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
16119
#: serverguide/C/network-config.xml:416(title)
16120
msgid "Static Hostnames"
16121
msgstr "Static Hostnames"
16123
#: serverguide/C/network-config.xml:417(para)
16125
"Static hostnames are locally defined hostname-to-IP mappings located in the "
16126
"file <filename>/etc/hosts</filename>. Entries in the "
16127
"<filename>hosts</filename> file will have precedence over DNS by default. "
16128
"This means that if your system tries to resolve a hostname and it matches an "
16129
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
16130
"some configurations, especially when Internet access is not required, "
16131
"servers that communicate with a limited number of resources can be "
16132
"conveniently set to use static hostnames instead of DNS."
16134
"Static hostnames are locally defined hostname-to-IP mappings located in the "
16135
"file <filename>/etc/hosts</filename>. Entries in the "
16136
"<filename>hosts</filename> file will have precedence over DNS by default. "
16137
"This means that if your system tries to resolve a hostname and it matches an "
16138
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
16139
"some configurations, especially when Internet access is not required, "
16140
"servers that communicate with a limited number of resources can be "
16141
"conveniently set to use static hostnames instead of DNS."
16143
#: serverguide/C/network-config.xml:424(para)
16145
"The following is an example of a <filename>hosts</filename> file where a "
16146
"number of local servers have been identified by simple hostnames, aliases "
16147
"and their equivalent Fully Qualified Domain Names (FQDN's)."
16149
"The following is an example of a <filename>hosts</filename> file where a "
16150
"number of local servers have been identified by simple hostnames, aliases "
16151
"and their equivalent Fully Qualified Domain Names (FQDN's)."
16153
#: serverguide/C/network-config.xml:428(programlisting)
16157
"127.0.0.1\tlocalhost\n"
16158
"127.0.1.1\tubuntu-server\n"
16159
"10.0.0.11\tserver1 vpn server1.example.com\n"
16160
"10.0.0.12\tserver2 mail server2.example.com\n"
16161
"10.0.0.13\tserver3 www server3.example.com\n"
16162
"10.0.0.14\tserver4 file server4.example.com\n"
16165
"127.0.0.1\tlocalhost\n"
16166
"127.0.1.1\tubuntu-server\n"
16167
"10.0.0.11\tserver1 vpn server1.example.com\n"
16168
"10.0.0.12\tserver2 mail server2.example.com\n"
16169
"10.0.0.13\tserver3 www server3.example.com\n"
16170
"10.0.0.14\tserver4 file server4.example.com\n"
16172
#: serverguide/C/network-config.xml:437(para)
16174
"In the above example, notice that each of the servers have been given "
16175
"aliases in addition to their proper names and FQDN's. <emphasis "
16176
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
16177
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
16178
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
16179
"role=\"italic\">server3</emphasis> as <emphasis "
16180
"role=\"italic\">www</emphasis>, and <emphasis "
16181
"role=\"italic\">server4</emphasis> as <emphasis "
16182
"role=\"italic\">file</emphasis>."
16184
"In the above example, notice that each of the servers have been given "
16185
"aliases in addition to their proper names and FQDN's. <emphasis "
16186
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
16187
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
16188
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
16189
"role=\"italic\">server3</emphasis> as <emphasis "
16190
"role=\"italic\">www</emphasis>, and <emphasis "
16191
"role=\"italic\">server4</emphasis> as <emphasis "
16192
"role=\"italic\">file</emphasis>."
16194
#: serverguide/C/network-config.xml:449(title)
16195
msgid "Name Service Switch Configuration"
16196
msgstr "Name Service Switch Configuration"
16198
#: serverguide/C/network-config.xml:450(para)
16200
"The order in which your system selects a method of resolving hostnames to IP "
16201
"addresses is controlled by the Name Service Switch (NSS) configuration file "
16202
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
16203
"section, typically static hostnames defined in the systems "
16204
"<filename>/etc/hosts</filename> file have precedence over names resolved "
16205
"from DNS. The following is an example of the line responsible for this order "
16206
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
16208
"The order in which your system selects a method of resolving hostnames to IP "
16209
"addresses is controlled by the Name Service Switch (NSS) configuration file "
16210
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
16211
"section, typically static hostnames defined in the systems "
16212
"<filename>/etc/hosts</filename> file have precedence over names resolved "
16213
"from DNS. The following is an example of the line responsible for this order "
16214
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
16216
#: serverguide/C/network-config.xml:458(programlisting)
16220
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
16223
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
16225
#: serverguide/C/network-config.xml:464(para)
16227
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
16228
"hostnames located in <filename>/etc/hosts</filename>."
16230
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
16231
"hostnames located in <filename>/etc/hosts</filename>."
16233
#: serverguide/C/network-config.xml:470(para)
16235
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
16236
"name using Multicast DNS."
16238
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
16239
"name using Multicast DNS."
16241
#: serverguide/C/network-config.xml:475(para)
16243
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
16244
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
16245
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
16246
"authoritative and that the system should not try to continue hunting for an "
16249
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
16250
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
16251
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
16252
"authoritative and that the system should not try to continue hunting for an "
16255
#: serverguide/C/network-config.xml:483(para)
16257
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
16259
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
16261
#: serverguide/C/network-config.xml:488(para)
16263
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
16265
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
16267
#: serverguide/C/network-config.xml:494(para)
16269
"To modify the order of the above mentioned name resolution methods, you can "
16270
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
16271
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
16272
"versus Multicast DNS, you can change the string in "
16273
"<filename>/etc/nsswitch.conf</filename> as shown below."
16275
"To modify the order of the above mentioned name resolution methods, you can "
16276
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
16277
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
16278
"versus Multicast DNS, you can change the string in "
16279
"<filename>/etc/nsswitch.conf</filename> as shown below."
16281
#: serverguide/C/network-config.xml:501(programlisting)
16285
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
16288
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
16290
#: serverguide/C/network-config.xml:508(title)
16294
#: serverguide/C/network-config.xml:510(para)
16296
"Bridging multiple interfaces is a more advanced configuration, but is very "
16297
"useful in multiple scenarios. One scenario is setting up a bridge with "
16298
"multiple network interfaces, then using a firewall to filter traffic between "
16299
"two network segments. Another scenario is using bridge on a system with one "
16300
"interface to allow virtual machines direct access to the outside network. "
16301
"The following example covers the latter scenario."
16303
"Bridging multiple interfaces is a more advanced configuration, but is very "
16304
"useful in multiple scenarios. One scenario is setting up a bridge with "
16305
"multiple network interfaces, then using a firewall to filter traffic between "
16306
"two network segments. Another scenario is using bridge on a system with one "
16307
"interface to allow virtual machines direct access to the outside network. "
16308
"The following example covers the latter scenario."
16310
#: serverguide/C/network-config.xml:517(para)
16312
"Before configuring a bridge you will need to install the <application>bridge-"
16313
"utils</application> package. To install the package, in a terminal enter:"
16315
"Before configuring a bridge you will need to install the <application>bridge-"
16316
"utils</application> package. To install the package, in a terminal enter:"
16318
#: serverguide/C/network-config.xml:523(command)
16319
msgid "sudo apt-get install bridge-utils"
16320
msgstr "sudo apt-get install bridge-utils"
16322
#: serverguide/C/network-config.xml:526(para)
16324
"Next, configure the bridge by editing "
16325
"<filename>/etc/network/interfaces</filename>:"
16327
"Next, configure the bridge by editing "
16328
"<filename>/etc/network/interfaces</filename>:"
16330
#: serverguide/C/network-config.xml:530(programlisting)
16335
"iface lo inet loopback\n"
16338
"iface br0 inet static\n"
16339
" address 192.168.0.10\n"
16340
" network 192.168.0.0\n"
16341
" netmask 255.255.255.0\n"
16342
" broadcast 192.168.0.255\n"
16343
" gateway 192.168.0.1\n"
16344
" bridge_ports eth0\n"
16346
" bridge_hello 2\n"
16347
" bridge_maxage 12\n"
16348
" bridge_stp off\n"
16352
"iface lo inet loopback\n"
16355
"iface br0 inet static\n"
16356
" address 192.168.0.10\n"
16357
" network 192.168.0.0\n"
16358
" netmask 255.255.255.0\n"
16359
" broadcast 192.168.0.255\n"
16360
" gateway 192.168.0.1\n"
16361
" bridge_ports eth0\n"
16363
" bridge_hello 2\n"
16364
" bridge_maxage 12\n"
16365
" bridge_stp off\n"
16367
#: serverguide/C/network-config.xml:549(para)
16368
msgid "Enter the appropriate values for your physical interface and network."
16370
"Enter the appropriate values for your physical interface and network."
16372
#: serverguide/C/network-config.xml:554(para)
16373
msgid "Now restart networking to enable the bridge interface:"
16374
msgstr "Now restart networking to enable the bridge interface:"
16376
#: serverguide/C/network-config.xml:561(para)
16378
"The new bridge interface should now be up and running. The "
16379
"<application>brctl</application> provides useful information about the state "
16380
"of the bridge, controls which interfaces are part of the bridge, etc. See "
16381
"<command>man brctl</command> for more information."
16383
"The new bridge interface should now be up and running. The "
16384
"<application>brctl</application> provides useful information about the state "
16385
"of the bridge, controls which interfaces are part of the bridge, etc. See "
16386
"<command>man brctl</command> for more information."
16388
#: serverguide/C/network-config.xml:577(para)
16390
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
16391
"Network page</ulink> has links to articles covering more advanced network "
16394
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
16395
"Network page</ulink> has links to articles covering more advanced network "
16398
#: serverguide/C/network-config.xml:583(para)
16401
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
16402
"\">interfaces man page</ulink> has details on more options for "
16403
"<filename>/etc/network/interfaces</filename>."
16406
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
16407
"\">interfaces man page</ulink> has details on more options for "
16408
"<filename>/etc/network/interfaces</filename>."
16410
#: serverguide/C/network-config.xml:589(para)
16413
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
16414
"dhclient man page</ulink> has details on more options for configuring DHCP "
16418
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
16419
"dhclient man page</ulink> has details on more options for configuring DHCP "
16422
#: serverguide/C/network-config.xml:595(para)
16424
"For more information on DNS client configuration see the <ulink "
16425
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
16426
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
16427
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
16428
"Administrator's Guide</ulink> is a good source of resolver and name service "
16429
"configuration information."
16431
"For more information on DNS client configuration see the <ulink "
16432
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
16433
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
16434
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
16435
"Administrator's Guide</ulink> is a good source of resolver and name service "
16436
"configuration information."
16438
#: serverguide/C/network-config.xml:603(para)
16440
"For more information on <emphasis>bridging</emphasis> see the <ulink "
16441
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
16442
"tl man page</ulink> and the Linux Foundation's <ulink "
16443
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
16445
"For more information on <emphasis>bridging</emphasis> see the <ulink "
16446
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
16447
"tl man page</ulink> and the Linux Foundation's <ulink "
16448
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
16450
#: serverguide/C/network-config.xml:614(title)
16454
#: serverguide/C/network-config.xml:615(para)
16456
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
16457
"standard set of protocols developed in the late 1970s by the Defense "
16458
"Advanced Research Projects Agency (DARPA) as a means of communication "
16459
"between different types of computers and computer networks. TCP/IP is the "
16460
"driving force of the Internet, and thus it is the most popular set of "
16461
"network protocols on Earth."
16463
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
16464
"standard set of protocols developed in the late 1970s by the Defense "
16465
"Advanced Research Projects Agency (DARPA) as a means of communication "
16466
"between different types of computers and computer networks. TCP/IP is the "
16467
"driving force of the Internet, and thus it is the most popular set of "
16468
"network protocols on Earth."
16470
#: serverguide/C/network-config.xml:623(title)
16471
msgid "TCP/IP Introduction"
16472
msgstr "TCP/IP Introduction"
16474
#: serverguide/C/network-config.xml:624(para)
16476
"The two protocol components of TCP/IP deal with different aspects of "
16477
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
16478
"TCP/IP is a connectionless protocol which deals only with network packet "
16479
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
16480
"basic unit of networking information. The IP Datagram consists of a header "
16481
"followed by a message. The <emphasis> Transmission Control "
16482
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
16483
"establish connections which may be used to exchange data streams. TCP also "
16484
"guarantees that the data between connections is delivered and that it "
16485
"arrives at one network host in the same order as sent from another network "
16488
"The two protocol components of TCP/IP deal with different aspects of "
16489
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
16490
"TCP/IP is a connectionless protocol which deals only with network packet "
16491
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
16492
"basic unit of networking information. The IP Datagram consists of a header "
16493
"followed by a message. The <emphasis> Transmission Control "
16494
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
16495
"establish connections which may be used to exchange data streams. TCP also "
16496
"guarantees that the data between connections is delivered and that it "
16497
"arrives at one network host in the same order as sent from another network "
16500
#: serverguide/C/network-config.xml:637(title)
16501
msgid "TCP/IP Configuration"
16502
msgstr "TCP/IP Configuration"
16504
#: serverguide/C/network-config.xml:638(para)
16506
"The TCP/IP protocol configuration consists of several elements which must be "
16507
"set by editing the appropriate configuration files, or deploying solutions "
16508
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
16509
"can be configured to provide the proper TCP/IP configuration settings to "
16510
"network clients automatically. These configuration values must be set "
16511
"correctly in order to facilitate the proper network operation of your Ubuntu "
16514
"The TCP/IP protocol configuration consists of several elements which must be "
16515
"set by editing the appropriate configuration files, or deploying solutions "
16516
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
16517
"can be configured to provide the proper TCP/IP configuration settings to "
16518
"network clients automatically. These configuration values must be set "
16519
"correctly in order to facilitate the proper network operation of your Ubuntu "
16522
#: serverguide/C/network-config.xml:650(para)
16524
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
16525
"identifying string expressed as four decimal numbers ranging from zero (0) "
16526
"to two-hundred and fifty-five (255), separated by periods, with each of the "
16527
"four numbers representing eight (8) bits of the address for a total length "
16528
"of thirty-two (32) bits for the whole address. This format is called "
16529
"<emphasis>dotted quad notation</emphasis>."
16531
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
16532
"identifying string expressed as four decimal numbers ranging from zero (0) "
16533
"to two-hundred and fifty-five (255), separated by full stops, with each of "
16534
"the four numbers representing eight (8) bits of the address for a total "
16535
"length of thirty-two (32) bits for the whole address. This format is called "
16536
"<emphasis>dotted quad notation</emphasis>."
16538
#: serverguide/C/network-config.xml:660(para)
16540
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
16541
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
16542
"separate the portions of an IP address significant to the network from the "
16543
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
16544
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
16545
"three bytes of the IP address and allows the last byte of the IP address to "
16546
"remain available for specifying hosts on the subnetwork."
16548
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
16549
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
16550
"separate the portions of an IP address significant to the network from the "
16551
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
16552
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
16553
"three bytes of the IP address and allows the last byte of the IP address to "
16554
"remain available for specifying hosts on the subnetwork."
16556
#: serverguide/C/network-config.xml:671(para)
16558
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
16559
"represents the bytes comprising the network portion of an IP address. For "
16560
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
16561
"network address, where twelve (12) represents the first byte of the IP "
16562
"address, (the network part) and zeroes (0) in all of the remaining three "
16563
"bytes to represent the potential host values. A network host using the "
16564
"private IP address 192.168.1.100 would in turn use a Network Address of "
16565
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
16566
"network and a zero (0) for all the possible hosts on the network."
16568
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
16569
"represents the bytes comprising the network portion of an IP address. For "
16570
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
16571
"network address, where twelve (12) represents the first byte of the IP "
16572
"address, (the network part) and zeroes (0) in all of the remaining three "
16573
"bytes to represent the potential host values. A network host using the "
16574
"private IP address 192.168.1.100 would in turn use a Network Address of "
16575
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
16576
"network and a zero (0) for all the possible hosts on the network."
16578
#: serverguide/C/network-config.xml:684(para)
16580
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
16581
"is an IP address which allows network data to be sent simultaneously to all "
16582
"hosts on a given subnetwork rather than specifying a particular host. The "
16583
"standard general broadcast address for IP networks is 255.255.255.255, but "
16584
"this broadcast address cannot be used to send a broadcast message to every "
16585
"host on the Internet because routers block it. A more appropriate broadcast "
16586
"address is set to match a specific subnetwork. For example, on the private "
16587
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
16588
"Broadcast messages are typically produced by network protocols such as the "
16589
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
16591
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
16592
"is an IP address which allows network data to be sent simultaneously to all "
16593
"hosts on a given subnetwork rather than specifying a particular host. The "
16594
"standard general broadcast address for IP networks is 255.255.255.255, but "
16595
"this broadcast address cannot be used to send a broadcast message to every "
16596
"host on the Internet because routers block it. A more appropriate broadcast "
16597
"address is set to match a specific subnetwork. For example, on the private "
16598
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
16599
"Broadcast messages are typically produced by network protocols such as the "
16600
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
16602
#: serverguide/C/network-config.xml:697(para)
16604
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
16605
"IP address through which a particular network, or host on a network, may be "
16606
"reached. If one network host wishes to communicate with another network "
16607
"host, and that host is not located on the same network, then a "
16608
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
16609
"Address will be that of a router on the same network, which will in turn "
16610
"pass traffic on to other networks or hosts, such as Internet hosts. The "
16611
"value of the Gateway Address setting must be correct, or your system will "
16612
"not be able to reach any hosts beyond those on the same network."
16614
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
16615
"IP address through which a particular network, or host on a network, may be "
16616
"reached. If one network host wishes to communicate with another network "
16617
"host, and that host is not located on the same network, then a "
16618
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
16619
"Address will be that of a router on the same network, which will in turn "
16620
"pass traffic on to other networks or hosts, such as Internet hosts. The "
16621
"value of the Gateway Address setting must be correct, or your system will "
16622
"not be able to reach any hosts beyond those on the same network."
16624
#: serverguide/C/network-config.xml:708(para)
16626
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
16627
"represent the IP addresses of Domain Name Service (DNS) systems, which "
16628
"resolve network hostnames into IP addresses. There are three levels of "
16629
"Nameserver Addresses, which may be specified in order of precedence: The "
16630
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
16631
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
16632
"your system to be able to resolve network hostnames into their corresponding "
16633
"IP addresses, you must specify valid Nameserver Addresses which you are "
16634
"authorized to use in your system's TCP/IP configuration. In many cases these "
16635
"addresses can and will be provided by your network service provider, but "
16636
"many free and publicly accessible nameservers are available for use, such as "
16637
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
16639
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
16640
"represent the IP addresses of Domain Name Service (DNS) systems, which "
16641
"resolve network hostnames into IP addresses. There are three levels of "
16642
"Nameserver Addresses, which may be specified in order of precedence: The "
16643
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
16644
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
16645
"your system to be able to resolve network hostnames into their corresponding "
16646
"IP addresses, you must specify valid Nameserver Addresses which you are "
16647
"authorised to use in your system's TCP/IP configuration. In many cases these "
16648
"addresses can and will be provided by your network service provider, but "
16649
"many free and publicly accessible nameservers are available for use, such as "
16650
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
16652
#: serverguide/C/network-config.xml:722(para)
16654
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
16655
"Address are typically specified via the appropriate directives in the file "
16656
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
16657
"typically specified via <emphasis>nameserver</emphasis> directives in the "
16658
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
16659
"system manual page for <filename>interfaces</filename> or "
16660
"<filename>resolv.conf</filename> respectively, with the following commands "
16661
"typed at a terminal prompt:"
16663
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
16664
"Address are typically specified via the appropriate directives in the file "
16665
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
16666
"typically specified via <emphasis>nameserver</emphasis> directives in the "
16667
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
16668
"system manual page for <filename>interfaces</filename> or "
16669
"<filename>resolv.conf</filename> respectively, with the following commands "
16670
"typed at a terminal prompt:"
16672
#: serverguide/C/network-config.xml:729(para)
16674
"Access the system manual page for <filename>interfaces</filename> with the "
16675
"following command:"
16677
"Access the system manual page for <filename>interfaces</filename> with the "
16678
"following command:"
16680
#: serverguide/C/network-config.xml:734(command)
16681
msgid "man interfaces"
16682
msgstr "man interfaces"
16684
#: serverguide/C/network-config.xml:737(para)
16686
"Access the system manual page for <filename>resolv.conf</filename> with the "
16687
"following command:"
16689
"Access the system manual page for <filename>resolv.conf</filename> with the "
16690
"following command:"
16692
#: serverguide/C/network-config.xml:741(command)
16693
msgid "man resolv.conf"
16694
msgstr "man resolv.conf"
16696
#: serverguide/C/network-config.xml:646(para)
16698
"The common configuration elements of TCP/IP and their purposes are as "
16699
"follows: <placeholder-1/>"
16701
"The common configuration elements of TCP/IP and their purposes are as "
16702
"follows: <placeholder-1/>"
16704
#: serverguide/C/network-config.xml:748(title)
16706
msgstr "IP Routeing"
16708
#: serverguide/C/network-config.xml:749(para)
16710
"IP routing is a means of specifying and discovering paths in a TCP/IP "
16711
"network along which network data may be sent. Routing uses a set of "
16712
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
16713
"packets from their source to the destination, often via many intermediary "
16714
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
16715
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
16716
"<emphasis>Dynamic Routing.</emphasis>"
16718
"IP routing is a means of specifying and discovering paths in a TCP/IP "
16719
"network along which network data may be sent. Routing uses a set of "
16720
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
16721
"packets from their source to the destination, often via many intermediary "
16722
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
16723
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
16724
"<emphasis>Dynamic Routing.</emphasis>"
16726
#: serverguide/C/network-config.xml:758(para)
16728
"Static routing involves manually adding IP routes to the system's routing "
16729
"table, and this is usually done by manipulating the routing table with the "
16730
"<application>route</application> command. Static routing enjoys many "
16731
"advantages over dynamic routing, such as simplicity of implementation on "
16732
"smaller networks, predictability (the routing table is always computed in "
16733
"advance, and thus the route is precisely the same each time it is used), and "
16734
"low overhead on other routers and network links due to the lack of a dynamic "
16735
"routing protocol. However, static routing does present some disadvantages as "
16736
"well. For example, static routing is limited to small networks and does not "
16737
"scale well. Static routing also fails completely to adapt to network outages "
16738
"and failures along the route due to the fixed nature of the route."
16740
"Static routeing involves manually adding IP routes to the system's routeing "
16741
"table, and this is usually done by manipulating the routeing table with the "
16742
"<application>route</application> command. Static routeing enjoys many "
16743
"advantages over dynamic routeing, such as simplicity of implementation on "
16744
"smaller networks, predictability (the routeing table is always computed in "
16745
"advance, and thus the route is precisely the same each time it is used), and "
16746
"low overhead on other routers and network links due to the lack of a dynamic "
16747
"routing protocol. However, static routeing does present some disadvantages "
16748
"as well. For example, static routeing is limited to small networks and does "
16749
"not scale well. Static routeing also fails completely to adapt to network "
16750
"outages and failures along the route due to the fixed nature of the route."
16752
#: serverguide/C/network-config.xml:768(para)
16754
"Dynamic routing depends on large networks with multiple possible IP routes "
16755
"from a source to a destination and makes use of special routing protocols, "
16756
"such as the Router Information Protocol (RIP), which handle the automatic "
16757
"adjustments in routing tables that make dynamic routing possible. Dynamic "
16758
"routing has several advantages over static routing, such as superior "
16759
"scalability and the ability to adapt to failures and outages along network "
16760
"routes. Additionally, there is less manual configuration of the routing "
16761
"tables, since routers learn from one another about their existence and "
16762
"available routes. This trait also eliminates the possibility of introducing "
16763
"mistakes in the routing tables via human error. Dynamic routing is not "
16764
"perfect, however, and presents disadvantages such as heightened complexity "
16765
"and additional network overhead from router communications, which does not "
16766
"immediately benefit the end users, but still consumes network bandwidth."
16768
"Dynamic routing depends on large networks with multiple possible IP routes "
16769
"from a source to a destination and makes use of special routing protocols, "
16770
"such as the Router Information Protocol (RIP), which handle the automatic "
16771
"adjustments in routing tables that make dynamic routing possible. Dynamic "
16772
"routing has several advantages over static routing, such as superior "
16773
"scalability and the ability to adapt to failures and outages along network "
16774
"routes. Additionally, there is less manual configuration of the routing "
16775
"tables, since routers learn from one another about their existence and "
16776
"available routes. This trait also eliminates the possibility of introducing "
16777
"mistakes in the routing tables via human error. Dynamic routing is not "
16778
"perfect, however, and presents disadvantages such as heightened complexity "
16779
"and additional network overhead from router communications, which does not "
16780
"immediately benefit the end users, but still consumes network bandwidth."
16782
#: serverguide/C/network-config.xml:782(title)
16783
msgid "TCP and UDP"
16784
msgstr "TCP and UDP"
16786
#: serverguide/C/network-config.xml:783(para)
16788
"TCP is a connection-based protocol, offering error correction and guaranteed "
16789
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
16790
"Flow control determines when the flow of a data stream needs to be stopped, "
16791
"and previously sent data packets should to be re-sent due to problems such "
16792
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
16793
"accurate delivery of the data. TCP is typically used in the exchange of "
16794
"important information such as database transactions."
16796
"TCP is a connection-based protocol, offering error correction and guaranteed "
16797
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
16798
"Flow control determines when the flow of a data stream needs to be stopped, "
16799
"and previously sent data packets should to be re-sent due to problems such "
16800
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
16801
"accurate delivery of the data. TCP is typically used in the exchange of "
16802
"important information such as database transactions."
16804
#: serverguide/C/network-config.xml:791(para)
16806
"The User Datagram Protocol (UDP), on the other hand, is a "
16807
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
16808
"transmission of important data because it lacks flow control or any other "
16809
"method to ensure reliable delivery of the data. UDP is commonly used in such "
16810
"applications as audio and video streaming, where it is considerably faster "
16811
"than TCP due to the lack of error correction and flow control, and where the "
16812
"loss of a few packets is not generally catastrophic."
16814
"The User Datagram Protocol (UDP), on the other hand, is a "
16815
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
16816
"transmission of important data because it lacks flow control or any other "
16817
"method to ensure reliable delivery of the data. UDP is commonly used in such "
16818
"applications as audio and video streaming, where it is considerably faster "
16819
"than TCP due to the lack of error correction and flow control, and where the "
16820
"loss of a few packets is not generally catastrophic."
16822
#: serverguide/C/network-config.xml:801(title)
16826
#: serverguide/C/network-config.xml:802(para)
16828
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
16829
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
16830
"supports network packets containing control, error, and informational "
16831
"messages. ICMP is used by such network applications as the "
16832
"<application>ping</application> utility, which can determine the "
16833
"availability of a network host or device. Examples of some error messages "
16834
"returned by ICMP which are useful to both network hosts and devices such as "
16835
"routers, include <emphasis>Destination Unreachable</emphasis> and "
16836
"<emphasis>Time Exceeded</emphasis>."
16838
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
16839
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
16840
"supports network packets containing control, error, and informational "
16841
"messages. ICMP is used by such network applications as the "
16842
"<application>ping</application> utility, which can determine the "
16843
"availability of a network host or device. Examples of some error messages "
16844
"returned by ICMP which are useful to both network hosts and devices such as "
16845
"routers, include <emphasis>Destination Unreachable</emphasis> and "
16846
"<emphasis>Time Exceeded</emphasis>."
16848
#: serverguide/C/network-config.xml:812(title)
16852
#: serverguide/C/network-config.xml:813(para)
16854
"Daemons are special system applications which typically execute continuously "
16855
"in the background and await requests for the functions they provide from "
16856
"other applications. Many daemons are network-centric; that is, a large "
16857
"number of daemons executing in the background on an Ubuntu system may "
16858
"provide network-related functionality. Some examples of such network daemons "
16859
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
16860
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
16861
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
16862
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
16863
"Daemon</emphasis> (imapd), which provides E-Mail services."
16865
"Daemons are special system applications which typically execute continuously "
16866
"in the background and await requests for the functions they provide from "
16867
"other applications. Many daemons are network-centric; that is, a large "
16868
"number of daemons executing in the background on an Ubuntu system may "
16869
"provide network-related functionality. Some examples of such network daemons "
16870
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
16871
"(httpd), which provides Web server functionality; the <emphasis>Secure SHell "
16872
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
16873
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
16874
"Daemon</emphasis> (imapd), which provides E-Mail services."
16876
#: serverguide/C/network-config.xml:828(para)
16878
"There are man pages for <ulink "
16879
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
16880
"ulink> and <ulink "
16881
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
16882
"> that contain more useful information."
16884
"There are man pages for <ulink "
16885
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
16886
"ulink> and <ulink "
16887
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
16888
"> that contain more useful information."
16890
#: serverguide/C/network-config.xml:834(para)
16892
"Also, see the <ulink "
16893
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
16894
"and Technical Overview</ulink> IBM Redbook."
16896
"Also, see the <ulink "
16897
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
16898
"and Technical Overview</ulink> IBM Redbook."
16900
#: serverguide/C/network-config.xml:840(para)
16902
"Another resource is O'Reilly's <ulink "
16903
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
16904
"Administration</ulink>."
16906
"Another resource is O'Reilly's <ulink "
16907
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
16908
"Administration</ulink>."
16910
#: serverguide/C/network-config.xml:849(title)
16911
msgid "Dynamic Host Configuration Protocol (DHCP)"
16912
msgstr "Dynamic Host Configuration Protocol (DHCP)"
16914
#: serverguide/C/network-config.xml:850(para)
16916
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
16917
"enables host computers to be automatically assigned settings from a server "
16918
"as opposed to manually configuring each network host. Computers configured "
16919
"to be DHCP clients have no control over the settings they receive from the "
16920
"DHCP server, and the configuration is transparent to the computer's user."
16922
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
16923
"enables host computers to be automatically assigned settings from a server "
16924
"as opposed to manually configuring each network host. Computers configured "
16925
"to be DHCP clients have no control over the settings they receive from the "
16926
"DHCP server, and the configuration is transparent to the computer's user."
16928
#: serverguide/C/network-config.xml:857(para)
16930
"The most common settings provided by a DHCP server to DHCP clients include:"
16932
"The most common settings provided by a DHCP server to DHCP clients include:"
16934
#: serverguide/C/network-config.xml:862(para)
16935
msgid "IP-Address and Netmask"
16936
msgstr "IP-Address and Netmask"
16938
#: serverguide/C/network-config.xml:865(para)
16942
#: serverguide/C/network-config.xml:868(para)
16946
#: serverguide/C/network-config.xml:871(para)
16948
"However, a DHCP server can also supply configuration properties such as:"
16950
"However, a DHCP server can also supply configuration properties such as:"
16952
#: serverguide/C/network-config.xml:876(para)
16956
#: serverguide/C/network-config.xml:879(para)
16957
msgid "Domain Name"
16958
msgstr "Domain Name"
16960
#: serverguide/C/network-config.xml:882(para)
16961
msgid "Default Gateway"
16962
msgstr "Default Gateway"
16964
#: serverguide/C/network-config.xml:885(para)
16965
msgid "Time Server"
16966
msgstr "Time Server"
16968
#: serverguide/C/network-config.xml:888(para)
16969
msgid "Print Server"
16970
msgstr "Print Server"
16972
#: serverguide/C/network-config.xml:891(para)
16974
"The advantage of using DHCP is that changes to the network, for example a "
16975
"change in the address of the DNS server, need only be changed at the DHCP "
16976
"server, and all network hosts will be reconfigured the next time their DHCP "
16977
"clients poll the DHCP server. As an added advantage, it is also easier to "
16978
"integrate new computers into the network, as there is no need to check for "
16979
"the availability of an IP address. Conflicts in IP address allocation are "
16982
"The advantage of using DHCP is that changes to the network, for example a "
16983
"change in the address of the DNS server, need only be changed at the DHCP "
16984
"server, and all network hosts will be reconfigured the next time their DHCP "
16985
"clients poll the DHCP server. As an added advantage, it is also easier to "
16986
"integrate new computers into the network, as there is no need to check for "
16987
"the availability of an IP address. Conflicts in IP address allocation are "
16990
#: serverguide/C/network-config.xml:899(para)
16991
msgid "A DHCP server can provide configuration settings using two methods:"
16992
msgstr "A DHCP server can provide configuration settings using two methods:"
16994
#: serverguide/C/network-config.xml:904(term)
16995
msgid "MAC Address"
16996
msgstr "MAC Address"
16998
#: serverguide/C/network-config.xml:906(para)
17000
"This method entails using DHCP to identify the unique hardware address of "
17001
"each network card connected to the network and then continually supplying a "
17002
"constant configuration each time the DHCP client makes a request to the DHCP "
17003
"server using that network device."
17005
"This method entails using DHCP to identify the unique hardware address of "
17006
"each network card connected to the network and then continually supplying a "
17007
"constant configuration each time the DHCP client makes a request to the DHCP "
17008
"server using that network device."
17010
#: serverguide/C/network-config.xml:915(term)
17011
msgid "Address Pool"
17012
msgstr "Address Pool"
17014
#: serverguide/C/network-config.xml:917(para)
17016
"This method entails defining a pool (sometimes also called a range or scope) "
17017
"of IP addresses from which DHCP clients are supplied their configuration "
17018
"properties dynamically and on a \"first come, first served\" basis. When a "
17019
"DHCP client is no longer on the network for a specified period, the "
17020
"configuration is expired and released back to the address pool for use by "
17021
"other DHCP Clients."
17023
"This method entails defining a pool (sometimes also called a range or scope) "
17024
"of IP addresses from which DHCP clients are supplied their configuration "
17025
"properties dynamically and on a \"first come, first served\" basis. When a "
17026
"DHCP client is no longer on the network for a specified period, the "
17027
"configuration is expired and released back to the address pool for use by "
17028
"other DHCP Clients."
17030
#: serverguide/C/network-config.xml:928(para)
17032
"Ubuntu is shipped with both DHCP server and client. The server is "
17033
"<application>dhcpd</application> (dynamic host configuration protocol "
17034
"daemon). The client provided with Ubuntu is "
17035
"<application>dhclient</application> and should be installed on all computers "
17036
"required to be automatically configured. Both programs are easy to install "
17037
"and configure and will be automatically started at system boot."
17039
"Ubuntu is shipped with both DHCP server and client. The server is "
17040
"<application>dhcpd</application> (dynamic host configuration protocol "
17041
"daemon). The client provided with Ubuntu is "
17042
"<application>dhclient</application> and should be installed on all computers "
17043
"required to be automatically configured. Both programs are easy to install "
17044
"and configure and will be automatically started at system boot."
17046
#: serverguide/C/network-config.xml:938(para)
17048
"At a terminal prompt, enter the following command to install "
17049
"<application>dhcpd</application>:"
17051
"At a terminal prompt, enter the following command to install "
17052
"<application>dhcpd</application>:"
17054
#: serverguide/C/network-config.xml:943(command)
17055
msgid "sudo apt-get install dhcp3-server"
17056
msgstr "sudo apt-get install dhcp3-server"
17058
#: serverguide/C/network-config.xml:945(para)
17060
"You will probably need to change the default configuration by editing "
17061
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
17063
"You will probably need to change the default configuration by editing "
17064
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
17066
#: serverguide/C/network-config.xml:949(para)
17068
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
17069
"dhcpd should listen to. By default it listens to eth0."
17071
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
17072
"dhcpd should listen to. By default it listens to eth0."
17074
#: serverguide/C/network-config.xml:953(para)
17076
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
17079
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
17082
#: serverguide/C/network-config.xml:960(para)
17084
"The error message the installation ends with might be a little confusing, "
17085
"but the following steps will help you configure the service:"
17087
"The error message the installation ends with might be a little confusing, "
17088
"but the following steps will help you configure the service:"
17090
#: serverguide/C/network-config.xml:964(para)
17092
"Most commonly, what you want to do is assign an IP address randomly. This "
17093
"can be done with settings as follows:"
17095
"Most commonly, what you want to do is assign an IP address randomly. This "
17096
"can be done with settings as follows:"
17098
#: serverguide/C/network-config.xml:968(programlisting)
17102
"# Sample /etc/dhcpd.conf\n"
17103
"# (add your comments here) \n"
17104
"default-lease-time 600;\n"
17105
"max-lease-time 7200;\n"
17106
"option subnet-mask 255.255.255.0;\n"
17107
"option broadcast-address 192.168.1.255;\n"
17108
"option routers 192.168.1.254;\n"
17109
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
17110
"option domain-name \"mydomain.example\";\n"
17112
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
17113
"range 192.168.1.10 192.168.1.100;\n"
17114
"range 192.168.1.150 192.168.1.200;\n"
17118
"# Sample /etc/dhcpd.conf\n"
17119
"# (add your comments here) \n"
17120
"default-lease-time 600;\n"
17121
"max-lease-time 7200;\n"
17122
"option subnet-mask 255.255.255.0;\n"
17123
"option broadcast-address 192.168.1.255;\n"
17124
"option routers 192.168.1.254;\n"
17125
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
17126
"option domain-name \"mydomain.example\";\n"
17128
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
17129
"range 192.168.1.10 192.168.1.100;\n"
17130
"range 192.168.1.150 192.168.1.200;\n"
17133
#: serverguide/C/network-config.xml:984(para)
17135
"This will result in the DHCP server giving a client an IP address from the "
17136
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
17137
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
17138
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
17139
"server will also \"advise\" the client that it should use 255.255.255.0 as "
17140
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
17141
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
17143
"This will result in the DHCP server giving a client an IP address from the "
17144
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
17145
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
17146
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
17147
"server will also \"advise\" the client that it should use 255.255.255.0 as "
17148
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
17149
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
17151
#: serverguide/C/network-config.xml:993(para)
17153
"If you need to specify a WINS server for your Windows clients, you will need "
17154
"to include the netbios-name-servers option, e.g."
17156
"If you need to specify a WINS server for your Windows clients, you will need "
17157
"to include the netbios-name-servers option, e.g."
17159
#: serverguide/C/network-config.xml:997(programlisting)
17163
"option netbios-name-servers 192.168.1.1; \n"
17166
"option netbios-name-servers 192.168.1.1; \n"
17168
#: serverguide/C/network-config.xml:1000(para)
17170
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
17172
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
17174
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
17176
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
17178
#: serverguide/C/network-config.xml:1010(para)
17180
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
17181
"server Ubuntu Wiki</ulink> page has more information."
17183
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
17184
"server Ubuntu Wiki</ulink> page has more information."
17186
#: serverguide/C/network-config.xml:1015(para)
17188
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
17189
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
17190
"\">dhcpd.conf man page</ulink>."
17192
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
17193
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
17194
"\">dhcpd.conf man page</ulink>."
17196
#: serverguide/C/network-config.xml:1021(para)
17198
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
17201
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
17204
#: serverguide/C/network-config.xml:1031(title)
17205
msgid "Time Synchronisation with NTP"
17206
msgstr "Time Synchronisation with NTP"
17208
#: serverguide/C/network-config.xml:1032(para)
17210
"This page describes methods for keeping your computer's time accurate. This "
17211
"is useful for servers, but is not necessary (or desirable) for desktop "
17214
"This page describes methods for keeping your computer's time accurate. This "
17215
"is useful for servers, but is not necessary (or desirable) for desktop "
17218
#: serverguide/C/network-config.xml:1035(para)
17220
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
17221
"client requests the current time from a server, and uses it to set its own "
17224
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
17225
"client requests the current time from a server, and uses it to set its own "
17228
#: serverguide/C/network-config.xml:1038(para)
17230
"Behind this simple description, there is a lot of complexity - there are "
17231
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
17232
"clocks (often via GPS), and tier two and three servers spreading the load of "
17233
"actually handling requests across the Internet. Also the client software is "
17234
"a lot more complex than you might think - it has to factor out communication "
17235
"delays, and adjust the time in a way that does not upset all the other "
17236
"processes that run on the server. But luckily all that complexity is hidden "
17239
"Behind this simple description, there is a lot of complexity - there are "
17240
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
17241
"clocks (often via GPS), and tier two and three servers spreading the load of "
17242
"actually handling requests across the Internet. Also the client software is "
17243
"a lot more complex than you might think - it has to factor out communication "
17244
"delays, and adjust the time in a way that does not upset all the other "
17245
"processes that run on the server. But luckily all that complexity is hidden "
17248
#: serverguide/C/network-config.xml:1041(para)
17250
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
17252
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
17254
#: serverguide/C/network-config.xml:1046(title)
17258
#: serverguide/C/network-config.xml:1047(para)
17260
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
17261
"set up your time according to Ubuntu's NTP server. However, a server's clock "
17262
"is likely to drift considerably between reboots, so it makes sense to "
17263
"correct the time occasionally. The easiest way to do this is to get cron to "
17264
"run ntpdate every day. With your favorite editor, as root, create a file "
17265
"<code>/etc/cron.daily/ntpdate</code> containing:"
17267
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
17268
"set up your time according to Ubuntu's NTP server. However, a server's clock "
17269
"is likely to drift considerably between reboots, so it makes sense to "
17270
"correct the time occasionally. The easiest way to do this is to get cron to "
17271
"run ntpdate every day. With your favourite editor, as root, create a file "
17272
"<code>/etc/cron.daily/ntpdate</code> containing:"
17274
#: serverguide/C/network-config.xml:1052(screen)
17276
msgid "ntpdate ntp.ubuntu.com\n"
17277
msgstr "ntpdate ntp.ubuntu.com\n"
17279
#: serverguide/C/network-config.xml:1054(para)
17281
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
17283
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
17285
#: serverguide/C/network-config.xml:1057(screen)
17287
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
17288
msgstr "sudo chmod 755 /etc/cron.daily/ntpdate\n"
17290
#: serverguide/C/network-config.xml:1061(title)
17294
#: serverguide/C/network-config.xml:1062(para)
17296
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
17297
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
17298
"calculates the drift of your system clock and continuously adjusts it, so "
17299
"there are no large corrections that could lead to inconsistent logs for "
17300
"instance. The cost is a little processing power and memory, but for a modern "
17301
"server this is negligible."
17303
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
17304
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
17305
"calculates the drift of your system clock and continuously adjusts it, so "
17306
"there are no large corrections that could lead to inconsistent logs for "
17307
"instance. The cost is a little processing power and memory, but for a modern "
17308
"server this is negligible."
17310
#: serverguide/C/network-config.xml:1065(para)
17311
msgid "To set up ntpd:"
17312
msgstr "To set up ntpd:"
17314
#: serverguide/C/network-config.xml:1066(screen)
17316
msgid "sudo apt-get install ntp\n"
17317
msgstr "sudo apt-get install ntp\n"
17319
#: serverguide/C/network-config.xml:1071(title)
17320
msgid "Changing Time Servers"
17321
msgstr "Changing Time Servers"
17323
#: serverguide/C/network-config.xml:1072(para)
17325
"In both cases above, your system will use Ubuntu's NTP server at "
17326
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
17327
"use several servers to increase accuracy and resilience, and you may want to "
17328
"use time servers that are geographically closer to you. to do this for "
17329
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
17331
"In both cases above, your system will use Ubuntu's NTP server at "
17332
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
17333
"use several servers to increase accuracy and resilience, and you may want to "
17334
"use time servers that are geographically closer to you. to do this for "
17335
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
17337
#: serverguide/C/network-config.xml:1079(screen)
17339
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
17340
msgstr "ntpdate ntp.ubuntu.com pool.ntp.org \n"
17342
#: serverguide/C/network-config.xml:1081(para)
17344
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
17347
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
17350
#: serverguide/C/network-config.xml:1086(screen)
17353
"server ntp.ubuntu.com\n"
17354
"server pool.ntp.org\n"
17356
"server ntp.ubuntu.com\n"
17357
"server pool.ntp.org\n"
17359
#: serverguide/C/network-config.xml:1089(para)
17361
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
17362
"really good idea which uses round-robin DNS to return an NTP server from a "
17363
"pool, spreading the load between several different servers. Even better, "
17364
"they have pools for different regions - for instance, if you are in New "
17365
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
17366
"<code>pool.ntp.org</code> . Look at <ulink "
17367
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
17370
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
17371
"really good idea which uses round-robin DNS to return an NTP server from a "
17372
"pool, spreading the load between several different servers. Even better, "
17373
"they have pools for different regions - for instance, if you are in New "
17374
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
17375
"<code>pool.ntp.org</code> . Look at <ulink "
17376
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
17379
#: serverguide/C/network-config.xml:1100(para)
17381
"You can also Google for NTP servers in your region, and add these to your "
17382
"configuration. To test that a server works, just type <code>sudo ntpdate "
17383
"ntp.server.name</code> and see what happens."
17385
"You can also Google for NTP servers in your region, and add these to your "
17386
"configuration. To test that a server works, just type <code>sudo ntpdate "
17387
"ntp.server.name</code> and see what happens."
17389
#: serverguide/C/network-config.xml:1111(para)
17391
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
17392
"Time</ulink> wiki page for more information."
17394
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
17395
"Time</ulink> wiki page for more information."
17397
#: serverguide/C/network-config.xml:1117(ulink)
17398
msgid "NTP Support"
17399
msgstr "NTP Support"
17401
#: serverguide/C/network-config.xml:1122(ulink)
17402
msgid "The NTP FAQ and HOWTO"
17403
msgstr "The NTP FAQ and HOWTO"
17405
#: serverguide/C/network-auth.xml:13(title)
17406
msgid "Network Authentication"
17407
msgstr "Network Authentication"
17409
#: serverguide/C/network-auth.xml:15(para)
17410
msgid "This section explains various Network Authentication protocols."
17411
msgstr "This section explains various Network Authentication protocols."
17413
#: serverguide/C/network-auth.xml:19(title)
17414
msgid "OpenLDAP Server"
17415
msgstr "OpenLDAP Server"
17417
#: serverguide/C/network-auth.xml:20(para)
17419
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
17420
"simplified version of the X.500 protocol. The directory setup in this "
17421
"section will be used for authentication. Nevertheless, LDAP can be used in "
17422
"numerous ways: authentication, shared directory (for mail clients), address "
17425
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
17426
"simplified version of the X.500 protocol. The directory setup in this "
17427
"section will be used for authentication. Nevertheless, LDAP can be used in "
17428
"numerous ways: authentication, shared directory (for mail clients), address "
17431
#: serverguide/C/network-auth.xml:28(para)
17433
"To describe LDAP quickly, all information is stored in a tree structure. "
17434
"With <application>OpenLDAP</application> you have freedom to determine the "
17435
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
17436
"We will begin with a basic tree containing two nodes below the root:"
17438
"To describe LDAP quickly, all information is stored in a tree structure. "
17439
"With <application>OpenLDAP</application> you have freedom to determine the "
17440
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
17441
"We will begin with a basic tree containing two nodes below the root:"
17443
#: serverguide/C/network-auth.xml:37(para)
17444
msgid "\"People\" node where your users will be stored"
17445
msgstr "\"People\" node where your users will be stored"
17447
#: serverguide/C/network-auth.xml:40(para)
17448
msgid "\"Groups\" node where your groups will be stored"
17449
msgstr "\"Groups\" node where your groups will be stored"
17451
#: serverguide/C/network-auth.xml:44(para)
17453
"Before beginning, you should determine what the root of your LDAP directory "
17454
"will be. By default, your tree will be determined by your Fully Qualified "
17455
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
17456
"example), your root node will be dc=example,dc=com."
17458
"Before beginning, you should determine what the root of your LDAP directory "
17459
"will be. By default, your tree will be determined by your Fully Qualified "
17460
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
17461
"example), your root node will be dc=example,dc=com."
17463
#: serverguide/C/network-auth.xml:54(para)
17465
"First, install the <application>OpenLDAP</application> server daemon "
17466
"<application>slapd</application> and <application>ldap-utils</application>, "
17467
"a package containing LDAP management utilities:"
17469
"First, install the <application>OpenLDAP</application> server daemon "
17470
"<application>slapd</application> and <application>ldap-utils</application>, "
17471
"a package containing LDAP management utilities:"
17473
#: serverguide/C/network-auth.xml:60(command)
17474
msgid "sudo apt-get install slapd ldap-utils"
17475
msgstr "sudo apt-get install slapd ldap-utils"
17477
#: serverguide/C/network-auth.xml:63(para)
17479
"By default <application>slapd</application> is configured with minimal "
17480
"options needed to run the <application>slapd</application> daemon."
17482
"By default <application>slapd</application> is configured with minimal "
17483
"options needed to run the <application>slapd</application> daemon."
17485
#: serverguide/C/network-auth.xml:68(para)
17487
"The configuration example in the following sections will match the domain "
17488
"name of the server. For example, if the machine's Fully Qualified Domain "
17489
"Name (FQDN) is ldap.example.com, the default suffix will be "
17490
"<emphasis>dc=example,dc=com</emphasis>."
17492
"The configuration example in the following sections will match the domain "
17493
"name of the server. For example, if the machine's Fully Qualified Domain "
17494
"Name (FQDN) is ldap.example.com, the default suffix will be "
17495
"<emphasis>dc=example,dc=com</emphasis>."
17497
#: serverguide/C/network-auth.xml:76(title)
17498
msgid "Populating LDAP"
17499
msgstr "Populating LDAP"
17501
#: serverguide/C/network-auth.xml:78(para)
17503
"<application>OpenLDAP</application> uses a separate directory which contains "
17504
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
17505
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
17506
"<application>slapd</application> daemon, allowing the modification of schema "
17507
"definitions, indexes, ACLs, etc without stopping the service."
17509
"<application>OpenLDAP</application> uses a separate directory which contains "
17510
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
17511
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
17512
"<application>slapd</application> daemon, allowing the modification of schema "
17513
"definitions, indexes, ACLs, etc without stopping the service."
17515
#: serverguide/C/network-auth.xml:86(para)
17517
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
17518
"configuration and will need additional configuration options in order to "
17519
"populate the frontend directory. The frontend will be populated with a "
17520
"\"classical\" scheme that will be compatible with address book applications "
17521
"and with Unix Posix accounts. Posix accounts will allow authentication to "
17522
"various applications, such as web applications, email Mail Transfer Agent "
17523
"(MTA) applications, etc."
17525
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
17526
"configuration and will need additional configuration options in order to "
17527
"populate the frontend directory. The frontend will be populated with a "
17528
"\"classical\" scheme that will be compatible with address book applications "
17529
"and with Unix Posix accounts. Posix accounts will allow authentication to "
17530
"various applications, such as web applications, e-mail Mail Transfer Agent "
17531
"(MTA) applications, etc."
17533
#: serverguide/C/network-auth.xml:95(para)
17535
"For external applications to authenticate using LDAP they will each need to "
17536
"be specifically configured to do so. Refer to the individual application "
17537
"documentation for details."
17539
"For external applications to authenticate using LDAP they will each need to "
17540
"be specifically configured to do so. Refer to the individual application "
17541
"documentation for details."
17543
#: serverguide/C/network-auth.xml:103(para)
17545
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
17546
"examples to match your LDAP configuration."
17548
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
17549
"examples to match your LDAP configuration."
17551
#: serverguide/C/network-auth.xml:108(para)
17553
"First, some additional schema files need to be loaded. In a terminal enter:"
17555
"First, some additional schema files need to be loaded. In a terminal enter:"
17557
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
17558
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
17560
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
17562
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
17563
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
17564
msgstr "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
17566
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
17568
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
17570
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
17572
#: serverguide/C/network-auth.xml:118(para)
17574
"Next, copy the following example LDIF file, naming it "
17575
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
17577
"Next, copy the following example LDIF file, naming it "
17578
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
17580
#: serverguide/C/network-auth.xml:123(programlisting)
17584
"# Load dynamic backend modules\n"
17585
"dn: cn=module,cn=config\n"
17586
"objectClass: olcModuleList\n"
17588
"olcModulepath: /usr/lib/ldap\n"
17589
"olcModuleload: back_hdb\n"
17591
"# Database settings\n"
17592
"dn: olcDatabase=hdb,cn=config\n"
17593
"objectClass: olcDatabaseConfig\n"
17594
"objectClass: olcHdbConfig\n"
17595
"olcDatabase: {1}hdb\n"
17596
"olcSuffix: dc=example,dc=com\n"
17597
"olcDbDirectory: /var/lib/ldap\n"
17598
"olcRootDN: cn=admin,dc=example,dc=com\n"
17599
"olcRootPW: secret\n"
17600
"olcDbConfig: set_cachesize 0 2097152 0\n"
17601
"olcDbConfig: set_lk_max_objects 1500\n"
17602
"olcDbConfig: set_lk_max_locks 1500\n"
17603
"olcDbConfig: set_lk_max_lockers 1500\n"
17604
"olcDbIndex: objectClass eq\n"
17605
"olcLastMod: TRUE\n"
17606
"olcDbCheckpoint: 512 30\n"
17607
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
17608
"by anonymous auth by self write by * none\n"
17609
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
17610
"olcAccess: to dn.base=\"\" by * read\n"
17611
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
17615
"# Load dynamic backend modules\n"
17616
"dn: cn=module,cn=config\n"
17617
"objectClass: olcModuleList\n"
17619
"olcModulepath: /usr/lib/ldap\n"
17620
"olcModuleload: back_hdb\n"
17622
"# Database settings\n"
17623
"dn: olcDatabase=hdb,cn=config\n"
17624
"objectClass: olcDatabaseConfig\n"
17625
"objectClass: olcHdbConfig\n"
17626
"olcDatabase: {1}hdb\n"
17627
"olcSuffix: dc=example,dc=com\n"
17628
"olcDbDirectory: /var/lib/ldap\n"
17629
"olcRootDN: cn=admin,dc=example,dc=com\n"
17630
"olcRootPW: secret\n"
17631
"olcDbConfig: set_cachesize 0 2097152 0\n"
17632
"olcDbConfig: set_lk_max_objects 1500\n"
17633
"olcDbConfig: set_lk_max_locks 1500\n"
17634
"olcDbConfig: set_lk_max_lockers 1500\n"
17635
"olcDbIndex: objectClass eq\n"
17636
"olcLastMod: TRUE\n"
17637
"olcDbCheckpoint: 512 30\n"
17638
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
17639
"by anonymous auth by self write by * none\n"
17640
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
17641
"olcAccess: to dn.base=\"\" by * read\n"
17642
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
17645
#: serverguide/C/network-auth.xml:155(para)
17647
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
17649
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
17651
#: serverguide/C/network-auth.xml:160(para)
17652
msgid "Now add the LDIF to the directory:"
17653
msgstr "Now add the LDIF to the directory:"
17655
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
17656
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
17657
msgstr "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
17659
#: serverguide/C/network-auth.xml:168(para)
17661
"The frontend directory is now ready to be populated. Create a "
17662
"<filename>frontend.example.com.ldif</filename> with the following contents:"
17664
"The frontend directory is now ready to be populated. Create a "
17665
"<filename>frontend.example.com.ldif</filename> with the following contents:"
17667
#: serverguide/C/network-auth.xml:173(programlisting)
17671
"# Create top-level object in domain\n"
17672
"dn: dc=example,dc=com\n"
17673
"objectClass: top\n"
17674
"objectClass: dcObject\n"
17675
"objectclass: organization\n"
17676
"o: Example Organization\n"
17678
"description: LDAP Example \n"
17681
"dn: cn=admin,dc=example,dc=com\n"
17682
"objectClass: simpleSecurityObject\n"
17683
"objectClass: organizationalRole\n"
17685
"description: LDAP administrator\n"
17686
"userPassword: secret\n"
17688
"dn: ou=people,dc=example,dc=com\n"
17689
"objectClass: organizationalUnit\n"
17692
"dn: ou=groups,dc=example,dc=com\n"
17693
"objectClass: organizationalUnit\n"
17696
"dn: uid=john,ou=people,dc=example,dc=com\n"
17697
"objectClass: inetOrgPerson\n"
17698
"objectClass: posixAccount\n"
17699
"objectClass: shadowAccount\n"
17702
"givenName: John\n"
17704
"displayName: John Doe\n"
17705
"uidNumber: 1000\n"
17706
"gidNumber: 10000\n"
17707
"userPassword: password\n"
17708
"gecos: John Doe\n"
17709
"loginShell: /bin/bash\n"
17710
"homeDirectory: /home/john\n"
17711
"shadowExpire: -1\n"
17713
"shadowWarning: 7\n"
17715
"shadowMax: 999999\n"
17716
"shadowLastChange: 10877\n"
17717
"mail: john.doe@example.com\n"
17718
"postalCode: 31000\n"
17721
"mobile: +33 (0)6 xx xx xx xx\n"
17722
"homePhone: +33 (0)5 xx xx xx xx\n"
17723
"title: System Administrator\n"
17724
"postalAddress: \n"
17727
"dn: cn=example,ou=groups,dc=example,dc=com\n"
17728
"objectClass: posixGroup\n"
17730
"gidNumber: 10000\n"
17733
"# Create top-level object in domain\n"
17734
"dn: dc=example,dc=com\n"
17735
"objectClass: top\n"
17736
"objectClass: dcObject\n"
17737
"objectclass: organisation\n"
17738
"o: Example Organisation\n"
17740
"description: LDAP Example \n"
17743
"dn: cn=admin,dc=example,dc=com\n"
17744
"objectClass: simpleSecurityObject\n"
17745
"objectClass: organisationalRole\n"
17747
"description: LDAP administrator\n"
17748
"userPassword: secret\n"
17750
"dn: ou=people,dc=example,dc=com\n"
17751
"objectClass: organisationalUnit\n"
17754
"dn: ou=groups,dc=example,dc=com\n"
17755
"objectClass: organisationalUnit\n"
17758
"dn: uid=john,ou=people,dc=example,dc=com\n"
17759
"objectClass: inetOrgPerson\n"
17760
"objectClass: posixAccount\n"
17761
"objectClass: shadowAccount\n"
17764
"givenName: John\n"
17766
"displayName: John Doe\n"
17767
"uidNumber: 1000\n"
17768
"gidNumber: 10000\n"
17769
"userPassword: password\n"
17770
"gecos: John Doe\n"
17771
"loginShell: /bin/bash\n"
17772
"homeDirectory: /home/john\n"
17773
"shadowExpire: -1\n"
17775
"shadowWarning: 7\n"
17777
"shadowMax: 999999\n"
17778
"shadowLastChange: 10877\n"
17779
"mail: john.doe@example.com\n"
17780
"postalCode: 31000\n"
17783
"mobile: +33 (0)6 xx xx xx xx\n"
17784
"homePhone: +33 (0)5 xx xx xx xx\n"
17785
"title: System Administrator\n"
17786
"postalAddress: \n"
17789
"dn: cn=example,ou=groups,dc=example,dc=com\n"
17790
"objectClass: posixGroup\n"
17792
"gidNumber: 10000\n"
17794
#: serverguide/C/network-auth.xml:236(para)
17796
"In this example the directory structure, a user, and a group have been "
17797
"setup. In other examples you might see the <emphasis>objectClass: "
17798
"top</emphasis> added in every entry, but that is the default behaviour so "
17799
"you do not have to add it explicitly."
17801
"In this example the directory structure, a user, and a group have been "
17802
"setup. In other examples you might see the <emphasis>objectClass: "
17803
"top</emphasis> added in every entry, but that is the default behaviour so "
17804
"you do not have to add it explicitly."
17806
#: serverguide/C/network-auth.xml:243(para)
17807
msgid "Add the entries to the LDAP directory:"
17808
msgstr "Add the entries to the LDAP directory:"
17810
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
17812
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
17814
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
17816
#: serverguide/C/network-auth.xml:252(para)
17818
"We can check that the content has been correctly added with the "
17819
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
17822
"We can check that the content has been correctly added with the "
17823
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
17826
#: serverguide/C/network-auth.xml:258(command)
17827
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
17828
msgstr "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
17830
#: serverguide/C/network-auth.xml:259(computeroutput)
17834
"dn: uid=john,ou=people,dc=example,dc=com\n"
17837
"givenName: John\n"
17840
"dn: uid=john,ou=people,dc=example,dc=com\n"
17843
"givenName: John\n"
17845
#: serverguide/C/network-auth.xml:267(para)
17846
msgid "Just a quick explanation:"
17847
msgstr "Just a quick explanation:"
17849
#: serverguide/C/network-auth.xml:273(para)
17851
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
17854
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
17857
#: serverguide/C/network-auth.xml:279(para)
17858
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
17859
msgstr "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
17861
#: serverguide/C/network-auth.xml:287(title)
17862
msgid "Further Configuration"
17863
msgstr "Further Configuration"
17865
#: serverguide/C/network-auth.xml:290(para)
17867
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
17868
"utilities in the <application>ldap-utils</application> package. For example:"
17870
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
17871
"utilities in the <application>ldap-utils</application> package. For example:"
17873
#: serverguide/C/network-auth.xml:298(para)
17875
"Use <application>ldapsearch</application> to view the tree, entering the "
17876
"admin password set during installation or reconfiguration:"
17878
"Use <application>ldapsearch</application> to view the tree, entering the "
17879
"admin password set during installation or reconfiguration:"
17881
#: serverguide/C/network-auth.xml:304(command)
17882
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
17883
msgstr "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
17885
#: serverguide/C/network-auth.xml:308(computeroutput)
17889
"SASL/EXTERNAL authentication started\n"
17890
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
17894
"dn: cn=module{0},cn=config\n"
17896
"dn: cn=schema,cn=config\n"
17898
"dn: cn={0}core,cn=schema,cn=config\n"
17900
"dn: cn={1}cosine,cn=schema,cn=config\n"
17902
"dn: cn={2}nis,cn=schema,cn=config\n"
17904
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
17906
"dn: olcDatabase={-1}frontend,cn=config\n"
17908
"dn: olcDatabase={0}config,cn=config\n"
17910
"dn: olcDatabase={1}hdb,cn=config\n"
17913
"SASL/EXTERNAL authentication started\n"
17914
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
17918
"dn: cn=module{0},cn=config\n"
17920
"dn: cn=schema,cn=config\n"
17922
"dn: cn={0}core,cn=schema,cn=config\n"
17924
"dn: cn={1}cosine,cn=schema,cn=config\n"
17926
"dn: cn={2}nis,cn=schema,cn=config\n"
17928
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
17930
"dn: olcDatabase={-1}frontend,cn=config\n"
17932
"dn: olcDatabase={0}config,cn=config\n"
17934
"dn: olcDatabase={1}hdb,cn=config\n"
17936
#: serverguide/C/network-auth.xml:334(para)
17938
"The output above is the current configuration options for the "
17939
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
17941
"The output above is the current configuration options for the "
17942
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
17944
#: serverguide/C/network-auth.xml:342(para)
17946
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
17947
"another attribute to the index list using "
17948
"<application>ldapmodify</application>:"
17950
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
17951
"another attribute to the index list using "
17952
"<application>ldapmodify</application>:"
17954
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
17955
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
17956
msgstr "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
17958
#: serverguide/C/network-auth.xml:356(userinput)
17961
"dn: olcDatabase={1}hdb,cn=config\n"
17962
"add: olcDbIndex\n"
17963
"olcDbIndex: uidNumber eq"
17965
"dn: olcDatabase={1}hdb,cn=config\n"
17966
"add: olcDbIndex\n"
17967
"olcDbIndex: uidNumber eq"
17969
#: serverguide/C/network-auth.xml:352(computeroutput)
17973
"SASL/EXTERNAL authentication started\n"
17974
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
17976
"<placeholder-1/>\n"
17978
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17981
"SASL/EXTERNAL authentication started\n"
17982
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
17984
"<placeholder-1/>\n"
17986
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17988
#: serverguide/C/network-auth.xml:364(para)
17990
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
17991
"exit the utility."
17993
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
17994
"exit the utility."
17996
#: serverguide/C/network-auth.xml:371(para)
17998
"<application>ldapmodify</application> can also read the changes from a file. "
17999
"Copy and paste the following into a file named "
18000
"<filename>uid_index.ldif</filename>:"
18002
"<application>ldapmodify</application> can also read the changes from a file. "
18003
"Copy and paste the following into a file named "
18004
"<filename>uid_index.ldif</filename>:"
18006
#: serverguide/C/network-auth.xml:376(programlisting)
18010
"dn: olcDatabase={1}hdb,cn=config\n"
18011
"add: olcDbIndex\n"
18012
"olcDbIndex: uid eq,pres,sub\n"
18015
"dn: olcDatabase={1}hdb,cn=config\n"
18016
"add: olcDbIndex\n"
18017
"olcDbIndex: uid eq,pres,sub\n"
18019
#: serverguide/C/network-auth.xml:382(para)
18020
msgid "Then execute <application>ldapmodify</application>:"
18021
msgstr "Then execute <application>ldapmodify</application>:"
18023
#: serverguide/C/network-auth.xml:387(command)
18024
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
18025
msgstr "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
18027
#: serverguide/C/network-auth.xml:391(computeroutput)
18031
"SASL/EXTERNAL authentication started\n"
18032
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
18034
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
18037
"SASL/EXTERNAL authentication started\n"
18038
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
18040
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
18042
#: serverguide/C/network-auth.xml:399(para)
18043
msgid "The file method is very useful for large changes."
18044
msgstr "The file method is very useful for large changes."
18046
#: serverguide/C/network-auth.xml:406(para)
18048
"Adding additional <emphasis>schemas</emphasis> to "
18049
"<application>slapd</application> requires the schema to be converted to LDIF "
18050
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
18051
"directory contains some schema files already converted to LDIF format as "
18052
"demonstrated in the previous section. Fortunately, the "
18053
"<application>slapd</application> program can be used to automate the "
18054
"conversion. The following example will add the "
18055
"<emphasis>dyngroup.schema</emphasis>:"
18057
"Adding additional <emphasis>schemas</emphasis> to "
18058
"<application>slapd</application> requires the schema to be converted to LDIF "
18059
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
18060
"directory contains some schema files already converted to LDIF format as "
18061
"demonstrated in the previous section. Fortunately, the "
18062
"<application>slapd</application> program can be used to automate the "
18063
"conversion. The following example will add the "
18064
"<emphasis>dyngroup.schema</emphasis>:"
18066
#: serverguide/C/network-auth.xml:416(para)
18068
"First, create a conversion <filename>schema_convert.conf</filename> file "
18069
"containing the following lines:"
18071
"First, create a conversion <filename>schema_convert.conf</filename> file "
18072
"containing the following lines:"
18074
#: serverguide/C/network-auth.xml:421(programlisting)
18078
"include /etc/ldap/schema/core.schema\n"
18079
"include /etc/ldap/schema/collective.schema\n"
18080
"include /etc/ldap/schema/corba.schema\n"
18081
"include /etc/ldap/schema/cosine.schema\n"
18082
"include /etc/ldap/schema/duaconf.schema\n"
18083
"include /etc/ldap/schema/dyngroup.schema\n"
18084
"include /etc/ldap/schema/inetorgperson.schema\n"
18085
"include /etc/ldap/schema/java.schema\n"
18086
"include /etc/ldap/schema/misc.schema\n"
18087
"include /etc/ldap/schema/nis.schema\n"
18088
"include /etc/ldap/schema/openldap.schema\n"
18089
"include /etc/ldap/schema/ppolicy.schema\n"
18092
"include /etc/ldap/schema/core.schema\n"
18093
"include /etc/ldap/schema/collective.schema\n"
18094
"include /etc/ldap/schema/corba.schema\n"
18095
"include /etc/ldap/schema/cosine.schema\n"
18096
"include /etc/ldap/schema/duaconf.schema\n"
18097
"include /etc/ldap/schema/dyngroup.schema\n"
18098
"include /etc/ldap/schema/inetorgperson.schema\n"
18099
"include /etc/ldap/schema/java.schema\n"
18100
"include /etc/ldap/schema/misc.schema\n"
18101
"include /etc/ldap/schema/nis.schema\n"
18102
"include /etc/ldap/schema/openldap.schema\n"
18103
"include /etc/ldap/schema/ppolicy.schema\n"
18105
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
18106
msgid "Next, create a temporary directory to hold the output:"
18107
msgstr "Next, create a temporary directory to hold the output:"
18109
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
18110
msgid "mkdir /tmp/ldif_output"
18111
msgstr "mkdir /tmp/ldif_output"
18113
#: serverguide/C/network-auth.xml:450(para)
18115
"Now using <application>slapcat</application> convert the schema files to "
18118
"Now using <application>slapcat</application> convert the schema files to "
18121
#: serverguide/C/network-auth.xml:455(command)
18123
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
18124
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
18126
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
18127
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
18129
#: serverguide/C/network-auth.xml:458(para)
18131
"Adjust the configuration file name and temporary directory names if yours "
18132
"are different. Also, it may be worthwhile to keep the "
18133
"<filename>ldif_output</filename> directory around in case you want to add "
18134
"additional schemas in the future."
18136
"Adjust the configuration file name and temporary directory names if yours "
18137
"are different. Also, it may be worthwhile to keep the "
18138
"<filename>ldif_output</filename> directory around in case you want to add "
18139
"additional schemas in the future."
18141
#: serverguide/C/network-auth.xml:467(para)
18143
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
18144
"following attributes:"
18146
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
18147
"following attributes:"
18149
#: serverguide/C/network-auth.xml:471(programlisting)
18153
"dn: cn=dyngroup,cn=schema,cn=config\n"
18158
"dn: cn=dyngroup,cn=schema,cn=config\n"
18162
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
18163
msgid "And remove the following lines from the bottom of the file:"
18164
msgstr "And remove the following lines from the bottom of the file:"
18166
#: serverguide/C/network-auth.xml:481(programlisting)
18170
"structuralObjectClass: olcSchemaConfig\n"
18171
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
18172
"creatorsName: cn=config\n"
18173
"createTimestamp: 20080826021140Z\n"
18174
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
18175
"modifiersName: cn=config\n"
18176
"modifyTimestamp: 20080826021140Z\n"
18179
"structuralObjectClass: olcSchemaConfig\n"
18180
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
18181
"creatorsName: cn=config\n"
18182
"createTimestamp: 20080826021140Z\n"
18183
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
18184
"modifiersName: cn=config\n"
18185
"modifyTimestamp: 20080826021140Z\n"
18187
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
18189
"The attribute values will vary, just be sure the attributes are removed."
18191
"The attribute values will vary, just be sure the attributes are removed."
18193
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
18195
"Finally, using the <application>ldapadd</application> utility, add the new "
18196
"schema to the directory:"
18198
"Finally, using the <application>ldapadd</application> utility, add the new "
18199
"schema to the directory:"
18201
#: serverguide/C/network-auth.xml:506(command)
18202
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
18203
msgstr "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
18205
#: serverguide/C/network-auth.xml:512(para)
18207
"There should now be a <emphasis>dn: "
18208
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
18210
"There should now be a <emphasis>dn: "
18211
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
18213
#: serverguide/C/network-auth.xml:522(title)
18214
msgid "LDAP Replication"
18215
msgstr "LDAP Replication"
18217
#: serverguide/C/network-auth.xml:524(para)
18219
"LDAP often quickly becomes a highly critical service to the network. "
18220
"Multiple systems will come to depend on LDAP for authentication, "
18221
"authorization, configuration, etc. It is a good idea to setup a redundant "
18222
"system through replication."
18224
"LDAP often quickly becomes a highly critical service to the network. "
18225
"Multiple systems will come to depend on LDAP for authentication, "
18226
"authorisation, configuration, etc. It is a good idea to setup a redundant "
18227
"system through replication."
18229
#: serverguide/C/network-auth.xml:530(para)
18231
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
18232
"Syncrepl allows the changes to be synced using a "
18233
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
18234
"provider sends directory changes to consumers."
18236
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
18237
"Syncrepl allows the changes to be synced using a "
18238
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
18239
"provider sends directory changes to consumers."
18241
#: serverguide/C/network-auth.xml:537(title)
18242
msgid "Provider Configuration"
18243
msgstr "Provider Configuration"
18245
#: serverguide/C/network-auth.xml:539(para)
18247
"The following is an example of a <emphasis>Single-Master</emphasis> "
18248
"configuration. In this configuration one OpenLDAP server is configured as a "
18249
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
18251
"The following is an example of a <emphasis>Single-Master</emphasis> "
18252
"configuration. In this configuration one OpenLDAP server is configured as a "
18253
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
18255
#: serverguide/C/network-auth.xml:547(para)
18257
"First, configure the provider server. Copy the following to a file named "
18258
"<filename>provider_sync.ldif</filename>:"
18260
"First, configure the provider server. Copy the following to a file named "
18261
"<filename>provider_sync.ldif</filename>:"
18263
#: serverguide/C/network-auth.xml:552(programlisting)
18267
"# Add indexes to the frontend db.\n"
18268
"dn: olcDatabase={1}hdb,cn=config\n"
18269
"changetype: modify\n"
18270
"add: olcDbIndex\n"
18271
"olcDbIndex: entryCSN eq\n"
18273
"add: olcDbIndex\n"
18274
"olcDbIndex: entryUUID eq\n"
18276
"#Load the syncprov and accesslog modules.\n"
18277
"dn: cn=module{0},cn=config\n"
18278
"changetype: modify\n"
18279
"add: olcModuleLoad\n"
18280
"olcModuleLoad: syncprov\n"
18282
"add: olcModuleLoad\n"
18283
"olcModuleLoad: accesslog\n"
18285
"# Accesslog database definitions\n"
18286
"dn: olcDatabase={2}hdb,cn=config\n"
18287
"objectClass: olcDatabaseConfig\n"
18288
"objectClass: olcHdbConfig\n"
18289
"olcDatabase: {2}hdb\n"
18290
"olcDbDirectory: /var/lib/ldap/accesslog\n"
18291
"olcSuffix: cn=accesslog\n"
18292
"olcRootDN: cn=admin,dc=example,dc=com\n"
18293
"olcDbIndex: default eq\n"
18294
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
18296
"# Accesslog db syncprov.\n"
18297
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
18298
"changetype: add\n"
18299
"objectClass: olcOverlayConfig\n"
18300
"objectClass: olcSyncProvConfig\n"
18301
"olcOverlay: syncprov\n"
18302
"olcSpNoPresent: TRUE\n"
18303
"olcSpReloadHint: TRUE\n"
18305
"# syncrepl Provider for primary db\n"
18306
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
18307
"changetype: add\n"
18308
"objectClass: olcOverlayConfig\n"
18309
"objectClass: olcSyncProvConfig\n"
18310
"olcOverlay: syncprov\n"
18311
"olcSpNoPresent: TRUE\n"
18313
"# accesslog overlay definitions for primary db\n"
18314
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
18315
"objectClass: olcOverlayConfig\n"
18316
"objectClass: olcAccessLogConfig\n"
18317
"olcOverlay: accesslog\n"
18318
"olcAccessLogDB: cn=accesslog\n"
18319
"olcAccessLogOps: writes\n"
18320
"olcAccessLogSuccess: TRUE\n"
18321
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
18322
"olcAccessLogPurge: 07+00:00 01+00:00\n"
18325
"# Add indexes to the frontend db.\n"
18326
"dn: olcDatabase={1}hdb,cn=config\n"
18327
"changetype: modify\n"
18328
"add: olcDbIndex\n"
18329
"olcDbIndex: entryCSN eq\n"
18331
"add: olcDbIndex\n"
18332
"olcDbIndex: entryUUID eq\n"
18334
"#Load the syncprov and accesslog modules.\n"
18335
"dn: cn=module{0},cn=config\n"
18336
"changetype: modify\n"
18337
"add: olcModuleLoad\n"
18338
"olcModuleLoad: syncprov\n"
18340
"add: olcModuleLoad\n"
18341
"olcModuleLoad: accesslog\n"
18343
"# Accesslog database definitions\n"
18344
"dn: olcDatabase={2}hdb,cn=config\n"
18345
"objectClass: olcDatabaseConfig\n"
18346
"objectClass: olcHdbConfig\n"
18347
"olcDatabase: {2}hdb\n"
18348
"olcDbDirectory: /var/lib/ldap/accesslog\n"
18349
"olcSuffix: cn=accesslog\n"
18350
"olcRootDN: cn=admin,dc=example,dc=com\n"
18351
"olcDbIndex: default eq\n"
18352
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
18354
"# Accesslog db syncprov.\n"
18355
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
18356
"changetype: add\n"
18357
"objectClass: olcOverlayConfig\n"
18358
"objectClass: olcSyncProvConfig\n"
18359
"olcOverlay: syncprov\n"
18360
"olcSpNoPresent: TRUE\n"
18361
"olcSpReloadHint: TRUE\n"
18363
"# syncrepl Provider for primary db\n"
18364
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
18365
"changetype: add\n"
18366
"objectClass: olcOverlayConfig\n"
18367
"objectClass: olcSyncProvConfig\n"
18368
"olcOverlay: syncprov\n"
18369
"olcSpNoPresent: TRUE\n"
18371
"# accesslog overlay definitions for primary db\n"
18372
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
18373
"objectClass: olcOverlayConfig\n"
18374
"objectClass: olcAccessLogConfig\n"
18375
"olcOverlay: accesslog\n"
18376
"olcAccessLogDB: cn=accesslog\n"
18377
"olcAccessLogOps: writes\n"
18378
"olcAccessLogSuccess: TRUE\n"
18379
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
18380
"olcAccessLogPurge: 07+00:00 01+00:00\n"
18382
#: serverguide/C/network-auth.xml:614(para)
18384
"The <application>AppArmor</application> profile for "
18385
"<application>slapd</application> will need to be adjusted for the accesslog "
18386
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
18389
"The <application>AppArmor</application> profile for "
18390
"<application>slapd</application> will need to be adjusted for the accesslog "
18391
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
18394
#: serverguide/C/network-auth.xml:619(programlisting)
18398
" /var/lib/ldap/accesslog/ r,\n"
18399
" /var/lib/ldap/accesslog/** rwk,\n"
18402
" /var/lib/ldap/accesslog/ r,\n"
18403
" /var/lib/ldap/accesslog/** rwk,\n"
18405
#: serverguide/C/network-auth.xml:624(para)
18407
"Then create the directory, reload the <application>apparmor</application> "
18408
"profile, and copy the <filename>DB_CONFIG</filename> file:"
18410
"Then create the directory, reload the <application>apparmor</application> "
18411
"profile, and copy the <filename>DB_CONFIG</filename> file:"
18413
#: serverguide/C/network-auth.xml:630(command)
18414
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
18415
msgstr "sudo -u openldap mkdir /var/lib/ldap/accesslog"
18417
#: serverguide/C/network-auth.xml:631(command)
18418
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
18419
msgstr "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
18421
#: serverguide/C/network-auth.xml:636(para)
18423
"Using the <emphasis>-u openldap</emphasis> option with the "
18424
"<application>sudo</application> commands above removes the need to adjust "
18425
"permissions for the new directory later."
18427
"Using the <emphasis>-u openldap</emphasis> option with the "
18428
"<application>sudo</application> commands above removes the need to adjust "
18429
"permissions for the new directory later."
18431
#: serverguide/C/network-auth.xml:645(para)
18433
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
18436
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
18439
#: serverguide/C/network-auth.xml:649(programlisting)
18443
"olcRootDN: cn=admin,dc=example,dc=com\n"
18446
"olcRootDN: cn=admin,dc=example,dc=com\n"
18448
#: serverguide/C/network-auth.xml:657(para)
18450
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
18452
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
18454
#: serverguide/C/network-auth.xml:662(command)
18455
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
18456
msgstr "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
18458
#: serverguide/C/network-auth.xml:669(para)
18459
msgid "Restart <application>slapd</application>:"
18460
msgstr "Restart <application>slapd</application>:"
18462
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
18463
msgid "sudo /etc/init.d/slapd restart"
18464
msgstr "sudo /etc/init.d/slapd restart"
18466
#: serverguide/C/network-auth.xml:680(para)
18468
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
18469
"to configure a <emphasis>Consumer</emphasis> server."
18471
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
18472
"to configure a <emphasis>Consumer</emphasis> server."
18474
#: serverguide/C/network-auth.xml:687(title)
18475
msgid "Consumer Configuration"
18476
msgstr "Consumer Configuration"
18478
#: serverguide/C/network-auth.xml:692(para)
18480
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
18481
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
18482
"configuration steps."
18484
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
18485
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
18486
"configuration steps."
18488
#: serverguide/C/network-auth.xml:697(para)
18489
msgid "Add the additional schema files:"
18490
msgstr "Add the additional schema files:"
18492
#: serverguide/C/network-auth.xml:707(para)
18494
"Also, create, or copy from the provider server, the "
18495
"<filename>backend.example.com.ldif</filename>"
18497
"Also, create, or copy from the provider server, the "
18498
"<filename>backend.example.com.ldif</filename>"
18500
#: serverguide/C/network-auth.xml:711(programlisting)
18504
"# Load dynamic backend modules\n"
18505
"dn: cn=module,cn=config\n"
18506
"objectClass: olcModuleList\n"
18508
"olcModulepath: /usr/lib/ldap\n"
18509
"olcModuleload: back_hdb\n"
18511
"# Database settings\n"
18512
"dn: olcDatabase=hdb,cn=config\n"
18513
"objectClass: olcDatabaseConfig\n"
18514
"objectClass: olcHdbConfig\n"
18515
"olcDatabase: {1}hdb\n"
18516
"olcSuffix: dc=example,dc=com\n"
18517
"olcDbDirectory: /var/lib/ldap\n"
18518
"olcRootDN: cn=admin,dc=example,dc=com\n"
18519
"olcRootPW: secret\n"
18520
"olcDbConfig: set_cachesize 0 2097152 0\n"
18521
"olcDbConfig: set_lk_max_objects 1500\n"
18522
"olcDbConfig: set_lk_max_locks 1500\n"
18523
"olcDbConfig: set_lk_max_lockers 1500\n"
18524
"olcDbIndex: objectClass eq\n"
18525
"olcLastMod: TRUE\n"
18526
"olcDbCheckpoint: 512 30\n"
18527
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
18528
"by anonymous auth by self write by * none\n"
18529
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
18530
"olcAccess: to dn.base=\"\" by * read\n"
18531
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
18534
"# Load dynamic backend modules\n"
18535
"dn: cn=module,cn=config\n"
18536
"objectClass: olcModuleList\n"
18538
"olcModulepath: /usr/lib/ldap\n"
18539
"olcModuleload: back_hdb\n"
18541
"# Database settings\n"
18542
"dn: olcDatabase=hdb,cn=config\n"
18543
"objectClass: olcDatabaseConfig\n"
18544
"objectClass: olcHdbConfig\n"
18545
"olcDatabase: {1}hdb\n"
18546
"olcSuffix: dc=example,dc=com\n"
18547
"olcDbDirectory: /var/lib/ldap\n"
18548
"olcRootDN: cn=admin,dc=example,dc=com\n"
18549
"olcRootPW: secret\n"
18550
"olcDbConfig: set_cachesize 0 2097152 0\n"
18551
"olcDbConfig: set_lk_max_objects 1500\n"
18552
"olcDbConfig: set_lk_max_locks 1500\n"
18553
"olcDbConfig: set_lk_max_lockers 1500\n"
18554
"olcDbIndex: objectClass eq\n"
18555
"olcLastMod: TRUE\n"
18556
"olcDbCheckpoint: 512 30\n"
18557
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
18558
"by anonymous auth by self write by * none\n"
18559
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
18560
"olcAccess: to dn.base=\"\" by * read\n"
18561
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
18563
#: serverguide/C/network-auth.xml:741(para)
18564
msgid "And add the LDIF by entering:"
18565
msgstr "And add the LDIF by entering:"
18567
#: serverguide/C/network-auth.xml:752(para)
18569
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
18570
"listed above, and add it:"
18572
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
18573
"listed above, and add it:"
18575
#: serverguide/C/network-auth.xml:760(para)
18577
"The two severs should now have the same configuration except for the "
18578
"<emphasis>Syncrepl</emphasis> options."
18580
"The two severs should now have the same configuration except for the "
18581
"<emphasis>Syncrepl</emphasis> options."
18583
#: serverguide/C/network-auth.xml:768(para)
18585
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
18587
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
18589
#: serverguide/C/network-auth.xml:772(programlisting)
18593
"#Load the syncprov module.\n"
18594
"dn: cn=module{0},cn=config\n"
18595
"changetype: modify\n"
18596
"add: olcModuleLoad\n"
18597
"olcModuleLoad: syncprov\n"
18599
"# syncrepl specific indices\n"
18600
"dn: olcDatabase={1}hdb,cn=config\n"
18601
"changetype: modify\n"
18602
"add: olcDbIndex\n"
18603
"olcDbIndex: entryUUID eq\n"
18605
"add: olcSyncRepl\n"
18606
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
18607
"binddn=\"cn=admin,dc=example,dc=com\" \n"
18608
" credentials=secret searchbase=\"dc=example,dc=com\" "
18609
"logbase=\"cn=accesslog\" \n"
18610
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
18611
"schemachecking=on \n"
18612
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
18614
"add: olcUpdateRef\n"
18615
"olcUpdateRef: ldap://ldap01.example.com\n"
18618
"#Load the syncprov module.\n"
18619
"dn: cn=module{0},cn=config\n"
18620
"changetype: modify\n"
18621
"add: olcModuleLoad\n"
18622
"olcModuleLoad: syncprov\n"
18624
"# syncrepl specific indices\n"
18625
"dn: olcDatabase={1}hdb,cn=config\n"
18626
"changetype: modify\n"
18627
"add: olcDbIndex\n"
18628
"olcDbIndex: entryUUID eq\n"
18630
"add: olcSyncRepl\n"
18631
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
18632
"binddn=\"cn=admin,dc=example,dc=com\" \n"
18633
" credentials=secret searchbase=\"dc=example,dc=com\" "
18634
"logbase=\"cn=accesslog\" \n"
18635
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
18636
"schemachecking=on \n"
18637
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
18639
"add: olcUpdateRef\n"
18640
"olcUpdateRef: ldap://ldap01.example.com\n"
18642
#: serverguide/C/network-auth.xml:795(para)
18643
msgid "You will probably want to change the following attributes:"
18644
msgstr "You will probably want to change the following attributes:"
18646
#: serverguide/C/network-auth.xml:800(para)
18647
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
18648
msgstr "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
18650
#: serverguide/C/network-auth.xml:801(emphasis)
18654
#: serverguide/C/network-auth.xml:802(emphasis)
18655
msgid "credentials"
18656
msgstr "credentials"
18658
#: serverguide/C/network-auth.xml:803(emphasis)
18660
msgstr "searchbase"
18662
#: serverguide/C/network-auth.xml:804(emphasis)
18663
msgid "olcUpdateRef:"
18664
msgstr "olcUpdateRef:"
18666
#: serverguide/C/network-auth.xml:810(para)
18667
msgid "Add the LDIF file to the configuration tree:"
18668
msgstr "Add the LDIF file to the configuration tree:"
18670
#: serverguide/C/network-auth.xml:815(command)
18671
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
18672
msgstr "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
18674
#: serverguide/C/network-auth.xml:821(para)
18676
"The frontend database should now sync between servers. You can add "
18677
"additional servers using the steps above as the need arises."
18679
"The frontend database should now sync between servers. You can add "
18680
"additional servers using the steps above as the need arises."
18682
#: serverguide/C/network-auth.xml:831(programlisting)
18684
msgid "127.0.0.1\tldap01.example.com ldap01"
18685
msgstr "127.0.0.1\tldap01.example.com ldap01"
18687
#: serverguide/C/network-auth.xml:827(para)
18689
"The <application>slapd</application> daemon will send log information to "
18690
"<filename>/var/log/syslog</filename> by default. So if all does "
18691
"<emphasis>not</emphasis> go well check there for errors and other "
18692
"troubleshooting information. Also, be sure that each server knows it's Fully "
18693
"Qualified Domain Name (FQDN). This is configured in "
18694
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
18696
"The <application>slapd</application> daemon will send log information to "
18697
"<filename>/var/log/syslog</filename> by default. So if all does "
18698
"<emphasis>not</emphasis> go well check there for errors and other "
18699
"troubleshooting information. Also, be sure that each server knows it's Fully "
18700
"Qualified Domain Name (FQDN). This is configured in "
18701
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
18703
#: serverguide/C/network-auth.xml:839(title)
18704
msgid "Setting up ACL"
18705
msgstr "Setting up ACL"
18707
#: serverguide/C/network-auth.xml:841(para)
18709
"Authentication requires access to the password field, that should be not "
18710
"accessible by default. Also, in order for users to change their own "
18711
"password, using <command>passwd</command> or other utilities, "
18712
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
18715
"Authentication requires access to the password field, that should be not "
18716
"accessible by default. Also, in order for users to change their own "
18717
"password, using <command>passwd</command> or other utilities, "
18718
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
18721
#: serverguide/C/network-auth.xml:848(para)
18723
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
18724
"tree, use the <application>ldapsearch</application> utility:"
18726
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
18727
"tree, use the <application>ldapsearch</application> utility:"
18729
#: serverguide/C/network-auth.xml:854(command)
18731
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
18732
"olcDatabase=config olcAccess"
18734
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
18735
"olcDatabase=config olcAccess"
18737
#: serverguide/C/network-auth.xml:858(computeroutput)
18740
"SASL/EXTERNAL authentication started\n"
18741
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
18743
"dn: olcDatabase={0}config,cn=config\n"
18744
"olcAccess: {0}to * by "
18745
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
18746
" ,cn=auth manage by * break\n"
18748
"SASL/EXTERNAL authentication started\n"
18749
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
18751
"dn: olcDatabase={0}config,cn=config\n"
18752
"olcAccess: {0}to * by "
18753
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
18754
" ,cn=auth manage by * break\n"
18756
#: serverguide/C/network-auth.xml:867(para)
18757
msgid "To see the ACL for the frontend tree enter:"
18758
msgstr "To see the ACL for the frontend tree enter:"
18760
#: serverguide/C/network-auth.xml:872(command)
18762
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
18763
"olcDatabase={1}hdb olcAccess"
18765
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
18766
"olcDatabase={1}hdb olcAccess"
18768
#: serverguide/C/network-auth.xml:878(title)
18769
msgid "TLS and SSL"
18770
msgstr "TLS and SSL"
18772
#: serverguide/C/network-auth.xml:880(para)
18774
"When authenticating to an OpenLDAP server it is best to do so using an "
18775
"encrypted session. This can be accomplished using Transport Layer Security "
18776
"(TLS) and/or Secure Sockets Layer (SSL)."
18778
"When authenticating to an OpenLDAP server it is best to do so using an "
18779
"encrypted session. This can be accomplished using Transport Layer Security "
18780
"(TLS) and/or Secure Sockets Layer (SSL)."
18782
#: serverguide/C/network-auth.xml:885(para)
18784
"The first step in the process is to obtain or create a "
18785
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
18786
"is compiled using the <application>gnutls</application> library, the "
18787
"<application>certtool</application> utility will be used to create "
18790
"The first step in the process is to obtain or create a "
18791
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
18792
"is compiled using the <application>gnutls</application> library, the "
18793
"<application>certtool</application> utility will be used to create "
18796
#: serverguide/C/network-auth.xml:894(para)
18798
"First, install <application>gnutls-bin</application> by entering the "
18799
"following in a terminal:"
18801
"First, install <application>gnutls-bin</application> by entering the "
18802
"following in a terminal:"
18804
#: serverguide/C/network-auth.xml:899(command)
18805
msgid "sudo apt-get install gnutls-bin"
18806
msgstr "sudo apt-get install gnutls-bin"
18808
#: serverguide/C/network-auth.xml:905(para)
18810
"Next, create a private key for the <emphasis>Certificate "
18811
"Authority</emphasis> (CA):"
18813
"Next, create a private key for the <emphasis>Certificate "
18814
"Authority</emphasis> (CA):"
18816
#: serverguide/C/network-auth.xml:910(command)
18818
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
18820
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
18822
#: serverguide/C/network-auth.xml:916(para)
18824
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
18825
"CA certificate containing:"
18827
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
18828
"CA certificate containing:"
18830
#: serverguide/C/network-auth.xml:920(programlisting)
18834
"cn = Example Company\n"
18836
"cert_signing_key\n"
18839
"cn = Example Company\n"
18841
"cert_signing_key\n"
18843
#: serverguide/C/network-auth.xml:929(para)
18844
msgid "Now create the self-signed CA certificate:"
18845
msgstr "Now create the self-signed CA certificate:"
18847
#: serverguide/C/network-auth.xml:934(command)
18849
"sudo certtool --generate-self-signed --load-privkey "
18850
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
18851
"/etc/ssl/certs/cacert.pem"
18853
"sudo certtool --generate-self-signed --load-privkey "
18854
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
18855
"/etc/ssl/certs/cacert.pem"
18857
#: serverguide/C/network-auth.xml:941(para)
18858
msgid "Make a private key for the server:"
18859
msgstr "Make a private key for the server:"
18861
#: serverguide/C/network-auth.xml:946(command)
18863
"sudo sh -c \"certtool --generate-privkey > "
18864
"/etc/ssl/private/ldap01_slapd_key.pem\""
18866
"sudo sh -c \"certtool --generate-privkey > "
18867
"/etc/ssl/private/ldap01_slapd_key.pem\""
18869
#: serverguide/C/network-auth.xml:950(para)
18871
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
18872
"hostname. Naming the certificate and key for the host and service that will "
18873
"be using them will help keep filenames and paths straight."
18875
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
18876
"hostname. Naming the certificate and key for the host and service that will "
18877
"be using them will help keep filenames and paths straight."
18879
#: serverguide/C/network-auth.xml:959(para)
18881
"To sign the server's certificate with the CA, create the "
18882
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
18884
"To sign the server's certificate with the CA, create the "
18885
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
18887
#: serverguide/C/network-auth.xml:963(programlisting)
18891
"organization = Example Company\n"
18892
"cn = ldap01.example.com\n"
18898
"organisation = Example Company\n"
18899
"cn = ldap01.example.com\n"
18904
#: serverguide/C/network-auth.xml:974(para)
18905
msgid "Create the server's certificate:"
18906
msgstr "Create the server's certificate:"
18908
#: serverguide/C/network-auth.xml:979(command)
18910
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
18911
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
18912
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
18913
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
18915
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
18916
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
18917
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
18918
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
18920
#: serverguide/C/network-auth.xml:987(para)
18922
"Once you have a certificate, key, and CA cert installed, use "
18923
"<application>ldapmodify</application> to add the new configuration options:"
18925
"Once you have a certificate, key, and CA cert installed, use "
18926
"<application>ldapmodify</application> to add the new configuration options:"
18928
#: serverguide/C/network-auth.xml:998(userinput)
18932
"add: olcTLSCACertificateFile\n"
18933
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
18935
"add: olcTLSCertificateFile\n"
18936
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
18938
"add: olcTLSCertificateKeyFile\n"
18939
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
18942
"add: olcTLSCACertificateFile\n"
18943
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
18945
"add: olcTLSCertificateFile\n"
18946
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
18948
"add: olcTLSCertificateKeyFile\n"
18949
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
18951
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
18954
"Enter LDAP Password:\n"
18955
"<placeholder-1/>\n"
18957
"modifying entry \"cn=config\"\n"
18959
"Enter LDAP Password:\n"
18960
"<placeholder-1/>\n"
18962
"modifying entry \"cn=config\"\n"
18964
#: serverguide/C/network-auth.xml:1013(para)
18966
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
18967
"<filename>ldap01_slapd_key.pem</filename>, and "
18968
"<filename>cacert.pem</filename> names if yours are different."
18970
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
18971
"<filename>ldap01_slapd_key.pem</filename>, and "
18972
"<filename>cacert.pem</filename> names if yours are different."
18974
#: serverguide/C/network-auth.xml:1019(para)
18976
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
18977
"<emphasis>SLAPD_SERVICES</emphasis> option:"
18979
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
18980
"<emphasis>SLAPD_SERVICES</emphasis> option:"
18982
#: serverguide/C/network-auth.xml:1023(programlisting)
18986
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
18989
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
18991
#: serverguide/C/network-auth.xml:1027(para)
18993
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
18995
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
18997
#: serverguide/C/network-auth.xml:1032(command)
18998
msgid "sudo adduser openldap ssl-cert"
18999
msgstr "sudo adduser openldap ssl-cert"
19001
#: serverguide/C/network-auth.xml:1033(command)
19002
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
19003
msgstr "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
19005
#: serverguide/C/network-auth.xml:1034(command)
19006
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
19007
msgstr "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
19009
#: serverguide/C/network-auth.xml:1038(para)
19011
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
19012
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
19013
"adjust the commands appropriately."
19015
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
19016
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
19017
"adjust the commands appropriately."
19019
#: serverguide/C/network-auth.xml:1044(para)
19020
msgid "Finally, restart <application>slapd</application>:"
19021
msgstr "Finally, restart <application>slapd</application>:"
19023
#: serverguide/C/network-auth.xml:1052(para)
19025
"The <application>slapd</application> daemon should now be listening for "
19026
"LDAPS connections and be able to use STARTTLS during authentication."
19028
"The <application>slapd</application> daemon should now be listening for "
19029
"LDAPS connections and be able to use STARTTLS during authentication."
19031
#: serverguide/C/network-auth.xml:1058(para)
19033
"If you run into troubles with the server not starting, check the "
19034
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
19035
"it is likely there is a configuration problem. Check that the certificate is "
19036
"signed by the authority from in the files configured, and that the ssl-cert "
19037
"group has read permissions on the private key."
19039
"If you run into troubles with the server not starting, check the "
19040
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
19041
"it is likely there is a configuration problem. Check that the certificate is "
19042
"signed by the authority from in the files configured, and that the ssl-cert "
19043
"group has read permissions on the private key."
19045
#: serverguide/C/network-auth.xml:1070(title)
19046
msgid "TLS Replication"
19047
msgstr "TLS Replication"
19049
#: serverguide/C/network-auth.xml:1072(para)
19051
"If you have setup <application>Syncrepl</application> between servers, it is "
19052
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
19053
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
19054
"linkend=\"openldap-server-replication\"/>."
19056
"If you have setup <application>Syncrepl</application> between servers, it is "
19057
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
19058
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
19059
"linkend=\"openldap-server-replication\"/>."
19061
#: serverguide/C/network-auth.xml:1078(para)
19063
"Assuming you have followed the above instructions and created a CA "
19064
"certificate and server certificate on the <emphasis>Provider</emphasis> "
19065
"server. Follow the following instructions to create a certificate and key "
19066
"for the <emphasis>Consumer</emphasis> server."
19068
"Assuming you have followed the above instructions and created a CA "
19069
"certificate and server certificate on the <emphasis>Provider</emphasis> "
19070
"server. Follow the following instructions to create a certificate and key "
19071
"for the <emphasis>Consumer</emphasis> server."
19073
#: serverguide/C/network-auth.xml:1087(para)
19074
msgid "Create a new key for the Consumer server:"
19075
msgstr "Create a new key for the Consumer server:"
19077
#: serverguide/C/network-auth.xml:1092(command)
19078
msgid "mkdir ldap02-ssl"
19079
msgstr "mkdir ldap02-ssl"
19081
#: serverguide/C/network-auth.xml:1093(command)
19082
msgid "cd ldap02-ssl"
19083
msgstr "cd ldap02-ssl"
19085
#: serverguide/C/network-auth.xml:1094(command)
19086
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
19087
msgstr "certtool --generate-privkey > ldap02_slapd_key.pem"
19089
#: serverguide/C/network-auth.xml:1098(para)
19091
"Creating a new directory is not strictly necessary, but it will help keep "
19092
"things organized and make it easier to copy the files to the Consumer server."
19094
"Creating a new directory is not strictly necessary, but it will help keep "
19095
"things organised and make it easier to copy the files to the Consumer server."
19097
#: serverguide/C/network-auth.xml:1107(para)
19099
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
19100
"server, changing the attributes to match your locality and server:"
19102
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
19103
"server, changing the attributes to match your locality and server:"
19105
#: serverguide/C/network-auth.xml:1112(programlisting)
19110
"state = North Carolina\n"
19111
"locality = Winston-Salem\n"
19112
"organization = Example Company\n"
19113
"cn = ldap02.salem.edu\n"
19120
"state = North Carolina\n"
19121
"locality = Winston-Salem\n"
19122
"organization = Example Company\n"
19123
"cn = ldap02.salem.edu\n"
19128
#: serverguide/C/network-auth.xml:1126(para)
19129
msgid "Create the certificate:"
19130
msgstr "Create the certificate:"
19132
#: serverguide/C/network-auth.xml:1131(command)
19134
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
19135
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
19136
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
19137
"ldap02_slapd_cert.pem"
19139
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
19140
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
19141
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
19142
"ldap02_slapd_cert.pem"
19144
#: serverguide/C/network-auth.xml:1139(para)
19145
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
19146
msgstr "Copy the <filename>cacert.pem</filename> to the directory:"
19148
#: serverguide/C/network-auth.xml:1144(command)
19149
msgid "cp /etc/ssl/certs/cacert.pem ."
19150
msgstr "cp /etc/ssl/certs/cacert.pem ."
19152
#: serverguide/C/network-auth.xml:1150(para)
19154
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
19155
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
19156
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
19157
"and copy <filename>ldap02_slapd_key.pem</filename> to "
19158
"<filename>/etc/ssl/private</filename>."
19160
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
19161
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
19162
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
19163
"and copy <filename>ldap02_slapd_key.pem</filename> to "
19164
"<filename>/etc/ssl/private</filename>."
19166
#: serverguide/C/network-auth.xml:1159(para)
19168
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
19171
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
19174
#: serverguide/C/network-auth.xml:1169(userinput)
19178
"add: olcTLSCACertificateFile\n"
19179
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
19181
"add: olcTLSCertificateFile\n"
19182
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
19184
"add: olcTLSCertificateKeyFile\n"
19185
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
19188
"add: olcTLSCACertificateFile\n"
19189
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
19191
"add: olcTLSCertificateFile\n"
19192
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
19194
"add: olcTLSCertificateKeyFile\n"
19195
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
19197
#: serverguide/C/network-auth.xml:1186(para)
19199
"As with the Provider you can now edit "
19200
"<filename>/etc/default/slapd</filename> and add the "
19201
"<emphasis>ldaps:///</emphasis> parameter to the "
19202
"<emphasis>SLAPD_SERVICES</emphasis> option."
19204
"As with the Provider you can now edit "
19205
"<filename>/etc/default/slapd</filename> and add the "
19206
"<emphasis>ldaps:///</emphasis> parameter to the "
19207
"<emphasis>SLAPD_SERVICES</emphasis> option."
19209
#: serverguide/C/network-auth.xml:1194(para)
19211
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
19212
"modify the <emphasis>Consumer</emphasis> server's "
19213
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
19215
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
19216
"modify the <emphasis>Consumer</emphasis> server's "
19217
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
19219
#: serverguide/C/network-auth.xml:1207(userinput)
19223
"dn: olcDatabase={1}hdb,cn=config\n"
19224
"replace: olcSyncrepl\n"
19225
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
19227
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
19229
" e=\"cn=accesslog\" "
19230
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
19231
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
19235
"dn: olcDatabase={1}hdb,cn=config\n"
19236
"replace: olcSyncrepl\n"
19237
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
19239
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
19241
" e=\"cn=accesslog\" "
19242
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
19243
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
19246
#: serverguide/C/network-auth.xml:1204(computeroutput)
19249
"SASL/EXTERNAL authentication started\n"
19250
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
19252
"<placeholder-1/>\n"
19254
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19256
"SASL/EXTERNAL authentication started\n"
19257
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
19259
"<placeholder-1/>\n"
19261
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19263
#: serverguide/C/network-auth.xml:1219(para)
19265
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
19266
"(FQDN) in the certificate, you may have to edit "
19267
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
19269
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
19270
"(FQDN) in the certificate, you may have to edit "
19271
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
19273
#: serverguide/C/network-auth.xml:1224(programlisting)
19277
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
19278
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
19279
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19282
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
19283
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
19284
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19286
#: serverguide/C/network-auth.xml:1231(para)
19288
"Finally, restart <application>slapd</application> on each of the servers:"
19290
"Finally, restart <application>slapd</application> on each of the servers:"
19292
#: serverguide/C/network-auth.xml:1244(title)
19293
msgid "LDAP Authentication"
19294
msgstr "LDAP Authentication"
19296
#: serverguide/C/network-auth.xml:1246(para)
19298
"Once you have a working LDAP server, the <application>auth-client-"
19299
"config</application> and <application>libnss-ldap</application> packages "
19300
"take the pain out of configuring an Ubuntu client to authenticate using "
19301
"LDAP. To install the packages from, a terminal prompt enter:"
19303
"Once you have a working LDAP server, the <application>auth-client-"
19304
"config</application> and <application>libnss-ldap</application> packages "
19305
"take the pain out of configuring an Ubuntu client to authenticate using "
19306
"LDAP. To install the packages from, a terminal prompt enter:"
19308
#: serverguide/C/network-auth.xml:1253(command)
19309
msgid "sudo apt-get install libnss-ldap"
19310
msgstr "sudo apt-get install libnss-ldap"
19312
#: serverguide/C/network-auth.xml:1256(para)
19314
"During the install a menu dialog will ask you connection details about your "
19317
"During the install a menu dialogue will ask you connection details about "
19318
"your LDAP server."
19320
#: serverguide/C/network-auth.xml:1260(para)
19322
"If you make a mistake when entering your information you can execute the "
19323
"dialog again using:"
19325
"If you make a mistake when entering your information you can execute the "
19326
"dialogue again using:"
19328
#: serverguide/C/network-auth.xml:1265(command)
19329
msgid "sudo dpkg-reconfigure ldap-auth-config"
19330
msgstr "sudo dpkg-reconfigure ldap-auth-config"
19332
#: serverguide/C/network-auth.xml:1268(para)
19334
"The results of the dialog can be seen in "
19335
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
19336
"covered in the menu edit this file accordingly."
19338
"The results of the dialogue can be seen in "
19339
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
19340
"covered in the menu edit this file accordingly."
19342
#: serverguide/C/network-auth.xml:1273(para)
19344
"Now that <application>libnss-ldap</application> is configured enable the "
19345
"<application>auth-client-config</application> LDAP profile by entering:"
19347
"Now that <application>libnss-ldap</application> is configured enable the "
19348
"<application>auth-client-config</application> LDAP profile by entering:"
19350
#: serverguide/C/network-auth.xml:1279(command)
19351
msgid "sudo auth-client-config -t nss -p lac_ldap"
19352
msgstr "sudo auth-client-config -t nss -p lac_ldap"
19354
#: serverguide/C/network-auth.xml:1284(para)
19356
"<emphasis>-t:</emphasis> only modifies "
19357
"<filename>/etc/nsswitch.conf</filename>."
19359
"<emphasis>-t:</emphasis> only modifies "
19360
"<filename>/etc/nsswitch.conf</filename>."
19362
#: serverguide/C/network-auth.xml:1289(para)
19363
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
19365
"<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
19367
#: serverguide/C/network-auth.xml:1294(para)
19369
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
19370
"config</application> profile that is part of the <application>ldap-auth-"
19371
"config</application> package."
19373
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
19374
"config</application> profile that is part of the <application>ldap-auth-"
19375
"config</application> package."
19377
#: serverguide/C/network-auth.xml:1301(para)
19379
"Using the <application>pam-auth-update</application> utility, configure the "
19380
"system to use LDAP for authentication:"
19382
"Using the <application>pam-auth-update</application> utility, configure the "
19383
"system to use LDAP for authentication:"
19385
#: serverguide/C/network-auth.xml:1306(command)
19386
msgid "sudo pam-auth-update"
19387
msgstr "sudo pam-auth-update"
19389
#: serverguide/C/network-auth.xml:1309(para)
19391
"From the <application>pam-auth-update</application> menu, choose LDAP and "
19392
"any other authentication mechanisms you need."
19394
"From the <application>pam-auth-update</application> menu, choose LDAP and "
19395
"any other authentication mechanisms you need."
19397
#: serverguide/C/network-auth.xml:1313(para)
19399
"You should now be able to login using user credentials stored in the LDAP "
19402
"You should now be able to login using user credentials stored in the LDAP "
19405
#: serverguide/C/network-auth.xml:1318(para)
19407
"If you are going to use LDAP to store Samba users you will need to configure "
19408
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
19411
"If you are going to use LDAP to store Samba users you will need to configure "
19412
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
19415
#: serverguide/C/network-auth.xml:1326(title)
19416
msgid "User and Group Management"
19417
msgstr "User and Group Management"
19419
#: serverguide/C/network-auth.xml:1328(para)
19421
"The <application>ldap-utils</application> package comes with multiple "
19422
"utilities to manage the directory, but the long string of options needed, "
19423
"can make them a burden to use. The <application>ldapscripts</application> "
19424
"package contains configurable scripts to easily manage LDAP users and groups."
19426
"The <application>ldap-utils</application> package comes with multiple "
19427
"utilities to manage the directory, but the long string of options needed, "
19428
"can make them a burden to use. The <application>ldapscripts</application> "
19429
"package contains configurable scripts to easily manage LDAP users and groups."
19431
#: serverguide/C/network-auth.xml:1334(para)
19432
msgid "To install the package, from a terminal enter:"
19433
msgstr "To install the package, from a terminal enter:"
19435
#: serverguide/C/network-auth.xml:1339(command)
19436
msgid "sudo apt-get install ldapscripts"
19437
msgstr "sudo apt-get install ldapscripts"
19439
#: serverguide/C/network-auth.xml:1342(para)
19441
"Next, edit the config file "
19442
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
19443
"changing the following to match your environment:"
19445
"Next, edit the config file "
19446
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
19447
"changing the following to match your environment:"
19449
#: serverguide/C/network-auth.xml:1347(programlisting)
19453
"SERVER=localhost\n"
19454
"BINDDN='cn=admin,dc=example,dc=com'\n"
19455
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
19456
"SUFFIX='dc=example,dc=com'\n"
19457
"GSUFFIX='ou=Groups'\n"
19458
"USUFFIX='ou=People'\n"
19459
"MSUFFIX='ou=Computers'\n"
19465
"SERVER=localhost\n"
19466
"BINDDN='cn=admin,dc=example,dc=com'\n"
19467
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
19468
"SUFFIX='dc=example,dc=com'\n"
19469
"GSUFFIX='ou=Groups'\n"
19470
"USUFFIX='ou=People'\n"
19471
"MSUFFIX='ou=Computers'\n"
19476
#: serverguide/C/network-auth.xml:1360(para)
19478
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
19479
"authenticated access to the directory:"
19481
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
19482
"authenticated access to the directory:"
19484
#: serverguide/C/network-auth.xml:1365(command)
19486
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
19488
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
19490
#: serverguide/C/network-auth.xml:1366(command)
19491
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
19492
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
19494
#: serverguide/C/network-auth.xml:1370(para)
19496
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
19499
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
19502
#: serverguide/C/network-auth.xml:1375(para)
19504
"The <application>ldapscripts</application> are now ready to help manage your "
19505
"directory. The following are some examples of how to use the scripts:"
19507
"The <application>ldapscripts</application> are now ready to help manage your "
19508
"directory. The following are some examples of how to use the scripts:"
19510
#: serverguide/C/network-auth.xml:1382(para)
19511
msgid "Create a new user:"
19512
msgstr "Create a new user:"
19514
#: serverguide/C/network-auth.xml:1386(command)
19515
msgid "sudo ldapadduser george example"
19516
msgstr "sudo ldapadduser george example"
19518
#: serverguide/C/network-auth.xml:1388(para)
19520
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
19521
"and set the user's primary group (gid) to <emphasis "
19522
"role=\"italic\">example</emphasis>"
19524
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
19525
"and set the user's primary group (gid) to <emphasis "
19526
"role=\"italic\">example</emphasis>"
19528
#: serverguide/C/network-auth.xml:1394(para)
19529
msgid "Change a user's password:"
19530
msgstr "Change a user's password:"
19532
#: serverguide/C/network-auth.xml:1398(command)
19533
msgid "sudo ldapsetpasswd george"
19534
msgstr "sudo ldapsetpasswd george"
19536
#: serverguide/C/network-auth.xml:1399(computeroutput)
19538
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
19539
msgstr "Changing password for user uid=george,ou=People,dc=example,dc=com"
19541
#: serverguide/C/network-auth.xml:1400(userinput)
19543
msgid "New Password: "
19544
msgstr "New Password: "
19546
#: serverguide/C/network-auth.xml:1401(userinput)
19548
msgid "New Password (verify): "
19549
msgstr "New Password (verify): "
19551
#: serverguide/C/network-auth.xml:1405(para)
19552
msgid "Delete a user:"
19553
msgstr "Delete a user:"
19555
#: serverguide/C/network-auth.xml:1409(command)
19556
msgid "sudo ldapdeleteuser george"
19557
msgstr "sudo ldapdeleteuser george"
19559
#: serverguide/C/network-auth.xml:1414(para)
19560
msgid "Add a group:"
19561
msgstr "Add a group:"
19563
#: serverguide/C/network-auth.xml:1418(command)
19564
msgid "sudo ldapaddgroup qa"
19565
msgstr "sudo ldapaddgroup qa"
19567
#: serverguide/C/network-auth.xml:1422(para)
19568
msgid "Delete a group:"
19569
msgstr "Delete a group:"
19571
#: serverguide/C/network-auth.xml:1426(command)
19572
msgid "sudo ldapdeletegroup qa"
19573
msgstr "sudo ldapdeletegroup qa"
19575
#: serverguide/C/network-auth.xml:1430(para)
19576
msgid "Add a user to a group:"
19577
msgstr "Add a user to a group:"
19579
#: serverguide/C/network-auth.xml:1434(command)
19580
msgid "sudo ldapaddusertogroup george qa"
19581
msgstr "sudo ldapaddusertogroup george qa"
19583
#: serverguide/C/network-auth.xml:1436(para)
19585
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
19586
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
19587
"role=\"italic\">george</emphasis>."
19589
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
19590
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
19591
"role=\"italic\">george</emphasis>."
19593
#: serverguide/C/network-auth.xml:1442(para)
19594
msgid "Remove a user from a group:"
19595
msgstr "Remove a user from a group:"
19597
#: serverguide/C/network-auth.xml:1446(command)
19598
msgid "sudo ldapdeleteuserfromgroup george qa"
19599
msgstr "sudo ldapdeleteuserfromgroup george qa"
19601
#: serverguide/C/network-auth.xml:1448(para)
19603
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
19604
"<emphasis role=\"italic\">qa</emphasis> group."
19606
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
19607
"<emphasis role=\"italic\">qa</emphasis> group."
19609
#: serverguide/C/network-auth.xml:1454(para)
19611
"The <application>ldapmodifyuser</application> script allows you to add, "
19612
"remove, or replace a user's attributes. The script uses the same syntax as "
19613
"the <application>ldapmodify</application> utility. For example:"
19615
"The <application>ldapmodifyuser</application> script allows you to add, "
19616
"remove, or replace a user's attributes. The script uses the same syntax as "
19617
"the <application>ldapmodify</application> utility. For example:"
19619
#: serverguide/C/network-auth.xml:1459(command)
19620
msgid "sudo ldapmodifyuser george"
19621
msgstr "sudo ldapmodifyuser george"
19623
#: serverguide/C/network-auth.xml:1460(computeroutput)
19626
"# About to modify the following entry :\n"
19627
"dn: uid=george,ou=People,dc=example,dc=com\n"
19628
"objectClass: account\n"
19629
"objectClass: posixAccount\n"
19632
"uidNumber: 1001\n"
19633
"gidNumber: 1001\n"
19634
"homeDirectory: /home/george\n"
19635
"loginShell: /bin/bash\n"
19637
"description: User account\n"
19638
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
19640
"# Enter your modifications here, end with CTRL-D.\n"
19641
"dn: uid=george,ou=People,dc=example,dc=com"
19643
"# About to modify the following entry :\n"
19644
"dn: uid=george,ou=People,dc=example,dc=com\n"
19645
"objectClass: account\n"
19646
"objectClass: posixAccount\n"
19649
"uidNumber: 1001\n"
19650
"gidNumber: 1001\n"
19651
"homeDirectory: /home/george\n"
19652
"loginShell: /bin/bash\n"
19654
"description: User account\n"
19655
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
19657
"# Enter your modifications here, end with CTRL-D.\n"
19658
"dn: uid=george,ou=People,dc=example,dc=com"
19660
#: serverguide/C/network-auth.xml:1476(userinput)
19664
"gecos: George Carlin"
19667
"gecos: George Carlin"
19669
#: serverguide/C/network-auth.xml:1479(para)
19671
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
19674
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
19677
#: serverguide/C/network-auth.xml:1484(para)
19679
"Another great feature of <application>ldapscripts</application>, is the "
19680
"template system. Templates allow you to customize the attributes of user, "
19681
"group, and machine objectes. For example, to enable the "
19682
"<emphasis>user</emphasis> template edit "
19683
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
19685
"Another great feature of <application>ldapscripts</application>, is the "
19686
"template system. Templates allow you to customise the attributes of user, "
19687
"group, and machine objectes. For example, to enable the "
19688
"<emphasis>user</emphasis> template edit "
19689
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
19691
#: serverguide/C/network-auth.xml:1491(programlisting)
19695
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
19698
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
19700
#: serverguide/C/network-auth.xml:1495(para)
19702
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
19703
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
19704
"<filename>ldapadduser.template.sample</filename> file to "
19705
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
19707
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
19708
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
19709
"<filename>ldapadduser.template.sample</filename> file to "
19710
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
19712
#: serverguide/C/network-auth.xml:1502(command)
19714
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
19715
"/etc/ldapscripts/ldapadduser.template"
19717
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
19718
"/etc/ldapscripts/ldapadduser.template"
19720
#: serverguide/C/network-auth.xml:1505(para)
19722
"Edit the new template to add the desired attributes. The following will "
19723
"create new user's as with an <emphasis>objectClass</emphasis> of "
19724
"<emphasis>inetOrgPerson</emphasis>:"
19726
"Edit the new template to add the desired attributes. The following will "
19727
"create new user's as with an <emphasis>objectClass</emphasis> of "
19728
"<emphasis>inetOrgPerson</emphasis>:"
19730
#: serverguide/C/network-auth.xml:1510(programlisting)
19734
"dn: uid=<user>,<usuffix>,<suffix>\n"
19735
"objectClass: inetOrgPerson\n"
19736
"objectClass: posixAccount\n"
19737
"cn: <user>\n"
19738
"sn: <ask>\n"
19739
"uid: <user>\n"
19740
"uidNumber: <uid>\n"
19741
"gidNumber: <gid>\n"
19742
"homeDirectory: <home>\n"
19743
"loginShell: <shell>\n"
19744
"gecos: <user>\n"
19745
"description: User account\n"
19746
"title: Employee\n"
19749
"dn: uid=<user>,<usuffix>,<suffix>\n"
19750
"objectClass: inetOrgPerson\n"
19751
"objectClass: posixAccount\n"
19752
"cn: <user>\n"
19753
"sn: <ask>\n"
19754
"uid: <user>\n"
19755
"uidNumber: <uid>\n"
19756
"gidNumber: <gid>\n"
19757
"homeDirectory: <home>\n"
19758
"loginShell: <shell>\n"
19759
"gecos: <user>\n"
19760
"description: User account\n"
19761
"title: Employee\n"
19763
#: serverguide/C/network-auth.xml:1526(para)
19765
"Notice the <emphasis><ask></emphasis> option used for the "
19766
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
19767
"<application>ldapadduser</application> to prompt you for the attribute value "
19768
"during user creation."
19770
"Notice the <emphasis><ask></emphasis> option used for the "
19771
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
19772
"<application>ldapadduser</application> to prompt you for the attribute value "
19773
"during user creation."
19775
#: serverguide/C/network-auth.xml:1534(para)
19777
"There are more useful scripts in the package, to see a full list enter: "
19778
"<command>dpkg -L ldapscripts | grep bin</command>"
19780
"There are more useful scripts in the package, to see a full list enter: "
19781
"<command>dpkg -L ldapscripts | grep bin</command>"
19783
#: serverguide/C/network-auth.xml:1543(para)
19785
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
19786
"Ubuntu Wiki</ulink> page has more details."
19788
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
19789
"Ubuntu Wiki</ulink> page has more details."
19791
#: serverguide/C/network-auth.xml:1548(para)
19793
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
19794
"Home Page</ulink>"
19796
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
19797
"Home Page</ulink>"
19799
#: serverguide/C/network-auth.xml:1553(para)
19801
"Though starting to show it's age, a great source for in depth LDAP "
19802
"information is O'Reilly's <ulink "
19803
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
19804
"Administration</ulink>"
19806
"Though starting to show it's age, a great source for in depth LDAP "
19807
"information is O'Reilly's <ulink "
19808
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
19809
"Administration</ulink>"
19811
#: serverguide/C/network-auth.xml:1559(para)
19813
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
19814
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
19815
"newer versions of OpenLDAP."
19817
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
19818
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
19819
"newer versions of OpenLDAP."
19821
#: serverguide/C/network-auth.xml:1565(para)
19823
"For more information on <application>auth-client-config</application> see "
19824
"the man page: <command>man auth-client-config</command>."
19826
"For more information on <application>auth-client-config</application> see "
19827
"the man page: <command>man auth-client-config</command>."
19829
#: serverguide/C/network-auth.xml:1570(para)
19831
"For more details regarding the <application>ldapscripts</application> "
19832
"package see the man pages: <command>man ldapscripts</command>, <command>man "
19833
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
19835
"For more details regarding the <application>ldapscripts</application> "
19836
"package see the man pages: <command>man ldapscripts</command>, <command>man "
19837
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
19839
#: serverguide/C/network-auth.xml:1580(title)
19840
msgid "Samba and LDAP"
19841
msgstr "Samba and LDAP"
19843
#: serverguide/C/network-auth.xml:1582(para)
19845
"This section covers configuring Samba to use LDAP for user, group, and "
19846
"machine account information and authentication. The assumption is, you "
19847
"already have a working OpenLDAP directory installed and the server is "
19848
"configured to use it for authentication. See <xref linkend=\"openldap-"
19849
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
19850
"setting up OpenLDAP. For more information on installing and configuring "
19851
"Samba see <xref linkend=\"windows-networking\"/>."
19853
"This section covers configuring Samba to use LDAP for user, group, and "
19854
"machine account information and authentication. The assumption is, you "
19855
"already have a working OpenLDAP directory installed and the server is "
19856
"configured to use it for authentication. See <xref linkend=\"openldap-"
19857
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
19858
"setting up OpenLDAP. For more information on installing and configuring "
19859
"Samba see <xref linkend=\"windows-networking\"/>."
19861
#: serverguide/C/network-auth.xml:1592(para)
19863
"There are three packages needed when integrating Samba with LDAP. "
19864
"<application>samba</application>, <application>samba-doc</application>, and "
19865
"<application>smbldap-tools</application> packages . To install the packages, "
19866
"from a terminal enter:"
19868
"There are three packages needed when integrating Samba with LDAP. "
19869
"<application>samba</application>, <application>samba-doc</application>, and "
19870
"<application>smbldap-tools</application> packages . To install the packages, "
19871
"from a terminal enter:"
19873
#: serverguide/C/network-auth.xml:1598(command)
19874
msgid "sudo apt-get install samba samba-doc smbldap-tools"
19875
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
19877
#: serverguide/C/network-auth.xml:1601(para)
19879
"Strictly speaking the <application>smbldap-tools</application> package isn't "
19880
"needed, but unless you have another package or custom scripts, a method of "
19881
"managing users, groups, and computer accounts is needed."
19883
"Strictly speaking the <application>smbldap-tools</application> package isn't "
19884
"needed, but unless you have another package or custom scripts, a method of "
19885
"managing users, groups, and computer accounts is needed."
19887
#: serverguide/C/network-auth.xml:1608(title)
19888
msgid "OpenLDAP Configuration"
19889
msgstr "OpenLDAP Configuration"
19891
#: serverguide/C/network-auth.xml:1610(para)
19893
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
19894
"the user objects in the directory will need additional attributes. This "
19895
"section assumes you want Samba to be configured as a Windows NT domain "
19896
"controller, and will add the necessary LDAP objects and attributes."
19898
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
19899
"the user objects in the directory will need additional attributes. This "
19900
"section assumes you want Samba to be configured as a Windows NT domain "
19901
"controller, and will add the necessary LDAP objects and attributes."
19903
#: serverguide/C/network-auth.xml:1618(para)
19905
"The Samba attributes are defined in the <filename>samba.schema</filename> "
19906
"file which is part of the <application>samba-doc</application> package. The "
19907
"schema file needs to be unzipped and copied to "
19908
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
19910
"The Samba attributes are defined in the <filename>samba.schema</filename> "
19911
"file which is part of the <application>samba-doc</application> package. The "
19912
"schema file needs to be unzipped and copied to "
19913
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
19915
#: serverguide/C/network-auth.xml:1625(command)
19917
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
19918
"/etc/ldap/schema/"
19920
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
19921
"/etc/ldap/schema/"
19923
#: serverguide/C/network-auth.xml:1626(command)
19924
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
19925
msgstr "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
19927
#: serverguide/C/network-auth.xml:1632(para)
19929
"The <emphasis>samba</emphasis> schema needs to be added to the "
19930
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19931
"<application>slapd</application> is also detailed in <xref "
19932
"linkend=\"openldap-configuration\"/>."
19934
"The <emphasis>samba</emphasis> schema needs to be added to the "
19935
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19936
"<application>slapd</application> is also detailed in <xref "
19937
"linkend=\"openldap-configuration\"/>."
19939
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
19941
"First, create a configuration file named "
19942
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19943
"containing the following lines:"
19945
"First, create a configuration file named "
19946
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19947
"containing the following lines:"
19949
#: serverguide/C/network-auth.xml:1645(programlisting)
19953
"include /etc/ldap/schema/core.schema\n"
19954
"include /etc/ldap/schema/collective.schema\n"
19955
"include /etc/ldap/schema/corba.schema\n"
19956
"include /etc/ldap/schema/cosine.schema\n"
19957
"include /etc/ldap/schema/duaconf.schema\n"
19958
"include /etc/ldap/schema/dyngroup.schema\n"
19959
"include /etc/ldap/schema/inetorgperson.schema\n"
19960
"include /etc/ldap/schema/java.schema\n"
19961
"include /etc/ldap/schema/misc.schema\n"
19962
"include /etc/ldap/schema/nis.schema\n"
19963
"include /etc/ldap/schema/openldap.schema\n"
19964
"include /etc/ldap/schema/ppolicy.schema\n"
19965
"include /etc/ldap/schema/samba.schema\n"
19968
"include /etc/ldap/schema/core.schema\n"
19969
"include /etc/ldap/schema/collective.schema\n"
19970
"include /etc/ldap/schema/corba.schema\n"
19971
"include /etc/ldap/schema/cosine.schema\n"
19972
"include /etc/ldap/schema/duaconf.schema\n"
19973
"include /etc/ldap/schema/dyngroup.schema\n"
19974
"include /etc/ldap/schema/inetorgperson.schema\n"
19975
"include /etc/ldap/schema/java.schema\n"
19976
"include /etc/ldap/schema/misc.schema\n"
19977
"include /etc/ldap/schema/nis.schema\n"
19978
"include /etc/ldap/schema/openldap.schema\n"
19979
"include /etc/ldap/schema/ppolicy.schema\n"
19980
"include /etc/ldap/schema/samba.schema\n"
19982
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
19984
"Now use <application>slapcat</application> to convert the schema files:"
19986
"Now use <application>slapcat</application> to convert the schema files:"
19988
#: serverguide/C/network-auth.xml:1680(command)
19990
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
19991
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
19993
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
19994
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
19996
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
19998
"Change the above file and path names to match your own if they are different."
20000
"Change the above file and path names to match your own if they are different."
20002
#: serverguide/C/network-auth.xml:1690(para)
20004
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
20005
"the following attributes:"
20007
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
20008
"the following attributes:"
20010
#: serverguide/C/network-auth.xml:1694(programlisting)
20014
"dn: cn=samba,cn=schema,cn=config\n"
20019
"dn: cn=samba,cn=schema,cn=config\n"
20023
#: serverguide/C/network-auth.xml:1704(programlisting)
20027
"structuralObjectClass: olcSchemaConfig\n"
20028
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
20029
"creatorsName: cn=config\n"
20030
"createTimestamp: 20080827045234Z\n"
20031
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
20032
"modifiersName: cn=config\n"
20033
"modifyTimestamp: 20080827045234Z\n"
20036
"structuralObjectClass: olcSchemaConfig\n"
20037
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
20038
"creatorsName: cn=config\n"
20039
"createTimestamp: 20080827045234Z\n"
20040
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
20041
"modifiersName: cn=config\n"
20042
"modifyTimestamp: 20080827045234Z\n"
20044
#: serverguide/C/network-auth.xml:1729(command)
20045
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
20046
msgstr "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
20048
#: serverguide/C/network-auth.xml:1735(para)
20050
"There should now be a <emphasis>dn: "
20051
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
20052
"sequential schema, entry in the cn=config tree."
20054
"There should now be a <emphasis>dn: "
20055
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
20056
"sequential schema, entry in the cn=config tree."
20058
#: serverguide/C/network-auth.xml:1743(para)
20060
"Copy and paste the following into a file named "
20061
"<filename>samba_indexes.ldif</filename>:"
20063
"Copy and paste the following into a file named "
20064
"<filename>samba_indexes.ldif</filename>:"
20066
#: serverguide/C/network-auth.xml:1747(programlisting)
20070
"dn: olcDatabase={1}hdb,cn=config\n"
20071
"changetype: modify\n"
20072
"add: olcDbIndex\n"
20073
"olcDbIndex: uidNumber eq\n"
20074
"olcDbIndex: gidNumber eq\n"
20075
"olcDbIndex: loginShell eq\n"
20076
"olcDbIndex: uid eq,pres,sub\n"
20077
"olcDbIndex: memberUid eq,pres,sub\n"
20078
"olcDbIndex: uniqueMember eq,pres\n"
20079
"olcDbIndex: sambaSID eq\n"
20080
"olcDbIndex: sambaPrimaryGroupSID eq\n"
20081
"olcDbIndex: sambaGroupType eq\n"
20082
"olcDbIndex: sambaSIDList eq\n"
20083
"olcDbIndex: sambaDomainName eq\n"
20084
"olcDbIndex: default sub\n"
20087
"dn: olcDatabase={1}hdb,cn=config\n"
20088
"changetype: modify\n"
20089
"add: olcDbIndex\n"
20090
"olcDbIndex: uidNumber eq\n"
20091
"olcDbIndex: gidNumber eq\n"
20092
"olcDbIndex: loginShell eq\n"
20093
"olcDbIndex: uid eq,pres,sub\n"
20094
"olcDbIndex: memberUid eq,pres,sub\n"
20095
"olcDbIndex: uniqueMember eq,pres\n"
20096
"olcDbIndex: sambaSID eq\n"
20097
"olcDbIndex: sambaPrimaryGroupSID eq\n"
20098
"olcDbIndex: sambaGroupType eq\n"
20099
"olcDbIndex: sambaSIDList eq\n"
20100
"olcDbIndex: sambaDomainName eq\n"
20101
"olcDbIndex: default sub\n"
20103
#: serverguide/C/network-auth.xml:1765(para)
20105
"Using the <application>ldapmodify</application> utility load the new indexes:"
20107
"Using the <application>ldapmodify</application> utility load the new indexes:"
20109
#: serverguide/C/network-auth.xml:1770(command)
20110
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
20111
msgstr "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
20113
#: serverguide/C/network-auth.xml:1772(para)
20115
"If all went well you should see the new indexes using "
20116
"<application>ldapsearch</application>:"
20118
"If all went well you should see the new indexes using "
20119
"<application>ldapsearch</application>:"
20121
#: serverguide/C/network-auth.xml:1777(command)
20123
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
20125
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
20127
#: serverguide/C/network-auth.xml:1783(para)
20129
"Next, configure the <application>smbldap-tools</application> package to "
20130
"match your environment. The package comes with a configuration script that "
20131
"will ask questions about the needed options. To run the script enter:"
20133
"Next, configure the <application>smbldap-tools</application> package to "
20134
"match your environment. The package comes with a configuration script that "
20135
"will ask questions about the needed options. To run the script enter:"
20137
#: serverguide/C/network-auth.xml:1789(command)
20138
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
20139
msgstr "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
20141
#: serverguide/C/network-auth.xml:1790(command)
20142
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
20143
msgstr "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
20145
#: serverguide/C/network-auth.xml:1793(para)
20147
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
20148
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
20149
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
20150
"configure script, so if you made any mistakes while executing the script it "
20151
"may be simpler to edit the file appropriately."
20153
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
20154
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
20155
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
20156
"configure script, so if you made any mistakes while executing the script it "
20157
"may be simpler to edit the file appropriately."
20159
#: serverguide/C/network-auth.xml:1803(para)
20161
"The <application>smbldap-populate</application> script will add the "
20162
"necessary users, groups, and LDAP objects required for Samba. It is a good "
20163
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
20164
"<application>slapcat</application> before executing the command:"
20166
"The <application>smbldap-populate</application> script will add the "
20167
"necessary users, groups, and LDAP objects required for Samba. It is a good "
20168
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
20169
"<application>slapcat</application> before executing the command:"
20171
#: serverguide/C/network-auth.xml:1810(command)
20172
msgid "sudo slapcat -l backup.ldif"
20173
msgstr "sudo slapcat -l backup.ldif"
20175
#: serverguide/C/network-auth.xml:1816(para)
20177
"Once you have a current backup execute <application>smbldap-"
20178
"populate</application> by entering:"
20180
"Once you have a current backup execute <application>smbldap-"
20181
"populate</application> by entering:"
20183
#: serverguide/C/network-auth.xml:1821(command)
20184
msgid "sudo smbldap-populate"
20185
msgstr "sudo smbldap-populate"
20187
#: serverguide/C/network-auth.xml:1825(para)
20189
"You can create an LDIF file containing the new Samba objects by executing "
20190
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
20191
"look over the changes making sure everything is correct."
20193
"You can create an LDIF file containing the new Samba objects by executing "
20194
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
20195
"look over the changes making sure everything is correct."
20197
#: serverguide/C/network-auth.xml:1833(para)
20199
"Your LDAP directory now has the necessary domain information to authenticate "
20202
"Your LDAP directory now has the necessary domain information to authenticate "
20205
#: serverguide/C/network-auth.xml:1839(title)
20206
msgid "Samba Configuration"
20207
msgstr "Samba Configuration"
20209
#: serverguide/C/network-auth.xml:1841(para)
20211
"There a multiple ways to configure Samba for details on some common "
20212
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
20213
"Samba to use LDAP, edit the main Samba configuration file "
20214
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
20215
"backend</emphasis> option and adding the following:"
20217
"There a multiple ways to configure Samba for details on some common "
20218
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
20219
"Samba to use LDAP, edit the main Samba configuration file "
20220
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
20221
"backend</emphasis> option and adding the following:"
20223
#: serverguide/C/network-auth.xml:1847(programlisting)
20227
"# passdb backend = tdbsam\n"
20229
"# LDAP Settings\n"
20230
" passdb backend = ldapsam:ldap://hostname\n"
20231
" ldap suffix = dc=example,dc=com\n"
20232
" ldap user suffix = ou=People\n"
20233
" ldap group suffix = ou=Groups\n"
20234
" ldap machine suffix = ou=Computers\n"
20235
" ldap idmap suffix = ou=Idmap\n"
20236
" ldap admin dn = cn=admin,dc=example,dc=com\n"
20237
" ldap ssl = start tls\n"
20238
" ldap passwd sync = yes\n"
20240
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
20243
"# passdb backend = tdbsam\n"
20245
"# LDAP Settings\n"
20246
" passdb backend = ldapsam:ldap://hostname\n"
20247
" ldap suffix = dc=example,dc=com\n"
20248
" ldap user suffix = ou=People\n"
20249
" ldap group suffix = ou=Groups\n"
20250
" ldap machine suffix = ou=Computers\n"
20251
" ldap idmap suffix = ou=Idmap\n"
20252
" ldap admin dn = cn=admin,dc=example,dc=com\n"
20253
" ldap ssl = start tls\n"
20254
" ldap passwd sync = yes\n"
20256
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
20258
#: serverguide/C/network-auth.xml:1864(para)
20259
msgid "Restart <application>samba</application> to enable the new settings:"
20260
msgstr "Restart <application>samba</application> to enable the new settings:"
20262
#: serverguide/C/network-auth.xml:1873(para)
20264
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
20267
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
20270
#: serverguide/C/network-auth.xml:1878(command)
20271
msgid "sudo smbpasswd -w secret"
20272
msgstr "sudo smbpasswd -w secret"
20274
#: serverguide/C/network-auth.xml:1882(para)
20276
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
20279
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
20282
#: serverguide/C/network-auth.xml:1887(para)
20284
"If you currently have users in LDAP, and you want them to authenticate using "
20285
"Samba, they will need some Samba attributes defined in the "
20286
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
20287
"users using the <application>smbpasswd</application> utility, replacing "
20288
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
20290
"If you currently have users in LDAP, and you want them to authenticate using "
20291
"Samba, they will need some Samba attributes defined in the "
20292
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
20293
"users using the <application>smbpasswd</application> utility, replacing "
20294
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
20296
#: serverguide/C/network-auth.xml:1895(command)
20297
msgid "sudo smbpasswd -a username"
20298
msgstr "sudo smbpasswd -a username"
20300
#: serverguide/C/network-auth.xml:1898(para)
20301
msgid "You will then be asked to enter the user's password."
20302
msgstr "You will then be asked to enter the user's password."
20304
#: serverguide/C/network-auth.xml:1902(para)
20306
"To add new user, group, and machine accounts use the utilities from the "
20307
"<application>smbldap-tools</application> package. Here are some examples:"
20309
"To add new user, group, and machine accounts use the utilities from the "
20310
"<application>smbldap-tools</application> package. Here are some examples:"
20312
#: serverguide/C/network-auth.xml:1909(para)
20314
"To add a new user to LDAP with Samba attributes enter the following, "
20315
"replacing username with an actual username:"
20317
"To add a new user to LDAP with Samba attributes enter the following, "
20318
"replacing username with an actual username:"
20320
#: serverguide/C/network-auth.xml:1913(command)
20321
msgid "sudo smbldap-useradd -a -P username"
20322
msgstr "sudo smbldap-useradd -a -P username"
20324
#: serverguide/C/network-auth.xml:1915(para)
20326
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
20327
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
20328
"passwd</application> utility after the user is created allowing you to enter "
20329
"a password for the user."
20331
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
20332
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
20333
"passwd</application> utility after the user is created allowing you to enter "
20334
"a password for the user."
20336
#: serverguide/C/network-auth.xml:1921(para)
20337
msgid "To remove a user from the directory enter:"
20338
msgstr "To remove a user from the directory enter:"
20340
#: serverguide/C/network-auth.xml:1925(command)
20341
msgid "sudo smbldap-userdel username"
20342
msgstr "sudo smbldap-userdel username"
20344
#: serverguide/C/network-auth.xml:1927(para)
20346
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
20347
"r</emphasis> option to remove the user's home directory."
20349
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
20350
"r</emphasis> option to remove the user's home directory."
20352
#: serverguide/C/network-auth.xml:1932(para)
20354
"Use <application>smbldap-groupadd</application> to add a group, replacing "
20355
"groupname with an appropriate group:"
20357
"Use <application>smbldap-groupadd</application> to add a group, replacing "
20358
"groupname with an appropriate group:"
20360
#: serverguide/C/network-auth.xml:1936(command)
20361
msgid "sudo smbldap-groupadd -a groupname"
20362
msgstr "sudo smbldap-groupadd -a groupname"
20364
#: serverguide/C/network-auth.xml:1938(para)
20366
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
20367
"a</emphasis> adds the Samba attributes."
20369
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
20370
"a</emphasis> adds the Samba attributes."
20372
#: serverguide/C/network-auth.xml:1943(para)
20374
"To add a user to a group use <application>smbldap-groupmod</application>:"
20376
"To add a user to a group use <application>smbldap-groupmod</application>:"
20378
#: serverguide/C/network-auth.xml:1947(command)
20379
msgid "sudo smbldap-groupmod -m username groupname"
20380
msgstr "sudo smbldap-groupmod -m username groupname"
20382
#: serverguide/C/network-auth.xml:1949(para)
20384
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
20385
"<emphasis>-m</emphasis> option can add more than one user at a time by "
20386
"listing them in <emphasis>comma separated</emphasis> format."
20388
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
20389
"<emphasis>-m</emphasis> option can add more than one user at a time by "
20390
"listing them in <emphasis>comma separated</emphasis> format."
20392
#: serverguide/C/network-auth.xml:1955(para)
20394
"<application>smbldap-groupmod</application> can also be used to remove a "
20395
"user from a group:"
20397
"<application>smbldap-groupmod</application> can also be used to remove a "
20398
"user from a group:"
20400
#: serverguide/C/network-auth.xml:1959(command)
20401
msgid "sudo smbldap-groupmod -x username groupname"
20402
msgstr "sudo smbldap-groupmod -x username groupname"
20404
#: serverguide/C/network-auth.xml:1963(para)
20406
"Additionally, the <application>smbldap-useradd</application> utility can add "
20407
"Samba machine accounts:"
20409
"Additionally, the <application>smbldap-useradd</application> utility can add "
20410
"Samba machine accounts:"
20412
#: serverguide/C/network-auth.xml:1967(command)
20413
msgid "sudo smbldap-useradd -t 0 -w username"
20414
msgstr "sudo smbldap-useradd -t 0 -w username"
20416
#: serverguide/C/network-auth.xml:1969(para)
20418
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
20419
"<emphasis>-t 0</emphasis> option creates the machine account without a "
20420
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
20421
"machine account. Also, note the <emphasis>add machine script</emphasis> "
20422
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
20423
"<application>smbldap-useradd</application>."
20425
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
20426
"<emphasis>-t 0</emphasis> option creates the machine account without a "
20427
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
20428
"machine account. Also, note the <emphasis>add machine script</emphasis> "
20429
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
20430
"<application>smbldap-useradd</application>."
20432
#: serverguide/C/network-auth.xml:1978(para)
20434
"There are more useful utilities and options in the <application>smbldap-"
20435
"tools</application> package. The man page for each utility provides more "
20438
"There are more useful utilities and options in the <application>smbldap-"
20439
"tools</application> package. The man page for each utility provides more "
20442
#: serverguide/C/network-auth.xml:1989(para)
20444
"There are multiple places where LDAP and Samba is documented in the <ulink "
20445
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
20446
"Collection</ulink>."
20448
"There are multiple places where LDAP and Samba is documented in the <ulink "
20449
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
20450
"Collection</ulink>."
20452
#: serverguide/C/network-auth.xml:1995(para)
20454
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
20455
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
20457
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
20458
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
20460
#: serverguide/C/network-auth.xml:2001(para)
20462
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
20463
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
20465
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
20466
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
20468
#: serverguide/C/network-auth.xml:2007(para)
20470
"Again, for more information on <application>smbldap-tools</application> see "
20471
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
20472
"groupadd</command>, <command>man smbldap-populate</command>, etc."
20474
"Again, for more information on <application>smbldap-tools</application> see "
20475
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
20476
"groupadd</command>, <command>man smbldap-populate</command>, etc."
20478
#: serverguide/C/network-auth.xml:2014(para)
20480
"Also, there is a list of <ulink "
20481
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
20482
"wiki</ulink> articles with more information."
20484
"Also, there is a list of <ulink "
20485
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
20486
"wiki</ulink> articles with more information."
20488
#: serverguide/C/network-auth.xml:2023(title)
20492
#: serverguide/C/network-auth.xml:2025(para)
20494
"<application>Kerberos</application> is a network authentication system based "
20495
"on the principal of a trusted third party. The other two parties being the "
20496
"user and the service the user wishes to authenticate to. Not all services "
20497
"and applications can use Kerberos, but for those that can, it brings the "
20498
"network environment one step closer to being Single Sign On (SSO)."
20500
"<application>Kerberos</application> is a network authentication system based "
20501
"on the principal of a trusted third party. The other two parties being the "
20502
"user and the service the user wishes to authenticate to. Not all services "
20503
"and applications can use Kerberos, but for those that can, it brings the "
20504
"network environment one step closer to being Single Sign On (SSO)."
20506
#: serverguide/C/network-auth.xml:2031(para)
20508
"This section covers installation and configuration of a Kerberos server, and "
20509
"some example client configurations."
20511
"This section covers installation and configuration of a Kerberos server, and "
20512
"some example client configurations."
20514
#: serverguide/C/network-auth.xml:2038(para)
20516
"If you are new to Kerberos there are a few terms that are good to understand "
20517
"before setting up a Kerberos server. Most of the terms will relate to things "
20518
"you may be familiar with in other environments:"
20520
"If you are new to Kerberos there are a few terms that are good to understand "
20521
"before setting up a Kerberos server. Most of the terms will relate to things "
20522
"you may be familiar with in other environments:"
20524
#: serverguide/C/network-auth.xml:2045(para)
20526
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
20527
"by servers need to be defined as Kerberos Principals."
20529
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
20530
"by servers need to be defined as Kerberos Principals."
20532
#: serverguide/C/network-auth.xml:2050(para)
20534
"<emphasis>Instances:</emphasis> are used for service principals and special "
20535
"administrative principals."
20537
"<emphasis>Instances:</emphasis> are used for service principals and special "
20538
"administrative principals."
20540
#: serverguide/C/network-auth.xml:2055(para)
20542
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
20543
"Kerberos installation. Usually the DNS domain converted to uppercase "
20546
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
20547
"Kerberos installation. Usually the DNS domain converted to uppercase "
20550
#: serverguide/C/network-auth.xml:2061(para)
20552
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
20553
"a database of all principals, the authentication server, and the ticket "
20554
"granting server. For each realm there must be at least one KDC."
20556
"<emphasis>Key Distribution Centre:</emphasis> (KDC) consist of three parts, "
20557
"a database of all principals, the authentication server, and the ticket "
20558
"granting server. For each realm there must be at least one KDC."
20560
#: serverguide/C/network-auth.xml:2067(para)
20562
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
20563
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
20564
"password which is known only to the user and the KDC."
20566
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
20567
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
20568
"password which is known only to the user and the KDC."
20570
#: serverguide/C/network-auth.xml:2073(para)
20572
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
20573
"clients upon request."
20575
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
20576
"clients upon request."
20578
#: serverguide/C/network-auth.xml:2078(para)
20580
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
20581
"One principal being a user and the other a service requested by the user. "
20582
"Tickets establish an encryption key used for secure communication during the "
20583
"authenticated session."
20585
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
20586
"One principal being a user and the other a service requested by the user. "
20587
"Tickets establish an encryption key used for secure communication during the "
20588
"authenticated session."
20590
#: serverguide/C/network-auth.xml:2084(para)
20592
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
20593
"principal database and contain the encryption key for a service or host."
20595
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
20596
"principal database and contain the encryption key for a service or host."
20598
#: serverguide/C/network-auth.xml:2091(para)
20600
"To put the pieces together, a Realm has at least one KDC, preferably two for "
20601
"redundancy, which contains a database of Principals. When a user principal "
20602
"logs into a workstation, configured for Kerberos authentication, the KDC "
20603
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
20604
"match, the user is authenticated and can then request tickets for Kerberized "
20605
"services from the Ticket Granting Server (TGS). The service tickets allow "
20606
"the user to authenticate to the service without entering another username "
20609
"To put the pieces together, a Realm has at least one KDC, preferably two for "
20610
"redundancy, which contains a database of Principals. When a user principal "
20611
"logs into a workstation, configured for Kerberos authentication, the KDC "
20612
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
20613
"match, the user is authenticated and can then request tickets for Kerberised "
20614
"services from the Ticket Granting Server (TGS). The service tickets allow "
20615
"the user to authenticate to the service without entering another username "
20618
#: serverguide/C/network-auth.xml:2100(title)
20619
msgid "Kerberos Server"
20620
msgstr "Kerberos Server"
20622
#: serverguide/C/network-auth.xml:2104(para)
20624
"Before installing the Kerberos server a properly configured DNS server is "
20625
"needed for your domain. Since the Kerberos Realm by convention matches the "
20626
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
20627
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
20629
"Before installing the Kerberos server a properly configured DNS server is "
20630
"needed for your domain. Since the Kerberos Realm by convention matches the "
20631
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
20632
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
20634
#: serverguide/C/network-auth.xml:2110(para)
20636
"Also, Kerberos is a time sensitive protocol. So if the local system time "
20637
"between a client machine and the server differs by more than five minutes "
20638
"(by default), the workstation will not be able to authenticate. To correct "
20639
"the problem all hosts should have their time synchronized using the "
20640
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
20641
"NTP see <xref linkend=\"NTP\"/>."
20643
"Also, Kerberos is a time sensitive protocol. So if the local system time "
20644
"between a client machine and the server differs by more than five minutes "
20645
"(by default), the workstation will not be able to authenticate. To correct "
20646
"the problem all hosts should have their time synchronised using the "
20647
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
20648
"NTP see <xref linkend=\"NTP\"/>."
20650
#: serverguide/C/network-auth.xml:2117(para)
20652
"The first step in installing a Kerberos Realm is to install the "
20653
"<application>krb5-kdc</application> and <application>krb5-admin-"
20654
"server</application> packages. From a terminal enter:"
20656
"The first step in installing a Kerberos Realm is to install the "
20657
"<application>krb5-kdc</application> and <application>krb5-admin-"
20658
"server</application> packages. From a terminal enter:"
20660
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
20661
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
20662
msgstr "sudo apt-get install krb5-kdc krb5-admin-server"
20664
#: serverguide/C/network-auth.xml:2126(para)
20666
"You will be asked at the end of the install to supply a name for the "
20667
"Kerberos and Admin servers, which may or may not be the same server, for the "
20670
"You will be asked at the end of the install to supply a name for the "
20671
"Kerberos and Admin servers, which may or may not be the same server, for the "
20674
#: serverguide/C/network-auth.xml:2131(para)
20676
"Next, create the new realm with the <application>kdb5_newrealm</application> "
20679
"Next, create the new realm with the <application>kdb5_newrealm</application> "
20682
#: serverguide/C/network-auth.xml:2136(command)
20683
msgid "sudo krb5_newrealm"
20684
msgstr "sudo krb5_newrealm"
20686
#: serverguide/C/network-auth.xml:2143(para)
20688
"The questions asked during installation are used to configure the "
20689
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
20690
"Distribution Center (KDC) settings simply edit the file and restart the "
20691
"<application>krb5-kdc</application> daemon."
20693
"The questions asked during installation are used to configure the "
20694
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
20695
"Distribution Centre (KDC) settings simply edit the file and restart the "
20696
"<application>krb5-kdc</application> daemon."
20698
#: serverguide/C/network-auth.xml:2151(para)
20700
"Now that the KDC running an admin user is needed. It is recommended to use a "
20701
"different username from your everyday username. Using the "
20702
"<application>kadmin.local</application> utility in a terminal prompt enter:"
20704
"Now that the KDC running an admin user is needed. It is recommended to use a "
20705
"different username from your everyday username. Using the "
20706
"<application>kadmin.local</application> utility in a terminal prompt enter:"
20708
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
20709
msgid "sudo kadmin.local"
20710
msgstr "sudo kadmin.local"
20712
#: serverguide/C/network-auth.xml:2158(computeroutput)
20715
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
20718
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
20721
#: serverguide/C/network-auth.xml:2159(userinput)
20723
msgid " addprinc steve/admin"
20724
msgstr " addprinc steve/admin"
20726
#: serverguide/C/network-auth.xml:2160(computeroutput)
20729
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
20731
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
20732
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
20733
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
20736
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
20738
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
20739
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
20740
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
20743
#: serverguide/C/network-auth.xml:2164(userinput)
20748
#: serverguide/C/network-auth.xml:2167(para)
20750
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
20751
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
20752
"is an <emphasis>Instance</emphasis>, and <emphasis "
20753
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
20754
"role=\"italic\">\"every day\"</emphasis> Principal would be "
20755
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
20758
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
20759
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
20760
"is an <emphasis>Instance</emphasis>, and <emphasis "
20761
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
20762
"role=\"italic\">\"every day\"</emphasis> Principal would be "
20763
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
20766
#: serverguide/C/network-auth.xml:2175(para)
20768
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
20769
"your Realm and admin username."
20771
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
20772
"your Realm and admin username."
20774
#: serverguide/C/network-auth.xml:2183(para)
20776
"Next, the new admin user needs to have the appropriate Access Control List "
20777
"(ACL) permissions. The permissions are configured in the "
20778
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
20780
"Next, the new admin user needs to have the appropriate Access Control List "
20781
"(ACL) permissions. The permissions are configured in the "
20782
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
20784
#: serverguide/C/network-auth.xml:2188(programlisting)
20788
"steve/admin@EXAMPLE.COM *\n"
20791
"steve/admin@EXAMPLE.COM *\n"
20793
#: serverguide/C/network-auth.xml:2192(para)
20795
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
20796
"any operation on all principals in the realm."
20798
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
20799
"any operation on all principals in the realm."
20801
#: serverguide/C/network-auth.xml:2199(para)
20803
"Now restart the <application>krb5-admin-server</application> for the new ACL "
20806
"Now restart the <application>krb5-admin-server</application> for the new ACL "
20809
#: serverguide/C/network-auth.xml:2204(command)
20810
msgid "sudo /etc/init.d/krb5-admin-server restart"
20811
msgstr "sudo /etc/init.d/krb5-admin-server restart"
20813
#: serverguide/C/network-auth.xml:2210(para)
20815
"The new user principal can be tested using the <application>kinit "
20816
"utility</application>:"
20818
"The new user principal can be tested using the <application>kinit "
20819
"utility</application>:"
20821
#: serverguide/C/network-auth.xml:2215(command)
20822
msgid "kinit steve/admin"
20823
msgstr "kinit steve/admin"
20825
#: serverguide/C/network-auth.xml:2216(computeroutput)
20827
msgid "steve/admin@EXAMPLE.COM's Password:"
20828
msgstr "steve/admin@EXAMPLE.COM's Password:"
20830
#: serverguide/C/network-auth.xml:2219(para)
20832
"After entering the password, use the <application>klist</application> "
20833
"utility to view information about the Ticket Granting Ticket (TGT):"
20835
"After entering the password, use the <application>klist</application> "
20836
"utility to view information about the Ticket Granting Ticket (TGT):"
20838
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
20842
#: serverguide/C/network-auth.xml:2226(computeroutput)
20845
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
20846
" Principal: steve/admin@EXAMPLE.COM\n"
20848
" Issued Expires Principal\n"
20849
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
20851
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
20852
" Principal: steve/admin@EXAMPLE.COM\n"
20854
" Issued Expires Principal\n"
20855
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
20857
#: serverguide/C/network-auth.xml:2233(para)
20859
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
20860
"the KDC. For example:"
20862
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
20863
"the KDC. For example:"
20865
#: serverguide/C/network-auth.xml:2237(programlisting)
20869
"192.168.0.1 kdc01.example.com kdc01\n"
20872
"192.168.0.1 kdc01.example.com kdc01\n"
20874
#: serverguide/C/network-auth.xml:2241(para)
20876
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
20878
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
20880
#: serverguide/C/network-auth.xml:2248(para)
20882
"In order for clients to determine the KDC for the Realm some DNS SRV records "
20883
"are needed. Add the following to "
20884
"<filename>/etc/named/db.example.com</filename>:"
20886
"In order for clients to determine the KDC for the Realm some DNS SRV records "
20887
"are needed. Add the following to "
20888
"<filename>/etc/named/db.example.com</filename>:"
20890
#: serverguide/C/network-auth.xml:2253(programlisting)
20894
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
20895
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
20896
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
20897
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
20898
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
20899
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
20902
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
20903
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
20904
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
20905
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
20906
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
20907
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
20909
#: serverguide/C/network-auth.xml:2263(para)
20911
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
20912
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
20915
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
20916
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
20919
#: serverguide/C/network-auth.xml:2269(para)
20921
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
20923
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
20925
#: serverguide/C/network-auth.xml:2276(para)
20926
msgid "Your new Kerberos Realm is now ready to authenticate clients."
20927
msgstr "Your new Kerberos Realm is now ready to authenticate clients."
20929
#: serverguide/C/network-auth.xml:2283(title)
20930
msgid "Secondary KDC"
20931
msgstr "Secondary KDC"
20933
#: serverguide/C/network-auth.xml:2285(para)
20935
"Once you have one Key Distribution Center (KDC) on your network, it is good "
20936
"practice to have a Secondary KDC in case the primary becomes unavailable."
20938
"Once you have one Key Distribution Centre (KDC) on your network, it is good "
20939
"practice to have a Secondary KDC in case the primary becomes unavailable."
20941
#: serverguide/C/network-auth.xml:2293(para)
20943
"First, install the packages, and when asked for the Kerberos and Admin "
20944
"server names enter the name of the Primary KDC:"
20946
"First, install the packages, and when asked for the Kerberos and Admin "
20947
"server names enter the name of the Primary KDC:"
20949
#: serverguide/C/network-auth.xml:2304(para)
20951
"Once you have the packages installed, create the Secondary KDC's host "
20952
"principal. From a terminal prompt, enter:"
20954
"Once you have the packages installed, create the Secondary KDC's host "
20955
"principal. From a terminal prompt, enter:"
20957
#: serverguide/C/network-auth.xml:2309(command)
20958
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
20959
msgstr "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
20961
#: serverguide/C/network-auth.xml:2313(para)
20963
"After, issuing any <application>kadmin</application> commands you will be "
20964
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
20967
"After, issuing any <application>kadmin</application> commands you will be "
20968
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
20971
#: serverguide/C/network-auth.xml:2322(para)
20972
msgid "Extract the <emphasis>keytab</emphasis> file:"
20973
msgstr "Extract the <emphasis>keytab</emphasis> file:"
20975
#: serverguide/C/network-auth.xml:2327(command)
20976
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
20977
msgstr "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
20979
#: serverguide/C/network-auth.xml:2333(para)
20981
"There should now be a <filename>keytab.kdc02</filename> in the current "
20982
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
20984
"There should now be a <filename>keytab.kdc02</filename> in the current "
20985
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
20987
#: serverguide/C/network-auth.xml:2339(command)
20988
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
20989
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
20991
#: serverguide/C/network-auth.xml:2343(para)
20993
"If the path to the <filename>keytab.kdc02</filename> file is different "
20994
"adjust accordingly."
20996
"If the path to the <filename>keytab.kdc02</filename> file is different "
20997
"adjust accordingly."
20999
#: serverguide/C/network-auth.xml:2348(para)
21001
"Also, you can list the principals in a Keytab file, which can be useful when "
21002
"troubleshooting, using the <application>klist</application> utility:"
21004
"Also, you can list the principals in a Keytab file, which can be useful when "
21005
"troubleshooting, using the <application>klist</application> utility:"
21007
#: serverguide/C/network-auth.xml:2354(command)
21008
msgid "sudo klist -k /etc/krb5.keytab"
21009
msgstr "sudo klist -k /etc/krb5.keytab"
21011
#: serverguide/C/network-auth.xml:2360(para)
21013
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
21014
"that lists all KDCs for the Realm. For example, on both primary and "
21015
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
21017
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
21018
"that lists all KDCs for the Realm. For example, on both primary and "
21019
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
21021
#: serverguide/C/network-auth.xml:2365(programlisting)
21025
"host/kdc01.example.com@EXAMPLE.COM\n"
21026
"host/kdc02.example.com@EXAMPLE.COM\n"
21029
"host/kdc01.example.com@EXAMPLE.COM\n"
21030
"host/kdc02.example.com@EXAMPLE.COM\n"
21032
#: serverguide/C/network-auth.xml:2373(para)
21033
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
21034
msgstr "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
21036
#: serverguide/C/network-auth.xml:2378(command)
21037
msgid "sudo kdb5_util -s create"
21038
msgstr "sudo kdb5_util -s create"
21040
#: serverguide/C/network-auth.xml:2384(para)
21042
"Now start the <application>kpropd</application> daemon, which listens for "
21043
"connections from the <application>kprop</application> utility. "
21044
"<application>kprop</application> is used to transfer dump files:"
21046
"Now start the <application>kpropd</application> daemon, which listens for "
21047
"connections from the <application>kprop</application> utility. "
21048
"<application>kprop</application> is used to transfer dump files:"
21050
#: serverguide/C/network-auth.xml:2391(command)
21051
msgid "sudo kpropd -S"
21052
msgstr "sudo kpropd -S"
21054
#: serverguide/C/network-auth.xml:2397(para)
21056
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
21057
"of the principal database:"
21059
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
21060
"of the principal database:"
21062
#: serverguide/C/network-auth.xml:2402(command)
21063
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
21064
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
21066
#: serverguide/C/network-auth.xml:2408(para)
21068
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
21069
"<filename>/etc/krb5.keytab</filename>:"
21071
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
21072
"<filename>/etc/krb5.keytab</filename>:"
21074
#: serverguide/C/network-auth.xml:2413(command)
21075
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
21076
msgstr "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
21078
#: serverguide/C/network-auth.xml:2414(command)
21079
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
21080
msgstr "sudo mv keytab.kdc01 /etc/krb5.keytab"
21082
#: serverguide/C/network-auth.xml:2418(para)
21084
"Make sure there is a <emphasis>host</emphasis> for "
21085
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
21087
"Make sure there is a <emphasis>host</emphasis> for "
21088
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
21090
#: serverguide/C/network-auth.xml:2426(para)
21092
"Using the <application>kprop</application> utility push the database to the "
21095
"Using the <application>kprop</application> utility push the database to the "
21098
#: serverguide/C/network-auth.xml:2431(command)
21099
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
21100
msgstr "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
21102
#: serverguide/C/network-auth.xml:2435(para)
21104
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
21105
"worked. If there is an error message check "
21106
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
21109
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
21110
"worked. If there is an error message check "
21111
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
21114
#: serverguide/C/network-auth.xml:2441(para)
21116
"You may also want to create a <application>cron</application> job to "
21117
"periodically update the database on the Secondary KDC. For example, the "
21118
"following will push the database every hour:"
21120
"You may also want to create a <application>cron</application> job to "
21121
"periodically update the database on the Secondary KDC. For example, the "
21122
"following will push the database every hour:"
21124
#: serverguide/C/network-auth.xml:2446(programlisting)
21128
"# m h dom mon dow command\n"
21129
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
21130
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
21133
"# m h dom mon dow command\n"
21134
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
21135
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
21137
#: serverguide/C/network-auth.xml:2454(para)
21139
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
21140
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
21142
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
21143
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
21145
#: serverguide/C/network-auth.xml:2460(command)
21146
msgid "sudo kdb5_util stash"
21147
msgstr "sudo kdb5_util stash"
21149
#: serverguide/C/network-auth.xml:2466(para)
21151
"Finally, start the <application>krb5-kdc</application> daemon on the "
21154
"Finally, start the <application>krb5-kdc</application> daemon on the "
21157
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
21158
msgid "sudo /etc/init.d/krb5-kdc start"
21159
msgstr "sudo /etc/init.d/krb5-kdc start"
21161
#: serverguide/C/network-auth.xml:2477(para)
21163
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
21164
"for the Realm. You can test this by stopping the <application>krb5-"
21165
"kdc</application> daemon on the Primary KDC, then use "
21166
"<application>kinit</application> to request a ticket. If all goes well you "
21167
"should receive a ticket from the Secondary KDC."
21169
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
21170
"for the Realm. You can test this by stopping the <application>krb5-"
21171
"kdc</application> daemon on the Primary KDC, then use "
21172
"<application>kinit</application> to request a ticket. If all goes well you "
21173
"should receive a ticket from the Secondary KDC."
21175
#: serverguide/C/network-auth.xml:2485(title)
21176
msgid "Kerberos Linux Client"
21177
msgstr "Kerberos Linux Client"
21179
#: serverguide/C/network-auth.xml:2487(para)
21181
"This section covers configuring a Linux system as a "
21182
"<application>Kerberos</application> client. This will allow access to any "
21183
"kerberized services once a user has successfully logged into the system."
21185
"This section covers configuring a Linux system as a "
21186
"<application>Kerberos</application> client. This will allow access to any "
21187
"kerberised services once a user has successfully logged into the system."
21189
#: serverguide/C/network-auth.xml:2495(para)
21191
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
21192
"user</application> and <application>libpam-krb5</application> packages are "
21193
"needed, along with a few others that are not strictly necessary but make "
21194
"life easier. To install the packages enter the following in a terminal "
21197
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
21198
"user</application> and <application>libpam-krb5</application> packages are "
21199
"needed, along with a few others that are not strictly necessary but make "
21200
"life easier. To install the packages enter the following in a terminal "
21203
#: serverguide/C/network-auth.xml:2502(command)
21205
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
21207
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
21209
#: serverguide/C/network-auth.xml:2505(para)
21211
"The <application>auth-client-config</application> package allows simple "
21212
"configuration of PAM for authentication from multiple sources, and the "
21213
"<application>libpam-ccreds</application> will cache authentication "
21214
"credentials allowing you to login in case the Key Distribution Center (KDC) "
21215
"is unavailable. This package is also useful for laptops that may "
21216
"authenticate using Kerberos while on the corporate network, but will need to "
21217
"be accessed off the network as well."
21219
"The <application>auth-client-config</application> package allows simple "
21220
"configuration of PAM for authentication from multiple sources, and the "
21221
"<application>libpam-ccreds</application> will cache authentication "
21222
"credentials allowing you to login in case the Key Distribution Centre (KDC) "
21223
"is unavailable. This package is also useful for laptops that may "
21224
"authenticate using Kerberos while on the corporate network, but will need to "
21225
"be accessed off the network as well."
21227
#: serverguide/C/network-auth.xml:2516(para)
21228
msgid "To configure the client in a terminal enter:"
21229
msgstr "To configure the client in a terminal enter:"
21231
#: serverguide/C/network-auth.xml:2521(command)
21232
msgid "sudo dpkg-reconfigure krb5-config"
21233
msgstr "sudo dpkg-reconfigure krb5-config"
21235
#: serverguide/C/network-auth.xml:2524(para)
21237
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
21238
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
21239
"records, the menu will prompt you for the hostname of the Key Distribution "
21240
"Center (KDC) and Realm Administration server."
21242
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
21243
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
21244
"records, the menu will prompt you for the hostname of the Key Distribution "
21245
"Centre (KDC) and Realm Administration server."
21247
#: serverguide/C/network-auth.xml:2530(para)
21249
"The <application>dpkg-reconfigure</application> adds entries to the "
21250
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
21251
"entries similar to the following:"
21253
"The <application>dpkg-reconfigure</application> adds entries to the "
21254
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
21255
"entries similar to the following:"
21257
#: serverguide/C/network-auth.xml:2535(programlisting)
21262
" default_realm = EXAMPLE.COM\n"
21265
" EXAMPLE.COM = } \n"
21266
" kdc = 192.168.0.1 \n"
21267
" admin_server = 192.168.0.1\n"
21272
" default_realm = EXAMPLE.COM\n"
21275
" EXAMPLE.COM = } \n"
21276
" kdc = 192.168.0.1 \n"
21277
" admin_server = 192.168.0.1\n"
21280
#: serverguide/C/network-auth.xml:2546(para)
21282
"You can test the configuration by requesting a ticket using the "
21283
"<application>kinit</application> utility. For example:"
21285
"You can test the configuration by requesting a ticket using the "
21286
"<application>kinit</application> utility. For example:"
21288
#: serverguide/C/network-auth.xml:2551(command)
21289
msgid "kinit steve@EXAMPLE.COM"
21290
msgstr "kinit steve@EXAMPLE.COM"
21292
#: serverguide/C/network-auth.xml:2552(computeroutput)
21294
msgid "Password for steve@EXAMPLE.COM:"
21295
msgstr "Password for steve@EXAMPLE.COM:"
21297
#: serverguide/C/network-auth.xml:2555(para)
21299
"When a ticket has been granted, the details can be viewed using "
21300
"<application>klist</application>:"
21302
"When a ticket has been granted, the details can be viewed using "
21303
"<application>klist</application>:"
21305
#: serverguide/C/network-auth.xml:2561(computeroutput)
21308
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
21309
"Default principal: steve@EXAMPLE.COM\n"
21311
"Valid starting Expires Service principal\n"
21312
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
21313
" renew until 07/25/08 05:18:57\n"
21316
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
21317
"klist: You have no tickets cached"
21319
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
21320
"Default principal: steve@EXAMPLE.COM\n"
21322
"Valid starting Expires Service principal\n"
21323
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
21324
" renew until 07/25/08 05:18:57\n"
21327
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
21328
"klist: You have no tickets cached"
21330
#: serverguide/C/network-auth.xml:2573(para)
21332
"Next, use the <application>auth-client-config</application> to configure the "
21333
"<application>libpam-krb5</application> module to request a ticket during "
21336
"Next, use the <application>auth-client-config</application> to configure the "
21337
"<application>libpam-krb5</application> module to request a ticket during "
21340
#: serverguide/C/network-auth.xml:2579(command)
21341
msgid "sudo auth-client-config -a -p kerberos_example"
21342
msgstr "sudo auth-client-config -a -p kerberos_example"
21344
#: serverguide/C/network-auth.xml:2582(para)
21346
"You will should now receive a ticket upon successful login authentication."
21348
"You will should now receive a ticket upon successful login authentication."
21350
#: serverguide/C/network-auth.xml:2593(para)
21352
"For more information on Kerberos see the <ulink "
21353
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
21355
"For more information on Kerberos see the <ulink "
21356
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
21358
#: serverguide/C/network-auth.xml:2598(para)
21360
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
21361
"Kerberos</ulink> page has more details."
21363
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
21364
"Kerberos</ulink> page has more details."
21366
#: serverguide/C/network-auth.xml:2603(para)
21368
"O'Reilly's <ulink "
21369
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
21370
"Guide</ulink> is a great reference when setting up Kerberos."
21372
"O'Reilly's <ulink "
21373
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
21374
"Guide</ulink> is a great reference when setting up Kerberos."
21376
#: serverguide/C/network-auth.xml:2609(para)
21378
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
21379
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
21380
"Kerberos questions."
21382
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
21383
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
21384
"Kerberos questions."
21386
#: serverguide/C/network-auth.xml:2619(title)
21387
msgid "Kerberos and LDAP"
21388
msgstr "Kerberos and LDAP"
21390
#: serverguide/C/network-auth.xml:2621(para)
21392
"Replicating a Kerberos principal database between two servers can be "
21393
"complicated, and adds an additional user database to your network. "
21394
"Fortunately, MIT Kerberos can be configured to use an "
21395
"<application>LDAP</application> directory as a principal database. This "
21396
"section covers configuring a primary and secondary kerberos server to use "
21397
"<application>OpenLDAP</application> for the principal database."
21399
"Replicating a Kerberos principal database between two servers can be "
21400
"complicated, and adds an additional user database to your network. "
21401
"Fortunately, MIT Kerberos can be configured to use an "
21402
"<application>LDAP</application> directory as a principal database. This "
21403
"section covers configuring a primary and secondary kerberos server to use "
21404
"<application>OpenLDAP</application> for the principal database."
21406
#: serverguide/C/network-auth.xml:2629(title)
21407
msgid "Configuring OpenLDAP"
21408
msgstr "Configuring OpenLDAP"
21410
#: serverguide/C/network-auth.xml:2631(para)
21412
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
21413
"<application>OpenLDAP</application> server that has network connectivity to "
21414
"the Primary and Secondary KDCs. The rest of this section assumes that you "
21415
"also have LDAP replication configured between at least two servers. For "
21416
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
21418
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
21419
"<application>OpenLDAP</application> server that has network connectivity to "
21420
"the Primary and Secondary KDCs. The rest of this section assumes that you "
21421
"also have LDAP replication configured between at least two servers. For "
21422
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
21424
#: serverguide/C/network-auth.xml:2638(para)
21426
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
21427
"that traffic between the KDC and LDAP server is encrypted. See <xref "
21428
"linkend=\"openldap-tls\"/> for details."
21430
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
21431
"that traffic between the KDC and LDAP server is encrypted. See <xref "
21432
"linkend=\"openldap-tls\"/> for details."
21434
#: serverguide/C/network-auth.xml:2645(para)
21436
"To load the schema into LDAP, on the LDAP server install the "
21437
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
21439
"To load the schema into LDAP, on the LDAP server install the "
21440
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
21442
#: serverguide/C/network-auth.xml:2651(command)
21443
msgid "sudo apt-get install krb5-kdc-ldap"
21444
msgstr "sudo apt-get install krb5-kdc-ldap"
21446
#: serverguide/C/network-auth.xml:2656(para)
21447
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
21448
msgstr "Next, extract the <filename>kerberos.schema.gz</filename> file:"
21450
#: serverguide/C/network-auth.xml:2661(command)
21451
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
21452
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
21454
#: serverguide/C/network-auth.xml:2662(command)
21456
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
21458
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
21460
#: serverguide/C/network-auth.xml:2668(para)
21462
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
21463
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
21464
"<application>slapd</application> is also detailed in <xref "
21465
"linkend=\"openldap-configuration\"/>."
21467
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
21468
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
21469
"<application>slapd</application> is also detailed in <xref "
21470
"linkend=\"openldap-configuration\"/>."
21472
#: serverguide/C/network-auth.xml:2681(programlisting)
21476
"include /etc/ldap/schema/core.schema\n"
21477
"include /etc/ldap/schema/collective.schema\n"
21478
"include /etc/ldap/schema/corba.schema\n"
21479
"include /etc/ldap/schema/cosine.schema\n"
21480
"include /etc/ldap/schema/duaconf.schema\n"
21481
"include /etc/ldap/schema/dyngroup.schema\n"
21482
"include /etc/ldap/schema/inetorgperson.schema\n"
21483
"include /etc/ldap/schema/java.schema\n"
21484
"include /etc/ldap/schema/misc.schema\n"
21485
"include /etc/ldap/schema/nis.schema\n"
21486
"include /etc/ldap/schema/openldap.schema\n"
21487
"include /etc/ldap/schema/ppolicy.schema\n"
21488
"include /etc/ldap/schema/kerberos.schema\n"
21491
"include /etc/ldap/schema/core.schema\n"
21492
"include /etc/ldap/schema/collective.schema\n"
21493
"include /etc/ldap/schema/corba.schema\n"
21494
"include /etc/ldap/schema/cosine.schema\n"
21495
"include /etc/ldap/schema/duaconf.schema\n"
21496
"include /etc/ldap/schema/dyngroup.schema\n"
21497
"include /etc/ldap/schema/inetorgperson.schema\n"
21498
"include /etc/ldap/schema/java.schema\n"
21499
"include /etc/ldap/schema/misc.schema\n"
21500
"include /etc/ldap/schema/nis.schema\n"
21501
"include /etc/ldap/schema/openldap.schema\n"
21502
"include /etc/ldap/schema/ppolicy.schema\n"
21503
"include /etc/ldap/schema/kerberos.schema\n"
21505
#: serverguide/C/network-auth.xml:2701(para)
21506
msgid "Create a temporary directory to hold the LDIF files:"
21507
msgstr "Create a temporary directory to hold the LDIF files:"
21509
#: serverguide/C/network-auth.xml:2716(command)
21511
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
21512
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
21514
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
21515
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
21517
#: serverguide/C/network-auth.xml:2726(para)
21519
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
21520
"changing the following attributes:"
21522
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
21523
"changing the following attributes:"
21525
#: serverguide/C/network-auth.xml:2730(programlisting)
21529
"dn: cn=kerberos,cn=schema,cn=config\n"
21534
"dn: cn=kerberos,cn=schema,cn=config\n"
21538
#: serverguide/C/network-auth.xml:2736(para)
21539
msgid "And remove the following lines from the end of the file:"
21540
msgstr "And remove the following lines from the end of the file:"
21542
#: serverguide/C/network-auth.xml:2740(programlisting)
21546
"structuralObjectClass: olcSchemaConfig\n"
21547
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
21548
"creatorsName: cn=config\n"
21549
"createTimestamp: 20090111203515Z\n"
21550
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
21551
"modifiersName: cn=config\n"
21552
"modifyTimestamp: 20090111203515Z\n"
21555
"structuralObjectClass: olcSchemaConfig\n"
21556
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
21557
"creatorsName: cn=config\n"
21558
"createTimestamp: 20090111203515Z\n"
21559
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
21560
"modifiersName: cn=config\n"
21561
"modifyTimestamp: 20090111203515Z\n"
21563
#: serverguide/C/network-auth.xml:2759(para)
21564
msgid "Load the new schema with <application>ldapadd</application>:"
21565
msgstr "Load the new schema with <application>ldapadd</application>:"
21567
#: serverguide/C/network-auth.xml:2764(command)
21568
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
21569
msgstr "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
21571
#: serverguide/C/network-auth.xml:2770(para)
21573
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
21575
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
21577
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
21578
msgid "ldapmodify -x -D cn=admin,cn=config -W"
21579
msgstr "ldapmodify -x -D cn=admin,cn=config -W"
21581
#: serverguide/C/network-auth.xml:2777(userinput)
21584
"dn: olcDatabase={1}hdb,cn=config\n"
21585
"add: olcDbIndex\n"
21586
"olcDbIndex: krbPrincipalName eq,pres,sub"
21588
"dn: olcDatabase={1}hdb,cn=config\n"
21589
"add: olcDbIndex\n"
21590
"olcDbIndex: krbPrincipalName eq,pres,sub"
21592
#: serverguide/C/network-auth.xml:2776(computeroutput)
21595
"Enter LDAP Password:\n"
21596
"<placeholder-1/>\n"
21598
"modifying entry \"olcDatabase={1}hdb,cn=config\""
21600
"Enter LDAP Password:\n"
21601
"<placeholder-1/>\n"
21603
"modifying entry \"olcDatabase={1}hdb,cn=config\""
21605
#: serverguide/C/network-auth.xml:2787(para)
21606
msgid "Finally, update the Access Control Lists (ACL):"
21607
msgstr "Finally, update the Access Control Lists (ACL):"
21609
#: serverguide/C/network-auth.xml:2794(userinput)
21612
"dn: olcDatabase={1}hdb,cn=config\n"
21613
"replace: olcAccess\n"
21614
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
21615
"dn=\"cn=admin,dc=exampl\n"
21616
" e,dc=com\" write by anonymous auth by self write by * none\n"
21619
"olcAccess: to dn.base=\"\" by * read\n"
21622
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
21624
"dn: olcDatabase={1}hdb,cn=config\n"
21625
"replace: olcAccess\n"
21626
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
21627
"dn=\"cn=admin,dc=exampl\n"
21628
" e,dc=com\" write by anonymous auth by self write by * none\n"
21631
"olcAccess: to dn.base=\"\" by * read\n"
21634
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
21636
#: serverguide/C/network-auth.xml:2793(computeroutput)
21639
"Enter LDAP Password: \n"
21640
"<placeholder-1/>\n"
21642
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
21644
"Enter LDAP Password: \n"
21645
"<placeholder-1/>\n"
21647
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
21649
#: serverguide/C/network-auth.xml:2814(para)
21651
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
21654
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
21657
#: serverguide/C/network-auth.xml:2820(title)
21658
msgid "Primary KDC Configuration"
21659
msgstr "Primary KDC Configuration"
21661
#: serverguide/C/network-auth.xml:2822(para)
21663
"With <application>OpenLDAP</application> configured it is time to configure "
21666
"With <application>OpenLDAP</application> configured it is time to configure "
21669
#: serverguide/C/network-auth.xml:2828(para)
21670
msgid "First, install the necessary packages, from a terminal enter:"
21671
msgstr "First, install the necessary packages, from a terminal enter:"
21673
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
21674
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
21675
msgstr "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
21677
#: serverguide/C/network-auth.xml:2839(para)
21679
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
21680
"under the appropriate sections:"
21682
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
21683
"under the appropriate sections:"
21685
#: serverguide/C/network-auth.xml:2843(programlisting)
21690
" default_realm = EXAMPLE.COM\n"
21695
" EXAMPLE.COM = {\n"
21696
" kdc = kdc01.example.com\n"
21697
" kdc = kdc02.example.com\n"
21698
" admin_server = kdc01.example.com\n"
21699
" admin_server = kdc02.example.com\n"
21700
" default_domain = example.com\n"
21701
" database_module = openldap_ldapconf\n"
21707
" .example.com = EXAMPLE.COM\n"
21713
" ldap_kerberos_container_dn = dc=example,dc=com\n"
21716
" openldap_ldapconf = {\n"
21717
" db_library = kldap\n"
21718
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
21720
" # this object needs to have read rights on\n"
21721
" # the realm container, principal container and realm sub-"
21723
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
21725
" # this object needs to have read and write rights on\n"
21726
" # the realm container, principal container and realm sub-"
21728
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
21729
" ldap_servers = ldaps://ldap01.example.com "
21730
"ldaps://ldap02.example.com\n"
21731
" ldap_conns_per_server = 5\n"
21736
" default_realm = EXAMPLE.COM\n"
21741
" EXAMPLE.COM = {\n"
21742
" kdc = kdc01.example.com\n"
21743
" kdc = kdc02.example.com\n"
21744
" admin_server = kdc01.example.com\n"
21745
" admin_server = kdc02.example.com\n"
21746
" default_domain = example.com\n"
21747
" database_module = openldap_ldapconf\n"
21753
" .example.com = EXAMPLE.COM\n"
21759
" ldap_kerberos_container_dn = dc=example,dc=com\n"
21762
" openldap_ldapconf = {\n"
21763
" db_library = kldap\n"
21764
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
21766
" # this object needs to have read rights on\n"
21767
" # the realm container, principal container and realm sub-"
21769
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
21771
" # this object needs to have read and write rights on\n"
21772
" # the realm container, principal container and realm sub-"
21774
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
21775
" ldap_servers = ldaps://ldap01.example.com "
21776
"ldaps://ldap02.example.com\n"
21777
" ldap_conns_per_server = 5\n"
21780
#: serverguide/C/network-auth.xml:2888(para)
21782
"Change <emphasis>example.com</emphasis>, "
21783
"<emphasis>dc=example,dc=com</emphasis>, "
21784
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
21785
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
21786
"object, and LDAP server for your network."
21788
"Change <emphasis>example.com</emphasis>, "
21789
"<emphasis>dc=example,dc=com</emphasis>, "
21790
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
21791
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
21792
"object, and LDAP server for your network."
21794
#: serverguide/C/network-auth.xml:2897(para)
21796
"Next, use the <application>kdb5_ldap_util</application> utility to create "
21799
"Next, use the <application>kdb5_ldap_util</application> utility to create "
21802
#: serverguide/C/network-auth.xml:2902(command)
21804
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
21805
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
21807
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
21808
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
21810
#: serverguide/C/network-auth.xml:2908(para)
21812
"Create a stash of the password used to bind to the LDAP server. This "
21813
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
21814
"<emphasis>ldap_kadmin_dn</emphasis> options in "
21815
"<filename>/etc/krb5.conf</filename>:"
21817
"Create a stash of the password used to bind to the LDAP server. This "
21818
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
21819
"<emphasis>ldap_kadmin_dn</emphasis> options in "
21820
"<filename>/etc/krb5.conf</filename>:"
21822
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
21824
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
21825
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
21827
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
21828
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
21830
#: serverguide/C/network-auth.xml:2920(para)
21831
msgid "Copy the CA certificate from the LDAP server:"
21832
msgstr "Copy the CA certificate from the LDAP server:"
21834
#: serverguide/C/network-auth.xml:2925(command)
21835
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
21836
msgstr "scp ldap01:/etc/ssl/certs/cacert.pem ."
21838
#: serverguide/C/network-auth.xml:2926(command)
21839
msgid "sudo cp cacert.pem /etc/ssl/certs"
21840
msgstr "sudo cp cacert.pem /etc/ssl/certs"
21842
#: serverguide/C/network-auth.xml:2929(para)
21844
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
21846
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
21848
#: serverguide/C/network-auth.xml:2933(programlisting)
21852
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
21855
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
21857
#: serverguide/C/network-auth.xml:2938(para)
21859
"The certificate will also need to be copied to the Secondary KDC, to allow "
21860
"the connection to the LDAP servers using LDAPS."
21862
"The certificate will also need to be copied to the Secondary KDC, to allow "
21863
"the connection to the LDAP servers using LDAPS."
21865
#: serverguide/C/network-auth.xml:2947(para)
21867
"You can now add Kerberos principals to the LDAP database, and they will be "
21868
"copied to any other LDAP servers configured for replication. To add a "
21869
"principal using the <application>kadmin.local</application> utility enter:"
21871
"You can now add Kerberos principals to the LDAP database, and they will be "
21872
"copied to any other LDAP servers configured for replication. To add a "
21873
"principal using the <application>kadmin.local</application> utility enter:"
21875
#: serverguide/C/network-auth.xml:2955(userinput)
21877
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
21878
msgstr "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
21880
#: serverguide/C/network-auth.xml:2954(computeroutput)
21883
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
21884
"kadmin.local: <placeholder-1/>\n"
21885
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
21886
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
21887
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
21888
"Principal \"steve@EXAMPLE.COM\" created."
21890
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
21891
"kadmin.local: <placeholder-1/>\n"
21892
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
21893
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
21894
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
21895
"Principal \"steve@EXAMPLE.COM\" created."
21897
#: serverguide/C/network-auth.xml:2962(para)
21899
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
21900
"krbExtraData attributes added to the "
21901
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
21902
"the <application>kinit</application> and <application>klist</application> "
21903
"utilities to test that the user is indeed issued a ticket."
21905
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
21906
"krbExtraData attributes added to the "
21907
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
21908
"the <application>kinit</application> and <application>klist</application> "
21909
"utilities to test that the user is indeed issued a ticket."
21911
#: serverguide/C/network-auth.xml:2969(para)
21913
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
21914
"option is needed to add the Kerberos attributes. Otherwise a new "
21915
"<emphasis>principal</emphasis> object will be created in the realm subtree."
21917
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
21918
"option is needed to add the Kerberos attributes. Otherwise a new "
21919
"<emphasis>principal</emphasis> object will be created in the realm subtree."
21921
#: serverguide/C/network-auth.xml:2977(title)
21922
msgid "Secondary KDC Configuration"
21923
msgstr "Secondary KDC Configuration"
21925
#: serverguide/C/network-auth.xml:2979(para)
21927
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
21928
"one using the normal Kerberos database."
21930
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
21931
"one using the normal Kerberos database."
21933
#: serverguide/C/network-auth.xml:2985(para)
21934
msgid "First, install the necessary packages. In a terminal enter:"
21935
msgstr "First, install the necessary packages. In a terminal enter:"
21937
#: serverguide/C/network-auth.xml:2996(para)
21939
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
21941
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
21943
#: serverguide/C/network-auth.xml:3000(programlisting)
21948
" default_realm = EXAMPLE.COM\n"
21953
" EXAMPLE.COM = {\n"
21954
" kdc = kdc01.example.com\n"
21955
" kdc = kdc02.example.com\n"
21956
" admin_server = kdc01.example.com\n"
21957
" admin_server = kdc02.example.com\n"
21958
" default_domain = example.com\n"
21959
" database_module = openldap_ldapconf\n"
21965
" .example.com = EXAMPLE.COM\n"
21970
" ldap_kerberos_container_dn = dc=example,dc=com\n"
21973
" openldap_ldapconf = {\n"
21974
" db_library = kldap\n"
21975
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
21977
" # this object needs to have read rights on\n"
21978
" # the realm container, principal container and realm sub-"
21980
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
21982
" # this object needs to have read and write rights on\n"
21983
" # the realm container, principal container and realm sub-"
21985
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
21986
" ldap_servers = ldaps://ldap01.example.com "
21987
"ldaps://ldap02.example.com\n"
21988
" ldap_conns_per_server = 5\n"
21993
" default_realm = EXAMPLE.COM\n"
21998
" EXAMPLE.COM = {\n"
21999
" kdc = kdc01.example.com\n"
22000
" kdc = kdc02.example.com\n"
22001
" admin_server = kdc01.example.com\n"
22002
" admin_server = kdc02.example.com\n"
22003
" default_domain = example.com\n"
22004
" database_module = openldap_ldapconf\n"
22010
" .example.com = EXAMPLE.COM\n"
22015
" ldap_kerberos_container_dn = dc=example,dc=com\n"
22018
" openldap_ldapconf = {\n"
22019
" db_library = kldap\n"
22020
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
22022
" # this object needs to have read rights on\n"
22023
" # the realm container, principal container and realm sub-"
22025
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
22027
" # this object needs to have read and write rights on\n"
22028
" # the realm container, principal container and realm sub-"
22030
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
22031
" ldap_servers = ldaps://ldap01.example.com "
22032
"ldaps://ldap02.example.com\n"
22033
" ldap_conns_per_server = 5\n"
22036
#: serverguide/C/network-auth.xml:3047(para)
22037
msgid "Create the stash for the LDAP bind password:"
22038
msgstr "Create the stash for the LDAP bind password:"
22040
#: serverguide/C/network-auth.xml:3058(para)
22042
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
22043
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
22044
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
22045
"encrypted connection such as <application>scp</application>, or on physical "
22048
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
22049
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
22050
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
22051
"encrypted connection such as <application>scp</application>, or on physical "
22054
#: serverguide/C/network-auth.xml:3065(command)
22055
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
22056
msgstr "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
22058
#: serverguide/C/network-auth.xml:3066(command)
22059
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
22060
msgstr "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
22062
#: serverguide/C/network-auth.xml:3070(para)
22064
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
22066
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
22068
#: serverguide/C/network-auth.xml:3078(para)
22069
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
22070
msgstr "Finally, start the <application>krb5-kdc</application> daemon:"
22072
#: serverguide/C/network-auth.xml:3089(para)
22074
"You now have redundant KDCs on your network, and with redundant LDAP servers "
22075
"you should be able to continue to authenticate users if one LDAP server, one "
22076
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
22078
"You now have redundant KDCs on your network, and with redundant LDAP servers "
22079
"you should be able to continue to authenticate users if one LDAP server, one "
22080
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
22082
#: serverguide/C/network-auth.xml:3101(para)
22084
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
22085
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
22086
"Guide</ulink> has some additional details."
22088
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
22089
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
22090
"Guide</ulink> has some additional details."
22092
#: serverguide/C/network-auth.xml:3107(para)
22094
"For more information on <application>kdb5_ldap_util</application> see <ulink "
22095
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
22096
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
22097
"5.6</ulink> and the <ulink "
22098
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
22099
"tml\">kdb5_ldap_util man page</ulink>."
22101
"For more information on <application>kdb5_ldap_util</application> see <ulink "
22102
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
22103
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
22104
"5.6</ulink> and the <ulink "
22105
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
22106
"tml\">kdb5_ldap_util man page</ulink>."
22108
#: serverguide/C/network-auth.xml:3115(para)
22110
"Another useful link is the <ulink "
22111
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
22112
">krb5.conf man page</ulink>."
22114
"Another useful link is the <ulink "
22115
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
22116
">krb5.conf man page</ulink>."
22118
#: serverguide/C/network-auth.xml:3120(para)
22120
"Also, see the <ulink "
22121
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
22122
"and LDAP</ulink> Ubuntu wiki page."
22124
"Also, see the <ulink "
22125
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
22126
"and LDAP</ulink> Ubuntu wiki page."
22128
#: serverguide/C/monitoring.xml:13(title)
22130
msgstr "Monitoring"
22132
#: serverguide/C/monitoring.xml:17(para)
22134
"The monitoring of essential servers and services is an important part of "
22135
"system administration. Most network services are monitored for performance, "
22136
"availability, or both. This section will cover installation and "
22137
"configuration of <application>Nagios</application> for availability "
22138
"monitoring, and <application>Munin</application> for performance monitoring."
22140
"The monitoring of essential servers and services is an important part of "
22141
"system administration. Most network services are monitored for performance, "
22142
"availability, or both. This section will cover installation and "
22143
"configuration of <application>Nagios</application> for availability "
22144
"monitoring, and <application>Munin</application> for performance monitoring."
22146
#: serverguide/C/monitoring.xml:24(para)
22148
"The examples in this section will use two servers with hostnames "
22149
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
22150
"<emphasis>Server01</emphasis> will be configured with "
22151
"<application>Nagios</application> to monitor services on itself and "
22152
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
22153
"<application>munin</application> package to gather information from the "
22154
"network. Using the <application>munin-node</application> package, "
22155
"<emphasis>server02</emphasis> will be configured to send information to "
22156
"<emphasis>server01</emphasis>."
22158
"The examples in this section will use two servers with hostnames "
22159
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
22160
"<emphasis>Server01</emphasis> will be configured with "
22161
"<application>Nagios</application> to monitor services on itself and "
22162
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
22163
"<application>munin</application> package to gather information from the "
22164
"network. Using the <application>munin-node</application> package, "
22165
"<emphasis>server02</emphasis> will be configured to send information to "
22166
"<emphasis>server01</emphasis>."
22168
#: serverguide/C/monitoring.xml:33(para)
22170
"Hopefully these simple examples will allow you to monitor additional servers "
22171
"and services on your network."
22173
"Hopefully these simple examples will allow you to monitor additional servers "
22174
"and services on your network."
22176
#: serverguide/C/monitoring.xml:39(title)
22180
#: serverguide/C/monitoring.xml:44(para)
22182
"First, on <emphasis>server01</emphasis> install the "
22183
"<application>nagios</application> package. In a terminal enter:"
22185
"First, on <emphasis>server01</emphasis> install the "
22186
"<application>nagios</application> package. In a terminal enter:"
22188
#: serverguide/C/monitoring.xml:50(command)
22189
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
22190
msgstr "sudo apt-get install nagios3 nagios-nrpe-plugin"
22192
#: serverguide/C/monitoring.xml:53(para)
22194
"You will be asked to enter a password for the "
22195
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
22196
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
22197
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
22198
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
22199
"of the <application>apache2-utils</application> package."
22201
"You will be asked to enter a password for the "
22202
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
22203
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
22204
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
22205
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
22206
"of the <application>apache2-utils</application> package."
22208
#: serverguide/C/monitoring.xml:60(para)
22210
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
22213
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
22216
#: serverguide/C/monitoring.xml:65(command)
22217
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
22218
msgstr "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
22220
#: serverguide/C/monitoring.xml:68(para)
22221
msgid "To add a user:"
22222
msgstr "To add a user:"
22224
#: serverguide/C/monitoring.xml:73(command)
22225
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
22226
msgstr "sudo htpasswd /etc/nagios3/htpasswd.users steve"
22228
#: serverguide/C/monitoring.xml:76(para)
22230
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
22231
"server</application> package. From a terminal on server02 enter:"
22233
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
22234
"server</application> package. From a terminal on server02 enter:"
22236
#: serverguide/C/monitoring.xml:82(command)
22237
msgid "sudo apt-get install nagios-nrpe-server"
22238
msgstr "sudo apt-get install nagios-nrpe-server"
22240
#: serverguide/C/monitoring.xml:86(para)
22242
"<application>NRPE</application> allows you to execute local checks on remote "
22243
"hosts. There are other ways of accomplishing this through other Nagios "
22244
"plugins as well as other checks."
22246
"<application>NRPE</application> allows you to execute local checks on remote "
22247
"hosts. There are other ways of accomplishing this through other Nagios plug-"
22248
"ins as well as other checks."
22250
#: serverguide/C/monitoring.xml:94(title)
22251
msgid "Configuration Overview"
22252
msgstr "Configuration Overview"
22254
#: serverguide/C/monitoring.xml:96(para)
22256
"There are a couple of directories containing "
22257
"<application>Nagios</application> configuration and check files."
22259
"There are a couple of directories containing "
22260
"<application>Nagios</application> configuration and check files."
22262
#: serverguide/C/monitoring.xml:102(para)
22264
"<filename>/etc/nagios3</filename>: contains configuration files for the "
22265
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
22268
"<filename>/etc/nagios3</filename>: contains configuration files for the "
22269
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
22272
#: serverguide/C/monitoring.xml:108(para)
22274
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
22277
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
22280
#: serverguide/C/monitoring.xml:113(para)
22282
"<filename>/etc/nagios</filename>: on the remote host contains the "
22283
"<application>nagios-nrpe-server</application> configuration files."
22285
"<filename>/etc/nagios</filename>: on the remote host contains the "
22286
"<application>nagios-nrpe-server</application> configuration files."
22288
#: serverguide/C/monitoring.xml:118(para)
22290
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
22291
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
22293
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
22294
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
22296
#: serverguide/C/monitoring.xml:123(para)
22297
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
22299
"For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
22301
#: serverguide/C/monitoring.xml:129(para)
22303
"There are a plethora of checks <application>Nagios</application> can be "
22304
"configured to execute for any given host. For this example Nagios will be "
22305
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
22306
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
22307
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
22309
"There are a plethora of checks <application>Nagios</application> can be "
22310
"configured to execute for any given host. For this example Nagios will be "
22311
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
22312
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
22313
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
22315
#: serverguide/C/monitoring.xml:136(para)
22317
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
22318
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
22320
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
22321
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
22323
#: serverguide/C/monitoring.xml:141(para)
22325
"Additionally, there are some terms that once explained will hopefully make "
22326
"understanding Nagios configuration easier:"
22328
"Additionally, there are some terms that once explained will hopefully make "
22329
"understanding Nagios configuration easier:"
22331
#: serverguide/C/monitoring.xml:147(para)
22333
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
22334
"is being monitored."
22336
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
22337
"is being monitored."
22339
#: serverguide/C/monitoring.xml:152(para)
22341
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
22342
"could group all web servers, file server, etc."
22344
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
22345
"could group all web servers, file server, etc."
22347
#: serverguide/C/monitoring.xml:157(para)
22349
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
22350
"as HTTP, DNS, NFS, etc."
22352
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
22353
"as HTTP, DNS, NFS, etc."
22355
#: serverguide/C/monitoring.xml:162(para)
22357
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
22358
"together. This is useful for grouping multiple HTTP for example."
22360
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
22361
"together. This is useful for grouping multiple HTTP for example."
22363
#: serverguide/C/monitoring.xml:168(para)
22365
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
22366
"place. Nagios can be configured to send emails, SMS messages, etc."
22368
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
22369
"place. Nagios can be configured to send e-mails, SMS messages, etc."
22371
#: serverguide/C/monitoring.xml:174(para)
22373
"By default Nagios is configured to check HTTP, disk space, SSH, current "
22374
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
22375
"will also <application>ping</application> check the "
22376
"<emphasis>gateway</emphasis>."
22378
"By default Nagios is configured to check HTTP, disk space, SSH, current "
22379
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
22380
"will also <application>ping</application> check the "
22381
"<emphasis>gateway</emphasis>."
22383
#: serverguide/C/monitoring.xml:179(para)
22385
"Large Nagios installations can be quite complex to configure. It is usually "
22386
"best to start small, one or two hosts, get things configured the way you "
22387
"like then expand."
22389
"Large Nagios installations can be quite complex to configure. It is usually "
22390
"best to start small, one or two hosts, get things configured the way you "
22391
"like then expand."
22393
#: serverguide/C/monitoring.xml:194(para)
22395
"First, create a <emphasis>host</emphasis> configuration file for "
22396
"<emphasis>server02</emphasis>. In a terminal enter:"
22398
"First, create a <emphasis>host</emphasis> configuration file for "
22399
"<emphasis>server02</emphasis>. In a terminal enter:"
22401
#: serverguide/C/monitoring.xml:199(command)
22403
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
22404
"/etc/nagios3/conf.d/server02.cfg"
22406
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
22407
"/etc/nagios3/conf.d/server02.cfg"
22409
#: serverguide/C/monitoring.xml:203(para)
22411
"In the above and following command examples, replace "
22412
"<emphasis>\"server01\"</emphasis>, "
22413
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
22414
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
22417
"In the above and following command examples, replace "
22418
"<emphasis>\"server01\"</emphasis>, "
22419
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
22420
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
22423
#: serverguide/C/monitoring.xml:212(para)
22424
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
22425
msgstr "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
22427
#: serverguide/C/monitoring.xml:216(programlisting)
22432
" use generic-host ; Name of host "
22433
"template to use\n"
22434
" host_name server02\n"
22435
" alias Server 02\n"
22436
" address 172.18.100.101\n"
22439
"# check DNS service.\n"
22440
"define service {\n"
22441
" use generic-service\n"
22442
" host_name server02\n"
22443
" service_description DNS\n"
22444
" check_command check_dns!172.18.100.101\n"
22449
" use generic-host ; Name of host "
22450
"template to use\n"
22451
" host_name server02\n"
22452
" alias Server 02\n"
22453
" address 172.18.100.101\n"
22456
"# check DNS service.\n"
22457
"define service {\n"
22458
" use generic-service\n"
22459
" host_name server02\n"
22460
" service_description DNS\n"
22461
" check_command check_dns!172.18.100.101\n"
22464
#: serverguide/C/monitoring.xml:236(para)
22466
"Restart the <application>nagios</application> daemon to enable the new "
22469
"Restart the <application>nagios</application> daemon to enable the new "
22472
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
22473
msgid "sudo /etc/init.d/nagios3 restart"
22474
msgstr "sudo /etc/init.d/nagios3 restart"
22476
#: serverguide/C/monitoring.xml:251(para)
22478
"Now add a service definition for the MySQL check by adding the following to "
22479
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
22481
"Now add a service definition for the MySQL check by adding the following to "
22482
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
22484
#: serverguide/C/monitoring.xml:255(programlisting)
22488
"# check MySQL servers.\n"
22489
"define service {\n"
22490
" hostgroup_name mysql-servers\n"
22491
" service_description MySQL\n"
22493
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
22494
" use generic-service\n"
22495
" notification_interval 0 ; set > 0 if you want to be "
22500
"# check MySQL servers.\n"
22501
"define service {\n"
22502
" hostgroup_name mysql-servers\n"
22503
" service_description MySQL\n"
22505
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
22506
" use generic-service\n"
22507
" notification_interval 0 ; set > 0 if you want to be "
22511
#: serverguide/C/monitoring.xml:269(para)
22513
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
22514
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
22516
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
22517
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
22519
#: serverguide/C/monitoring.xml:274(programlisting)
22523
"# MySQL hostgroup.\n"
22524
"define hostgroup {\n"
22525
" hostgroup_name mysql-servers\n"
22526
" alias MySQL servers\n"
22527
" members localhost, server02\n"
22531
"# MySQL hostgroup.\n"
22532
"define hostgroup {\n"
22533
" hostgroup_name mysql-servers\n"
22534
" alias MySQL servers\n"
22535
" members localhost, server02\n"
22538
#: serverguide/C/monitoring.xml:286(para)
22540
"The Nagios check needs to authenticate to MySQL. To add a "
22541
"<emphasis>nagios</emphasis> user to MySQL enter:"
22543
"The Nagios check needs to authenticate to MySQL. To add a "
22544
"<emphasis>nagios</emphasis> user to MySQL enter:"
22546
#: serverguide/C/monitoring.xml:291(command)
22547
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
22548
msgstr "mysql -u root -p -e \"create user nagios identified by 'secret';\""
22550
#: serverguide/C/monitoring.xml:295(para)
22552
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
22553
"<emphasis>mysql-servers</emphasis> hostgroup."
22555
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
22556
"<emphasis>mysql-servers</emphasis> hostgroup."
22558
#: serverguide/C/monitoring.xml:303(para)
22560
"Restart <application>nagios</application> to start checking the MySQL "
22563
"Restart <application>nagios</application> to start checking the MySQL "
22566
#: serverguide/C/monitoring.xml:318(para)
22568
"Lastly configure NRPE to check the disk space on "
22569
"<emphasis>server02</emphasis>."
22571
"Lastly configure NRPE to check the disk space on "
22572
"<emphasis>server02</emphasis>."
22574
#: serverguide/C/monitoring.xml:322(para)
22576
"On <emphasis>server01</emphasis> add the service check to "
22577
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
22579
"On <emphasis>server01</emphasis> add the service check to "
22580
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
22582
#: serverguide/C/monitoring.xml:327(programlisting)
22586
"# NRPE disk check.\n"
22587
"define service {\n"
22588
" use generic-service\n"
22589
" host_name server02\n"
22590
" service_description nrpe-disk\n"
22592
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
22596
"# NRPE disk check.\n"
22597
"define service {\n"
22598
" use generic-service\n"
22599
" host_name server02\n"
22600
" service_description nrpe-disk\n"
22602
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
22605
#: serverguide/C/monitoring.xml:340(para)
22607
"Now on <emphasis>server02</emphasis> edit "
22608
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
22610
"Now on <emphasis>server02</emphasis> edit "
22611
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
22613
#: serverguide/C/monitoring.xml:344(programlisting)
22617
"allowed_hosts=172.18.100.100\n"
22620
"allowed_hosts=172.18.100.100\n"
22622
#: serverguide/C/monitoring.xml:348(para)
22623
msgid "And below in the command definition area add:"
22624
msgstr "And below in the command definition area add:"
22626
#: serverguide/C/monitoring.xml:352(programlisting)
22630
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
22634
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
22637
#: serverguide/C/monitoring.xml:359(para)
22638
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
22639
msgstr "Finally, restart <application>nagios-nrpe-server</application>:"
22641
#: serverguide/C/monitoring.xml:364(command)
22642
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
22643
msgstr "sudo /etc/init.d/nagios-nrpe-server restart"
22645
#: serverguide/C/monitoring.xml:370(para)
22647
"Also, on <emphasis>server01</emphasis> restart "
22648
"<application>nagios</application>:"
22650
"Also, on <emphasis>server01</emphasis> restart "
22651
"<application>nagios</application>:"
22653
#: serverguide/C/monitoring.xml:383(para)
22655
"You should now be able to see the host and service checks in the Nagios CGI "
22656
"files. To access them point a browser to http://server01/nagios3. You will "
22657
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
22660
"You should now be able to see the host and service checks in the Nagios CGI "
22661
"files. To access them point a browser to http://server01/nagios3. You will "
22662
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
22665
#: serverguide/C/monitoring.xml:393(para)
22667
"This section has just scratched the surface of Nagios' features. The "
22668
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
22669
"plugins</application> contain many more service checks."
22671
"This section has just scratched the surface of Nagios' features. The "
22672
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
22673
"plugins</application> contain many more service checks."
22675
#: serverguide/C/monitoring.xml:400(para)
22677
"For more information see <ulink "
22678
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
22680
"For more information see <ulink "
22681
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
22683
#: serverguide/C/monitoring.xml:405(para)
22685
"Specifically the <ulink "
22686
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
22689
"Specifically the <ulink "
22690
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
22693
#: serverguide/C/monitoring.xml:410(para)
22695
"There is also a list of <ulink "
22696
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
22697
"Nagios and network monitoring:"
22699
"There is also a list of <ulink "
22700
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
22701
"Nagios and network monitoring:"
22703
#: serverguide/C/monitoring.xml:416(para)
22705
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
22706
"Wiki</ulink> page also has more details."
22708
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
22709
"Wiki</ulink> page also has more details."
22711
#: serverguide/C/monitoring.xml:425(title)
22715
#: serverguide/C/monitoring.xml:430(para)
22717
"Before installing <application>Munin</application> on "
22718
"<emphasis>server01</emphasis><application>apache2</application> will need to "
22719
"be installed. The default configuration is fine for running a "
22720
"<application>munin</application> server. For more information see <xref "
22721
"linkend=\"httpd\"/>."
22723
"Before installing <application>Munin</application> on "
22724
"<emphasis>server01</emphasis><application>apache2</application> will need to "
22725
"be installed. The default configuration is fine for running a "
22726
"<application>munin</application> server. For more information see <xref "
22727
"linkend=\"httpd\"/>."
22729
#: serverguide/C/monitoring.xml:436(para)
22731
"First, on <emphasis>server01</emphasis> install "
22732
"<application>munin</application>. In a terminal enter:"
22734
"First, on <emphasis>server01</emphasis> install "
22735
"<application>munin</application>. In a terminal enter:"
22737
#: serverguide/C/monitoring.xml:441(command)
22738
msgid "sudo apt-get install munin"
22739
msgstr "sudo apt-get install munin"
22741
#: serverguide/C/monitoring.xml:444(para)
22743
"Now on <emphasis>server02</emphasis> install the <application>munin-"
22744
"node</application> package:"
22746
"Now on <emphasis>server02</emphasis> install the <application>munin-"
22747
"node</application> package:"
22749
#: serverguide/C/monitoring.xml:449(command)
22750
msgid "sudo apt-get install munin-node"
22751
msgstr "sudo apt-get install munin-node"
22753
#: serverguide/C/monitoring.xml:456(para)
22755
"On <emphasis>server01</emphasis> edit the "
22756
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
22757
"<emphasis>server02</emphasis>:"
22759
"On <emphasis>server01</emphasis> edit the "
22760
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
22761
"<emphasis>server02</emphasis>:"
22763
#: serverguide/C/monitoring.xml:461(programlisting)
22767
"## First our \"normal\" host.\n"
22769
" address 172.18.100.101\n"
22772
"## First our \"normal\" host.\n"
22774
" address 172.18.100.101\n"
22776
#: serverguide/C/monitoring.xml:468(para)
22778
"Replace <emphasis>server02</emphasis> and "
22779
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
22782
"Replace <emphasis>server02</emphasis> and "
22783
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
22786
#: serverguide/C/monitoring.xml:474(para)
22788
"Next, configure <application>munin-node</application> on "
22789
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
22790
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
22792
"Next, configure <application>munin-node</application> on "
22793
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
22794
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
22796
#: serverguide/C/monitoring.xml:479(programlisting)
22800
"allow ^172\\.18\\.100\\.100$\n"
22803
"allow ^172\\.18\\.100\\.100$\n"
22805
#: serverguide/C/monitoring.xml:484(para)
22807
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
22808
"<application>munin</application> server."
22810
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
22811
"<application>munin</application> server."
22813
#: serverguide/C/monitoring.xml:489(para)
22815
"Now restart <application>munin-node</application> on "
22816
"<emphasis>server02</emphasis> for the changes to take effect:"
22818
"Now restart <application>munin-node</application> on "
22819
"<emphasis>server02</emphasis> for the changes to take effect:"
22821
#: serverguide/C/monitoring.xml:494(command)
22822
msgid "sudo /etc/init.d/munin-node restart"
22823
msgstr "sudo /etc/init.d/munin-node restart"
22825
#: serverguide/C/monitoring.xml:497(para)
22827
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
22828
"you should see links to nice graphs displaying information from the standard "
22829
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
22831
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
22832
"you should see links to nice graphs displaying information from the standard "
22833
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
22835
#: serverguide/C/monitoring.xml:503(para)
22837
"Since this is a new install it may take some time for the graphs to display "
22840
"Since this is a new install it may take some time for the graphs to display "
22843
#: serverguide/C/monitoring.xml:510(title)
22844
msgid "Additional Plugins"
22845
msgstr "Additional Plug-ins"
22847
#: serverguide/C/monitoring.xml:512(para)
22849
"The <application>munin-plugins-extra</application> package contains "
22850
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
22851
"install the package, from a terminal enter:"
22853
"The <application>munin-plugins-extra</application> package contains "
22854
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
22855
"install the package, from a terminal enter:"
22857
#: serverguide/C/monitoring.xml:518(command)
22858
msgid "sudo apt-get install munin-plugins-extra"
22859
msgstr "sudo apt-get install munin-plugins-extra"
22861
#: serverguide/C/monitoring.xml:521(para)
22862
msgid "Be sure to install the package on both the server and node machines."
22863
msgstr "Be sure to install the package on both the server and node machines."
22865
#: serverguide/C/monitoring.xml:531(para)
22867
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
22868
"website for more details."
22870
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
22871
"website for more details."
22873
#: serverguide/C/monitoring.xml:536(para)
22875
"Specifically the <ulink "
22876
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
22877
"Documentation</ulink> page includes information on additional plugins, "
22878
"writing plugins, etc."
22880
"Specifically the <ulink "
22881
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
22882
"Documentation</ulink> page includes information on additional plug-ins, "
22883
"writing plug-ins, etc."
22885
#: serverguide/C/monitoring.xml:542(para)
22887
"Also, there is a book in German by Open Source Press: <ulink "
22888
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
22889
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
22891
"Also, there is a book in German by Open Source Press: <ulink "
22892
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
22893
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
22895
#: serverguide/C/monitoring.xml:548(para)
22897
"Another resource is the <ulink "
22898
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
22901
"Another resource is the <ulink "
22902
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
22905
#: serverguide/C/mail.xml:13(title)
22906
msgid "Email Services"
22907
msgstr "E-mail Services"
22909
#: serverguide/C/mail.xml:14(para)
22911
"The process of getting an email from one person to another over a network or "
22912
"the Internet involves many systems working together. Each of these systems "
22913
"must be correctly configured for the process to work. The sender uses a "
22914
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
22915
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
22916
"the last of which will hand it off to a <emphasis>Mail Delivery "
22917
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
22918
"it will be retrieved by the recipient's email client, usually via a POP3 or "
22921
"The process of getting an e-mail from one person to another over a network "
22922
"or the Internet involves many systems working together. Each of these "
22923
"systems must be correctly configured for the process to work. The sender "
22924
"uses a <emphasis>Mail User Agent</emphasis> (MUA), or e-mail client, to send "
22925
"the message through one or more <emphasis>Mail Transfer Agents</emphasis> "
22926
"(MTA), the last of which will hand it off to a <emphasis>Mail Delivery "
22927
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
22928
"it will be retrieved by the recipient's e-mail client, usually via a POP3 or "
22931
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
22935
#: serverguide/C/mail.xml:25(para)
22937
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
22938
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
22939
"compatible with the MTA <application>sendmail</application>. This section "
22940
"explains how to install and configure <application>postfix</application>. It "
22941
"also explains how to set it up as an SMTP server using a secure connection "
22942
"(for sending emails securely)."
22944
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
22945
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
22946
"compatible with the MTA <application>sendmail</application>. This section "
22947
"explains how to install and configure <application>postfix</application>. It "
22948
"also explains how to set it up as an SMTP server using a secure connection "
22949
"(for sending e-mails securely)."
22951
#: serverguide/C/mail.xml:34(para)
22953
"This guide does not cover setting up Postfix <emphasis>Virtual "
22954
"Domains</emphasis>, for information on Virtual Domains and other advanced "
22955
"configurations see <xref linkend=\"postfix-references\"/>."
22957
"This guide does not cover setting up Postfix <emphasis>Virtual "
22958
"Domains</emphasis>, for information on Virtual Domains and other advanced "
22959
"configurations see <xref linkend=\"postfix-references\"/>."
22961
#: serverguide/C/mail.xml:41(para)
22963
"To install <application>postfix</application> run the following command:"
22965
"To install <application>postfix</application> run the following command:"
22967
#: serverguide/C/mail.xml:47(para)
22969
"Simply press return when the installation process asks questions, the "
22970
"configuration will be done in greater detail in the next stage."
22972
"Simply press return when the installation process asks questions, the "
22973
"configuration will be done in greater detail in the next stage."
22975
#: serverguide/C/mail.xml:52(title)
22976
msgid "Basic Configuration"
22977
msgstr "Basic Configuration"
22979
#: serverguide/C/mail.xml:53(para)
22981
"To configure <application>postfix</application>, run the following command:"
22983
"To configure <application>postfix</application>, run the following command:"
22985
#: serverguide/C/mail.xml:57(command)
22986
msgid "sudo dpkg-reconfigure postfix"
22987
msgstr "sudo dpkg-reconfigure postfix"
22989
#: serverguide/C/mail.xml:63(para)
22990
msgid "Internet Site"
22991
msgstr "Internet Site"
22993
#: serverguide/C/mail.xml:64(para)
22994
msgid "mail.example.com"
22995
msgstr "mail.example.com"
22997
#: serverguide/C/mail.xml:65(para)
23001
#: serverguide/C/mail.xml:66(para)
23002
msgid "mail.example.com, localhost.localdomain, localhost"
23003
msgstr "mail.example.com, localhost.localdomain, localhost"
23005
#: serverguide/C/mail.xml:67(para)
23009
#: serverguide/C/mail.xml:68(para)
23010
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
23011
msgstr "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
23013
#: serverguide/C/mail.xml:69(para)
23017
#: serverguide/C/mail.xml:70(para)
23021
#: serverguide/C/mail.xml:71(para)
23025
#: serverguide/C/mail.xml:59(para)
23027
"The user interface will be displayed. On each screen, select the following "
23028
"values: <placeholder-1/>"
23030
"The user interface will be displayed. On each screen, select the following "
23031
"values: <placeholder-1/>"
23033
#: serverguide/C/mail.xml:75(para)
23035
"Replace mail.example.com with the domain for which you'll accept email, "
23036
"192.168.0.0/24 with the actual network and class range of your mail server, "
23037
"and steve with the appropriate username."
23039
"Replace mail.example.com with the domain for which you'll accept e-mail, "
23040
"192.168.0.0/24 with the actual network and class range of your mail server, "
23041
"and steve with the appropriate username."
23043
#: serverguide/C/mail.xml:81(para)
23045
"Now is a good time to decide which mailbox format you want to use. By "
23046
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
23047
"mailbox format. Rather than editing the configuration file directly, you can "
23048
"use the <command>postconf</command> command to configure all "
23049
"<application>postfix</application> parameters. The configuration parameters "
23050
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
23051
"you wish to re-configure a particular parameter, you can either run the "
23052
"command or change it manually in the file."
23054
"Now is a good time to decide which mailbox format you want to use. By "
23055
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
23056
"mailbox format. Rather than editing the configuration file directly, you can "
23057
"use the <command>postconf</command> command to configure all "
23058
"<application>postfix</application> parameters. The configuration parameters "
23059
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
23060
"you wish to re-configure a particular parameter, you can either run the "
23061
"command or change it manually in the file."
23063
#: serverguide/C/mail.xml:92(para)
23065
"To configure the mailbox format for <emphasis "
23066
"role=\"strong\">Maildir:</emphasis>"
23068
"To configure the mailbox format for <emphasis "
23069
"role=\"strong\">Maildir:</emphasis>"
23071
#: serverguide/C/mail.xml:97(command)
23072
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
23073
msgstr "sudo postconf -e 'home_mailbox = Maildir/'"
23075
#: serverguide/C/mail.xml:100(para)
23077
"This will place new mail in /home/<emphasis "
23078
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
23079
"your Mail Delivery Agent (MDA) to use the same path."
23081
"This will place new mail in /home/<emphasis "
23082
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
23083
"your Mail Delivery Agent (MDA) to use the same path."
23085
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
23086
msgid "SMTP Authentication"
23087
msgstr "SMTP Authentication"
23089
#: serverguide/C/mail.xml:110(para)
23091
"SMTP-AUTH allows a client to identify itself through an authentication "
23092
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
23093
"the authentication process. Once authenticated the SMTP server will allow "
23094
"the client to relay mail."
23096
"SMTP-AUTH allows a client to identify itself through an authentication "
23097
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
23098
"the authentication process. Once authenticated the SMTP server will allow "
23099
"the client to relay mail."
23101
#: serverguide/C/mail.xml:117(para)
23102
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
23103
msgstr "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
23105
#: serverguide/C/mail.xml:120(screen)
23109
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
23110
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
23111
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
23112
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
23113
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
23114
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
23115
"sudo postconf -e 'smtpd_recipient_restrictions = "
23116
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
23117
"sudo postconf -e 'inet_interfaces = all'\n"
23120
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
23121
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
23122
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
23123
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
23124
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
23125
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
23126
"sudo postconf -e 'smtpd_recipient_restrictions = "
23127
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
23128
"sudo postconf -e 'inet_interfaces = all'\n"
23130
#: serverguide/C/mail.xml:131(para)
23132
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
23133
"the Postfix queue directory."
23135
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
23136
"the Postfix queue directory."
23138
#: serverguide/C/mail.xml:137(para)
23140
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
23141
"and-security\"/> for details. This example also uses a Certificate Authority "
23142
"(CA). For information on generating a CA certificate see <xref "
23143
"linkend=\"certificate-authority\"/>."
23145
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
23146
"and-security\"/> for details. This example also uses a Certificate Authority "
23147
"(CA). For information on generating a CA certificate see <xref "
23148
"linkend=\"certificate-authority\"/>."
23150
#: serverguide/C/mail.xml:143(para)
23152
"You can get the digital certificate from a certificate authority. But unlike "
23153
"web clients, SMTP clients rarely complain about \"self-signed "
23154
"certificates\", so alternatively, you can create the certificate yourself. "
23155
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
23158
"You can get the digital certificate from a certificate authority. But unlike "
23159
"web clients, SMTP clients rarely complain about \"self-signed "
23160
"certificates\", so alternatively, you can create the certificate yourself. "
23161
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
23164
#: serverguide/C/mail.xml:155(para)
23166
"Once you have a certificate, configure Postfix to provide TLS encryption for "
23167
"both incoming and outgoing mail:"
23169
"Once you have a certificate, configure Postfix to provide TLS encryption for "
23170
"both incoming and outgoing mail:"
23172
#: serverguide/C/mail.xml:158(screen)
23176
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
23177
"sudo postconf -e 'smtp_use_tls = yes'\n"
23178
"sudo postconf -e 'smtpd_use_tls = yes'\n"
23179
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
23180
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
23181
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
23182
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
23183
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
23184
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
23185
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
23186
"sudo postconf -e 'myhostname = mail.example.com'\n"
23189
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
23190
"sudo postconf -e 'smtp_use_tls = yes'\n"
23191
"sudo postconf -e 'smtpd_use_tls = yes'\n"
23192
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
23193
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
23194
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
23195
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
23196
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
23197
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
23198
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
23199
"sudo postconf -e 'myhostname = mail.example.com'\n"
23201
#: serverguide/C/mail.xml:173(para)
23203
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
23204
"the certificate enter:"
23206
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
23207
"the certificate enter:"
23209
#: serverguide/C/mail.xml:177(command)
23210
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
23211
msgstr "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
23213
#: serverguide/C/mail.xml:180(para)
23215
"Again, for more details about certificates see <xref linkend=\"certificates-"
23216
"and-security\"/>."
23218
"Again, for more details about certificates see <xref linkend=\"certificates-"
23219
"and-security\"/>."
23221
#: serverguide/C/mail.xml:186(para)
23223
"After running all the commands, <application>Postfix</application> is "
23224
"configured for SMTP-AUTH and a self-signed certificate has been created for "
23227
"After running all the commands, <application>Postfix</application> is "
23228
"configured for SMTP-AUTH and a self-signed certificate has been created for "
23231
#: serverguide/C/mail.xml:191(para)
23233
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
23234
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
23236
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
23237
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
23239
#: serverguide/C/mail.xml:195(para)
23241
"The postfix initial configuration is complete. Run the following command to "
23242
"restart the postfix daemon:"
23244
"The postfix initial configuration is complete. Run the following command to "
23245
"restart the postfix daemon:"
23247
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
23248
msgid "sudo /etc/init.d/postfix restart"
23249
msgstr "sudo /etc/init.d/postfix restart"
23251
#: serverguide/C/mail.xml:204(para)
23253
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
23254
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
23255
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
23256
"However it is still necessary to set up SASL authentication before you can "
23259
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
23260
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
23261
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
23262
"However it is still necessary to set up SASL authentication before you can "
23265
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
23266
msgid "Configuring SASL"
23267
msgstr "Configuring SASL"
23269
#: serverguide/C/mail.xml:215(para)
23271
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
23272
"enable Dovecot SASL the <application>dovecot-common</application> package "
23273
"will need to be installed. From a terminal prompt enter the following:"
23275
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
23276
"enable Dovecot SASL the <application>dovecot-common</application> package "
23277
"will need to be installed. From a terminal prompt enter the following:"
23279
#: serverguide/C/mail.xml:221(command)
23280
msgid "sudo apt-get install dovecot-common"
23281
msgstr "sudo apt-get install dovecot-common"
23283
#: serverguide/C/mail.xml:223(para)
23285
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
23286
"In the <emphasis>auth default</emphasis> section uncomment the "
23287
"<emphasis>socket listen</emphasis> option and change the following:"
23289
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
23290
"In the <emphasis>auth default</emphasis> section uncomment the "
23291
"<emphasis>socket listen</emphasis> option and change the following:"
23293
#: serverguide/C/mail.xml:227(programlisting)
23297
" socket listen {\n"
23299
" # Master socket provides access to userdb information. It's typically\n"
23300
" # used to give Dovecot's local delivery agent access to userdb so it\n"
23301
" # can find mailbox locations.\n"
23302
" #path = /var/run/dovecot/auth-master\n"
23304
" # Default user/group is the one who started dovecot-auth (root)\n"
23309
" # The client socket is generally safe to export to everyone. Typical "
23311
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
23313
" path = /var/spool/postfix/private/auth-client\n"
23315
" user = postfix\n"
23316
" group = postfix\n"
23321
" socket listen {\n"
23323
" # Master socket provides access to userdb information. It's typically\n"
23324
" # used to give Dovecot's local delivery agent access to userdb so it\n"
23325
" # can find mailbox locations.\n"
23326
" #path = /var/run/dovecot/auth-master\n"
23328
" # Default user/group is the one who started dovecot-auth (root)\n"
23333
" # The client socket is generally safe to export to everyone. Typical "
23335
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
23337
" path = /var/spool/postfix/private/auth-client\n"
23339
" user = postfix\n"
23340
" group = postfix\n"
23344
#: serverguide/C/mail.xml:251(para)
23346
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
23347
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
23348
"add <emphasis>\"login\"</emphasis>:"
23350
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
23351
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
23352
"add <emphasis>\"login\"</emphasis>:"
23354
#: serverguide/C/mail.xml:256(programlisting)
23358
" mechanisms = plain login\n"
23361
" mechanisms = plain login\n"
23363
#: serverguide/C/mail.xml:260(para)
23365
"Once you have <application>Dovecot</application> configured restart it with:"
23367
"Once you have <application>Dovecot</application> configured restart it with:"
23369
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
23370
msgid "sudo /etc/init.d/dovecot restart"
23371
msgstr "sudo /etc/init.d/dovecot restart"
23373
#: serverguide/C/mail.xml:269(title)
23374
msgid "Postfix-Dovecot"
23375
msgstr "Postfix-Dovecot"
23377
#: serverguide/C/mail.xml:271(para)
23379
"Another option for configuring <application>Postfix</application> for SMTP-"
23380
"AUTH is using the <application>dovecot-postfix</application> package. This "
23381
"package will install <application>Dovecot</application> and configure "
23382
"<application>Postfix</application> to use it for both SASL authentication "
23383
"and as a Mail Delivery Agent (MDA). The package also configures "
23384
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
23386
"Another option for configuring <application>Postfix</application> for SMTP-"
23387
"AUTH is using the <application>dovecot-postfix</application> package. This "
23388
"package will install <application>Dovecot</application> and configure "
23389
"<application>Postfix</application> to use it for both SASL authentication "
23390
"and as a Mail Delivery Agent (MDA). The package also configures "
23391
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
23393
#: serverguide/C/mail.xml:280(para)
23395
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
23396
"server. For example, if you are configuring your server to be a mail "
23397
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
23398
"the above commands to configure Postfix for SMTPAUTH."
23400
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
23401
"server. For example, if you are configuring your server to be a mail "
23402
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
23403
"the above commands to configure Postfix for SMTPAUTH."
23405
#: serverguide/C/mail.xml:287(para)
23406
msgid "To install the package, from a terminal prompt enter:"
23407
msgstr "To install the package, from a terminal prompt enter:"
23409
#: serverguide/C/mail.xml:292(command)
23410
msgid "sudo apt-get install dovecot-postfix"
23411
msgstr "sudo apt-get install dovecot-postfix"
23413
#: serverguide/C/mail.xml:295(para)
23415
"You should now have a working mail server, but there are a few options that "
23416
"you may wish to further customize. For example, the package uses the "
23417
"certificate and key from the <application>ssl-cert</application> package, "
23418
"and in a production environment you should use a certificate and key "
23419
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
23420
"for more details."
23422
"You should now have a working mail server, but there are a few options that "
23423
"you may wish to further customise. For example, the package uses the "
23424
"certificate and key from the <application>ssl-cert</application> package, "
23425
"and in a production environment you should use a certificate and key "
23426
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
23427
"for more details."
23429
#: serverguide/C/mail.xml:301(para)
23431
"Once you have a customized certificate and key for the host, change the "
23432
"following options in <filename>/etc/postfix/main.cf</filename>:"
23434
"Once you have a customised certificate and key for the host, change the "
23435
"following options in <filename>/etc/postfix/main.cf</filename>:"
23437
#: serverguide/C/mail.xml:305(programlisting)
23441
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
23442
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
23445
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
23446
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
23448
#: serverguide/C/mail.xml:310(para)
23449
msgid "Then restart Postfix:"
23450
msgstr "Then restart Postfix:"
23452
#: serverguide/C/mail.xml:321(para)
23454
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
23456
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
23458
#: serverguide/C/mail.xml:324(para)
23459
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
23461
"To see if SMTP-AUTH and TLS work properly, run the following command:"
23463
#: serverguide/C/mail.xml:329(command)
23464
msgid "telnet mail.example.com 25"
23465
msgstr "telnet mail.example.com 25"
23467
#: serverguide/C/mail.xml:331(para)
23469
"After you have established the connection to the postfix mail server, type:"
23471
"After you have established the connection to the postfix mail server, type:"
23473
#: serverguide/C/mail.xml:335(screen)
23477
"ehlo mail.example.com\n"
23480
"ehlo mail.example.com\n"
23482
#: serverguide/C/mail.xml:338(para)
23484
"If you see the following lines among others, then everything is working "
23485
"perfectly. Type <command>quit</command> to exit."
23487
"If you see the following lines among others, then everything is working "
23488
"perfectly. Type <command>quit</command> to exit."
23490
#: serverguide/C/mail.xml:342(programlisting)
23495
"250-AUTH LOGIN PLAIN\n"
23496
"250-AUTH=LOGIN PLAIN\n"
23501
"250-AUTH LOGIN PLAIN\n"
23502
"250-AUTH=LOGIN PLAIN\n"
23505
#: serverguide/C/mail.xml:352(para)
23507
"This section introduces some common ways to determine the cause if problems "
23510
"This section introduces some common ways to determine the cause if problems "
23513
#: serverguide/C/mail.xml:356(title)
23514
msgid "Escaping chroot"
23515
msgstr "Escaping chroot"
23517
#: serverguide/C/mail.xml:357(para)
23519
"The Ubuntu <application>postfix</application> package will by default "
23520
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
23521
"This can add greater complexity when troubleshooting problems."
23523
"The Ubuntu <application>postfix</application> package will by default "
23524
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
23525
"This can add greater complexity when troubleshooting problems."
23527
#: serverguide/C/mail.xml:361(para)
23529
"To turn off the chroot operation locate for the following line in the "
23530
"<filename>/etc/postfix/master.cf</filename> configuration file:"
23532
"To turn off the chroot operation locate for the following line in the "
23533
"<filename>/etc/postfix/master.cf</filename> configuration file:"
23535
#: serverguide/C/mail.xml:365(screen)
23539
"smtp inet n - - - - smtpd\n"
23542
"smtp inet n - - - - smtpd\n"
23544
#: serverguide/C/mail.xml:368(para)
23545
msgid "and modify it as follows:"
23546
msgstr "and modify it as follows:"
23548
#: serverguide/C/mail.xml:371(screen)
23552
"smtp inet n - n - - smtpd\n"
23555
"smtp inet n - n - - smtpd\n"
23557
#: serverguide/C/mail.xml:374(para)
23559
"You will then need to restart Postfix to use the new configuration. From a "
23560
"terminal prompt enter:"
23562
"You will then need to restart Postfix to use the new configuration. From a "
23563
"terminal prompt enter:"
23565
#: serverguide/C/mail.xml:382(title)
23569
#: serverguide/C/mail.xml:383(para)
23571
"<application>Postfix</application> sends all log messages to "
23572
"<filename>/var/log/mail.log</filename>. However error and warning messages "
23573
"can sometimes get lost in the normal log output so they are also logged to "
23574
"<filename>/var/log/mail.err</filename> and "
23575
"<filename>/var/log/mail.warn</filename> respectively."
23577
"<application>Postfix</application> sends all log messages to "
23578
"<filename>/var/log/mail.log</filename>. However error and warning messages "
23579
"can sometimes get lost in the normal log output so they are also logged to "
23580
"<filename>/var/log/mail.err</filename> and "
23581
"<filename>/var/log/mail.warn</filename> respectively."
23583
#: serverguide/C/mail.xml:388(para)
23585
"To see messages entered into the logs in real time you can use the "
23586
"<application>tail -f</application> command:"
23588
"To see messages entered into the logs in real time you can use the "
23589
"<application>tail -f</application> command:"
23591
#: serverguide/C/mail.xml:393(command)
23592
msgid "tail -f /var/log/mail.err"
23593
msgstr "tail -f /var/log/mail.err"
23595
#: serverguide/C/mail.xml:395(para)
23597
"The amount of detail that is recorded in the logs can be increased. Below "
23598
"are some configuration options for increasing the log level for some of the "
23599
"areas covered above."
23601
"The amount of detail that is recorded in the logs can be increased. Below "
23602
"are some configuration options for increasing the log level for some of the "
23603
"areas covered above."
23605
#: serverguide/C/mail.xml:401(para)
23607
"To increase <emphasis>TLS</emphasis> activity logging set the "
23608
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
23610
"To increase <emphasis>TLS</emphasis> activity logging set the "
23611
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
23613
#: serverguide/C/mail.xml:405(command)
23614
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
23615
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
23617
#: serverguide/C/mail.xml:409(para)
23619
"If you are having trouble sending or receiving mail from a specific domain "
23620
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
23622
"If you are having trouble sending or receiving mail from a specific domain "
23623
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
23625
#: serverguide/C/mail.xml:414(command)
23626
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
23627
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
23629
#: serverguide/C/mail.xml:418(para)
23631
"You can increase the verbosity of any <application>Postfix</application> "
23632
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
23633
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
23634
"<emphasis>smtp</emphasis> entry:"
23636
"You can increase the verbosity of any <application>Postfix</application> "
23637
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
23638
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
23639
"<emphasis>smtp</emphasis> entry:"
23641
#: serverguide/C/mail.xml:422(programlisting)
23645
"smtp unix - - - - - smtp -v\n"
23648
"smtp unix - - - - - smtp -v\n"
23650
#: serverguide/C/mail.xml:428(para)
23652
"It is important to note that after making one of the logging changes above "
23653
"the <application>Postfix</application> process will need to be reloaded in "
23654
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
23657
"It is important to note that after making one of the logging changes above "
23658
"the <application>Postfix</application> process will need to be reloaded in "
23659
"order to recognise the new configuration: <command>sudo /etc/init.d/postfix "
23662
#: serverguide/C/mail.xml:435(para)
23664
"To increase the amount of information logged when troubleshooting "
23665
"<emphasis>SASL</emphasis> issues you can set the following options in "
23666
"<filename>/etc/dovecot/dovecot.conf</filename>"
23668
"To increase the amount of information logged when troubleshooting "
23669
"<emphasis>SASL</emphasis> issues you can set the following options in "
23670
"<filename>/etc/dovecot/dovecot.conf</filename>"
23672
#: serverguide/C/mail.xml:439(programlisting)
23677
"auth_debug_passwords=yes\n"
23681
"auth_debug_passwords=yes\n"
23683
#: serverguide/C/mail.xml:446(para)
23685
"Just like <application>Postfix</application> if you change a "
23686
"<application>Dovecot</application> configuration the process will need to be "
23687
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
23689
"Just like <application>Postfix</application> if you change a "
23690
"<application>Dovecot</application> configuration the process will need to be "
23691
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
23693
#: serverguide/C/mail.xml:452(para)
23695
"Some of the options above can drastically increase the amount of information "
23696
"sent to the log files. Remember to return the log level back to normal after "
23697
"you have corrected the problem. Then reload the appropriate daemon for the "
23698
"new configuration to take affect."
23700
"Some of the options above can drastically increase the amount of information "
23701
"sent to the log files. Remember to return the log level back to normal after "
23702
"you have corrected the problem. Then reload the appropriate daemon for the "
23703
"new configuration to take affect."
23705
#: serverguide/C/mail.xml:460(para)
23707
"Administering a <application>Postfix</application> server can be a very "
23708
"complicated task. At some point you may need to turn to the Ubuntu community "
23709
"for more experienced help."
23711
"Administering a <application>Postfix</application> server can be a very "
23712
"complicated task. At some point you may need to turn to the Ubuntu community "
23713
"for more experienced help."
23715
#: serverguide/C/mail.xml:464(para)
23717
"A great place to ask for <application>Postfix</application> assistance, and "
23718
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
23719
"server</emphasis> IRC channel on <ulink "
23720
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
23721
"one of the <ulink "
23722
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
23724
"A great place to ask for <application>Postfix</application> assistance, and "
23725
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
23726
"server</emphasis> IRC channel on <ulink "
23727
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
23728
"one of the <ulink "
23729
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
23731
#: serverguide/C/mail.xml:469(para)
23733
"For in depth <application>Postfix</application> information Ubuntu "
23734
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
23735
"Book of Postfix</ulink>."
23737
"For in depth <application>Postfix</application> information Ubuntu "
23738
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
23739
"Book of Postfix</ulink>."
23741
#: serverguide/C/mail.xml:473(para)
23743
"Finally, the <ulink "
23744
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
23745
"also has great documentation on all the different configuration options "
23748
"Finally, the <ulink "
23749
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
23750
"also has great documentation on all the different configuration options "
23753
#: serverguide/C/mail.xml:477(para)
23755
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
23756
"Wiki Postifx</ulink> page has more information."
23758
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
23759
"Wiki Postifx</ulink> page has more information."
23761
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
23765
#: serverguide/C/mail.xml:486(para)
23767
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
23768
"developed at the University of Cambridge for use on Unix systems connected "
23769
"to the Internet. Exim can be installed in place of "
23770
"<application>sendmail</application>, although the configuration of "
23771
"<application>exim</application> is quite different to that of "
23772
"<application>sendmail</application>."
23774
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
23775
"developed at the University of Cambridge for use on Unix systems connected "
23776
"to the Internet. Exim can be installed in place of "
23777
"<application>sendmail</application>, although the configuration of "
23778
"<application>exim</application> is quite different to that of "
23779
"<application>sendmail</application>."
23781
#: serverguide/C/mail.xml:497(para)
23783
"To install <application>exim4</application>, run the following command: "
23785
"<command>sudo apt-get install exim4</command>\n"
23788
"To install <application>exim4</application>, run the following command: "
23790
"<command>sudo apt-get install exim4</command>\n"
23793
#: serverguide/C/mail.xml:506(para)
23795
"To configure <application>Exim4</application>, run the following command:"
23797
"To configure <application>Exim4</application>, run the following command:"
23799
#: serverguide/C/mail.xml:510(command)
23800
msgid "sudo dpkg-reconfigure exim4-config"
23801
msgstr "sudo dpkg-reconfigure exim4-config"
23803
#: serverguide/C/mail.xml:512(para)
23805
"The user interface will be displayed. The user interface lets you configure "
23806
"many parameters. For example, In <application>Exim4</application> the "
23807
"configuration files are split among multiple files. If you wish to have them "
23808
"in one file you can configure accordingly in this user interface."
23810
"The user interface will be displayed. The user interface lets you configure "
23811
"many parameters. For example, In <application>Exim4</application> the "
23812
"configuration files are split among multiple files. If you wish to have them "
23813
"in one file you can configure accordingly in this user interface."
23815
#: serverguide/C/mail.xml:520(para)
23817
"All the parameters you configure in the user interface are stored in "
23818
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
23819
"re-configure, either you re-run the configuration wizard or manually edit "
23820
"this file using your favorite editor. Once you configure, you can run the "
23821
"following command to generate the master configuration file:"
23823
"All the parameters you configure in the user interface are stored in "
23824
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
23825
"re-configure, either you re-run the configuration wizard or manually edit "
23826
"this file using your favourite editor. Once you configure, you can run the "
23827
"following command to generate the master configuration file:"
23829
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
23830
msgid "sudo update-exim4.conf"
23831
msgstr "sudo update-exim4.conf"
23833
#: serverguide/C/mail.xml:533(para)
23835
"The master configuration file, is generated and it is stored in "
23836
"<filename>/var/lib/exim4/config.autogenerated</filename>."
23838
"The master configuration file, is generated and it is stored in "
23839
"<filename>/var/lib/exim4/config.autogenerated</filename>."
23841
#: serverguide/C/mail.xml:539(para)
23843
"At any time, you should not edit the master configuration file, "
23844
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
23845
"updated automatically every time you run <command>update-exim4.conf</command>"
23847
"At any time, you should not edit the master configuration file, "
23848
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
23849
"updated automatically every time you run <command>update-exim4.conf</command>"
23851
#: serverguide/C/mail.xml:547(para)
23853
"You can run the following command to start <application>Exim4</application> "
23856
"You can run the following command to start <application>Exim4</application> "
23859
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
23860
msgid "sudo /etc/init.d/exim4 start"
23861
msgstr "sudo /etc/init.d/exim4 start"
23863
#: serverguide/C/mail.xml:557(para)
23865
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
23867
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
23869
#: serverguide/C/mail.xml:560(para)
23871
"The first step is to create a certificate for use with TLS. Enter the "
23872
"following into a terminal prompt:"
23874
"The first step is to create a certificate for use with TLS. Enter the "
23875
"following into a terminal prompt:"
23877
#: serverguide/C/mail.xml:564(command)
23878
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
23879
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
23881
#: serverguide/C/mail.xml:566(para)
23883
"Now Exim4 needs to be configured for TLS by editing "
23884
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
23887
"Now Exim4 needs to be configured for TLS by editing "
23888
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
23891
#: serverguide/C/mail.xml:570(programlisting)
23895
"MAIN_TLS_ENABLE = yes\n"
23898
"MAIN_TLS_ENABLE = yes\n"
23900
#: serverguide/C/mail.xml:573(para)
23902
"Next you need to configure <application>Exim4</application> to use the "
23903
"<application>saslauthd</application> for authentication. Edit "
23904
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
23905
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
23906
"<emphasis>login_saslauthd_server</emphasis> sections:"
23908
"Next you need to configure <application>Exim4</application> to use the "
23909
"<application>saslauthd</application> for authentication. Edit "
23910
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
23911
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
23912
"<emphasis>login_saslauthd_server</emphasis> sections:"
23914
#: serverguide/C/mail.xml:578(programlisting)
23918
" plain_saslauthd_server:\n"
23919
" driver = plaintext\n"
23920
" public_name = PLAIN\n"
23921
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
23922
" server_set_id = $auth2\n"
23923
" server_prompts = :\n"
23924
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
23925
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
23928
" login_saslauthd_server:\n"
23929
" driver = plaintext\n"
23930
" public_name = LOGIN\n"
23931
" server_prompts = \"Username:: : Password::\"\n"
23932
" # don't send system passwords over unencrypted connections\n"
23933
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
23934
" server_set_id = $auth1\n"
23935
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
23936
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
23940
" plain_saslauthd_server:\n"
23941
" driver = plaintext\n"
23942
" public_name = PLAIN\n"
23943
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
23944
" server_set_id = $auth2\n"
23945
" server_prompts = :\n"
23946
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
23947
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
23950
" login_saslauthd_server:\n"
23951
" driver = plaintext\n"
23952
" public_name = LOGIN\n"
23953
" server_prompts = \"Username:: : Password::\"\n"
23954
" # don't send system passwords over unencrypted connections\n"
23955
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
23956
" server_set_id = $auth1\n"
23957
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
23958
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
23961
#: serverguide/C/mail.xml:600(para)
23962
msgid "Finally, update the Exim4 configuration and restart the service:"
23963
msgstr "Finally, update the Exim4 configuration and restart the service:"
23965
#: serverguide/C/mail.xml:605(command)
23966
msgid "sudo /etc/init.d/exim4 restart"
23967
msgstr "sudo /etc/init.d/exim4 restart"
23969
#: serverguide/C/mail.xml:610(para)
23971
"This section provides details on configuring the saslauthd to provide "
23972
"authentication for <application>Exim4</application>."
23974
"This section provides details on configuring the saslauthd to provide "
23975
"authentication for <application>Exim4</application>."
23977
#: serverguide/C/mail.xml:613(para)
23979
"The first step is to install the sasl2-bin package. From a terminal prompt "
23980
"enter the following:"
23982
"The first step is to install the sasl2-bin package. From a terminal prompt "
23983
"enter the following:"
23985
#: serverguide/C/mail.xml:617(command)
23986
msgid "sudo apt-get install sasl2-bin"
23987
msgstr "sudo apt-get install sasl2-bin"
23989
#: serverguide/C/mail.xml:619(para)
23991
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
23992
"and set START=no to:"
23994
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
23995
"and set START=no to:"
23997
#: serverguide/C/mail.xml:622(programlisting)
24006
#: serverguide/C/mail.xml:625(para)
24008
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
24009
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
24012
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
24013
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
24016
#: serverguide/C/mail.xml:630(command)
24017
msgid "sudo adduser Debian-exim sasl"
24018
msgstr "sudo adduser Debian-exim sasl"
24020
#: serverguide/C/mail.xml:632(para)
24021
msgid "Now start the <application>saslauthd</application> service:"
24022
msgstr "Now start the <application>saslauthd</application> service:"
24024
#: serverguide/C/mail.xml:636(command)
24025
msgid "sudo /etc/init.d/saslauthd start"
24026
msgstr "sudo /etc/init.d/saslauthd start"
24028
#: serverguide/C/mail.xml:638(para)
24030
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
24031
"and SASL authentication."
24033
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
24034
"and SASL authentication."
24036
#: serverguide/C/mail.xml:647(para)
24038
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
24041
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
24044
#: serverguide/C/mail.xml:652(para)
24046
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
24047
"server\">Exim4 Book</ulink> available."
24049
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
24050
"server\">Exim4 Book</ulink> available."
24052
#: serverguide/C/mail.xml:657(para)
24054
"Another resource is the <ulink "
24055
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
24058
"Another resource is the <ulink "
24059
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
24062
#: serverguide/C/mail.xml:666(title)
24063
msgid "Dovecot Server"
24064
msgstr "Dovecot Server"
24066
#: serverguide/C/mail.xml:667(para)
24068
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
24069
"security primarily in mind. It supports the major mailbox formats: mbox or "
24070
"Maildir. This section explain how to set it up as an imap or pop3 server."
24072
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
24073
"security primarily in mind. It supports the major mailbox formats: mbox or "
24074
"Maildir. This section explain how to set it up as an IMAP or POP3 server."
24076
#: serverguide/C/mail.xml:675(para)
24078
"To install <application>dovecot</application>, run the following command in "
24079
"the command prompt:"
24081
"To install <application>dovecot</application>, run the following command in "
24082
"the command prompt:"
24084
#: serverguide/C/mail.xml:680(command)
24085
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
24086
msgstr "sudo apt-get install dovecot-imapd dovecot-pop3d"
24088
#: serverguide/C/mail.xml:685(para)
24090
"To configure <application>dovecot</application>, you can edit the file "
24091
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
24092
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
24093
"secure). A description of these protocols is beyond the scope of this guide. "
24094
"For further information, refer to the Wikipedia articles on <ulink "
24095
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
24096
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
24099
"To configure <application>dovecot</application>, you can edit the file "
24100
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
24101
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
24102
"secure). A description of these protocols is beyond the scope of this guide. "
24103
"For further information, refer to the Wikipedia articles on <ulink "
24104
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
24105
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
24108
#: serverguide/C/mail.xml:695(para)
24110
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
24111
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
24112
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
24114
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
24115
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
24116
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
24118
#: serverguide/C/mail.xml:701(programlisting)
24122
"protocols = pop3 pop3s imap imaps\n"
24125
"protocols = pop3 pop3s imap imaps\n"
24127
#: serverguide/C/mail.xml:704(para)
24129
"Next, choose the mailbox you would like to use. "
24130
"<application>Dovecot</application> supports <emphasis "
24131
"role=\"strong\">maildir</emphasis> and <emphasis "
24132
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
24133
"mailbox formats. They both have their own benefits and are discussed on "
24134
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
24137
"Next, choose the mailbox you would like to use. "
24138
"<application>Dovecot</application> supports <emphasis "
24139
"role=\"strong\">maildir</emphasis> and <emphasis "
24140
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
24141
"mailbox formats. They both have their own benefits and are discussed on "
24142
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
24145
#: serverguide/C/mail.xml:712(para)
24147
"Once you have chosen your mailbox type, edit the file "
24148
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
24150
"Once you have chosen your mailbox type, edit the file "
24151
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
24153
#: serverguide/C/mail.xml:717(programlisting)
24157
"mail_location = maildir:~/Maildir # (for maildir)\n"
24159
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
24162
"mail_location = maildir:~/Maildir # (for maildir)\n"
24164
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
24166
#: serverguide/C/mail.xml:723(para)
24168
"You should configure your Mail Transport Agent (MTA) to transfer the "
24169
"incoming mail to this type of mailbox if it is different from the one you "
24172
"You should configure your Mail Transport Agent (MTA) to transfer the "
24173
"incoming mail to this type of mailbox if it is different from the one you "
24176
#: serverguide/C/mail.xml:729(para)
24178
"Once you have configured dovecot, restart the "
24179
"<application>dovecot</application> daemon in order to test your setup:"
24181
"Once you have configured dovecot, restart the "
24182
"<application>dovecot</application> daemon in order to test your setup:"
24184
#: serverguide/C/mail.xml:738(para)
24186
"If you have enabled imap, or pop3, you can also try to log in with the "
24187
"commands <command>telnet localhost pop3</command> or <command>telnet "
24188
"localhost imap2</command>. If you see something like the following, the "
24189
"installation has been successful:"
24191
"If you have enabled imap, or pop3, you can also try to log in with the "
24192
"commands <command>telnet localhost pop3</command> or <command>telnet "
24193
"localhost imap2</command>. If you see something like the following, the "
24194
"installation has been successful:"
24196
#: serverguide/C/mail.xml:745(programlisting)
24200
"bhuvan@rainbow:~$ telnet localhost pop3\n"
24201
"Trying 127.0.0.1...\n"
24202
"Connected to localhost.localdomain.\n"
24203
"Escape character is '^]'.\n"
24204
"+OK Dovecot ready.\n"
24207
"bhuvan@rainbow:~$ telnet localhost pop3\n"
24208
"Trying 127.0.0.1...\n"
24209
"Connected to localhost.localdomain.\n"
24210
"Escape character is '^]'.\n"
24211
"+OK Dovecot ready.\n"
24213
#: serverguide/C/mail.xml:754(title)
24214
msgid "Dovecot SSL Configuration"
24215
msgstr "Dovecot SSL Configuration"
24217
#: serverguide/C/mail.xml:755(para)
24219
"To configure <application>dovecot</application> to use SSL, you can edit the "
24220
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
24223
"To configure <application>dovecot</application> to use SSL, you can edit the "
24224
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
24227
#: serverguide/C/mail.xml:760(programlisting)
24231
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
24232
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
24233
"ssl_disable = no\n"
24234
"disable_plaintext_auth = no\n"
24237
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
24238
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
24239
"ssl_disable = no\n"
24240
"disable_plaintext_auth = no\n"
24242
#: serverguide/C/mail.xml:766(para)
24244
"You can get the SSL certificate from a Certificate Issuing Authority or you "
24245
"can create self signed SSL certificate. The latter is a good option for "
24246
"email, because SMTP clients rarely complain about \"self-signed "
24247
"certificates\". Please refer to <xref linkend=\"certificates-and-"
24248
"security\"/> for details about how to create self signed SSL certificate. "
24249
"Once you create the certificate, you will have a key file and a certificate "
24250
"file. Please copy them to the location pointed in the "
24251
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
24253
"You can get the SSL certificate from a Certificate Issuing Authority or you "
24254
"can create self signed SSL certificate. The latter is a good option for e-"
24255
"mail, because SMTP clients rarely complain about \"self-signed "
24256
"certificates\". Please refer to <xref linkend=\"certificates-and-"
24257
"security\"/> for details about how to create self signed SSL certificate. "
24258
"Once you create the certificate, you will have a key file and a certificate "
24259
"file. Please copy them to the location pointed in the "
24260
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
24262
#: serverguide/C/mail.xml:781(title)
24263
msgid "Firewall Configuration for an Email Server"
24264
msgstr "Firewall Configuration for an E-mail Server"
24266
#: serverguide/C/mail.xml:787(para)
24268
msgstr "IMAP - 143"
24270
#: serverguide/C/mail.xml:788(para)
24271
msgid "IMAPS - 993"
24272
msgstr "IMAPS - 993"
24274
#: serverguide/C/mail.xml:789(para)
24276
msgstr "POP3 - 110"
24278
#: serverguide/C/mail.xml:790(para)
24279
msgid "POP3S - 995"
24280
msgstr "POP3S - 995"
24282
#: serverguide/C/mail.xml:782(para)
24284
"To access your mail server from another computer, you must configure your "
24285
"firewall to allow connections to the server on the necessary ports. "
24288
"To access your mail server from another computer, you must configure your "
24289
"firewall to allow connections to the server on the necessary ports. "
24292
#: serverguide/C/mail.xml:799(para)
24294
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
24295
"more information."
24297
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
24298
"more information."
24300
#: serverguide/C/mail.xml:804(para)
24302
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
24303
"Ubuntu Wiki</ulink> page has more details."
24305
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
24306
"Ubuntu Wiki</ulink> page has more details."
24308
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
24312
#: serverguide/C/mail.xml:814(para)
24314
"Mailman is an open source program for managing electronic mail discussions "
24315
"and e-newsletter lists. Many open source mailing lists (including all the "
24316
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
24317
"Mailman as their mailing list software. It is powerful and easy to install "
24320
"Mailman is an open source program for managing electronic mail discussions "
24321
"and e-newsletter lists. Many open source mailing lists (including all the "
24322
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
24323
"Mailman as their mailing list software. It is powerful and easy to install "
24326
#: serverguide/C/mail.xml:824(para)
24328
"Mailman provides a web interface for the administrators and users, using an "
24329
"external mail server to send and receive emails. It works perfectly with the "
24330
"following mail servers:"
24332
"Mailman provides a web interface for the administrators and users, using an "
24333
"external mail server to send and receive e-mails. It works perfectly with "
24334
"the following mail servers:"
24336
#: serverguide/C/mail.xml:835(application)
24340
#: serverguide/C/mail.xml:838(application)
24344
#: serverguide/C/mail.xml:841(application)
24348
#: serverguide/C/mail.xml:846(para)
24350
"We will see how to install and configure Mailman with, the Apache web "
24351
"server, and either the Postfix or Exim mail server. If you wish to install "
24352
"Mailman with a different mail server, please refer to the references section."
24354
"We will see how to install and configure Mailman with, the Apache web "
24355
"server, and either the Postfix or Exim mail server. If you wish to install "
24356
"Mailman with a different mail server, please refer to the references section."
24358
#: serverguide/C/mail.xml:853(para)
24360
"You only need to install one mail server and "
24361
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
24363
"You only need to install one mail server and "
24364
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
24366
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
24370
#: serverguide/C/mail.xml:859(para)
24372
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
24373
"installation\">HTTPD Installation</ulink> section for details."
24375
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
24376
"installation\">HTTPD Installation</ulink> section for details."
24378
#: serverguide/C/mail.xml:867(para)
24380
"For instructions on installing and configuring Postfix refer to <xref "
24381
"linkend=\"postfix\"/>"
24383
"For instructions on installing and configuring Postfix refer to <xref "
24384
"linkend=\"postfix\"/>"
24386
#: serverguide/C/mail.xml:873(para)
24387
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
24388
msgstr "To install Exim4 refer to <xref linkend=\"exim4\"/>."
24390
#: serverguide/C/mail.xml:884(application)
24391
msgid "dc_use_split_config='true'"
24392
msgstr "dc_use_split_config='true'"
24394
#: serverguide/C/mail.xml:876(para)
24396
"Once exim4 is installed, the configuration files are stored in the "
24397
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
24398
"configuration files are split across different files. You can change this "
24399
"behavior by changing the following variable in the "
24400
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
24402
"Once exim4 is installed, the configuration files are stored in the "
24403
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
24404
"configuration files are split across different files. You can change this "
24405
"behaviour by changing the following variable in the "
24406
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
24408
#: serverguide/C/mail.xml:891(para)
24410
"To install <application>Mailman</application>, run following command at a "
24413
"To install <application>Mailman</application>, run following command at a "
24416
#: serverguide/C/mail.xml:895(command)
24417
msgid "sudo apt-get install mailman"
24418
msgstr "sudo apt-get install mailman"
24420
#: serverguide/C/mail.xml:897(para)
24422
"It copies the installation files in "
24423
"<application>/var/lib/mailman</application> directory. It installs the CGI "
24424
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
24425
"creates <emphasis>list</emphasis> linux user. It creates the "
24426
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
24429
"It copies the installation files in "
24430
"<application>/var/lib/mailman</application> directory. It installs the CGI "
24431
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
24432
"creates <emphasis>list</emphasis> linux user. It creates the "
24433
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
24436
#: serverguide/C/mail.xml:909(para)
24438
"This section assumes you have successfully installed "
24439
"<application>mailman</application>, <application>apache2</application>, and "
24440
"<application>postfix</application> or <application>exim4</application>. Now "
24441
"you just need to configure them."
24443
"This section assumes you have successfully installed "
24444
"<application>mailman</application>, <application>apache2</application>, and "
24445
"<application>postfix</application> or <application>exim4</application>. Now "
24446
"you just need to configure them."
24448
#: serverguide/C/mail.xml:918(para)
24450
"An example Apache configuration file comes with "
24451
"<application>Mailman</application> and is placed in "
24452
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
24453
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
24454
"available</filename>:"
24456
"An example Apache configuration file comes with "
24457
"<application>Mailman</application> and is placed in "
24458
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
24459
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
24460
"available</filename>:"
24462
#: serverguide/C/mail.xml:924(command)
24464
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
24466
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
24468
#: serverguide/C/mail.xml:926(para)
24470
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
24471
"Mailman administration site. Now enable the new configuration and restart "
24474
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
24475
"Mailman administration site. Now enable the new configuration and restart "
24478
#: serverguide/C/mail.xml:931(command)
24479
msgid "sudo a2ensite mailman.conf"
24480
msgstr "sudo a2ensite mailman.conf"
24482
#: serverguide/C/mail.xml:934(para)
24484
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
24485
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
24486
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
24487
"can make changes to the <filename>/etc/apache2/sites-"
24488
"available/mailman.conf</filename> file if you wish to change this behavior."
24490
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
24491
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
24492
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
24493
"can make changes to the <filename>/etc/apache2/sites-"
24494
"available/mailman.conf</filename> file if you wish to change this behaviour."
24496
#: serverguide/C/mail.xml:945(para)
24498
"For <application>Postfix</application> integration, we will associate the "
24499
"domain lists.example.com with the mailing lists. Please replace "
24500
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
24502
"For <application>Postfix</application> integration, we will associate the "
24503
"domain lists.example.com with the mailing lists. Please replace "
24504
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
24506
#: serverguide/C/mail.xml:949(para)
24508
"You can use the postconf command to add the necessary configuration to "
24509
"<filename>/etc/postfix/main.cf</filename>:"
24511
"You can use the postconf command to add the necessary configuration to "
24512
"<filename>/etc/postfix/main.cf</filename>:"
24514
#: serverguide/C/mail.xml:953(command)
24515
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
24516
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
24518
#: serverguide/C/mail.xml:954(command)
24519
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
24520
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
24522
#: serverguide/C/mail.xml:955(command)
24523
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
24524
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
24526
#: serverguide/C/mail.xml:957(para)
24528
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
24529
"the following transport:"
24531
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
24532
"the following transport:"
24534
#: serverguide/C/mail.xml:960(programlisting)
24538
"mailman unix - n n - - pipe\n"
24539
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
24540
" ${nexthop} ${user}\n"
24543
"mailman unix - n n - - pipe\n"
24544
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
24545
" ${nexthop} ${user}\n"
24547
#: serverguide/C/mail.xml:965(para)
24549
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
24550
"is delivered to a list."
24552
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
24553
"is delivered to a list."
24555
#: serverguide/C/mail.xml:968(para)
24557
"Associate the domain lists.example.com to the Mailman transport with the "
24558
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
24560
"Associate the domain lists.example.com to the Mailman transport with the "
24561
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
24563
#: serverguide/C/mail.xml:971(programlisting)
24567
"lists.example.com mailman:\n"
24570
"lists.example.com mailman:\n"
24572
#: serverguide/C/mail.xml:974(para)
24574
"Now have <application>Postfix</application> build the transport map by "
24575
"entering the following from a terminal prompt:"
24577
"Now have <application>Postfix</application> build the transport map by "
24578
"entering the following from a terminal prompt:"
24580
#: serverguide/C/mail.xml:978(command)
24581
msgid "sudo postmap -v /etc/postfix/transport"
24582
msgstr "sudo postmap -v /etc/postfix/transport"
24584
#: serverguide/C/mail.xml:980(para)
24585
msgid "Then restart Postfix to enable the new configurations:"
24586
msgstr "Then restart Postfix to enable the new configurations:"
24588
#: serverguide/C/mail.xml:989(para)
24590
"Once Exim4 is installed, you can start the Exim server using the following "
24591
"command from a terminal prompt:"
24593
"Once Exim4 is installed, you can start the Exim server using the following "
24594
"command from a terminal prompt:"
24596
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
24600
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
24604
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
24608
#: serverguide/C/mail.xml:996(para)
24610
"In order to make mailman work with Exim4, you need to configure Exim4. As "
24611
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
24612
"different types. For details, please refer to the <ulink "
24613
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
24614
"add new a configuration file to the following configuration types: "
24615
"<placeholder-1/> Exim creates a master configuration file by sorting all "
24616
"these mini configuration files. So, the order of these configuration files "
24617
"is very important."
24619
"In order to make mailman work with Exim4, you need to configure Exim4. As "
24620
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
24621
"different types. For details, please refer to the <ulink "
24622
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
24623
"add new a configuration file to the following configuration types: "
24624
"<placeholder-1/> Exim creates a master configuration file by sorting all "
24625
"these mini configuration files. So, the order of these configuration files "
24626
"is very important."
24628
#: serverguide/C/mail.xml:1027(programlisting)
24633
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
24635
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
24636
"# This is normally the same as ~mailman\n"
24637
"MM_HOME=/var/lib/mailman\n"
24639
"# User and group for Mailman, should match your --with-mail-gid\n"
24640
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
24644
"# Domains that your lists are in - colon separated list\n"
24645
"# you may wish to add these into local_domains as well\n"
24646
"domainlist mm_domains=hostname.com\n"
24648
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
24650
"# These values are derived from the ones above and should not need\n"
24651
"# editing unless you have munged your mailman installation\n"
24653
"# The path of the Mailman mail wrapper script\n"
24654
"MM_WRAP=MM_HOME/mail/mailman\n"
24656
"# The path of the list config file (used as a required file when\n"
24657
"# verifying list addresses)\n"
24658
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
24663
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
24665
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
24666
"# This is normally the same as ~mailman\n"
24667
"MM_HOME=/var/lib/mailman\n"
24669
"# User and group for Mailman, should match your --with-mail-gid\n"
24670
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
24674
"# Domains that your lists are in - colon separated list\n"
24675
"# you may wish to add these into local_domains as well\n"
24676
"domainlist mm_domains=hostname.com\n"
24678
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
24680
"# These values are derived from the ones above and should not need\n"
24681
"# editing unless you have munged your mailman installation\n"
24683
"# The path of the Mailman mail wrapper script\n"
24684
"MM_WRAP=MM_HOME/mail/mailman\n"
24686
"# The path of the list config file (used as a required file when\n"
24687
"# verifying list addresses)\n"
24688
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
24691
#: serverguide/C/mail.xml:1021(para)
24693
"All the configuration files belonging to the main type are stored in the "
24694
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
24695
"following content to a new file, named <filename>04_exim4-"
24696
"config_mailman</filename>: <placeholder-1/>"
24698
"All the configuration files belonging to the main type are stored in the "
24699
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
24700
"following content to a new file, named <filename>04_exim4-"
24701
"config_mailman</filename>: <placeholder-1/>"
24703
#: serverguide/C/mail.xml:1067(programlisting)
24707
" mailman_transport:\n"
24709
" command = MM_WRAP \\\n"
24710
" '${if def:local_part_suffix \\\n"
24711
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
24715
" current_directory = MM_HOME\n"
24716
" home_directory = MM_HOME\n"
24718
" group = MM_GID\n"
24721
" mailman_transport:\n"
24723
" command = MM_WRAP \\\n"
24724
" '${if def:local_part_suffix \\\n"
24725
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
24729
" current_directory = MM_HOME\n"
24730
" home_directory = MM_HOME\n"
24732
" group = MM_GID\n"
24734
#: serverguide/C/mail.xml:1061(para)
24736
"All the configuration files belonging to transport type are stored in the "
24737
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
24738
"following content to a new file named <filename> 40_exim4-"
24739
"config_mailman</filename>: <placeholder-1/>"
24741
"All the configuration files belonging to transport type are stored in the "
24742
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
24743
"following content to a new file named <filename> 40_exim4-"
24744
"config_mailman</filename>: <placeholder-1/>"
24746
#: serverguide/C/mail.xml:1088(programlisting)
24750
" mailman_router:\n"
24751
" driver = accept\n"
24752
" require_files = MM_HOME/lists/$local_part/config.pck\n"
24753
" local_part_suffix_optional\n"
24754
" local_part_suffix = -bounces : -bounces+* : \\\n"
24755
" -confirm+* : -join : -leave : \\\n"
24756
" -owner : -request : -admin\n"
24757
" transport = mailman_transport\n"
24760
" mailman_router:\n"
24761
" driver = accept\n"
24762
" require_files = MM_HOME/lists/$local_part/config.pck\n"
24763
" local_part_suffix_optional\n"
24764
" local_part_suffix = -bounces : -bounces+* : \\\n"
24765
" -confirm+* : -join : -leave : \\\n"
24766
" -owner : -request : -admin\n"
24767
" transport = mailman_transport\n"
24769
#: serverguide/C/mail.xml:1084(para)
24771
"All the configuration files belonging to router type are stored in the "
24772
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
24773
"following content in to a new file named <filename>101_exim4-"
24774
"config_mailman</filename>: <placeholder-1/>"
24776
"All the configuration files belonging to router type are stored in the "
24777
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
24778
"following content in to a new file named <filename>101_exim4-"
24779
"config_mailman</filename>: <placeholder-1/>"
24781
#: serverguide/C/mail.xml:1101(para)
24783
"The order of main and transport configuration files can be in any order. "
24784
"But, the order of router configuration files must be the same. This "
24785
"particular file must appear before the <application>200_exim4-"
24786
"config_primary</application> file. These two configuration files contain "
24787
"same type of information. The first file takes the precedence. For more "
24788
"details, please refer to the references section."
24790
"The order of main and transport configuration files can be in any order. "
24791
"But, the order of router configuration files must be the same. This "
24792
"particular file must appear before the <application>200_exim4-"
24793
"config_primary</application> file. These two configuration files contain "
24794
"same type of information. The first file takes the precedence. For more "
24795
"details, please refer to the references section."
24797
#: serverguide/C/mail.xml:1114(para)
24799
"Once mailman is installed, you can run it using the following command:"
24801
"Once mailman is installed, you can run it using the following command:"
24803
#: serverguide/C/mail.xml:1118(command)
24804
msgid "sudo /etc/init.d/mailman start"
24805
msgstr "sudo /etc/init.d/mailman start"
24807
#: serverguide/C/mail.xml:1120(para)
24809
"Once mailman is installed, you should create the default mailing list. Run "
24810
"the following command to create the mailing list:"
24812
"Once mailman is installed, you should create the default mailing list. Run "
24813
"the following command to create the mailing list:"
24815
#: serverguide/C/mail.xml:1126(command)
24816
msgid "sudo /usr/sbin/newlist mailman"
24817
msgstr "sudo /usr/sbin/newlist mailman"
24819
#: serverguide/C/mail.xml:1129(programlisting)
24823
" Enter the email address of the person running the list: bhuvan at "
24825
" Initial mailman password:\n"
24826
" To finish creating your mailing list, you must edit your "
24827
"<filename>/etc/aliases</filename> (or\n"
24828
" equivalent) file by adding the following lines, and possibly running the\n"
24829
" `newaliases' program:\n"
24831
" ## mailman mailing list\n"
24832
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
24833
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
24834
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
24835
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
24836
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
24837
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
24838
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
24839
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
24840
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
24842
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
24845
" Hit enter to notify mailman owner...\n"
24850
" Enter the e-mail address of the person running the list: bhuvan at "
24852
" Initial mailman password:\n"
24853
" To finish creating your mailing list, you must edit your "
24854
"<filename>/etc/aliases</filename> (or\n"
24855
" equivalent) file by adding the following lines, and possibly running the\n"
24856
" `newaliases' program:\n"
24858
" ## mailman mailing list\n"
24859
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
24860
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
24861
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
24862
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
24863
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
24864
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
24865
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
24866
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
24867
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
24869
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
24872
" Hit enter to notify mailman owner...\n"
24876
#: serverguide/C/mail.xml:1152(para)
24878
"We have configured either Postfix or Exim4 to recognize all emails from "
24879
"mailman. So, it is not mandatory to make any new entries in "
24880
"<filename>/etc/aliases</filename>. If you have made any changes to the "
24881
"configuration files, please ensure that you restart those services before "
24882
"continuing to next section."
24884
"We have configured either Postfix or Exim4 to recognise all e-mails from "
24885
"mailman. So, it is not mandatory to make any new entries in "
24886
"<filename>/etc/aliases</filename>. If you have made any changes to the "
24887
"configuration files, please ensure that you restart those services before "
24888
"continuing to next section."
24890
#: serverguide/C/mail.xml:1160(para)
24892
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
24893
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
24894
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
24895
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
24897
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
24898
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
24899
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
24900
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
24902
#: serverguide/C/mail.xml:1171(title)
24903
msgid "Administration"
24904
msgstr "Administration"
24906
#: serverguide/C/mail.xml:1172(para)
24908
"We assume you have a default installation. The mailman cgi scripts are still "
24909
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
24910
"Mailman provides a web based administration facility. To access this page, "
24911
"point your browser to the following url:"
24913
"We assume you have a default installation. The mailman CGI scripts are still "
24914
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
24915
"Mailman provides a Web based administration facility. To access this page, "
24916
"point your browser to the following URL:"
24918
#: serverguide/C/mail.xml:1180(para)
24919
msgid "http://hostname/cgi-bin/mailman/admin"
24920
msgstr "http://hostname/cgi-bin/mailman/admin"
24922
#: serverguide/C/mail.xml:1184(para)
24924
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
24925
"screen. If you click the mailing list name, it will ask for your "
24926
"authentication password. If you enter the correct password, you will be able "
24927
"to change administrative settings of this mailing list. You can create a new "
24928
"mailing list using the command line utility "
24929
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
24930
"mailing list using the web interface."
24932
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
24933
"screen. If you click the mailing list name, it will ask for your "
24934
"authentication password. If you enter the correct password, you will be able "
24935
"to change administrative settings of this mailing list. You can create a new "
24936
"mailing list using the command line utility "
24937
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
24938
"mailing list using the Web interface."
24940
#: serverguide/C/mail.xml:1197(title)
24944
#: serverguide/C/mail.xml:1198(para)
24946
"Mailman provides a web based interface for users. To access this page, point "
24947
"your browser to the following url:"
24949
"Mailman provides a Web based interface for users. To access this page, point "
24950
"your browser to the following URL:"
24952
#: serverguide/C/mail.xml:1203(para)
24953
msgid "http://hostname/cgi-bin/mailman/listinfo"
24954
msgstr "http://hostname/cgi-bin/mailman/listinfo"
24956
#: serverguide/C/mail.xml:1207(para)
24958
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
24959
"screen. If you click the mailing list name, it will display the subscription "
24960
"form. You can enter your email address, name (optional), and password to "
24961
"subscribe. An email invitation will be sent to you. You can follow the "
24962
"instructions in the email to subscribe."
24964
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
24965
"screen. If you click the mailing list name, it will display the subscription "
24966
"form. You can enter your e-mail address, name (optional), and password to "
24967
"subscribe. An e-mail invitation will be sent to you. You can follow the "
24968
"instructions in the e-mail to subscribe."
24970
#: serverguide/C/mail.xml:1219(ulink)
24971
msgid "GNU Mailman - Installation Manual"
24972
msgstr "GNU Mailman - Installation Manual"
24974
#: serverguide/C/mail.xml:1223(ulink)
24975
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
24976
msgstr "HOWTO - Using Exim 4 and Mailman 2.1 together"
24978
#: serverguide/C/mail.xml:1226(para)
24980
"Also, see the <ulink "
24981
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
24982
"Wiki</ulink> page."
24984
"Also, see the <ulink "
24985
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
24986
"Wiki</ulink> page."
24988
#: serverguide/C/mail.xml:1232(title)
24989
msgid "Mail Filtering"
24990
msgstr "Mail Filtering"
24992
#: serverguide/C/mail.xml:1233(para)
24994
"One of the largest issues with email today is the problem of Unsolicited "
24995
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
24996
"and other forms of malware. According to some reports these messages make up "
24997
"the bulk of all email traffic on the Internet."
24999
"One of the largest issues with e-mail today is the problem of Unsolicited "
25000
"Bulk E-mail (UBE). Also known as SPAM, such messages may also carry viruses "
25001
"and other forms of malware. According to some reports these messages make up "
25002
"the bulk of all e-mail traffic on the Internet."
25004
#: serverguide/C/mail.xml:1238(para)
25006
"This section will cover integrating <application>Amavisd-new</application>, "
25007
"<application>Spamassassin</application>, and "
25008
"<application>ClamAV</application> with the "
25009
"<application>Postfix</application> Mail Transport Agent (MTA). "
25010
"<application>Postfix</application> can also check email validity by passing "
25011
"it through external content filters. These filters can sometimes determine "
25012
"if a message is spam without needing to process it with more resource "
25013
"intensive applications. Two common filters are "
25014
"<application>opendkim</application> and <application>python-policyd-"
25015
"spf</application>."
25017
"This section will cover integrating <application>Amavisd-new</application>, "
25018
"<application>Spamassassin</application>, and "
25019
"<application>ClamAV</application> with the "
25020
"<application>Postfix</application> Mail Transport Agent (MTA). "
25021
"<application>Postfix</application> can also check email validity by passing "
25022
"it through external content filters. These filters can sometimes determine "
25023
"if a message is spam without needing to process it with more resource "
25024
"intensive applications. Two common filters are "
25025
"<application>opendkim</application> and <application>python-policyd-"
25026
"spf</application>."
25028
#: serverguide/C/mail.xml:1248(para)
25030
"<application>Amavisd-new</application> is a wrapper program that can call "
25031
"any number of content filtering programs for spam detection, antivirus, etc."
25033
"<application>Amavisd-new</application> is a wrapper program that can call "
25034
"any number of content filtering programs for spam detection, antivirus, etc."
25036
#: serverguide/C/mail.xml:1254(para)
25038
"<application>Spamassassin</application> uses a variety of mechanisms to "
25039
"filter email based on the message content."
25041
"<application>Spamassassin</application> uses a variety of mechanisms to "
25042
"filter e-mail based on the message content."
25044
#: serverguide/C/mail.xml:1259(para)
25046
"<application>ClamAV</application> is an open source antivirus application."
25048
"<application>ClamAV</application> is an open source antivirus application."
25050
#: serverguide/C/mail.xml:1264(para)
25052
"<application>opendkim</application> implements a Sendmail Mail Filter "
25053
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
25055
"<application>opendkim</application> implements a Sendmail Mail Filter "
25056
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
25058
#: serverguide/C/mail.xml:1270(para)
25060
"<application>python-policyd-spf</application> enables Sender Policy "
25061
"Framework (SPF) checking with <application>Postfix</application>."
25063
"<application>python-policyd-spf</application> enables Sender Policy "
25064
"Framework (SPF) checking with <application>Postfix</application>."
25066
#: serverguide/C/mail.xml:1275(para)
25067
msgid "This is how the pieces fit together:"
25068
msgstr "This is how the pieces fit together:"
25070
#: serverguide/C/mail.xml:1280(para)
25071
msgid "An email message is accepted by <application>Postfix</application>."
25072
msgstr "An e-mail message is accepted by <application>Postfix</application>."
25074
#: serverguide/C/mail.xml:1285(para)
25076
"The message is passed through any external filters "
25077
"<application>opendkim</application> and <application>python-policyd-"
25078
"spf</application> in this case."
25080
"The message is passed through any external filters "
25081
"<application>opendkim</application> and <application>python-policyd-"
25082
"spf</application> in this case."
25084
#: serverguide/C/mail.xml:1291(para)
25085
msgid "<application>Amavisd-new</application> then processes the message."
25086
msgstr "<application>Amavisd-new</application> then processes the message."
25088
#: serverguide/C/mail.xml:1296(para)
25090
"<application>ClamAV</application> is used to scan the message. If the "
25091
"message contains a virus <application>Postfix</application> will reject the "
25094
"<application>ClamAV</application> is used to scan the message. If the "
25095
"message contains a virus <application>Postfix</application> will reject the "
25098
#: serverguide/C/mail.xml:1302(para)
25100
"Clean messages will then be analyzed by "
25101
"<application>Spamassassin</application> to find out if the message is spam. "
25102
"<application>Spamassassin</application> will then add X-Header lines "
25103
"allowing <application>Amavisd-new</application> to further manipulate the "
25106
"Clean messages will then be analysed by "
25107
"<application>Spamassassin</application> to find out if the message is spam. "
25108
"<application>Spamassassin</application> will then add X-Header lines "
25109
"allowing <application>Amavisd-new</application> to further manipulate the "
25112
#: serverguide/C/mail.xml:1309(para)
25114
"For example, if a message has a Spam score of over fifty the message could "
25115
"be automatically dropped from the queue without the recipient ever having to "
25116
"be bothered. Another, way to handle flagged messages is to deliver them to "
25117
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
25120
"For example, if a message has a Spam score of over fifty the message could "
25121
"be automatically dropped from the queue without the recipient ever having to "
25122
"be bothered. Another, way to handle flagged messages is to deliver them to "
25123
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
25126
#: serverguide/C/mail.xml:1316(para)
25128
"See <xref linkend=\"postfix\"/> for instructions on installing and "
25129
"configuring Postfix."
25131
"See <xref linkend=\"postfix\"/> for instructions on installing and "
25132
"configuring Postfix."
25134
#: serverguide/C/mail.xml:1319(para)
25136
"To install the rest of the applications enter the following from a terminal "
25139
"To install the rest of the applications enter the following from a terminal "
25142
#: serverguide/C/mail.xml:1323(command)
25143
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
25144
msgstr "sudo apt-get install amavisd-new spamassassin clamav-daemon"
25146
#: serverguide/C/mail.xml:1324(command)
25147
msgid "sudo apt-get install opendkim python-policyd-spf"
25148
msgstr "sudo apt-get install opendkim python-policyd-spf"
25150
#: serverguide/C/mail.xml:1326(para)
25152
"There are some optional packages that integrate with "
25153
"<application>Spamassassin</application> for better spam detection:"
25155
"There are some optional packages that integrate with "
25156
"<application>Spamassassin</application> for better spam detection:"
25158
#: serverguide/C/mail.xml:1330(command)
25159
msgid "sudo apt-get install pyzor razor"
25160
msgstr "sudo apt-get install pyzor razor"
25162
#: serverguide/C/mail.xml:1332(para)
25164
"Along with the main filtering applications compression utilities are needed "
25165
"to process some email attachments:"
25167
"Along with the main filtering applications compression utilities are needed "
25168
"to process some e-mail attachments:"
25170
#: serverguide/C/mail.xml:1336(command)
25172
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
25174
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
25176
#: serverguide/C/mail.xml:1339(para)
25178
"If some packages are not found, check that the "
25179
"<emphasis>multiverse</emphasis> repository is enabled in "
25180
"<filename>/etc/apt/sources.list</filename>"
25182
"If some packages are not found, check that the "
25183
"<emphasis>multiverse</emphasis> repository is enabled in "
25184
"<filename>/etc/apt/sources.list</filename>"
25186
#: serverguide/C/mail.xml:1340(para)
25188
"If you make changes to the file, be sure to run <command>sudo apt-get "
25189
"update</command> before trying to install again."
25191
"If you make changes to the file, be sure to run <command>sudo apt-get "
25192
"update</command> before trying to install again."
25194
#: serverguide/C/mail.xml:1345(para)
25195
msgid "Now configure everything to work together and filter email."
25196
msgstr "Now configure everything to work together and filter e-mail."
25198
#: serverguide/C/mail.xml:1349(title)
25202
#: serverguide/C/mail.xml:1350(para)
25204
"The default behaviour of <application>ClamAV</application> will fit our "
25205
"needs. For more ClamAV configuration options, check the configuration files "
25206
"in <filename>/etc/clamav</filename>."
25208
"The default behaviour of <application>ClamAV</application> will fit our "
25209
"needs. For more ClamAV configuration options, check the configuration files "
25210
"in <filename>/etc/clamav</filename>."
25212
#: serverguide/C/mail.xml:1355(para)
25214
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
25215
"group in order for <application>Amavisd-new</application> to have the "
25216
"appropriate access to scan files:"
25218
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
25219
"group in order for <application>Amavisd-new</application> to have the "
25220
"appropriate access to scan files:"
25222
#: serverguide/C/mail.xml:1360(command)
25223
msgid "sudo adduser clamav amavis"
25224
msgstr "sudo adduser clamav amavis"
25226
#: serverguide/C/mail.xml:1364(title)
25227
msgid "Spamassassin"
25228
msgstr "Spamassassin"
25230
#: serverguide/C/mail.xml:1365(para)
25232
"Spamassassin automatically detects optional components and will use them if "
25233
"they are present. This means that there is no need to configure "
25234
"<application>pyzor</application> and <application>razor</application>."
25236
"Spamassassin automatically detects optional components and will use them if "
25237
"they are present. This means that there is no need to configure "
25238
"<application>pyzor</application> and <application>razor</application>."
25240
#: serverguide/C/mail.xml:1369(para)
25242
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
25243
"<application>Spamassassin</application> daemon. Change "
25244
"<emphasis>ENABLED=0</emphasis> to:"
25246
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
25247
"<application>Spamassassin</application> daemon. Change "
25248
"<emphasis>ENABLED=0</emphasis> to:"
25250
#: serverguide/C/mail.xml:1373(programlisting)
25259
#: serverguide/C/mail.xml:1376(para)
25260
msgid "Now start the daemon:"
25261
msgstr "Now start the daemon:"
25263
#: serverguide/C/mail.xml:1380(command)
25264
msgid "sudo /etc/init.d/spamassassin start"
25265
msgstr "sudo /etc/init.d/spamassassin start"
25267
#: serverguide/C/mail.xml:1384(title)
25268
msgid "Amavisd-new"
25269
msgstr "Amavisd-new"
25271
#: serverguide/C/mail.xml:1385(para)
25273
"First activate spam and antivirus detection in <application>Amavisd-"
25274
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
25275
"content_filter_mode</filename>:"
25277
"First activate spam and antivirus detection in <application>Amavisd-"
25278
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
25279
"content_filter_mode</filename>:"
25281
#: serverguide/C/mail.xml:1389(programlisting)
25287
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
25288
"# and to re-enable antivirus checking.\n"
25291
"# Default antivirus checking mode\n"
25292
"# Uncomment the two lines below to enable it\n"
25295
"@bypass_virus_checks_maps = (\n"
25296
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
25297
"$bypass_virus_checks_re);\n"
25301
"# Default SPAM checking mode\n"
25302
"# Uncomment the two lines below to enable it\n"
25305
"@bypass_spam_checks_maps = (\n"
25306
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
25307
"$bypass_spam_checks_re);\n"
25309
"1; # insure a defined return\n"
25314
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
25315
"# and to re-enable antivirus checking.\n"
25318
"# Default antivirus checking mode\n"
25319
"# Uncomment the two lines below to enable it\n"
25322
"@bypass_virus_checks_maps = (\n"
25323
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
25324
"$bypass_virus_checks_re);\n"
25328
"# Default SPAM checking mode\n"
25329
"# Uncomment the two lines below to enable it\n"
25332
"@bypass_spam_checks_maps = (\n"
25333
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
25334
"$bypass_spam_checks_re);\n"
25336
"1; # insure a defined return\n"
25338
#: serverguide/C/mail.xml:1414(para)
25340
"Bouncing spam can be a bad idea as the return address is often faked. "
25341
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
25342
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
25343
"D_BOUNCE, as follows:"
25345
"Bouncing spam can be a bad idea as the return address is often faked. "
25346
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
25347
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
25348
"D_BOUNCE, as follows:"
25350
#: serverguide/C/mail.xml:1420(programlisting)
25354
"$final_spam_destiny = D_DISCARD;\n"
25357
"$final_spam_destiny = D_DISCARD;\n"
25359
#: serverguide/C/mail.xml:1424(para)
25361
"Additionally, you may want to adjust the following options to flag more "
25362
"messages as spam:"
25364
"Additionally, you may want to adjust the following options to flag more "
25365
"messages as spam:"
25367
#: serverguide/C/mail.xml:1428(programlisting)
25371
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
25373
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
25374
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
25375
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
25378
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
25380
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
25381
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
25382
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
25384
#: serverguide/C/mail.xml:1435(para)
25386
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
25387
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
25388
"option. Also, if the server receives mail for multiple domains the "
25389
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
25390
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
25392
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
25393
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
25394
"option. Also, if the server receives mail for multiple domains the "
25395
"<emphasis>@local_domains_acl</emphasis> option will need to be customised. "
25396
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
25398
#: serverguide/C/mail.xml:1442(programlisting)
25402
"$myhostname = 'mail.example.com';\n"
25403
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
25406
"$myhostname = 'mail.example.com';\n"
25407
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
25409
#: serverguide/C/mail.xml:1447(para)
25411
"After configuration <application>Amavisd-new</application> needs to be "
25414
"After configuration <application>Amavisd-new</application> needs to be "
25417
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
25418
msgid "sudo /etc/init.d/amavis restart"
25419
msgstr "sudo /etc/init.d/amavis restart"
25421
#: serverguide/C/mail.xml:1454(title)
25422
msgid "DKIM Whitelist"
25423
msgstr "DKIM Whitelist"
25425
#: serverguide/C/mail.xml:1456(para)
25427
"<application>Amavisd-new</application> can be configured to automatically "
25428
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
25429
"Keys. There are some pre-configured domains in the "
25430
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
25432
"<application>Amavisd-new</application> can be configured to automatically "
25433
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
25434
"Keys. There are some pre-configured domains in the "
25435
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
25437
#: serverguide/C/mail.xml:1462(para)
25438
msgid "There are multiple ways to configure the Whitelist for a domain:"
25439
msgstr "There are multiple ways to configure the Whitelist for a domain:"
25441
#: serverguide/C/mail.xml:1468(para)
25443
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
25444
"address from the \"example.com\" domain."
25446
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
25447
"address from the \"example.com\" domain."
25449
#: serverguide/C/mail.xml:1473(para)
25451
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
25452
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
25453
"have a valid signature."
25455
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
25456
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
25457
"have a valid signature."
25459
#: serverguide/C/mail.xml:1479(para)
25461
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
25462
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
25463
"role=\"italic\">example.com</emphasis> the parent domain."
25465
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
25466
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
25467
"role=\"italic\">example.com</emphasis> the parent domain."
25469
#: serverguide/C/mail.xml:1485(para)
25471
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
25472
"that have a valid signature from \"example.com\". This is usually used for "
25473
"discussion groups that sign their messages."
25475
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
25476
"that have a valid signature from \"example.com\". This is usually used for "
25477
"discussion groups that sign their messages."
25479
#: serverguide/C/mail.xml:1492(para)
25481
"A domain can also have multiple Whitelist configurations. After, editing the "
25482
"file restart <application>amaisd-new</application>:"
25484
"A domain can also have multiple Whitelist configurations. After, editing the "
25485
"file restart <application>amaisd-new</application>:"
25487
#: serverguide/C/mail.xml:1501(para)
25489
"In this context, once a domain has been added to the Whitelist the message "
25490
"will not receive any anti-virus or spam filtering. This may or may not be "
25491
"the intended behavior you wish for a domain."
25493
"In this context, once a domain has been added to the Whitelist the message "
25494
"will not receive any anti-virus or spam filtering. This may or may not be "
25495
"the intended behaviour you wish for a domain."
25497
#: serverguide/C/mail.xml:1511(para)
25499
"For <application>Postfix</application> integration, enter the following from "
25500
"a terminal prompt:"
25502
"For <application>Postfix</application> integration, enter the following from "
25503
"a terminal prompt:"
25505
#: serverguide/C/mail.xml:1515(command)
25506
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
25507
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
25509
#: serverguide/C/mail.xml:1517(para)
25511
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
25512
"to the end of the file:"
25514
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
25515
"to the end of the file:"
25517
#: serverguide/C/mail.xml:1520(programlisting)
25521
"smtp-amavis unix - - - - 2 smtp\n"
25522
" -o smtp_data_done_timeout=1200\n"
25523
" -o smtp_send_xforward_command=yes\n"
25524
" -o disable_dns_lookups=yes\n"
25527
"127.0.0.1:10025 inet n - - - - smtpd\n"
25528
" -o content_filter=\n"
25529
" -o local_recipient_maps=\n"
25530
" -o relay_recipient_maps=\n"
25531
" -o smtpd_restriction_classes=\n"
25532
" -o smtpd_delay_reject=no\n"
25533
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
25534
" -o smtpd_helo_restrictions=\n"
25535
" -o smtpd_sender_restrictions=\n"
25536
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
25537
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
25538
" -o smtpd_end_of_data_restrictions=\n"
25539
" -o mynetworks=127.0.0.0/8\n"
25540
" -o smtpd_error_sleep_time=0\n"
25541
" -o smtpd_soft_error_limit=1001\n"
25542
" -o smtpd_hard_error_limit=1000\n"
25543
" -o smtpd_client_connection_count_limit=0\n"
25544
" -o smtpd_client_connection_rate_limit=0\n"
25546
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
25549
"smtp-amavis unix - - - - 2 smtp\n"
25550
" -o smtp_data_done_timeout=1200\n"
25551
" -o smtp_send_xforward_command=yes\n"
25552
" -o disable_dns_lookups=yes\n"
25555
"127.0.0.1:10025 inet n - - - - smtpd\n"
25556
" -o content_filter=\n"
25557
" -o local_recipient_maps=\n"
25558
" -o relay_recipient_maps=\n"
25559
" -o smtpd_restriction_classes=\n"
25560
" -o smtpd_delay_reject=no\n"
25561
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
25562
" -o smtpd_helo_restrictions=\n"
25563
" -o smtpd_sender_restrictions=\n"
25564
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
25565
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
25566
" -o smtpd_end_of_data_restrictions=\n"
25567
" -o mynetworks=127.0.0.0/8\n"
25568
" -o smtpd_error_sleep_time=0\n"
25569
" -o smtpd_soft_error_limit=1001\n"
25570
" -o smtpd_hard_error_limit=1000\n"
25571
" -o smtpd_client_connection_count_limit=0\n"
25572
" -o smtpd_client_connection_rate_limit=0\n"
25574
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
25576
#: serverguide/C/mail.xml:1547(para)
25578
"Also add the following two lines immediately below the "
25579
"<emphasis>\"pickup\"</emphasis> transport service:"
25581
"Also add the following two lines immediately below the "
25582
"<emphasis>\"pickup\"</emphasis> transport service:"
25584
#: serverguide/C/mail.xml:1550(programlisting)
25588
" -o content_filter=\n"
25589
" -o receive_override_options=no_header_body_checks\n"
25592
" -o content_filter=\n"
25593
" -o receive_override_options=no_header_body_checks\n"
25595
#: serverguide/C/mail.xml:1554(para)
25597
"This will prevent messages that are generated to report on spam from being "
25598
"classified as spam."
25600
"This will prevent messages that are generated to report on spam from being "
25601
"classified as spam."
25603
#: serverguide/C/mail.xml:1557(para)
25604
msgid "Now restart <application>Postfix</application>:"
25605
msgstr "Now restart <application>Postfix</application>:"
25607
#: serverguide/C/mail.xml:1563(para)
25608
msgid "Content filtering with spam and virus detection is now enabled."
25609
msgstr "Content filtering with spam and virus detection is now enabled."
25611
#: serverguide/C/mail.xml:1569(title)
25612
msgid "Amavisd-new and Spamassassin"
25613
msgstr "Amavisd-new and Spamassassin"
25615
#: serverguide/C/mail.xml:1571(para)
25617
"When integrating <application>Amavisd-new</application> with "
25618
"<application>Spamassassin</application>, if you choose to disable the bayes "
25619
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
25620
"<application>cron</application> to update the nightly rules, the result can "
25621
"cause a situation where a large amount of error messages are sent to the "
25622
"<emphasis>amavis</emphasis> user via the amavisd-new "
25623
"<application>cron</application> job."
25625
"When integrating <application>Amavisd-new</application> with "
25626
"<application>Spamassassin</application>, if you choose to disable the bayes "
25627
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
25628
"<application>cron</application> to update the nightly rules, the result can "
25629
"cause a situation where a large amount of error messages are sent to the "
25630
"<emphasis>amavis</emphasis> user via the amavisd-new "
25631
"<application>cron</application> job."
25633
#: serverguide/C/mail.xml:1578(para)
25634
msgid "There are several ways to handle this situation:"
25635
msgstr "There are several ways to handle this situation:"
25637
#: serverguide/C/mail.xml:1584(para)
25638
msgid "Configure your MDA to filter messages you do not wish to see."
25639
msgstr "Configure your MDA to filter messages you do not wish to see."
25641
#: serverguide/C/mail.xml:1589(para)
25643
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
25644
"<emphasis>use_bayes 0</emphasis>. For example, edit "
25645
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
25646
"the top before the <emphasis>test</emphasis> statements:"
25648
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
25649
"<emphasis>use_bayes 0</emphasis>. For example, edit "
25650
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
25651
"the top before the <emphasis>test</emphasis> statements:"
25653
#: serverguide/C/mail.xml:1593(programlisting)
25657
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
25661
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
25664
#: serverguide/C/mail.xml:1603(para)
25666
"First, test that the <application>Amavisd-new</application> SMTP is "
25669
"First, test that the <application>Amavisd-new</application> SMTP is "
25672
#: serverguide/C/mail.xml:1606(programlisting)
25676
"telnet localhost 10024\n"
25677
"Trying 127.0.0.1...\n"
25678
"Connected to localhost.\n"
25679
"Escape character is '^]'.\n"
25680
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
25684
"telnet localhost 10024\n"
25685
"Trying 127.0.0.1...\n"
25686
"Connected to localhost.\n"
25687
"Escape character is '^]'.\n"
25688
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
25691
#: serverguide/C/mail.xml:1614(para)
25693
"In the Header of messages that go through the content filter you should see:"
25695
"In the Header of messages that go through the content filter you should see:"
25697
#: serverguide/C/mail.xml:1617(programlisting)
25702
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
25703
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
25709
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
25710
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
25714
#: serverguide/C/mail.xml:1624(para)
25716
"Your output will vary, but the important thing is that there are <emphasis>X-"
25717
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
25719
"Your output will vary, but the important thing is that there are <emphasis>X-"
25720
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
25722
#: serverguide/C/mail.xml:1632(para)
25724
"The best way to figure out why something is going wrong is to check the log "
25727
"The best way to figure out why something is going wrong is to check the log "
25730
#: serverguide/C/mail.xml:1637(para)
25732
"For instructions on <application>Postfix</application> logging see the <xref "
25733
"linkend=\"postfix-troubleshooting\"/> section."
25735
"For instructions on <application>Postfix</application> logging see the <xref "
25736
"linkend=\"postfix-troubleshooting\"/> section."
25738
#: serverguide/C/mail.xml:1643(para)
25740
"<application>Amavisd-new</application> uses "
25741
"<application>Syslog</application> to send messages to "
25742
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
25743
"increased by adding the <emphasis>$log_level</emphasis> option to "
25744
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
25747
"<application>Amavisd-new</application> uses "
25748
"<application>Syslog</application> to send messages to "
25749
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
25750
"increased by adding the <emphasis>$log_level</emphasis> option to "
25751
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
25754
#: serverguide/C/mail.xml:1648(programlisting)
25758
"$log_level = 2;\n"
25761
"$log_level = 2;\n"
25763
#: serverguide/C/mail.xml:1652(para)
25765
"When the <application>Amavisd-new</application> log output is increased "
25766
"<application>Spamassassin</application> log output is also increased."
25768
"When the <application>Amavisd-new</application> log output is increased "
25769
"<application>Spamassassin</application> log output is also increased."
25771
#: serverguide/C/mail.xml:1659(para)
25773
"The <application>ClamAV</application> log level can be increased by editing "
25774
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
25776
"The <application>ClamAV</application> log level can be increased by editing "
25777
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
25779
#: serverguide/C/mail.xml:1663(programlisting)
25783
"LogVerbose true\n"
25786
"LogVerbose true\n"
25788
#: serverguide/C/mail.xml:1666(para)
25790
"By default <application>ClamAV</application> will send log messages to "
25791
"<filename>/var/log/clamav/clamav.log</filename>."
25793
"By default <application>ClamAV</application> will send log messages to "
25794
"<filename>/var/log/clamav/clamav.log</filename>."
25796
#: serverguide/C/mail.xml:1672(para)
25798
"After changing an applications log settings remember to restart the service "
25799
"for the new settings to take affect. Also, once the issue you are "
25800
"troubleshooting is resolved it is a good idea to change the log settings "
25803
"After changing an applications log settings remember to restart the service "
25804
"for the new settings to take affect. Also, once the issue you are "
25805
"troubleshooting is resolved it is a good idea to change the log settings "
25808
#: serverguide/C/mail.xml:1680(para)
25809
msgid "For more information on filtering mail see the following links:"
25810
msgstr "For more information on filtering mail see the following links:"
25812
#: serverguide/C/mail.xml:1686(ulink)
25813
msgid "Amavisd-new Documentation"
25814
msgstr "Amavisd-new Documentation"
25816
#: serverguide/C/mail.xml:1690(para)
25818
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
25819
"Documentation</ulink> and <ulink "
25820
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
25822
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
25823
"Documentation</ulink> and <ulink "
25824
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
25826
#: serverguide/C/mail.xml:1697(ulink)
25827
msgid "Spamassassin Wiki"
25828
msgstr "Spamassassin Wiki"
25830
#: serverguide/C/mail.xml:1702(ulink)
25831
msgid "Pyzor Homepage"
25832
msgstr "Pyzor Homepage"
25834
#: serverguide/C/mail.xml:1707(ulink)
25835
msgid "Razor Homepage"
25836
msgstr "Razor Homepage"
25838
#: serverguide/C/mail.xml:1712(ulink)
25842
#: serverguide/C/mail.xml:1717(ulink)
25843
msgid "Postfix Amavis New"
25844
msgstr "Postfix Amavis New"
25846
#: serverguide/C/mail.xml:1721(para)
25848
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
25849
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
25851
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
25852
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
25854
#: serverguide/C/lamp-applications.xml:13(title)
25855
msgid "LAMP Applications"
25856
msgstr "LAMP Applications"
25858
#: serverguide/C/lamp-applications.xml:19(para)
25860
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
25861
"Ubuntu servers. There is a plethora of Open Source applications written "
25862
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
25863
"Content Management Systems, and Management Software such as phpMyAdmin."
25865
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
25866
"Ubuntu servers. There is a plethora of Open Source applications written "
25867
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
25868
"Content Management Systems, and Management Software such as phpMyAdmin."
25870
#: serverguide/C/lamp-applications.xml:26(para)
25872
"One advantage of LAMP is the substantial flexibility for different database, "
25873
"web server, and scripting languages. Popular substitutes for MySQL include "
25874
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
25877
"One advantage of LAMP is the substantial flexibility for different database, "
25878
"web server, and scripting languages. Popular substitutes for MySQL include "
25879
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
25882
#: serverguide/C/lamp-applications.xml:32(para)
25884
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
25887
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
25890
#: serverguide/C/lamp-applications.xml:38(para)
25891
msgid "Download an archive containing the application source files."
25892
msgstr "Download an archive containing the application source files."
25894
#: serverguide/C/lamp-applications.xml:43(para)
25896
"Unpack the archive, usually in a directory accessible to a web server."
25898
"Unpack the archive, usually in a directory accessible to a web server."
25900
#: serverguide/C/lamp-applications.xml:48(para)
25902
"Depending on where the source was extracted, configure a web server to serve "
25905
"Depending on where the source was extracted, configure a web server to serve "
25908
#: serverguide/C/lamp-applications.xml:53(para)
25909
msgid "Configure the application to connect to the database."
25910
msgstr "Configure the application to connect to the database."
25912
#: serverguide/C/lamp-applications.xml:58(para)
25914
"Run a script, or browse to a page of the application, to install the "
25915
"database needed by the application."
25917
"Run a script, or browse to a page of the application, to install the "
25918
"database needed by the application."
25920
#: serverguide/C/lamp-applications.xml:63(para)
25922
"Once the steps above, or similar steps, are completed you are ready to begin "
25923
"using the application."
25925
"Once the steps above, or similar steps, are completed you are ready to begin "
25926
"using the application."
25928
#: serverguide/C/lamp-applications.xml:69(para)
25930
"A disadvantage of using this approach is that the application files are not "
25931
"placed in the file system in a standard way, which can cause confusion as to "
25932
"where the application is installed. Another larger disadvantage is updating "
25933
"the application. When a new version is released, the same process used to "
25934
"install the application is needed to apply updates."
25936
"A disadvantage of using this approach is that the application files are not "
25937
"placed in the file system in a standard way, which can cause confusion as to "
25938
"where the application is installed. Another larger disadvantage is updating "
25939
"the application. When a new version is released, the same process used to "
25940
"install the application is needed to apply updates."
25942
#: serverguide/C/lamp-applications.xml:76(para)
25944
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
25945
"packaged for Ubuntu, and are available for installation in the same way as "
25946
"non-LAMP applications. Depending on the application some extra configuration "
25947
"and setup steps may be needed, however."
25949
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
25950
"packaged for Ubuntu, and are available for installation in the same way as "
25951
"non-LAMP applications. Depending on the application some extra configuration "
25952
"and setup steps may be needed, however."
25954
#: serverguide/C/lamp-applications.xml:82(para)
25956
"This section covers howto install and configure the Wiki applications "
25957
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
25958
"and the MySQL management application <application>phpMyAdmin</application>."
25960
"This section covers howto install and configure the Wiki applications "
25961
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
25962
"and the MySQL management application <application>phpMyAdmin</application>."
25964
#: serverguide/C/lamp-applications.xml:88(para)
25966
"A Wiki is a website that allows the visitors to easily add, remove and "
25967
"modify available content easily. The ease of interaction and operation makes "
25968
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
25969
"also referred to the collaborative software."
25971
"A Wiki is a Website that allows the visitors to easily add, remove and "
25972
"modify available content easily. The ease of interaction and operation makes "
25973
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
25974
"also referred to the collaborative software."
25976
#: serverguide/C/lamp-applications.xml:100(title)
25980
#: serverguide/C/lamp-applications.xml:102(para)
25982
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
25983
"engine, and licensed under the GNU GPL."
25985
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
25986
"engine, and licensed under the GNU GPL."
25988
#: serverguide/C/lamp-applications.xml:110(para)
25990
"To install <application>MoinMoin</application>, run the following command in "
25991
"the command prompt:"
25993
"To install <application>MoinMoin</application>, run the following command in "
25994
"the command prompt:"
25996
#: serverguide/C/lamp-applications.xml:116(command)
25997
msgid "sudo apt-get install python-moinmoin"
25998
msgstr "sudo apt-get install python-moinmoin"
26000
#: serverguide/C/lamp-applications.xml:119(para)
26002
"You should also install <application>apache2</application> web server. For "
26003
"installing <application>apache2</application> web server, please refer to "
26004
"<xref linkend=\"http-installation\"/> sub-section in <xref "
26005
"linkend=\"httpd\"/> section."
26007
"You should also install <application>apache2</application> web server. For "
26008
"installing <application>apache2</application> web server, please refer to "
26009
"<xref linkend=\"http-installation\"/> sub-section in <xref "
26010
"linkend=\"httpd\"/> section."
26012
#: serverguide/C/lamp-applications.xml:130(para)
26014
"For configuring your first Wiki application, please run the following set of "
26015
"commands. Let us assume that you are creating a Wiki named "
26016
"<emphasis>mywiki</emphasis>:"
26018
"For configuring your first Wiki application, please run the following set of "
26019
"commands. Let us assume that you are creating a Wiki named "
26020
"<emphasis>mywiki</emphasis>:"
26022
#: serverguide/C/lamp-applications.xml:137(command)
26023
msgid "cd /usr/share/moin"
26024
msgstr "cd /usr/share/moin"
26026
#: serverguide/C/lamp-applications.xml:138(command)
26027
msgid "sudo mkdir mywiki"
26028
msgstr "sudo mkdir mywiki"
26030
#: serverguide/C/lamp-applications.xml:139(command)
26031
msgid "sudo cp -R data mywiki"
26032
msgstr "sudo cp -R data mywiki"
26034
#: serverguide/C/lamp-applications.xml:140(command)
26035
msgid "sudo cp -R underlay mywiki"
26036
msgstr "sudo cp -R underlay mywiki"
26038
#: serverguide/C/lamp-applications.xml:141(command)
26039
msgid "sudo cp server/moin.cgi mywiki"
26040
msgstr "sudo cp server/moin.cgi mywiki"
26042
#: serverguide/C/lamp-applications.xml:142(command)
26043
msgid "sudo chown -R www-data.www-data mywiki"
26044
msgstr "sudo chown -R www-data.www-data mywiki"
26046
#: serverguide/C/lamp-applications.xml:143(command)
26047
msgid "sudo chmod -R ug+rwX mywiki"
26048
msgstr "sudo chmod -R ug+rwX mywiki"
26050
#: serverguide/C/lamp-applications.xml:144(command)
26051
msgid "sudo chmod -R o-rwx mywiki"
26052
msgstr "sudo chmod -R o-rwx mywiki"
26054
#: serverguide/C/lamp-applications.xml:147(para)
26056
"Now you should configure <application>MoinMoin</application> to find your "
26057
"new Wiki <emphasis>mywiki</emphasis>. To configure "
26058
"<application>MoinMoin</application>, open "
26059
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
26061
"Now you should configure <application>MoinMoin</application> to find your "
26062
"new Wiki <emphasis>mywiki</emphasis>. To configure "
26063
"<application>MoinMoin</application>, open "
26064
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
26066
#: serverguide/C/lamp-applications.xml:155(programlisting)
26068
msgid "data_dir = '/org/mywiki/data'"
26069
msgstr "data_dir = '/org/mywiki/data'"
26071
#: serverguide/C/lamp-applications.xml:157(para)
26075
#: serverguide/C/lamp-applications.xml:161(programlisting)
26077
msgid "data_dir = '/usr/share/moin/mywiki/data'"
26078
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
26080
#: serverguide/C/lamp-applications.xml:163(para)
26082
"Also, below the <emphasis>data_dir</emphasis> option add the "
26083
"<emphasis>data_underlay_dir</emphasis>:"
26085
"Also, below the <emphasis>data_dir</emphasis> option add the "
26086
"<emphasis>data_underlay_dir</emphasis>:"
26088
#: serverguide/C/lamp-applications.xml:167(programlisting)
26092
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
26095
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
26097
#: serverguide/C/lamp-applications.xml:172(para)
26099
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
26100
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
26101
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
26104
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
26105
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
26106
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
26109
#: serverguide/C/lamp-applications.xml:181(para)
26111
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
26112
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
26113
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
26114
"<quote>(\"mywiki\", r\".*\")</quote>."
26116
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
26117
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
26118
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
26119
"<quote>(\"mywiki\", r\".*\")</quote>."
26121
#: serverguide/C/lamp-applications.xml:189(para)
26123
"Once you have configured <application>MoinMoin</application> to find your "
26124
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
26125
"<application>apache2</application> and make it ready for your Wiki "
26128
"Once you have configured <application>MoinMoin</application> to find your "
26129
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
26130
"<application>apache2</application> and make it ready for your Wiki "
26133
#: serverguide/C/lamp-applications.xml:196(para)
26135
"You should add the following lines in <filename>/etc/apache2/sites-"
26136
"available/default</filename> file inside the <quote><VirtualHost "
26137
"*></quote> tag:"
26139
"You should add the following lines in <filename>/etc/apache2/sites-"
26140
"available/default</filename> file inside the <quote><VirtualHost "
26141
"*></quote> tag:"
26143
#: serverguide/C/lamp-applications.xml:202(programlisting)
26148
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
26149
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
26150
" <Directory /usr/share/moin/htdocs>\n"
26151
" Order allow,deny\n"
26152
" allow from all\n"
26153
" </Directory>\n"
26158
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
26159
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
26160
" <Directory /usr/share/moin/htdocs>\n"
26161
" Order allow,deny\n"
26162
" allow from all\n"
26163
" </Directory>\n"
26166
#: serverguide/C/lamp-applications.xml:214(para)
26168
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
26169
"<emphasis>alias</emphasis> line above, to the "
26170
"<application>moinmoin</application> version installed."
26172
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
26173
"<emphasis>alias</emphasis> line above, to the "
26174
"<application>moinmoin</application> version installed."
26176
#: serverguide/C/lamp-applications.xml:220(para)
26178
"Once you configure the <application>apache2</application> web server and "
26179
"make it ready for your Wiki application, you should restart it. You can run "
26180
"the following command to restart the <application>apache2</application> web "
26183
"Once you configure the <application>apache2</application> Web server and "
26184
"make it ready for your Wiki application, you should restart it. You can run "
26185
"the following command to restart the <application>apache2</application> Web "
26188
#: serverguide/C/lamp-applications.xml:233(title)
26189
msgid "Verification"
26190
msgstr "Verification"
26192
#: serverguide/C/lamp-applications.xml:235(para)
26194
"You can verify the Wiki application and see if it works by pointing your web "
26195
"browser to the following URL:"
26197
"You can verify the Wiki application and see if it works by pointing your Web "
26198
"browser to the following URL:"
26200
#: serverguide/C/lamp-applications.xml:239(programlisting)
26204
"http://localhost/mywiki\n"
26207
"http://localhost/mywiki\n"
26209
#: serverguide/C/lamp-applications.xml:243(para)
26211
"You can also run the test command by pointing your web browser to the "
26214
"You can also run the test command by pointing your Web browser to the "
26217
#: serverguide/C/lamp-applications.xml:248(programlisting)
26221
"http://localhost/mywiki?action=test\n"
26224
"http://localhost/mywiki?action=test\n"
26226
#: serverguide/C/lamp-applications.xml:252(para)
26228
"For more details, please refer to the <ulink "
26229
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
26231
"For more details, please refer to the <ulink "
26232
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
26234
#: serverguide/C/lamp-applications.xml:263(para)
26236
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
26239
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
26242
#: serverguide/C/lamp-applications.xml:268(para)
26244
"Also, see the <ulink "
26245
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
26246
"MoinMoin</ulink> page."
26248
"Also, see the <ulink "
26249
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
26250
"MoinMoin</ulink> page."
26252
#: serverguide/C/lamp-applications.xml:277(title)
26256
#: serverguide/C/lamp-applications.xml:279(para)
26258
"MediaWiki is an web based Wiki software written in the PHP language. It can "
26259
"either use <application>MySQL</application> or "
26260
"<application>PostgreSQL</application> Database Management System."
26262
"MediaWiki is an web based Wiki software written in the PHP language. It can "
26263
"either use <application>MySQL</application> or "
26264
"<application>PostgreSQL</application> Database Management System."
26266
#: serverguide/C/lamp-applications.xml:289(para)
26268
"Before installing <application>MediaWiki</application> you should also "
26269
"install <application>Apache2</application>, the "
26270
"<application>PHP5</application> scripting language and Database a Management "
26271
"System. <application>MySQL</application> or "
26272
"<application>PostgreSQL</application> are the most common, choose one "
26273
"depending on your need. Please refer to those sections in this manual for "
26274
"installation instructions."
26276
"Before installing <application>MediaWiki</application> you should also "
26277
"install <application>Apache2</application>, the "
26278
"<application>PHP5</application> scripting language and Database a Management "
26279
"System. <application>MySQL</application> or "
26280
"<application>PostgreSQL</application> are the most common, choose one "
26281
"depending on your need. Please refer to those sections in this manual for "
26282
"installation instructions."
26284
#: serverguide/C/lamp-applications.xml:297(para)
26286
"To install <application>MediaWiki</application>, run the following command "
26287
"in the command prompt:"
26289
"To install <application>MediaWiki</application>, run the following command "
26290
"in the command prompt:"
26292
#: serverguide/C/lamp-applications.xml:303(command)
26293
msgid "sudo apt-get install mediawiki php5-gd"
26294
msgstr "sudo apt-get install mediawiki php5-gd"
26296
#: serverguide/C/lamp-applications.xml:306(para)
26298
"For additional <application>MediaWiki</application> functionality see the "
26299
"<application>mediawiki-extensions</application> package."
26301
"For additional <application>MediaWiki</application> functionality see the "
26302
"<application>mediawiki-extensions</application> package."
26304
#: serverguide/C/lamp-applications.xml:316(para)
26306
"The Apache configuration file <filename>mediawiki.conf</filename> for "
26307
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
26308
"directory. You should uncomment the following line in this file to access "
26309
"MediaWiki application."
26311
"The Apache configuration file <filename>mediawiki.conf</filename> for "
26312
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
26313
"directory. You should uncomment the following line in this file to access "
26314
"MediaWiki application."
26316
#: serverguide/C/lamp-applications.xml:324(screen)
26320
"# Alias /mediawiki /var/lib/mediawiki\n"
26323
"# Alias /mediawiki /var/lib/mediawiki\n"
26325
#: serverguide/C/lamp-applications.xml:328(para)
26327
"After you uncomment the above line, restart Apache server and access "
26328
"MediaWiki using the following url:"
26330
"After you uncomment the above line, restart Apache server and access "
26331
"MediaWiki using the following url:"
26333
#: serverguide/C/lamp-applications.xml:333(programlisting)
26337
"http://localhost/mediawiki/config/index.php\n"
26340
"http://localhost/mediawiki/config/index.php\n"
26342
#: serverguide/C/lamp-applications.xml:338(para)
26344
"Please read the <quote>Checking environment...</quote> section in this page. "
26345
"You should be able to fix many issues by carefully reading this section."
26347
"Please read the <quote>Checking environment...</quote> section in this page. "
26348
"You should be able to fix many issues by carefully reading this section."
26350
#: serverguide/C/lamp-applications.xml:345(para)
26352
"Once the configuration is complete, you should copy the "
26353
"<filename>LocalSettings.php</filename> file to "
26354
"<filename>/etc/mediawiki</filename> directory:"
26356
"Once the configuration is complete, you should copy the "
26357
"<filename>LocalSettings.php</filename> file to "
26358
"<filename>/etc/mediawiki</filename> directory:"
26360
#: serverguide/C/lamp-applications.xml:352(command)
26361
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
26362
msgstr "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
26364
#: serverguide/C/lamp-applications.xml:355(para)
26366
"You may also want to edit "
26367
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
26369
"You may also want to edit "
26370
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
26372
#: serverguide/C/lamp-applications.xml:360(programlisting)
26376
"ini_set( 'memory_limit', '64M' );\n"
26379
"ini_set( 'memory_limit', '64M' );\n"
26381
#: serverguide/C/lamp-applications.xml:367(title)
26383
msgstr "Extensions"
26385
#: serverguide/C/lamp-applications.xml:368(para)
26387
"The extensions add new features and enhancements for the MediaWiki "
26388
"application. The extensions give wiki administrators and end users the "
26389
"ability to customize MediaWiki to their requirements."
26391
"The extensions add new features and enhancements for the MediaWiki "
26392
"application. The extensions give wiki administrators and end users the "
26393
"ability to customise MediaWiki to their requirements."
26395
#: serverguide/C/lamp-applications.xml:374(para)
26397
"You can download MediaWiki extensions as an archive file or checkout from "
26398
"the Subversion repository. You should copy it to "
26399
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
26400
"also add the following line at the end of file: "
26401
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
26403
"You can download MediaWiki extensions as an archive file or checkout from "
26404
"the Subversion repository. You should copy it to "
26405
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
26406
"also add the following line at the end of file: "
26407
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
26409
#: serverguide/C/lamp-applications.xml:382(programlisting)
26413
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
26416
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
26418
#: serverguide/C/lamp-applications.xml:392(para)
26420
"For more details, please refer to the <ulink "
26421
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
26423
"For more details, please refer to the <ulink "
26424
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> Web site."
26426
#: serverguide/C/lamp-applications.xml:398(para)
26428
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
26429
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
26430
"new MediaWiki administrators."
26432
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
26433
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
26434
"new MediaWiki administrators."
26436
#: serverguide/C/lamp-applications.xml:404(para)
26438
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
26439
"Wiki MediaWiki</ulink> page is a good resource."
26441
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
26442
"Wiki MediaWiki</ulink> page is a good resource."
26444
#: serverguide/C/lamp-applications.xml:414(title)
26446
msgstr "phpMyAdmin"
26448
#: serverguide/C/lamp-applications.xml:416(para)
26450
"<application>phpMyAdmin</application> is a LAMP application specifically "
26451
"written for administering <application>MySQL</application> servers. Written "
26452
"in <application>PHP</application>, and accessed through a web browser, "
26453
"phpMyAdmin provides a graphical interface for database administration tasks."
26455
"<application>phpMyAdmin</application> is a LAMP application specifically "
26456
"written for administering <application>MySQL</application> servers. Written "
26457
"in <application>PHP</application>, and accessed through a web browser, "
26458
"phpMyAdmin provides a graphical interface for database administration tasks."
26460
#: serverguide/C/lamp-applications.xml:425(para)
26462
"Before installing <application>phpMyAdmin</application> you will need access "
26463
"to a <application>MySQL</application> database either on the same host as "
26464
"that phpMyAdmin is installed on, or on a host accessible over the network. "
26465
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
26468
"Before installing <application>phpMyAdmin</application> you will need access "
26469
"to a <application>MySQL</application> database either on the same host as "
26470
"that phpMyAdmin is installed on, or on a host accessible over the network. "
26471
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
26474
#: serverguide/C/lamp-applications.xml:432(command)
26475
msgid "sudo apt-get install phpmyadmin"
26476
msgstr "sudo apt-get install phpmyadmin"
26478
#: serverguide/C/lamp-applications.xml:435(para)
26480
"At the prompt choose which web server to be configured for "
26481
"<application>phpMyAdmin</application>. The rest of this section will use "
26482
"<application>Apache2</application> for the web server."
26484
"At the prompt choose which web server to be configured for "
26485
"<application>phpMyAdmin</application>. The rest of this section will use "
26486
"<application>Apache2</application> for the web server."
26488
#: serverguide/C/lamp-applications.xml:440(para)
26490
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
26491
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
26492
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
26493
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
26494
"user if you any setup, and enter the <application>MySQL</application> user's "
26497
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
26498
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
26499
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
26500
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
26501
"user if you any setup, and enter the <application>MySQL</application> user's "
26504
#: serverguide/C/lamp-applications.xml:447(para)
26506
"Once logged in you can reset the <emphasis>root</emphasis> password if "
26507
"needed, create users, create/destroy databases and tables, etc."
26509
"Once logged in you can reset the <emphasis>root</emphasis> password if "
26510
"needed, create users, create/destroy databases and tables, etc."
26512
#: serverguide/C/lamp-applications.xml:455(para)
26514
"The configuration files for <application>phpMyAdmin</application> are "
26515
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
26516
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
26517
"configuration options that apply globally to "
26518
"<application>phpMyAdmin</application>."
26520
"The configuration files for <application>phpMyAdmin</application> are "
26521
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
26522
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
26523
"configuration options that apply globally to "
26524
"<application>phpMyAdmin</application>."
26526
#: serverguide/C/lamp-applications.xml:461(para)
26528
"To use <application>phpMyAdmin</application> to administer a MySQL database "
26529
"hosted on another server, adjust the following in "
26530
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
26532
"To use <application>phpMyAdmin</application> to administer a MySQL database "
26533
"hosted on another server, adjust the following in "
26534
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
26536
#: serverguide/C/lamp-applications.xml:466(programlisting)
26540
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
26543
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
26545
#: serverguide/C/lamp-applications.xml:471(para)
26547
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
26548
"remote database server name or IP address. Also, be sure that the "
26549
"<application>phpMyAdmin</application> host has permissions to access the "
26552
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
26553
"remote database server name or IP address. Also, be sure that the "
26554
"<application>phpMyAdmin</application> host has permissions to access the "
26557
#: serverguide/C/lamp-applications.xml:477(para)
26559
"Once configured, log out of <application>phpMyAdmin</application> and back "
26560
"in, and you should be accessing the new server."
26562
"Once configured, log out of <application>phpMyAdmin</application> and back "
26563
"in, and you should be accessing the new server."
26565
#: serverguide/C/lamp-applications.xml:481(para)
26567
"The <filename>config.header.inc.php</filename> and "
26568
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
26569
"header and footer to <application>phpMyAdmin</application>."
26571
"The <filename>config.header.inc.php</filename> and "
26572
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
26573
"header and footer to <application>phpMyAdmin</application>."
26575
#: serverguide/C/lamp-applications.xml:486(para)
26577
"Another important configuration file is "
26578
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
26579
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
26580
"configure <application>Apache2</application> to serve the "
26581
"<application>phpMyAdmin</application> site. The file contains directives for "
26582
"loading <application>PHP</application>, directory permissions, etc. For more "
26583
"information on configuring <application>Apache2</application> see <xref "
26584
"linkend=\"httpd\"/>."
26586
"Another important configuration file is "
26587
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
26588
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
26589
"configure <application>Apache2</application> to serve the "
26590
"<application>phpMyAdmin</application> site. The file contains directives for "
26591
"loading <application>PHP</application>, directory permissions, etc. For more "
26592
"information on configuring <application>Apache2</application> see <xref "
26593
"linkend=\"httpd\"/>."
26595
#: serverguide/C/lamp-applications.xml:500(para)
26597
"The <application>phpMyAdmin</application> documentation comes installed with "
26598
"the package and can be accessed from the <emphasis>phpMyAdmin "
26599
"Documentation</emphasis> link (a question mark with a box around it) under "
26600
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
26601
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
26603
"The <application>phpMyAdmin</application> documentation comes installed with "
26604
"the package and can be accessed from the <emphasis>phpMyAdmin "
26605
"Documentation</emphasis> link (a question mark with a box around it) under "
26606
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
26607
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
26609
#: serverguide/C/lamp-applications.xml:507(para)
26611
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
26612
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
26614
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
26615
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
26617
#: serverguide/C/lamp-applications.xml:512(para)
26619
"A third resource is the <ulink "
26620
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
26621
"Wiki</ulink> page."
26623
"A third resource is the <ulink "
26624
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
26625
"Wiki</ulink> page."
26627
#: serverguide/C/introduction.xml:14(para)
26628
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
26629
msgstr "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
26631
#: serverguide/C/introduction.xml:15(para)
26633
"Here you can find information on how to install and configure various server "
26634
"applications. It is a step-by-step, task-oriented guide for configuring and "
26635
"customizing your system."
26637
"Here you can find information on how to install and configure various server "
26638
"applications. It is a step-by-step, task-oriented guide for configuring and "
26639
"customising your system."
26641
#: serverguide/C/introduction.xml:19(para)
26643
"This guide assumes you have a basic understanding of your Ubuntu system. "
26644
"Some installation details are covered in <xref linkend=\"installation\"/>, "
26645
"but if you need detailed instructions installing Ubuntu please refer to the "
26646
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
26647
"Installation Guide</ulink>."
26649
"This guide assumes you have a basic understanding of your Ubuntu system. "
26650
"Some installation details are covered in <xref linkend=\"installation\"/>, "
26651
"but if you need detailed instructions installing Ubuntu please refer to the "
26652
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
26653
"Installation Guide</ulink>."
26655
#: serverguide/C/introduction.xml:25(para)
26657
"A HTML version of the manual is available online at <ulink "
26658
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
26659
"HTML files are also available in the <application>ubuntu-"
26660
"serverguide</application> package. See <xref linkend=\"package-"
26661
"management\"/> for details on installing packages."
26663
"A HTML version of the manual is available online at <ulink "
26664
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
26665
"HTML files are also available in the <application>ubuntu-"
26666
"serverguide</application> package. See <xref linkend=\"package-"
26667
"management\"/> for details on installing packages."
26669
#: serverguide/C/introduction.xml:32(para)
26671
"If you choose to install the <application>ubuntu-serverguide</application> "
26672
"you can view this document from a console by:"
26674
"If you choose to install the <application>ubuntu-serverguide</application> "
26675
"you can view this document from a console by:"
26677
#: serverguide/C/introduction.xml:36(command)
26678
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
26679
msgstr "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
26681
#: serverguide/C/introduction.xml:39(para)
26683
"If you are using a localized version of Ubuntu, replace "
26684
"<emphasis>C</emphasis> with your language localization (e.g. "
26685
"<emphasis>en_GB</emphasis>)."
26687
"If you are using a localised version of Ubuntu, replace "
26688
"<emphasis>C</emphasis> with your language localisation (e.g. "
26689
"<emphasis>en_GB</emphasis>)."
26691
#: serverguide/C/introduction.xml:53(title)
26695
#: serverguide/C/introduction.xml:55(para)
26697
"There are a couple of different ways that Ubuntu Server Edition is "
26698
"supported, commercial support and community support. The main commercial "
26699
"support (and development funding) is available from Canonical Ltd. They "
26700
"supply reasonably priced support contracts on a per desktop or per server "
26701
"basis. For more information see the <ulink "
26702
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
26705
"There are a couple of different ways that Ubuntu Server Edition is "
26706
"supported, commercial support and community support. The main commercial "
26707
"support (and development funding) is available from Canonical Ltd. They "
26708
"supply reasonably priced support contracts on a per desktop or per server "
26709
"basis. For more information see the <ulink "
26710
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
26713
#: serverguide/C/introduction.xml:62(para)
26715
"Community support is also provided by dedicated individuals, and companies, "
26716
"that wish to make Ubuntu the best distribution possible. Support is provided "
26717
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
26718
"large amount of information available can be overwhelming, but a good search "
26719
"engine query can usually provide an answer to your questions. See the <ulink "
26720
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
26723
"Community support is also provided by dedicated individuals, and companies, "
26724
"that wish to make Ubuntu the best distribution possible. Support is provided "
26725
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
26726
"large amount of information available can be overwhelming, but a good search "
26727
"engine query can usually provide an answer to your questions. See the <ulink "
26728
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
26731
#: serverguide/C/installation.xml:14(para)
26733
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
26734
"Edition. For more detailed instructions, please refer to the <ulink "
26735
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
26736
"Installation Guide</ulink>."
26738
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
26739
"Edition. For more detailed instructions, please refer to the <ulink "
26740
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
26741
"Installation Guide</ulink>."
26743
#: serverguide/C/installation.xml:19(title)
26744
msgid "Preparing to Install"
26745
msgstr "Preparing to Install"
26747
#: serverguide/C/installation.xml:20(para)
26749
"This section explains various aspects to consider before starting the "
26752
"This section explains various aspects to consider before starting the "
26755
#: serverguide/C/installation.xml:24(title)
26756
msgid "System Requirements"
26757
msgstr "System Requirements"
26759
#: serverguide/C/installation.xml:25(para)
26761
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
26762
"and AMD64. The table below lists recommended hardware specifications. "
26763
"Depending on your needs, you might manage with less than this. However, most "
26764
"users risk being frustrated if they ignore these suggestions."
26766
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
26767
"and AMD64. The table below lists recommended hardware specifications. "
26768
"Depending on your needs, you might manage with less than this. However, most "
26769
"users risk being frustrated if they ignore these suggestions."
26771
#: serverguide/C/installation.xml:27(title)
26772
msgid "Recommended Minimum Requirements"
26773
msgstr "Recommended Minimum Requirements"
26775
#: serverguide/C/installation.xml:35(para)
26776
msgid "Install Type"
26777
msgstr "Install Type"
26779
#: serverguide/C/installation.xml:36(para)
26783
#: serverguide/C/installation.xml:37(para)
26784
msgid "Hard Drive Space"
26785
msgstr "Hard Drive Space"
26787
#: serverguide/C/installation.xml:40(para)
26788
msgid "Base System"
26789
msgstr "Base System"
26791
#: serverguide/C/installation.xml:41(para)
26792
msgid "All Tasks Installed"
26793
msgstr "All Tasks Installed"
26795
#: serverguide/C/installation.xml:46(para)
26799
#: serverguide/C/installation.xml:47(para)
26800
msgid "128 megabytes"
26801
msgstr "128 megabytes"
26803
#: serverguide/C/installation.xml:48(para)
26804
msgid "500 megabytes"
26805
msgstr "500 megabytes"
26807
#: serverguide/C/installation.xml:49(para)
26809
msgstr "1 gigabyte"
26811
#: serverguide/C/installation.xml:54(para)
26813
"The Server Edition provides a common base for all sorts of server "
26814
"applications. It is a minimalist design providing a platform for the desired "
26815
"services, such as file/print services, web hosting, email hosting, etc."
26817
"The Server Edition provides a common base for all sorts of server "
26818
"applications. It is a minimalist design providing a platform for the desired "
26819
"services, such as file/print services, web hosting, e-mail hosting, etc."
26821
#: serverguide/C/installation.xml:60(para)
26823
"The requirements for UEC are slightly different for Front End requirements "
26824
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
26825
"requirements see <xref linkend=\"uec-node-requirements\"/>."
26827
"The requirements for UEC are slightly different for Front End requirements "
26828
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
26829
"requirements see <xref linkend=\"uec-node-requirements\"/>."
26831
#: serverguide/C/installation.xml:68(title)
26832
msgid "Server and Desktop Differences"
26833
msgstr "Server and Desktop Differences"
26835
#: serverguide/C/installation.xml:69(para)
26837
"There are a few differences between the <emphasis>Ubuntu Server "
26838
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
26839
"should be noted that both editions use the same "
26840
"<application>apt</application> repositories. Making it just as easy to "
26841
"install a <emphasis role=\"italic\">server</emphasis> application on the "
26842
"Desktop Edition as it is on the Server Edition."
26844
"There are a few differences between the <emphasis>Ubuntu Server "
26845
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
26846
"should be noted that both editions use the same "
26847
"<application>apt</application> repositories. Making it just as easy to "
26848
"install a <emphasis role=\"italic\">server</emphasis> application on the "
26849
"Desktop Edition as it is on the Server Edition."
26851
#: serverguide/C/installation.xml:75(para)
26853
"The differences between the two editions are the lack of an X window "
26854
"environment in the Server Edition, the installation process, and different "
26857
"The differences between the two editions are the lack of an X window "
26858
"environment in the Server Edition, the installation process, and different "
26861
#: serverguide/C/installation.xml:82(title)
26862
msgid "Kernel Differences:"
26863
msgstr "Kernel Differences:"
26865
#: serverguide/C/installation.xml:85(para)
26867
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
26868
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
26871
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
26872
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
26875
#: serverguide/C/installation.xml:91(para)
26876
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
26877
msgstr "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
26879
#: serverguide/C/installation.xml:96(para)
26881
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
26884
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
26887
#: serverguide/C/installation.xml:102(para)
26889
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
26890
"limited by memory addressing space."
26892
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
26893
"limited by memory addressing space."
26895
#: serverguide/C/installation.xml:107(para)
26897
"To see all kernel configuration options you can look through "
26898
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
26899
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
26900
"is a great resource on the options available."
26902
"To see all kernel configuration options you can look through "
26903
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
26904
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
26905
"is a great resource on the options available."
26907
#: serverguide/C/installation.xml:116(title)
26909
msgstr "Backing Up"
26911
#: serverguide/C/installation.xml:119(para)
26913
"Before installing <application>Ubuntu Server Edition</application> you "
26914
"should make sure all data on the system is backed up. See <xref "
26915
"linkend=\"backups\"/> for backup options."
26917
"Before installing <application>Ubuntu Server Edition</application> you "
26918
"should make sure all data on the system is backed up. See <xref "
26919
"linkend=\"backups\"/> for backup options."
26921
#: serverguide/C/installation.xml:123(para)
26923
"If this is not the first time an operating system has been installed on your "
26924
"computer, it is likely you will need to re-partition your disk to make room "
26927
"If this is not the first time an operating system has been installed on your "
26928
"computer, it is likely you will need to re-partition your disk to make room "
26931
#: serverguide/C/installation.xml:127(para)
26933
"Any time you partition your disk, you should be prepared to lose everything "
26934
"on the disk should you make a mistake or something goes wrong during "
26935
"partitioning. The programs used in installation are quite reliable, most "
26936
"have seen years of use, but they also perform destructive actions."
26938
"Any time you partition your disk, you should be prepared to lose everything "
26939
"on the disk should you make a mistake or something goes wrong during "
26940
"partitioning. The programs used in installation are quite reliable, most "
26941
"have seen years of use, but they also perform destructive actions."
26943
#: serverguide/C/installation.xml:139(title)
26944
msgid "Installing from CD"
26945
msgstr "Installing from CD"
26947
#: serverguide/C/installation.xml:140(para)
26949
"The basic steps to install Ubuntu Server Edition from CD are the same for "
26950
"installing any operating system from CD. Unlike the <emphasis>Desktop "
26951
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
26952
"a graphical installation program. Instead the Server Edition uses a console "
26953
"menu based process."
26955
"The basic steps to install Ubuntu Server Edition from CD are the same for "
26956
"installing any operating system from CD. Unlike the <emphasis>Desktop "
26957
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
26958
"a graphical installation program. Instead the Server Edition uses a console "
26959
"menu based process."
26961
#: serverguide/C/installation.xml:147(para)
26963
"First, download and burn the appropriate ISO file from the <ulink "
26964
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
26966
"First, download and burn the appropriate ISO file from the <ulink "
26967
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
26969
#: serverguide/C/installation.xml:153(para)
26970
msgid "Boot the system from the CD-ROM drive."
26971
msgstr "Boot the system from the CD-ROM drive."
26973
#: serverguide/C/installation.xml:158(para)
26975
"At the boot prompt you will be asked to select the language. Afterwards the "
26976
"installation process begins by asking for your keyboard layout."
26978
"At the boot prompt you will be asked to select the language. Afterwards the "
26979
"installation process begins by asking for your keyboard layout."
26981
#: serverguide/C/installation.xml:164(para)
26983
"From the main boot menu there are some additional options to install Ubuntu "
26984
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
26985
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
26986
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
26987
"will cover the basic Ubuntu Server install."
26989
"From the main boot menu there are some additional options to install Ubuntu "
26990
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
26991
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
26992
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
26993
"will cover the basic Ubuntu Server install."
26995
#: serverguide/C/installation.xml:172(para)
26997
"The installer then discovers your hardware configuration, and configures the "
26998
"network settings using DHCP. If you do not wish to use DHCP at the next "
26999
"screen choose \"Go Back\", and you have the option to \"Configure the "
27000
"network manually\"."
27002
"The installer then discovers your hardware configuration, and configures the "
27003
"network settings using DHCP. If you do not wish to use DHCP at the next "
27004
"screen choose \"Go Back\", and you have the option to \"Configure the "
27005
"network manually\"."
27007
#: serverguide/C/installation.xml:179(para)
27008
msgid "Next, the installer asks for the system's hostname and Time Zone."
27009
msgstr "Next, the installer asks for the system's hostname and Time Zone."
27011
#: serverguide/C/installation.xml:184(para)
27013
"You can then choose from several options to configure the hard drive layout. "
27014
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
27016
"You can then choose from several options to configure the hard drive layout. "
27017
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
27019
#: serverguide/C/installation.xml:190(para)
27020
msgid "The Ubuntu base system is then installed."
27021
msgstr "The Ubuntu base system is then installed."
27023
#: serverguide/C/installation.xml:195(para)
27025
"A new user is setup, this user will have <emphasis>root</emphasis> access "
27026
"through the <application>sudo</application> utility."
27028
"A new user is setup, this user will have <emphasis>root</emphasis> access "
27029
"through the <application>sudo</application> utility."
27031
#: serverguide/C/installation.xml:201(para)
27033
"After the user is setup, you will be asked to encrypt your <filename "
27034
"role=\"directory\">home</filename> directory."
27036
"After the user is setup, you will be asked to encrypt your <filename "
27037
"role=\"directory\">home</filename> directory."
27039
#: serverguide/C/installation.xml:207(para)
27041
"The next step in the installation process is to decide how you want to "
27042
"update the system. There are three options:"
27044
"The next step in the installation process is to decide how you want to "
27045
"update the system. There are three options:"
27047
#: serverguide/C/installation.xml:213(para)
27049
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
27050
"log into the machine and manually install updates."
27052
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
27053
"log into the machine and manually install updates."
27055
#: serverguide/C/installation.xml:219(para)
27057
"<emphasis>Install security updates Automatically</emphasis>: will install "
27058
"the <application>unattended-upgrades</application> package, which will "
27059
"install security updates without the intervention of an administrator. For "
27060
"more details see <xref linkend=\"automatic-updates\"/>."
27062
"<emphasis>Install security updates Automatically</emphasis>: will install "
27063
"the <application>unattended-upgrades</application> package, which will "
27064
"install security updates without the intervention of an administrator. For "
27065
"more details see <xref linkend=\"automatic-updates\"/>."
27067
#: serverguide/C/installation.xml:226(para)
27069
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
27070
"service provided by Canonical to help manage your Ubuntu machines. See the "
27071
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
27072
"site for details."
27074
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
27075
"service provided by Canonical to help manage your Ubuntu machines. See the "
27076
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
27077
"site for details."
27079
#: serverguide/C/installation.xml:235(para)
27081
"You now have the option to install, or not install, several package tasks. "
27082
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
27083
"to launch <application>aptitude</application> to choose specific packages to "
27084
"install. For more information see <xref linkend=\"aptitude\"/>."
27086
"You now have the option to install, or not install, several package tasks. "
27087
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
27088
"to launch <application>aptitude</application> to choose specific packages to "
27089
"install. For more information see <xref linkend=\"aptitude\"/>."
27091
#: serverguide/C/installation.xml:243(para)
27092
msgid "Finally, the last step before rebooting is to set the clock to UTC."
27093
msgstr "Finally, the last step before rebooting is to set the clock to UTC."
27095
#: serverguide/C/installation.xml:249(para)
27097
"If at any point during installation you are not satisfied by the default "
27098
"setting, use the \"Go Back\" function at any prompt to be brought to a "
27099
"detailed installation menu that will allow you to modify the default "
27102
"If at any point during installation you are not satisfied by the default "
27103
"setting, use the \"Go Back\" function at any prompt to be brought to a "
27104
"detailed installation menu that will allow you to modify the default "
27107
#: serverguide/C/installation.xml:254(para)
27109
"At some point during the installation process you may want to read the help "
27110
"screen provided by the installation system. To do this, press F1."
27112
"At some point during the installation process you may want to read the help "
27113
"screen provided by the installation system. To do this, press F1."
27115
#: serverguide/C/installation.xml:259(para)
27117
"Once again, for detailed instructions see the <ulink "
27118
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
27119
"Installation Guide</ulink>."
27121
"Once again, for detailed instructions see the <ulink "
27122
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
27123
"Installation Guide</ulink>."
27125
#: serverguide/C/installation.xml:265(title)
27126
msgid "Package Tasks"
27127
msgstr "Package Tasks"
27129
#: serverguide/C/installation.xml:266(para)
27131
"During the Server Edition installation you have the option of installing "
27132
"additional packages from the CD. The packages are grouped by the type of "
27133
"service they provide."
27135
"During the Server Edition installation you have the option of installing "
27136
"additional packages from the CD. The packages are grouped by the type of "
27137
"service they provide."
27139
#: serverguide/C/installation.xml:272(para)
27140
msgid "Cloud computing: Walrus storage service"
27141
msgstr "Cloud computing: Walrus storage service"
27143
#: serverguide/C/installation.xml:277(para)
27144
msgid "Cloud computing: all-in-one cluster"
27145
msgstr "Cloud computing: all-in-one cluster"
27147
#: serverguide/C/installation.xml:282(para)
27148
msgid "Cloud computing: Cluster controller"
27149
msgstr "Cloud computing: Cluster controller"
27151
#: serverguide/C/installation.xml:287(para)
27152
msgid "Cloud computing: Node controller"
27153
msgstr "Cloud computing: Node controller"
27155
#: serverguide/C/installation.xml:292(para)
27156
msgid "Cloud computing: Storage controller"
27157
msgstr "Cloud computing: Storage controller"
27159
#: serverguide/C/installation.xml:297(para)
27160
msgid "Cloud computing: top-level cloud controller"
27161
msgstr "Cloud computing: top-level cloud controller"
27163
#: serverguide/C/installation.xml:302(para)
27164
msgid "DNS server: Selects the BIND DNS server and its documentation."
27165
msgstr "DNS server: Selects the BIND DNS server and its documentation."
27167
#: serverguide/C/installation.xml:307(para)
27168
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
27169
msgstr "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
27171
#: serverguide/C/installation.xml:312(para)
27173
"Mail server: This task selects a variety of package useful for a general "
27174
"purpose mail server system."
27176
"Mail server: This task selects a variety of package useful for a general "
27177
"purpose mail server system."
27179
#: serverguide/C/installation.xml:317(para)
27180
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
27181
msgstr "OpenSSH server: Selects packages needed for an OpenSSH server."
27183
#: serverguide/C/installation.xml:322(para)
27185
"PostgreSQL database: This task selects client and server packages for the "
27186
"PostgreSQL database."
27188
"PostgreSQL database: This task selects client and server packages for the "
27189
"PostgreSQL database."
27191
#: serverguide/C/installation.xml:327(para)
27192
msgid "Print server: This task sets up your system to be a print server."
27193
msgstr "Print server: This task sets up your system to be a print server."
27195
#: serverguide/C/installation.xml:332(para)
27197
"Samba File server: This task sets up your system to be a Samba file server, "
27198
"which is especially suitable in networks with both Windows and Linux systems."
27200
"Samba File server: This task sets up your system to be a Samba file server, "
27201
"which is especially suitable in networks with both Windows and Linux systems."
27203
#: serverguide/C/installation.xml:338(para)
27205
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
27208
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
27211
#: serverguide/C/installation.xml:343(para)
27213
"Virtual machine host: Includes packages needed to run KVM virtual machines."
27215
"Virtual machine host: Includes packages needed to run KVM virtual machines."
27217
#: serverguide/C/installation.xml:348(para)
27219
"Manually select packages: Executes <application>apptitude</application> "
27220
"allowing you to individually select packages."
27222
"Manually select packages: Executes <application>apptitude</application> "
27223
"allowing you to individually select packages."
27225
#: serverguide/C/installation.xml:353(para)
27227
"Installing the package groups is accomplished using the "
27228
"<application>tasksel</application> utility. One of the important difference "
27229
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
27230
"installed, a package is also configured to reasonable defaults, eventually "
27231
"prompting you for additional required information. Likewise, when installing "
27232
"a task, the packages are not only installed, but also configured to provided "
27233
"a fully integrated service."
27235
"Installing the package groups is accomplished using the "
27236
"<application>tasksel</application> utility. One of the important difference "
27237
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
27238
"installed, a package is also configured to reasonable defaults, eventually "
27239
"prompting you for additional required information. Likewise, when installing "
27240
"a task, the packages are not only installed, but also configured to provided "
27241
"a fully integrated service."
27243
#: serverguide/C/installation.xml:360(para)
27245
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
27246
"<xref linkend=\"uec\"/>."
27248
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
27249
"<xref linkend=\"uec\"/>."
27251
#: serverguide/C/installation.xml:363(para)
27253
"Once the installation process has finished you can view a list of available "
27254
"tasks by entering the following from a terminal prompt:"
27256
"Once the installation process has finished you can view a list of available "
27257
"tasks by entering the following from a terminal prompt:"
27259
#: serverguide/C/installation.xml:368(command)
27260
msgid "tasksel --list-tasks"
27261
msgstr "tasksel --list-tasks"
27263
#: serverguide/C/installation.xml:371(para)
27265
"The output will list tasks from other Ubuntu based distributions such as "
27266
"Kubuntu and Edubuntu. Note that you can also invoke the "
27267
"<command>tasksel</command> command by itself, which will bring up a menu of "
27268
"the different tasks available."
27270
"The output will list tasks from other Ubuntu based distributions such as "
27271
"Kubuntu and Edubuntu. Note that you can also invoke the "
27272
"<command>tasksel</command> command by itself, which will bring up a menu of "
27273
"the different tasks available."
27275
#: serverguide/C/installation.xml:377(para)
27277
"You can view a list of which packages are installed with each task using the "
27278
"<emphasis>--task-packages</emphasis> option. For example, to list the "
27279
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
27282
"You can view a list of which packages are installed with each task using the "
27283
"<emphasis>--task-packages</emphasis> option. For example, to list the "
27284
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
27287
#: serverguide/C/installation.xml:382(command)
27288
msgid "tasksel --task-packages dns-server"
27289
msgstr "tasksel --task-packages dns-server"
27291
#: serverguide/C/installation.xml:384(para)
27292
msgid "The output of the command should list:"
27293
msgstr "The output of the command should list:"
27295
#: serverguide/C/installation.xml:387(programlisting)
27308
#: serverguide/C/installation.xml:392(para)
27310
"Also, if you did not install one of the tasks during the installation "
27311
"process, but for example you decide to make your new LAMP server a DNS "
27312
"server as well. Simply insert the installation CD and from a terminal:"
27314
"Also, if you did not install one of the tasks during the installation "
27315
"process, but for example you decide to make your new LAMP server a DNS "
27316
"server as well. Simply insert the installation CD and from a terminal:"
27318
#: serverguide/C/installation.xml:397(command)
27319
msgid "sudo tasksel install dns-server"
27320
msgstr "sudo tasksel install dns-server"
27322
#: serverguide/C/installation.xml:402(title)
27326
#: serverguide/C/installation.xml:403(para)
27328
"There are several ways to upgrade from one Ubuntu release to another. This "
27329
"section gives an overview of the recommended upgrade method."
27331
"There are several ways to upgrade from one Ubuntu release to another. This "
27332
"section gives an overview of the recommended upgrade method."
27334
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
27335
msgid "do-release-upgrade"
27336
msgstr "do-release-upgrade"
27338
#: serverguide/C/installation.xml:408(para)
27340
"The recommended way to upgrade a Server Edition installation is to use the "
27341
"<application>do-release-upgrade</application> utility. Part of the "
27342
"<emphasis>update-manager-core</emphasis> package, it does not have any "
27343
"graphical dependencies and is installed by default."
27345
"The recommended way to upgrade a Server Edition installation is to use the "
27346
"<application>do-release-upgrade</application> utility. Part of the "
27347
"<emphasis>update-manager-core</emphasis> package, it does not have any "
27348
"graphical dependencies and is installed by default."
27350
#: serverguide/C/installation.xml:413(para)
27352
"Debian based systems can also be upgraded by using <command>apt-get dist-"
27353
"upgrade</command>. However, using <application>do-release-"
27354
"upgrade</application> is recommended because it has the ability to handle "
27355
"system configuration changes sometimes needed between releases."
27357
"Debian based systems can also be upgraded by using <command>apt-get dist-"
27358
"upgrade</command>. However, using <application>do-release-"
27359
"upgrade</application> is recommended because it has the ability to handle "
27360
"system configuration changes sometimes needed between releases."
27362
#: serverguide/C/installation.xml:418(para)
27363
msgid "To upgrade to a newer release, from a terminal prompt enter:"
27364
msgstr "To upgrade to a newer release, from a terminal prompt enter:"
27366
#: serverguide/C/installation.xml:424(para)
27368
"It is also possible to use <application>do-release-upgrade</application> to "
27369
"upgrade to a development version of Ubuntu. To accomplish this use the "
27370
"<emphasis>-d</emphasis> switch:"
27372
"It is also possible to use <application>do-release-upgrade</application> to "
27373
"upgrade to a development version of Ubuntu. To accomplish this use the "
27374
"<emphasis>-d</emphasis> switch:"
27376
#: serverguide/C/installation.xml:429(command)
27377
msgid "do-release-upgrade -d"
27378
msgstr "do-release-upgrade -d"
27380
#: serverguide/C/installation.xml:432(para)
27382
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
27383
"for production environments."
27385
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
27386
"for production environments."
27388
#: serverguide/C/installation.xml:439(title)
27389
msgid "Advanced Installation"
27390
msgstr "Advanced Installation"
27392
#: serverguide/C/installation.xml:442(title)
27393
msgid "Software RAID"
27394
msgstr "Software RAID"
27396
#: serverguide/C/installation.xml:444(para)
27398
"RAID is a method of configuring multiple hard drives to act as one, reducing "
27399
"the probability of catastrophic data loss in case of drive failure. RAID is "
27400
"implemented in either software (where the operating system knows about both "
27401
"drives and actively maintains both of them) or hardware (where a special "
27402
"controller makes the OS think there's only one drive and maintains the "
27403
"drives 'invisibly')."
27405
"RAID is a method of configuring multiple hard drives to act as one, reducing "
27406
"the probability of catastrophic data loss in case of drive failure. RAID is "
27407
"implemented in either software (where the operating system knows about both "
27408
"drives and actively maintains both of them) or hardware (where a special "
27409
"controller makes the OS think there's only one drive and maintains the "
27410
"drives 'invisibly')."
27412
#: serverguide/C/installation.xml:451(para)
27414
"The RAID software included with current versions of Linux (and Ubuntu) is "
27415
"based on the <application>'mdadm'</application> driver and works very well, "
27416
"better even than many so-called 'hardware' RAID controllers. This section "
27417
"will guide you through installing Ubuntu Server Edition using two RAID1 "
27418
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
27419
"another for <emphasis>swap</emphasis>."
27421
"The RAID software included with current versions of Linux (and Ubuntu) is "
27422
"based on the <application>'mdadm'</application> driver and works very well, "
27423
"better even than many so-called 'hardware' RAID controllers. This section "
27424
"will guide you through installing Ubuntu Server Edition using two RAID1 "
27425
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
27426
"another for <emphasis>swap</emphasis>."
27428
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
27430
"Follow the installation steps until you get to the <emphasis>Partition "
27431
"disks</emphasis> step, then:"
27433
"Follow the installation steps until you get to the <emphasis>Partition "
27434
"disks</emphasis> step, then:"
27436
#: serverguide/C/installation.xml:468(para)
27437
msgid "Select <emphasis>Manual</emphasis> as the partition method."
27438
msgstr "Select <emphasis>Manual</emphasis> as the partition method."
27440
#: serverguide/C/installation.xml:475(para)
27442
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
27443
"partition table on this device?\"</emphasis>."
27445
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
27446
"partition table on this device?\"</emphasis>."
27448
#: serverguide/C/installation.xml:479(para)
27450
"Repeat this step for each drive you wish to be part of the RAID array."
27452
"Repeat this step for each drive you wish to be part of the RAID array."
27454
#: serverguide/C/installation.xml:486(para)
27456
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
27457
"select <emphasis>\"Create a new partition\"</emphasis>."
27459
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
27460
"select <emphasis>\"Create a new partition\"</emphasis>."
27462
#: serverguide/C/installation.xml:493(para)
27464
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
27465
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
27466
"size is twice that of RAM. Enter the partition size, then choose "
27467
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
27469
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
27470
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
27471
"size is twice that of RAM. Enter the partition size, then choose "
27472
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
27474
#: serverguide/C/installation.xml:502(para)
27476
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
27477
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
27478
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
27479
"<emphasis>\"Done setting up partition\"</emphasis>."
27481
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
27482
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
27483
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
27484
"<emphasis>\"Done setting up partition\"</emphasis>."
27486
#: serverguide/C/installation.xml:511(para)
27488
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
27489
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
27490
"partition\"</emphasis>."
27492
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
27493
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
27494
"partition\"</emphasis>."
27496
#: serverguide/C/installation.xml:519(para)
27498
"Use the rest of the free space on the drive and choose "
27499
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
27501
"Use the rest of the free space on the drive and choose "
27502
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
27504
#: serverguide/C/installation.xml:526(para)
27506
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
27507
"at the top, changing it to <emphasis>\"physical volume for "
27508
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
27509
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
27510
"<emphasis>\"Done setting up partition\"</emphasis>."
27512
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
27513
"at the top, changing it to <emphasis>\"physical volume for "
27514
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
27515
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
27516
"<emphasis>\"Done setting up partition\"</emphasis>."
27518
#: serverguide/C/installation.xml:536(para)
27519
msgid "Repeat steps three through eight for the other disk and partitions."
27520
msgstr "Repeat steps three through eight for the other disk and partitions."
27522
#: serverguide/C/installation.xml:545(title)
27523
msgid "RAID Configuration"
27524
msgstr "RAID Configuration"
27526
#: serverguide/C/installation.xml:547(para)
27527
msgid "With the partitions setup the arrays are ready to be configured:"
27528
msgstr "With the partitions setup the arrays are ready to be configured:"
27530
#: serverguide/C/installation.xml:554(para)
27532
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
27533
"Software RAID\"</emphasis> at the top."
27535
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
27536
"Software RAID\"</emphasis> at the top."
27538
#: serverguide/C/installation.xml:561(para)
27539
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
27540
msgstr "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
27542
#: serverguide/C/installation.xml:568(para)
27543
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
27544
msgstr "Choose <emphasis>\"Create MD device\"</emphasis>."
27546
#: serverguide/C/installation.xml:575(para)
27548
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
27549
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
27551
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
27552
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
27554
#: serverguide/C/installation.xml:581(para)
27556
"In order to use <emphasis>RAID5</emphasis> you need at least "
27557
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
27558
"<emphasis>two</emphasis> drives are required."
27560
"In order to use <emphasis>RAID5</emphasis> you need at least "
27561
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
27562
"<emphasis>two</emphasis> drives are required."
27564
#: serverguide/C/installation.xml:590(para)
27566
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
27567
"of hard drives you have, for the array. Then select "
27568
"<emphasis>\"Continue\"</emphasis>."
27570
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
27571
"of hard drives you have, for the array. Then select "
27572
"<emphasis>\"Continue\"</emphasis>."
27574
#: serverguide/C/installation.xml:598(para)
27576
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
27577
"default, then choose <emphasis>\"Continue\"</emphasis>."
27579
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
27580
"default, then choose <emphasis>\"Continue\"</emphasis>."
27582
#: serverguide/C/installation.xml:605(para)
27584
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
27585
"etc. The numbers will usually match and the different letters correspond to "
27586
"different hard drives."
27588
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
27589
"etc. The numbers will usually match and the different letters correspond to "
27590
"different hard drives."
27592
#: serverguide/C/installation.xml:610(para)
27594
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
27595
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
27596
"go to the next step."
27598
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
27599
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
27600
"go to the next step."
27602
#: serverguide/C/installation.xml:618(para)
27604
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
27605
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
27606
"and <emphasis>sdb2</emphasis>."
27608
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
27609
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
27610
"and <emphasis>sdb2</emphasis>."
27612
#: serverguide/C/installation.xml:626(para)
27613
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
27614
msgstr "Once done select <emphasis>\"Finish\"</emphasis>."
27616
#: serverguide/C/installation.xml:636(title)
27618
msgstr "Formatting"
27620
#: serverguide/C/installation.xml:638(para)
27622
"There should now be a list of hard drives and RAID devices. The next step is "
27623
"to format and set the mount point for the RAID devices. Treat the RAID "
27624
"device as a local hard drive, format and mount accordingly."
27626
"There should now be a list of hard drives and RAID devices. The next step is "
27627
"to format and set the mount point for the RAID devices. Treat the RAID "
27628
"device as a local hard drive, format and mount accordingly."
27630
#: serverguide/C/installation.xml:646(para)
27632
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
27633
"#0\"</emphasis> partition."
27635
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
27636
"#0\"</emphasis> partition."
27638
#: serverguide/C/installation.xml:653(para)
27640
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
27641
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
27643
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
27644
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
27646
#: serverguide/C/installation.xml:661(para)
27648
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
27649
"#1\"</emphasis> partition."
27651
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
27652
"#1\"</emphasis> partition."
27654
#: serverguide/C/installation.xml:668(para)
27656
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
27657
"journaling file system\"</emphasis>."
27659
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
27660
"journaling file system\"</emphasis>."
27662
#: serverguide/C/installation.xml:675(para)
27664
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
27665
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
27666
"options as appropriate, then select <emphasis>\"Done setting up "
27667
"partition\"</emphasis>."
27669
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
27670
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
27671
"options as appropriate, then select <emphasis>\"Done setting up "
27672
"partition\"</emphasis>."
27674
#: serverguide/C/installation.xml:683(para)
27676
"Finally, select <emphasis>\"Finish partitioning and write changes to "
27677
"disk\"</emphasis>."
27679
"Finally, select <emphasis>\"Finish partitioning and write changes to "
27680
"disk\"</emphasis>."
27682
#: serverguide/C/installation.xml:690(para)
27684
"If you choose to place the root partition on a RAID array, the installer "
27685
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
27686
"state. See <xref linkend=\"raid-degraded\"/> for further details."
27688
"If you choose to place the root partition on a RAID array, the installer "
27689
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
27690
"state. See <xref linkend=\"raid-degraded\"/> for further details."
27692
#: serverguide/C/installation.xml:695(para)
27693
msgid "The installation process will then continue normally."
27694
msgstr "The installation process will then continue normally."
27696
#: serverguide/C/installation.xml:701(title)
27697
msgid "Degraded RAID"
27698
msgstr "Degraded RAID"
27700
#: serverguide/C/installation.xml:703(para)
27702
"At some point in the life of the computer a disk failure event may occur. "
27703
"When this happens, using Software RAID, the operating system will place the "
27704
"array into what is known as a <emphasis>degraded</emphasis> state."
27706
"At some point in the life of the computer a disk failure event may occur. "
27707
"When this happens, using Software RAID, the operating system will place the "
27708
"array into what is known as a <emphasis>degraded</emphasis> state."
27710
#: serverguide/C/installation.xml:708(para)
27712
"If the array has become degraded, due to the chance of data corruption, by "
27713
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
27714
"after thirty seconds. Once the initramfs has booted there is a fifteen "
27715
"second prompt giving you the option to go ahead and boot the system, or "
27716
"attempt manual recover. Booting to the initramfs prompt may or may not be "
27717
"the desired behavior, especially if the machine is in a remote location. "
27718
"Booting to a degraded array can be configured several ways:"
27720
"If the array has become degraded, due to the chance of data corruption, by "
27721
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
27722
"after thirty seconds. Once the initramfs has booted there is a fifteen "
27723
"second prompt giving you the option to go ahead and boot the system, or "
27724
"attempt manual recover. Booting to the initramfs prompt may or may not be "
27725
"the desired behaviour, especially if the machine is in a remote location. "
27726
"Booting to a degraded array can be configured several ways:"
27728
#: serverguide/C/installation.xml:719(para)
27730
"The <application>dpkg-reconfigure</application> utility can be used to "
27731
"configure the default behavior, and during the process you will be queried "
27732
"about additional settings related to the array. Such as monitoring, email "
27733
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
27736
"The <application>dpkg-reconfigure</application> utility can be used to "
27737
"configure the default behaviour, and during the process you will be queried "
27738
"about additional settings related to the array. Such as monitoring, e-mail "
27739
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
27742
#: serverguide/C/installation.xml:726(command)
27743
msgid "sudo dpkg-reconfigure mdadm"
27744
msgstr "sudo dpkg-reconfigure mdadm"
27746
#: serverguide/C/installation.xml:732(para)
27748
"The <command>dpkg-reconfigure mdadm</command> process will change the "
27749
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
27750
"The file has the advantage of being able to pre-configure the system's "
27751
"behavior, and can also be manually edited:"
27753
"The <command>dpkg-reconfigure mdadm</command> process will change the "
27754
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
27755
"The file has the advantage of being able to pre-configure the system's "
27756
"behaviour, and can also be manually edited:"
27758
#: serverguide/C/installation.xml:738(programlisting)
27762
"BOOT_DEGRADED=true\n"
27765
"BOOT_DEGRADED=true\n"
27767
#: serverguide/C/installation.xml:743(para)
27768
msgid "The configuration file can be overridden by using a Kernel argument."
27769
msgstr "The configuration file can be overridden by using a Kernel argument."
27771
#: serverguide/C/installation.xml:751(para)
27773
"Using a Kernel argument will allow the system to boot to a degraded array as "
27776
"Using a Kernel argument will allow the system to boot to a degraded array as "
27779
#: serverguide/C/installation.xml:757(para)
27781
"When the server is booting press <keycap>Shift</keycap> to open the "
27782
"<application>Grub</application> menu."
27784
"When the server is booting press <keycap>Shift</keycap> to open the "
27785
"<application>Grub</application> menu."
27787
#: serverguide/C/installation.xml:762(para)
27788
msgid "Press <keycap>e</keycap> to edit your kernel command options."
27789
msgstr "Press <keycap>e</keycap> to edit your kernel command options."
27791
#: serverguide/C/installation.xml:767(para)
27792
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
27793
msgstr "Press the <keycap>down</keycap> arrow to highlight the kernel line."
27795
#: serverguide/C/installation.xml:772(para)
27797
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
27800
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
27803
#: serverguide/C/installation.xml:777(para)
27805
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
27808
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
27811
#: serverguide/C/installation.xml:786(para)
27813
"Once the system has booted you can either repair the array see <xref "
27814
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
27815
"another machine due to major hardware failure."
27817
"Once the system has booted you can either repair the array see <xref "
27818
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
27819
"another machine due to major hardware failure."
27821
#: serverguide/C/installation.xml:793(title)
27822
msgid "RAID Maintenance"
27823
msgstr "RAID Maintenance"
27825
#: serverguide/C/installation.xml:795(para)
27827
"The <application>mdadm</application> utility can be used to view the status "
27828
"of an array, add disks to an array, remove disks, etc:"
27830
"The <application>mdadm</application> utility can be used to view the status "
27831
"of an array, add disks to an array, remove disks, etc:"
27833
#: serverguide/C/installation.xml:802(para)
27834
msgid "To view the status of an array, from a terminal prompt enter:"
27835
msgstr "To view the status of an array, from a terminal prompt enter:"
27837
#: serverguide/C/installation.xml:806(command)
27838
msgid "sudo mdadm -D /dev/md0"
27839
msgstr "sudo mdadm -D /dev/md0"
27841
#: serverguide/C/installation.xml:809(para)
27843
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
27844
"display <emphasis>detailed</emphasis> information about the "
27845
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
27846
"with the appropriate RAID device."
27848
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
27849
"display <emphasis>detailed</emphasis> information about the "
27850
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
27851
"with the appropriate RAID device."
27853
#: serverguide/C/installation.xml:815(para)
27854
msgid "To view the status of a disk in an array:"
27855
msgstr "To view the status of a disk in an array:"
27857
#: serverguide/C/installation.xml:819(command)
27858
msgid "sudo mdadm -E /dev/sda1"
27859
msgstr "sudo mdadm -E /dev/sda1"
27861
#: serverguide/C/installation.xml:821(para)
27863
"The output if very similar to the <command>mdadm -D</command> command, "
27864
"adjust <filename>/dev/sda1</filename> for each disk."
27866
"The output if very similar to the <command>mdadm -D</command> command, "
27867
"adjust <filename>/dev/sda1</filename> for each disk."
27869
#: serverguide/C/installation.xml:826(para)
27870
msgid "If a disk fails and needs to be removed from an array enter:"
27871
msgstr "If a disk fails and needs to be removed from an array enter:"
27873
#: serverguide/C/installation.xml:830(command)
27874
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
27875
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
27877
#: serverguide/C/installation.xml:832(para)
27879
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
27880
"the appropriate RAID device and disk."
27882
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
27883
"the appropriate RAID device and disk."
27885
#: serverguide/C/installation.xml:837(para)
27886
msgid "Similarly, to add a new disk:"
27887
msgstr "Similarly, to add a new disk:"
27889
#: serverguide/C/installation.xml:841(command)
27890
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
27891
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
27893
#: serverguide/C/installation.xml:846(para)
27895
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
27896
"though there is nothing physically wrong with the drive. It is usually "
27897
"worthwhile to remove the drive from the array then re-add it. This will "
27898
"cause the drive to re-sync with the array. If the drive will not sync with "
27899
"the array, it is a good indication of hardware failure."
27901
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
27902
"though there is nothing physically wrong with the drive. It is usually "
27903
"worthwhile to remove the drive from the array then re-add it. This will "
27904
"cause the drive to re-sync with the array. If the drive will not sync with "
27905
"the array, it is a good indication of hardware failure."
27907
#: serverguide/C/installation.xml:852(para)
27909
"The <filename>/proc/mdstat</filename> file also contains useful information "
27910
"about the system's RAID devices:"
27912
"The <filename>/proc/mdstat</filename> file also contains useful information "
27913
"about the system's RAID devices:"
27915
#: serverguide/C/installation.xml:857(command)
27916
msgid "cat /proc/mdstat"
27917
msgstr "cat /proc/mdstat"
27919
#: serverguide/C/installation.xml:858(computeroutput)
27922
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
27924
"md0 : active raid1 sda1[0] sdb1[1]\n"
27925
" 10016384 blocks [2/2] [UU]\n"
27927
"unused devices: <none>"
27929
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
27931
"md0 : active raid1 sda1[0] sdb1[1]\n"
27932
" 10016384 blocks [2/2] [UU]\n"
27934
"unused devices: <none>"
27936
#: serverguide/C/installation.xml:865(para)
27938
"The following command is great for watching the status of a syncing drive:"
27940
"The following command is great for watching the status of a syncing drive:"
27942
#: serverguide/C/installation.xml:870(command)
27943
msgid "watch -n1 cat /proc/mdstat"
27944
msgstr "watch -n1 cat /proc/mdstat"
27946
#: serverguide/C/installation.xml:873(para)
27948
"Press <emphasis>Ctrl+c</emphasis> to stop the "
27949
"<application>watch</application> command."
27951
"Press <emphasis>Ctrl+c</emphasis> to stop the "
27952
"<application>watch</application> command."
27954
#: serverguide/C/installation.xml:877(para)
27956
"If you do need to replace a faulty drive, after the drive has been replaced "
27957
"and synced, <application>grub</application> will need to be installed. To "
27958
"install <application>grub</application> on the new drive, enter the "
27961
"If you do need to replace a faulty drive, after the drive has been replaced "
27962
"and synced, <application>grub</application> will need to be installed. To "
27963
"install <application>grub</application> on the new drive, enter the "
27966
#: serverguide/C/installation.xml:883(command)
27967
msgid "sudo grub-install /dev/md0"
27968
msgstr "sudo grub-install /dev/md0"
27970
#: serverguide/C/installation.xml:886(para)
27972
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
27974
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
27976
#: serverguide/C/installation.xml:894(para)
27978
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
27979
"can be configured. Please see the following links for more information:"
27981
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
27982
"can be configured. Please see the following links for more information:"
27984
#: serverguide/C/installation.xml:901(para)
27986
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
27987
"Wiki Articles on RAID</ulink>."
27989
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
27990
"Wiki Articles on RAID</ulink>."
27992
#: serverguide/C/installation.xml:907(ulink)
27993
msgid "Software RAID HOWTO"
27994
msgstr "Software RAID HOWTO"
27996
#: serverguide/C/installation.xml:912(ulink)
27997
msgid "Managing RAID on Linux"
27998
msgstr "Managing RAID on Linux"
28000
#: serverguide/C/installation.xml:919(title)
28001
msgid "Logical Volume Manager (LVM)"
28002
msgstr "Logical Volume Manager (LVM)"
28004
#: serverguide/C/installation.xml:921(para)
28006
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
28007
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
28008
"hard disks. LVM volumes can be created on both software RAID partitions and "
28009
"standard partitions residing on a single disk. Volumes can also be extended, "
28010
"giving greater flexibility to systems as requirements change."
28012
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
28013
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
28014
"hard disks. LVM volumes can be created on both software RAID partitions and "
28015
"standard partitions residing on a single disk. Volumes can also be extended, "
28016
"giving greater flexibility to systems as requirements change."
28018
#: serverguide/C/installation.xml:930(para)
28020
"A side effect of LVM's power and flexibility is a greater degree of "
28021
"complication. Before diving into the LVM installation process, it is best to "
28022
"get familiar with some terms."
28024
"A side effect of LVM's power and flexibility is a greater degree of "
28025
"complication. Before diving into the LVM installation process, it is best to "
28026
"get familiar with some terms."
28028
#: serverguide/C/installation.xml:937(para)
28030
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
28033
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
28036
#: serverguide/C/installation.xml:942(para)
28038
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
28039
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
28040
"which resides the actual EXT3, XFS, JFS, etc filesystem."
28042
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
28043
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
28044
"which resides the actual EXT3, XFS, JFS, etc filesystem."
28046
#: serverguide/C/installation.xml:948(para)
28048
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
28049
"RAID partition. The Volume Group can be extended by adding more PVs."
28051
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
28052
"RAID partition. The Volume Group can be extended by adding more PVs."
28054
#: serverguide/C/installation.xml:959(para)
28056
"As an example this section covers installing Ubuntu Server Edition with "
28057
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
28058
"the initial install only one Physical Volume (PV) will be part of the Volume "
28059
"Group (VG). Another PV will be added after install to demonstrate how a VG "
28062
"As an example this section covers installing Ubuntu Server Edition with "
28063
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
28064
"the initial install only one Physical Volume (PV) will be part of the Volume "
28065
"Group (VG). Another PV will be added after install to demonstrate how a VG "
28068
#: serverguide/C/installation.xml:965(para)
28070
"There are several installation options for LVM, <emphasis>\"Guided - use the "
28071
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
28072
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
28073
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
28074
"partitions and configure LVM. At this time the only way to configure a "
28075
"system with both LVM and standard partitions, during installation, is to use "
28076
"the Manual approach."
28078
"There are several installation options for LVM, <emphasis>\"Guided - use the "
28079
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
28080
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
28081
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
28082
"partitions and configure LVM. At this time the only way to configure a "
28083
"system with both LVM and standard partitions, during installation, is to use "
28084
"the Manual approach."
28086
#: serverguide/C/installation.xml:982(para)
28088
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
28089
"<emphasis>\"Manual\"</emphasis>."
28091
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
28092
"<emphasis>\"Manual\"</emphasis>."
28094
#: serverguide/C/installation.xml:989(para)
28096
"Select the hard disk and on the next screen choose \"yes\" to "
28097
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
28099
"Select the hard disk and on the next screen choose \"yes\" to "
28100
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
28102
#: serverguide/C/installation.xml:996(para)
28104
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
28105
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
28107
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
28108
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
28110
#: serverguide/C/installation.xml:1004(para)
28112
"For the LVM <emphasis>/srv</emphasis>, create a new "
28113
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
28114
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
28115
"<emphasis>\"Done setting up the partition\"</emphasis>."
28117
"For the LVM <emphasis>/srv</emphasis>, create a new "
28118
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
28119
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
28120
"<emphasis>\"Done setting up the partition\"</emphasis>."
28122
#: serverguide/C/installation.xml:1012(para)
28124
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
28125
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
28128
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
28129
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
28132
#: serverguide/C/installation.xml:1020(para)
28134
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
28135
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
28136
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
28137
"After entering a name, select the partition configured for LVM, and choose "
28138
"<emphasis>\"Continue\"</emphasis>."
28140
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
28141
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
28142
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
28143
"After entering a name, select the partition configured for LVM, and choose "
28144
"<emphasis>\"Continue\"</emphasis>."
28146
#: serverguide/C/installation.xml:1029(para)
28148
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
28149
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
28150
"volume group, and enter a name for the new LV, for example "
28151
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
28152
"a size, which may be the full partition because it can always be extended "
28153
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
28154
"main <emphasis>\"Partition Disks\"</emphasis> screen."
28156
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
28157
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
28158
"volume group, and enter a name for the new LV, for example "
28159
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
28160
"a size, which may be the full partition because it can always be extended "
28161
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
28162
"main <emphasis>\"Partition Disks\"</emphasis> screen."
28164
#: serverguide/C/installation.xml:1039(para)
28166
"Now add a filesystem to the new LVM. Select the partition under "
28167
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
28168
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
28169
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
28170
"select <emphasis>\"Done setting up the partition\"</emphasis>."
28172
"Now add a filesystem to the new LVM. Select the partition under "
28173
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
28174
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
28175
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
28176
"select <emphasis>\"Done setting up the partition\"</emphasis>."
28178
#: serverguide/C/installation.xml:1048(para)
28180
"Finally, select <emphasis>\"Finish partitioning and write changes to "
28181
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
28182
"the installation."
28184
"Finally, select <emphasis>\"Finish partitioning and write changes to "
28185
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
28186
"the installation."
28188
#: serverguide/C/installation.xml:1056(para)
28189
msgid "There are some useful utilities to view information about LVM:"
28190
msgstr "There are some useful utilities to view information about LVM:"
28192
#: serverguide/C/installation.xml:1061(para)
28194
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
28196
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
28198
#: serverguide/C/installation.xml:1062(para)
28200
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
28202
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
28204
#: serverguide/C/installation.xml:1063(para)
28206
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
28207
"Physical Volumes."
28209
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
28210
"Physical Volumes."
28212
#: serverguide/C/installation.xml:1068(title)
28213
msgid "Extending Volume Groups"
28214
msgstr "Extending Volume Groups"
28216
#: serverguide/C/installation.xml:1070(para)
28218
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
28219
"section covers adding a second hard disk, creating a Physical Volume (PV), "
28220
"adding it to the volume group (VG), extending the logical volume <filename "
28221
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
28222
"example assumes a second hard disk has been added to the system. This hard "
28223
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
28224
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
28225
"before issuing the commands below. You could lose some data if you issue "
28226
"those commands on a non-empty disk. In our example we will use the entire "
28227
"disk as a physical volume (you could choose to create partitions and use "
28228
"them as different physical volumes)"
28230
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
28231
"section covers adding a second hard disk, creating a Physical Volume (PV), "
28232
"adding it to the volume group (VG), extending the logical volume <filename "
28233
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
28234
"example assumes a second hard disk has been added to the system. This hard "
28235
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
28236
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
28237
"before issuing the commands below. You could lose some data if you issue "
28238
"those commands on a non-empty disk. In our example we will use the entire "
28239
"disk as a physical volume (you could choose to create partitions and use "
28240
"them as different physical volumes)"
28242
#: serverguide/C/installation.xml:1082(para)
28243
msgid "First, create the physical volume, in a terminal execute:"
28244
msgstr "First, create the physical volume, in a terminal execute:"
28246
#: serverguide/C/installation.xml:1087(command)
28247
msgid "sudo pvcreate /dev/sdb"
28248
msgstr "sudo pvcreate /dev/sdb"
28250
#: serverguide/C/installation.xml:1093(para)
28251
msgid "Now extend the Volume Group (VG):"
28252
msgstr "Now extend the Volume Group (VG):"
28254
#: serverguide/C/installation.xml:1098(command)
28255
msgid "sudo vgextend vg01 /dev/sdb"
28256
msgstr "sudo vgextend vg01 /dev/sdb"
28258
#: serverguide/C/installation.xml:1104(para)
28260
"Use <application>vgdisplay</application> to find out the free physical "
28261
"extents - Free PE / size (the size you can allocate). We will assume a free "
28262
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
28263
"whole free space available. Use your own PE and/or free space."
28265
"Use <application>vgdisplay</application> to find out the free physical "
28266
"extents - Free PE / size (the size you can allocate). We will assume a free "
28267
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
28268
"whole free space available. Use your own PE and/or free space."
28270
#: serverguide/C/installation.xml:1110(para)
28272
"The Logical Volume (LV) can now be extended by different methods, we will "
28273
"only see how to use the PE to extend the LV:"
28275
"The Logical Volume (LV) can now be extended by different methods, we will "
28276
"only see how to use the PE to extend the LV:"
28278
#: serverguide/C/installation.xml:1115(command)
28279
msgid "sudo lvextend /dev/vg01/srv -l +511"
28280
msgstr "sudo lvextend /dev/vg01/srv -l +511"
28282
#: serverguide/C/installation.xml:1118(para)
28284
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
28285
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
28286
"Gig, Tera, etc bytes."
28288
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
28289
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
28290
"Gig, Tera, etc bytes."
28292
#: serverguide/C/installation.xml:1126(para)
28294
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
28295
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
28296
"practice to unmount it anyway and check the filesystem, so that you don't "
28297
"mess up the day you want to reduce a logical volume (in that case unmounting "
28298
"first is compulsory)."
28300
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
28301
"ext3 or ext4 file systems without unmounting it first, it may be a good "
28302
"practice to unmount it anyway and check the file system, so that you don't "
28303
"mess up the day you want to reduce a logical volume (in that case unmounting "
28304
"first is compulsory)."
28306
#: serverguide/C/installation.xml:1132(para)
28308
"The following commands are for an <emphasis>EXT3</emphasis> or "
28309
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
28310
"there may be other utilities available."
28312
"The following commands are for an <emphasis>EXT3</emphasis> or "
28313
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
28314
"there may be other utilities available."
28316
#: serverguide/C/installation.xml:1139(command)
28317
msgid "sudo e2fsck -f /dev/vg01/srv"
28318
msgstr "sudo e2fsck -f /dev/vg01/srv"
28320
#: serverguide/C/installation.xml:1142(para)
28322
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
28323
"forces checking even if the system seems clean."
28325
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
28326
"forces checking even if the system seems clean."
28328
#: serverguide/C/installation.xml:1149(para)
28329
msgid "Finally, resize the filesystem:"
28330
msgstr "Finally, resize the filesystem:"
28332
#: serverguide/C/installation.xml:1154(command)
28333
msgid "sudo resize2fs /dev/vg01/srv"
28334
msgstr "sudo resize2fs /dev/vg01/srv"
28336
#: serverguide/C/installation.xml:1160(para)
28337
msgid "Now mount the partition and check its size."
28338
msgstr "Now mount the partition and check its size."
28340
#: serverguide/C/installation.xml:1165(command)
28341
msgid "mount /dev/vg01/srv /srv && df -h /srv"
28342
msgstr "mount /dev/vg01/srv /srv && df -h /srv"
28344
#: serverguide/C/installation.xml:1177(para)
28347
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
28348
"Articles</ulink>."
28351
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
28352
"Articles</ulink>."
28354
#: serverguide/C/installation.xml:1182(para)
28356
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
28357
"HOWTO</ulink> for more information."
28359
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
28360
"HOWTO</ulink> for more information."
28362
#: serverguide/C/installation.xml:1187(para)
28364
"Another good article is <ulink "
28365
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
28366
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
28367
"linuxdevcenter.com site."
28369
"Another good article is <ulink "
28370
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
28371
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
28372
"linuxdevcenter.com site."
28374
#: serverguide/C/installation.xml:1194(para)
28376
"For more information on <application>fdisk</application> see the <ulink "
28377
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
28378
"sk man page</ulink>."
28380
"For more information on <application>fdisk</application> see the <ulink "
28381
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
28382
"sk man page</ulink>."
28384
#: serverguide/C/file-server.xml:13(title)
28385
msgid "File Servers"
28386
msgstr "File Servers"
28388
#: serverguide/C/file-server.xml:15(para)
28390
"If you have more than one computer on a single network. At some point you "
28391
"will probably need to share files between them. In this section we cover "
28392
"installing and configuring FTP, NFS, and CUPS."
28394
"If you have more than one computer on a single network, at some point you "
28395
"will probably need to share files between them. In this section we cover "
28396
"installing and configuring FTP, NFS, and CUPS."
28398
#: serverguide/C/file-server.xml:22(title)
28400
msgstr "FTP Server"
28402
#: serverguide/C/file-server.xml:24(para)
28404
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
28405
"files between computers. FTP works on a client/server model. The server "
28406
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
28407
"listens for FTP requests from remote clients. When a request is received, it "
28408
"manages the login and sets up the connection. For the duration of the "
28409
"session it executes any of commands sent by the FTP client."
28411
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
28412
"files between computers. FTP works on a client/server model. The server "
28413
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
28414
"listens for FTP requests from remote clients. When a request is received, it "
28415
"manages the login and sets up the connection. For the duration of the "
28416
"session it executes any of commands sent by the FTP client."
28418
#: serverguide/C/file-server.xml:33(para)
28419
msgid "Access to an FTP server can be managed in two ways:"
28420
msgstr "Access to an FTP server can be managed in two ways:"
28422
#: serverguide/C/file-server.xml:37(para)
28426
#: serverguide/C/file-server.xml:40(para)
28427
msgid "Authenticated"
28428
msgstr "Authenticated"
28430
#: serverguide/C/file-server.xml:43(para)
28432
"In the Anonymous mode, remote clients can access the FTP server by using the "
28433
"default user account called \"anonymous\" or \"ftp\" and sending an email "
28434
"address as the password. In the Authenticated mode a user must have an "
28435
"account and a password. User access to the FTP server directories and files "
28436
"is dependent on the permissions defined for the account used at login. As a "
28437
"general rule, the FTP daemon will hide the root directory of the FTP server "
28438
"and change it to the FTP Home directory. This hides the rest of the file "
28439
"system from remote sessions."
28441
"In the Anonymous mode, remote clients can access the FTP server by using the "
28442
"default user account called \"anonymous\" or \"ftp\" and sending an e-mail "
28443
"address as the password. In the Authenticated mode a user must have an "
28444
"account and a password. User access to the FTP server directories and files "
28445
"is dependent on the permissions defined for the account used at login. As a "
28446
"general rule, the FTP daemon will hide the root directory of the FTP server "
28447
"and change it to the FTP Home directory. This hides the rest of the file "
28448
"system from remote sessions."
28450
#: serverguide/C/file-server.xml:55(title)
28451
msgid "vsftpd - FTP Server Installation"
28452
msgstr "vsftpd - FTP Server Installation"
28454
#: serverguide/C/file-server.xml:57(para)
28456
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
28457
"and maintain. To install <application>vsftpd</application> you can run the "
28458
"following command:"
28460
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
28461
"and maintain. To install <application>vsftpd</application> you can run the "
28462
"following command:"
28464
#: serverguide/C/file-server.xml:65(command)
28465
msgid "sudo apt-get install vsftpd"
28466
msgstr "sudo apt-get install vsftpd"
28468
#: serverguide/C/file-server.xml:71(title)
28469
msgid "Anonymous FTP Configuration"
28470
msgstr "Anonymous FTP Configuration"
28472
#: serverguide/C/file-server.xml:73(para)
28474
"By default <application>vsftpd</application> is configured to only allow "
28475
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
28476
"created with a home directory of <filename>/home/ftp</filename>. This is the "
28477
"default FTP directory."
28479
"By default <application>vsftpd</application> is configured to only allow "
28480
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
28481
"created with a home directory of <filename>/home/ftp</filename>. This is the "
28482
"default FTP directory."
28484
#: serverguide/C/file-server.xml:80(para)
28486
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
28487
"example, simply create a directory in another location and change the "
28488
"<emphasis>ftp</emphasis> user's home directory:"
28490
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
28491
"example, simply create a directory in another location and change the "
28492
"<emphasis>ftp</emphasis> user's home directory:"
28494
#: serverguide/C/file-server.xml:87(command)
28495
msgid "sudo mkdir /srv/ftp"
28496
msgstr "sudo mkdir /srv/ftp"
28498
#: serverguide/C/file-server.xml:88(command)
28499
msgid "sudo usermod -d /srv/ftp ftp"
28500
msgstr "sudo usermod -d /srv/ftp ftp"
28502
#: serverguide/C/file-server.xml:91(para)
28503
msgid "After making the change restart <application>vsftpd</application>:"
28504
msgstr "After making the change restart <application>vsftpd</application>:"
28506
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
28507
msgid "sudo /etc/init.d/vsftpd restart"
28508
msgstr "sudo /etc/init.d/vsftpd restart"
28510
#: serverguide/C/file-server.xml:99(para)
28512
"Finally, copy any files and directories you would like to make available "
28513
"through anonymous FTP to <filename>/srv/ftp</filename>."
28515
"Finally, copy any files and directories you would like to make available "
28516
"through anonymous FTP to <filename>/srv/ftp</filename>."
28518
#: serverguide/C/file-server.xml:106(title)
28519
msgid "User Authenticated FTP Configuration"
28520
msgstr "User Authenticated FTP Configuration"
28522
#: serverguide/C/file-server.xml:108(para)
28524
"To configure <application>vsftpd</application> to authenticate system users "
28525
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
28527
"To configure <application>vsftpd</application> to authenticate system users "
28528
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
28530
#: serverguide/C/file-server.xml:114(programlisting)
28534
"local_enable=YES\n"
28535
"write_enable=YES\n"
28538
"local_enable=YES\n"
28539
"write_enable=YES\n"
28541
#: serverguide/C/file-server.xml:119(para)
28542
msgid "Now restart <application>vsftpd</application>:"
28543
msgstr "Now restart <application>vsftpd</application>:"
28545
#: serverguide/C/file-server.xml:127(para)
28547
"Now when system users login to FTP they will start in their "
28548
"<emphasis>home</emphasis> directories where they can download, upload, "
28549
"create directories, etc."
28551
"Now when system users login to FTP they will start in their "
28552
"<emphasis>home</emphasis> directories where they can download, upload, "
28553
"create directories, etc."
28555
#: serverguide/C/file-server.xml:133(para)
28557
"Similarly, by default, the anonymous users are not allowed to upload files "
28558
"to FTP server. To change this setting, you should uncomment the following "
28559
"line, and restart <application>vsftpd</application>:"
28561
"Similarly, by default, the anonymous users are not allowed to upload files "
28562
"to FTP server. To change this setting, you should uncomment the following "
28563
"line, and restart <application>vsftpd</application>:"
28565
#: serverguide/C/file-server.xml:140(programlisting)
28569
"anon_upload_enable=YES\n"
28572
"anon_upload_enable=YES\n"
28574
#: serverguide/C/file-server.xml:145(para)
28576
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
28577
"not enable anonymous upload on servers accessed directly from the Internet."
28579
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
28580
"not enable anonymous upload on servers accessed directly from the Internet."
28582
#: serverguide/C/file-server.xml:151(para)
28584
"The configuration file consists of many configuration parameters. The "
28585
"information about each parameter is available in the configuration file. "
28586
"Alternatively, you can refer to the man page, <command>man 5 "
28587
"vsftpd.conf</command> for details of each parameter."
28589
"The configuration file consists of many configuration parameters. The "
28590
"information about each parameter is available in the configuration file. "
28591
"Alternatively, you can refer to the man page, <command>man 5 "
28592
"vsftpd.conf</command> for details of each parameter."
28594
#: serverguide/C/file-server.xml:162(title)
28595
msgid "Securing FTP"
28596
msgstr "Securing FTP"
28598
#: serverguide/C/file-server.xml:164(para)
28600
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
28601
"<application>vsftpd</application> more secure. For example users can be "
28602
"limited to their home directories by uncommenting:"
28604
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
28605
"<application>vsftpd</application> more secure. For example users can be "
28606
"limited to their home directories by uncommenting:"
28608
#: serverguide/C/file-server.xml:170(programlisting)
28612
"chroot_local_user=YES\n"
28615
"chroot_local_user=YES\n"
28617
#: serverguide/C/file-server.xml:174(para)
28619
"You can also limit a specific list of users to just their home directories:"
28621
"You can also limit a specific list of users to just their home directories:"
28623
#: serverguide/C/file-server.xml:178(programlisting)
28627
"chroot_list_enable=YES\n"
28628
"chroot_list_file=/etc/vsftpd.chroot_list\n"
28631
"chroot_list_enable=YES\n"
28632
"chroot_list_file=/etc/vsftpd.chroot_list\n"
28634
#: serverguide/C/file-server.xml:183(para)
28636
"After uncommenting the above options, create a "
28637
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
28638
"per line. Then restart <application>vsftpd</application>:"
28640
"After uncommenting the above options, create a "
28641
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
28642
"per line. Then restart <application>vsftpd</application>:"
28644
#: serverguide/C/file-server.xml:192(para)
28646
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
28647
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
28648
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
28649
"add them to the list."
28651
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
28652
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
28653
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
28654
"add them to the list."
28656
#: serverguide/C/file-server.xml:199(para)
28658
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
28659
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
28660
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
28661
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
28662
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
28663
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
28664
"with a shell may not be ideal for some environments, such as a shared web "
28667
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
28668
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
28669
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
28670
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
28671
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
28672
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
28673
"with a shell may not be ideal for some environments, such as a shared web "
28676
#: serverguide/C/file-server.xml:208(para)
28678
"To configure <emphasis>FTPS</emphasis>, edit "
28679
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
28681
"To configure <emphasis>FTPS</emphasis>, edit "
28682
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
28684
#: serverguide/C/file-server.xml:212(programlisting)
28693
#: serverguide/C/file-server.xml:216(para)
28694
msgid "Also, notice the certificate and key related options:"
28695
msgstr "Also, notice the certificate and key related options:"
28697
#: serverguide/C/file-server.xml:220(programlisting)
28701
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
28702
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
28705
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
28706
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
28708
#: serverguide/C/file-server.xml:225(para)
28710
"By default these options are set the certificate and key provided by the "
28711
"<application>ssl-cert</application> package. In a production environment "
28712
"these should be replaced with a certificate and key generated for the "
28713
"specific host. For more information on certificates see <xref "
28714
"linkend=\"certificates-and-security\"/>."
28716
"By default these options are set the certificate and key provided by the "
28717
"<application>ssl-cert</application> package. In a production environment "
28718
"these should be replaced with a certificate and key generated for the "
28719
"specific host. For more information on certificates see <xref "
28720
"linkend=\"certificates-and-security\"/>."
28722
#: serverguide/C/file-server.xml:231(para)
28724
"Now restart <application>vsftpd</application>, and non-anonymous users will "
28725
"be forced to use <emphasis>FTPS</emphasis>:"
28727
"Now restart <application>vsftpd</application>, and non-anonymous users will "
28728
"be forced to use <emphasis>FTPS</emphasis>:"
28730
#: serverguide/C/file-server.xml:240(para)
28732
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
28733
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
28734
"adding the <emphasis>nologin</emphasis> shell:"
28736
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
28737
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
28738
"adding the <emphasis>nologin</emphasis> shell:"
28740
#: serverguide/C/file-server.xml:245(programlisting)
28744
"# /etc/shells: valid login shells\n"
28757
"/usr/bin/screen\n"
28758
"/usr/sbin/nologin\n"
28761
"# /etc/shells: valid login shells\n"
28774
"/usr/bin/screen\n"
28775
"/usr/sbin/nologin\n"
28777
#: serverguide/C/file-server.xml:263(para)
28779
"This is necessary because, by default <application>vsftpd</application> uses "
28780
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
28781
"configuration file contains:"
28783
"This is necessary because, by default <application>vsftpd</application> uses "
28784
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
28785
"configuration file contains:"
28787
#: serverguide/C/file-server.xml:268(programlisting)
28791
"auth required pam_shells.so\n"
28794
"auth required pam_shells.so\n"
28796
#: serverguide/C/file-server.xml:272(para)
28798
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
28799
"in the <filename>/etc/shells</filename> file."
28801
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
28802
"in the <filename>/etc/shells</filename> file."
28804
#: serverguide/C/file-server.xml:277(para)
28806
"Most popular FTP clients can be configured connect using FTPS. The "
28807
"<application>lftp</application> command line FTP client has the ability to "
28808
"use FTPS as well."
28810
"Most popular FTP clients can be configured connect using FTPS. The "
28811
"<application>lftp</application> command line FTP client has the ability to "
28812
"use FTPS as well."
28814
#: serverguide/C/file-server.xml:288(para)
28816
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
28817
"website</ulink> for more information."
28819
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
28820
"website</ulink> for more information."
28822
#: serverguide/C/file-server.xml:293(para)
28824
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
28825
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
28826
"\">vsftpd.conf man page</ulink>."
28828
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
28829
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
28830
"\">vsftpd.conf man page</ulink>."
28832
#: serverguide/C/file-server.xml:299(para)
28834
"The CodeGurus article <ulink "
28835
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
28836
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
28837
"contrasting FTPS and SFTP."
28839
"The CodeGurus article <ulink "
28840
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
28841
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
28842
"contrasting FTPS and SFTP."
28844
#: serverguide/C/file-server.xml:305(para)
28846
"Also, for more information see the <ulink "
28847
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
28850
"Also, for more information see the <ulink "
28851
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
28854
#: serverguide/C/file-server.xml:315(title)
28855
msgid "Network File System (NFS)"
28856
msgstr "Network File System (NFS)"
28858
#: serverguide/C/file-server.xml:316(para)
28860
"NFS allows a system to share directories and files with others over a "
28861
"network. By using NFS, users and programs can access files on remote systems "
28862
"almost as if they were local files."
28864
"NFS allows a system to share directories and files with others over a "
28865
"network. By using NFS, users and programs can access files on remote systems "
28866
"almost as if they were local files."
28868
#: serverguide/C/file-server.xml:322(para)
28869
msgid "Some of the most notable benefits that NFS can provide are:"
28870
msgstr "Some of the most notable benefits that NFS can provide are:"
28872
#: serverguide/C/file-server.xml:328(para)
28874
"Local workstations use less disk space because commonly used data can be "
28875
"stored on a single machine and still remain accessible to others over the "
28878
"Local workstations use less disk space because commonly used data can be "
28879
"stored on a single machine and still remain accessible to others over the "
28882
#: serverguide/C/file-server.xml:333(para)
28884
"There is no need for users to have separate home directories on every "
28885
"network machine. Home directories could be set up on the NFS server and made "
28886
"available throughout the network."
28888
"There is no need for users to have separate home directories on every "
28889
"network machine. Home directories could be set up on the NFS server and made "
28890
"available throughout the network."
28892
#: serverguide/C/file-server.xml:339(para)
28894
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
28895
"be used by other machines on the network. This may reduce the number of "
28896
"removable media drives throughout the network."
28898
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
28899
"be used by other machines on the network. This may reduce the number of "
28900
"removable media drives throughout the network."
28902
#: serverguide/C/file-server.xml:349(para)
28904
"At a terminal prompt enter the following command to install the NFS Server:"
28906
"At a terminal prompt enter the following command to install the NFS Server:"
28908
#: serverguide/C/file-server.xml:355(command)
28909
msgid "sudo apt-get install nfs-kernel-server"
28910
msgstr "sudo apt-get install nfs-kernel-server"
28912
#: serverguide/C/file-server.xml:361(para)
28914
"You can configure the directories to be exported by adding them to the "
28915
"<filename>/etc/exports</filename> file. For example:"
28917
"You can configure the directories to be exported by adding them to the "
28918
"<filename>/etc/exports</filename> file. For example:"
28920
#: serverguide/C/file-server.xml:366(screen)
28924
"/ubuntu *(ro,sync,no_root_squash)\n"
28925
"/home *(rw,sync,no_root_squash)\n"
28928
"/ubuntu *(ro,sync,no_root_squash)\n"
28929
"/home *(rw,sync,no_root_squash)\n"
28931
#: serverguide/C/file-server.xml:372(para)
28933
"You can replace * with one of the hostname formats. Make the hostname "
28934
"declaration as specific as possible so unwanted systems cannot access the "
28937
"You can replace * with one of the hostname formats. Make the hostname "
28938
"declaration as specific as possible so unwanted systems cannot access the "
28941
#: serverguide/C/file-server.xml:378(para)
28943
"To start the NFS server, you can run the following command at a terminal "
28946
"To start the NFS server, you can run the following command at a terminal "
28949
#: serverguide/C/file-server.xml:383(command)
28950
msgid "sudo /etc/init.d/nfs-kernel-server start"
28951
msgstr "sudo /etc/init.d/nfs-kernel-server start"
28953
#: serverguide/C/file-server.xml:388(title)
28954
msgid "NFS Client Configuration"
28955
msgstr "NFS Client Configuration"
28957
#: serverguide/C/file-server.xml:389(para)
28959
"Use the <application>mount</application> command to mount a shared NFS "
28960
"directory from another machine, by typing a command line similar to the "
28961
"following at a terminal prompt:"
28963
"Use the <application>mount</application> command to mount a shared NFS "
28964
"directory from another machine, by typing a command line similar to the "
28965
"following at a terminal prompt:"
28967
#: serverguide/C/file-server.xml:395(command)
28968
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
28969
msgstr "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
28971
#: serverguide/C/file-server.xml:399(para)
28973
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
28974
"There should be no files or subdirectories in the "
28975
"<filename>/local/ubuntu</filename> directory."
28977
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
28978
"There should be no files or subdirectories in the "
28979
"<filename>/local/ubuntu</filename> directory."
28981
#: serverguide/C/file-server.xml:406(para)
28983
"An alternate way to mount an NFS share from another machine is to add a line "
28984
"to the <filename>/etc/fstab</filename> file. The line must state the "
28985
"hostname of the NFS server, the directory on the server being exported, and "
28986
"the directory on the local machine where the NFS share is to be mounted."
28988
"An alternate way to mount an NFS share from another machine is to add a line "
28989
"to the <filename>/etc/fstab</filename> file. The line must state the "
28990
"hostname of the NFS server, the directory on the server being exported, and "
28991
"the directory on the local machine where the NFS share is to be mounted."
28993
#: serverguide/C/file-server.xml:414(para)
28995
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
28998
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
29001
#: serverguide/C/file-server.xml:420(programlisting)
29005
"example.hostname.com:/ubuntu /local/ubuntu nfs "
29006
"rsize=8192,wsize=8192,timeo=14,intr\n"
29009
"example.hostname.com:/ubuntu /local/ubuntu nfs "
29010
"rsize=8192,wsize=8192,timeo=14,intr\n"
29012
#: serverguide/C/file-server.xml:424(para)
29014
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
29015
"common</application> package is installed on your client. To install "
29016
"<application>nfs-common</application> enter the following command at the "
29017
"terminal prompt: <screen>\n"
29018
"<command>sudo apt-get install nfs-common</command>\n"
29021
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
29022
"common</application> package is installed on your client. To install "
29023
"<application>nfs-common</application> enter the following command at the "
29024
"terminal prompt: <screen>\n"
29025
"<command>sudo apt-get install nfs-common</command>\n"
29028
#: serverguide/C/file-server.xml:437(ulink)
29029
msgid "Linux NFS faq"
29030
msgstr "Linux NFS faq"
29032
#: serverguide/C/file-server.xml:439(ulink)
29033
msgid "Ubuntu Wiki NFS Howto"
29034
msgstr "Ubuntu Wiki NFS Howto"
29036
#: serverguide/C/file-server.xml:445(title)
29037
msgid "CUPS - Print Server"
29038
msgstr "CUPS - Print Server"
29040
#: serverguide/C/file-server.xml:446(para)
29042
"The primary mechanism for Ubuntu printing and print services is the "
29043
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
29044
"printing system is a freely available, portable printing layer which has "
29045
"become the new standard for printing in most Linux distributions."
29047
"The primary mechanism for Ubuntu printing and print services is the "
29048
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
29049
"printing system is a freely available, portable printing layer which has "
29050
"become the new standard for printing in most Linux distributions."
29052
#: serverguide/C/file-server.xml:453(para)
29054
"CUPS manages print jobs and queues and provides network printing using the "
29055
"standard Internet Printing Protocol (IPP), while offering support for a very "
29056
"large range of printers, from dot-matrix to laser and many in between. CUPS "
29057
"also supports PostScript Printer Description (PPD) and auto-detection of "
29058
"network printers, and features a simple web-based configuration and "
29059
"administration tool."
29061
"CUPS manages print jobs and queues and provides network printing using the "
29062
"standard Internet Printing Protocol (IPP), while offering support for a very "
29063
"large range of printers, from dot-matrix to laser and many in between. CUPS "
29064
"also supports PostScript Printer Description (PPD) and auto-detection of "
29065
"network printers, and features a simple Web-based configuration and "
29066
"administration tool."
29068
#: serverguide/C/file-server.xml:463(para)
29070
"To install CUPS on your Ubuntu computer, simply use "
29071
"<application>sudo</application> with the <application>apt-get</application> "
29072
"command and give the packages to install as the first parameter. A complete "
29073
"CUPS install has many package dependencies, but they may all be specified on "
29074
"the same command line. Enter the following at a terminal prompt to install "
29077
"To install CUPS on your Ubuntu computer, simply use "
29078
"<application>sudo</application> with the <application>apt-get</application> "
29079
"command and give the packages to install as the first parameter. A complete "
29080
"CUPS install has many package dependencies, but they may all be specified on "
29081
"the same command line. Enter the following at a terminal prompt to install "
29084
#: serverguide/C/file-server.xml:468(command)
29085
msgid "sudo apt-get install cups"
29086
msgstr "sudo apt-get install cups"
29088
#: serverguide/C/file-server.xml:471(para)
29090
"Upon authenticating with your user password, the packages should be "
29091
"downloaded and installed without error. Upon the conclusion of installation, "
29092
"the CUPS server will be started automatically."
29094
"Upon authenticating with your user password, the packages should be "
29095
"downloaded and installed without error. Upon the conclusion of installation, "
29096
"the CUPS server will be started automatically."
29098
#: serverguide/C/file-server.xml:476(para)
29100
"For troubleshooting purposes, you can access CUPS server errors via the "
29101
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
29102
"error log does not show enough information to troubleshoot any problems you "
29103
"encounter, the verbosity of the CUPS log can be increased by changing the "
29104
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
29105
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
29106
"everything, from the default of \"info\". If you make this change, remember "
29107
"to change it back once you've solved your problem, to prevent the log file "
29108
"from becoming overly large."
29110
"For troubleshooting purposes, you can access CUPS server errors via the "
29111
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
29112
"error log does not show enough information to troubleshoot any problems you "
29113
"encounter, the verbosity of the CUPS log can be increased by changing the "
29114
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
29115
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
29116
"everything, from the default of \"info\". If you make this change, remember "
29117
"to change it back once you've solved your problem, to prevent the log file "
29118
"from becoming overly large."
29120
#: serverguide/C/file-server.xml:489(para)
29122
"The Common UNIX Printing System server's behavior is configured through the "
29123
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
29124
"The CUPS configuration file follows the same syntax as the primary "
29125
"configuration file for the Apache HTTP server, so users familiar with "
29126
"editing Apache's configuration file should feel at ease when editing the "
29127
"CUPS configuration file. Some examples of settings you may wish to change "
29128
"initially will be presented here."
29130
"The Common UNIX Printing System server's behaviour is configured through the "
29131
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
29132
"The CUPS configuration file follows the same syntax as the primary "
29133
"configuration file for the Apache HTTP server, so users familiar with "
29134
"editing Apache's configuration file should feel at ease when editing the "
29135
"CUPS configuration file. Some examples of settings you may wish to change "
29136
"initially will be presented here."
29138
#: serverguide/C/file-server.xml:499(para)
29140
"Prior to editing the configuration file, you should make a copy of the "
29141
"original file and protect it from writing, so you will have the original "
29142
"settings as a reference, and to reuse as necessary."
29144
"Prior to editing the configuration file, you should make a copy of the "
29145
"original file and protect it from writing, so you will have the original "
29146
"settings as a reference, and to reuse as necessary."
29148
#: serverguide/C/file-server.xml:503(para)
29150
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
29151
"writing with the following commands, issued at a terminal prompt:"
29153
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
29154
"writing with the following commands, issued at a terminal prompt:"
29156
#: serverguide/C/file-server.xml:509(command)
29157
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
29158
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
29160
#: serverguide/C/file-server.xml:510(command)
29161
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
29162
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
29164
#: serverguide/C/file-server.xml:515(para)
29166
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
29167
"address of the designated administrator of the CUPS server, simply edit the "
29168
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
29169
"preferred text editor, and add or modify the <emphasis "
29170
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
29171
"you are the Administrator for the CUPS server, and your e-mail address is "
29172
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
29175
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the e-mail "
29176
"address of the designated administrator of the CUPS server, simply edit the "
29177
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
29178
"preferred text editor, and add or modify the <emphasis "
29179
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
29180
"you are the Administrator for the CUPS server, and your e-mail address is "
29181
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
29184
#: serverguide/C/file-server.xml:526(screen)
29188
"ServerAdmin bjoy@somebigco.com\n"
29191
"ServerAdmin bjoy@somebigco.com\n"
29193
#: serverguide/C/file-server.xml:532(para)
29195
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
29196
"server installation listens only on the loopback interface at IP address "
29197
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
29198
"listen on an actual network adapter's IP address, you must specify either a "
29199
"hostname, the IP address, or optionally, an IP address/port pairing via the "
29200
"addition of a Listen directive. For example, if your CUPS server resides on "
29201
"a local network at the IP address <emphasis "
29202
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
29203
"accessible to the other systems on this subnetwork, you would edit the "
29204
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
29207
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
29208
"server installation listens only on the loopback interface at IP address "
29209
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
29210
"listen on an actual network adapter's IP address, you must specify either a "
29211
"hostname, the IP address, or optionally, an IP address/port pairing via the "
29212
"addition of a Listen directive. For example, if your CUPS server resides on "
29213
"a local network at the IP address <emphasis "
29214
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
29215
"accessible to the other systems on this subnetwork, you would edit the "
29216
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
29219
#: serverguide/C/file-server.xml:546(screen)
29223
"Listen 127.0.0.1:631 # existing loopback Listen\n"
29224
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
29225
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
29229
"Listen 127.0.0.1:631 # existing loopback Listen\n"
29230
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
29231
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
29234
#: serverguide/C/file-server.xml:552(para)
29236
"In the example above, you may comment out or remove the reference to the "
29237
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
29238
"</application> to listen on that interface, but would rather have it only "
29239
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
29240
"listening for all network interfaces for which a certain hostname is bound, "
29241
"including the Loopback, you could create a Listen entry for the hostname "
29242
"<emphasis>socrates</emphasis> as such:"
29244
"In the example above, you may comment out or remove the reference to the "
29245
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
29246
"</application> to listen on that interface, but would rather have it only "
29247
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
29248
"listening for all network interfaces for which a certain hostname is bound, "
29249
"including the Loopback, you could create a Listen entry for the hostname "
29250
"<emphasis>socrates</emphasis> as such:"
29252
#: serverguide/C/file-server.xml:562(screen)
29256
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
29259
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
29261
#: serverguide/C/file-server.xml:566(para)
29263
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
29266
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
29269
#: serverguide/C/file-server.xml:568(screen)
29273
"Port 631 # Listen on port 631 on all interfaces\n"
29276
"Port 631 # Listen on port 631 on all interfaces\n"
29278
#: serverguide/C/file-server.xml:575(para)
29280
"For more examples of configuration directives in the CUPS server "
29281
"configuration file, view the associated system manual page by entering the "
29282
"following command at a terminal prompt:"
29284
"For more examples of configuration directives in the CUPS server "
29285
"configuration file, view the associated system manual page by entering the "
29286
"following command at a terminal prompt:"
29288
#: serverguide/C/file-server.xml:582(command)
29289
msgid "man cupsd.conf"
29290
msgstr "man cupsd.conf"
29292
#: serverguide/C/file-server.xml:586(para)
29294
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
29295
"configuration file, you'll need to restart the CUPS server by typing the "
29296
"following command at a terminal prompt:"
29298
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
29299
"configuration file, you'll need to restart the CUPS server by typing the "
29300
"following command at a terminal prompt:"
29302
#: serverguide/C/file-server.xml:592(command)
29303
msgid "sudo /etc/init.d/cups restart"
29304
msgstr "sudo /etc/init.d/cups restart"
29306
#: serverguide/C/file-server.xml:598(title)
29307
msgid "Web Interface"
29308
msgstr "Web Interface"
29310
#: serverguide/C/file-server.xml:600(para)
29312
"CUPS can be configured and monitored using a web interface, which by default "
29313
"is available at <ulink "
29314
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
29315
"web interface can be used to perform all printer management tasks."
29317
"CUPS can be configured and monitored using a web interface, which by default "
29318
"is available at <ulink "
29319
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
29320
"web interface can be used to perform all printer management tasks."
29322
#: serverguide/C/file-server.xml:604(para)
29324
"In order to perform administrative tasks via the web interface, you must "
29325
"either have the root account enabled on your server, or authenticate as a "
29326
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
29327
"reasons, CUPS won't authenticate a user that doesn't have a password."
29329
"In order to perform administrative tasks via the web interface, you must "
29330
"either have the root account enabled on your server, or authenticate as a "
29331
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
29332
"reasons, CUPS won't authenticate a user that doesn't have a password."
29334
#: serverguide/C/file-server.xml:607(para)
29336
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
29337
"at the terminal prompt: <screen>\n"
29338
"<command>sudo usermod -aG lpadmin username</command>\n"
29341
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
29342
"at the terminal prompt: <screen>\n"
29343
"<command>sudo usermod -aG lpadmin username</command>\n"
29346
#: serverguide/C/file-server.xml:613(para)
29348
"Further documentation is available in the <emphasis "
29349
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
29351
"Further documentation is available in the <emphasis "
29352
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
29354
#: serverguide/C/file-server.xml:621(ulink)
29355
msgid "CUPS Website"
29356
msgstr "CUPS Website"
29358
#: serverguide/C/file-server.xml:624(ulink)
29359
msgid "Ubuntu Wiki CUPS page"
29360
msgstr "Ubuntu Wiki CUPS page"
29362
#: serverguide/C/dns.xml:13(title)
29363
msgid "Domain Name Service (DNS)"
29364
msgstr "Domain Name Service (DNS)"
29366
#: serverguide/C/dns.xml:14(para)
29368
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
29369
"fully qualified domain names (FQDN) to one another. In this way, DNS "
29370
"alleviates the need to remember IP addresses. Computers that run DNS are "
29371
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
29372
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
29373
"common program used for maintaining a name server on Linux."
29375
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
29376
"fully qualified domain names (FQDN) to one another. In this way, DNS "
29377
"alleviates the need to remember IP addresses. Computers that run DNS are "
29378
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
29379
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
29380
"common program used for maintaining a name server on Linux."
29382
#: serverguide/C/dns.xml:24(para)
29384
"At a terminal prompt, enter the following command to install "
29385
"<application>dns</application>:"
29387
"At a terminal prompt, enter the following command to install "
29388
"<application>dns</application>:"
29390
#: serverguide/C/dns.xml:28(command)
29391
msgid "sudo apt-get install bind9"
29392
msgstr "sudo apt-get install bind9"
29394
#: serverguide/C/dns.xml:30(para)
29396
"A very useful package for testing and troubleshooting DNS issues is the "
29397
"dnsutils package. To install <application>dnsutils</application> enter the "
29400
"A very useful package for testing and troubleshooting DNS issues is the "
29401
"dnsutils package. To install <application>dnsutils</application> enter the "
29404
#: serverguide/C/dns.xml:35(command)
29405
msgid "sudo apt-get install dnsutils"
29406
msgstr "sudo apt-get install dnsutils"
29408
#: serverguide/C/dns.xml:40(para)
29410
"There are many ways to configure <application>BIND9</application>. Some of "
29411
"the most common configurations are a caching nameserver, primary master, and "
29412
"as a secondary master."
29414
"There are many ways to configure <application>BIND9</application>. Some of "
29415
"the most common configurations are a caching nameserver, primary master, and "
29416
"as a secondary master."
29418
#: serverguide/C/dns.xml:46(para)
29420
"When configured as a caching nameserver BIND9 will find the answer to name "
29421
"queries and remember the answer when the domain is queried again."
29423
"When configured as a caching nameserver BIND9 will find the answer to name "
29424
"queries and remember the answer when the domain is queried again."
29426
#: serverguide/C/dns.xml:52(para)
29428
"As a primary master server BIND9 reads the data for a zone from a file on "
29429
"it's host and is authoritative for that zone."
29431
"As a primary master server BIND9 reads the data for a zone from a file on "
29432
"it's host and is authoritative for that zone."
29434
#: serverguide/C/dns.xml:57(para)
29436
"In a secondary master configuration BIND9 gets the zone data from another "
29437
"nameserver authoritative for the zone."
29439
"In a secondary master configuration BIND9 gets the zone data from another "
29440
"nameserver authoritative for the zone."
29442
#: serverguide/C/dns.xml:65(para)
29444
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
29445
"directory. The primary configuration file is "
29446
"<filename>/etc/bind/named.conf</filename>."
29448
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
29449
"directory. The primary configuration file is "
29450
"<filename>/etc/bind/named.conf</filename>."
29452
#: serverguide/C/dns.xml:72(para)
29454
"The <emphasis>include</emphasis> line specifies the filename which contains "
29455
"the DNS options. The <emphasis>directory</emphasis> line in the "
29456
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
29457
"look for files. All files BIND uses will be relative to this directory."
29459
"The <emphasis>include</emphasis> line specifies the filename which contains "
29460
"the DNS options. The <emphasis>directory</emphasis> line in the "
29461
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
29462
"look for files. All files BIND uses will be relative to this directory."
29464
#: serverguide/C/dns.xml:80(para)
29466
"The file named <filename>/etc/bind/db.root</filename> describes the root "
29467
"nameservers in the world. The servers change over time, so the "
29468
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
29469
"This is usually done as updates to the <application>bind9</application> "
29470
"package. The <emphasis>zone</emphasis> section defines a master server, and "
29471
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
29473
"The file named <filename>/etc/bind/db.root</filename> describes the root "
29474
"nameservers in the world. The servers change over time, so the "
29475
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
29476
"This is usually done as updates to the <application>bind9</application> "
29477
"package. The <emphasis>zone</emphasis> section defines a master server, and "
29478
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
29480
#: serverguide/C/dns.xml:90(para)
29482
"It is possible to configure the same server to be a caching name server, "
29483
"primary master, and secondary master. A server can be the Start of Authority "
29484
"(SOA) for one zone, while providing secondary service for another zone. All "
29485
"the while providing caching services for hosts on the local LAN."
29487
"It is possible to configure the same server to be a caching name server, "
29488
"primary master, and secondary master. A server can be the Start of Authority "
29489
"(SOA) for one zone, while providing secondary service for another zone. All "
29490
"the while providing caching services for hosts on the local LAN."
29492
#: serverguide/C/dns.xml:98(title)
29493
msgid "Caching Nameserver"
29494
msgstr "Caching Nameserver"
29496
#: serverguide/C/dns.xml:99(para)
29498
"The default configuration is setup to act as a caching server. All that is "
29499
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
29500
"uncomment and edit the following in "
29501
"<filename>/etc/bind/named.conf.options</filename>:"
29503
"The default configuration is setup to act as a caching server. All that is "
29504
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
29505
"uncomment and edit the following in "
29506
"<filename>/etc/bind/named.conf.options</filename>:"
29508
#: serverguide/C/dns.xml:103(programlisting)
29523
#: serverguide/C/dns.xml:110(para)
29525
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
29526
"the IP Adresses of actual nameservers."
29528
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
29529
"the IP Adresses of actual nameservers."
29531
#: serverguide/C/dns.xml:114(para)
29533
"Now restart the DNS server, to enable the new configuration. From a terminal "
29536
"Now restart the DNS server, to enable the new configuration. From a terminal "
29539
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
29540
msgid "sudo /etc/init.d/bind9 restart"
29541
msgstr "sudo /etc/init.d/bind9 restart"
29543
#: serverguide/C/dns.xml:120(para)
29545
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
29548
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
29551
#: serverguide/C/dns.xml:125(title)
29552
msgid "Primary Master"
29553
msgstr "Primary Master"
29555
#: serverguide/C/dns.xml:126(para)
29557
"In this section <application>BIND9</application> will be configured as the "
29558
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
29559
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
29560
"(Fully Qualified Domain Name)."
29562
"In this section <application>BIND9</application> will be configured as the "
29563
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
29564
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
29565
"(Fully Qualified Domain Name)."
29567
#: serverguide/C/dns.xml:132(title)
29568
msgid "Forward Zone File"
29569
msgstr "Forward Zone File"
29571
#: serverguide/C/dns.xml:133(para)
29573
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
29574
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
29576
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
29577
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
29579
#: serverguide/C/dns.xml:137(programlisting)
29583
"zone \"example.com\" {\n"
29585
" file \"/etc/bind/db.example.com\";\n"
29589
"zone \"example.com\" {\n"
29591
" file \"/etc/bind/db.example.com\";\n"
29594
#: serverguide/C/dns.xml:143(para)
29596
"Now use an existing zone file as a template to create the "
29597
"<filename>/etc/bind/db.example.com</filename> file:"
29599
"Now use an existing zone file as a template to create the "
29600
"<filename>/etc/bind/db.example.com</filename> file:"
29602
#: serverguide/C/dns.xml:147(command)
29603
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
29604
msgstr "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
29606
#: serverguide/C/dns.xml:149(para)
29608
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
29609
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
29610
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
29611
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
29612
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
29613
"leaving the \".\" at the end."
29615
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
29616
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
29617
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
29618
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid e-"
29619
"mail address, but with a \".\" instead of the usual \"@\" symbol, again "
29620
"leaving the \".\" at the end."
29622
#: serverguide/C/dns.xml:155(para)
29624
"Also, create an <emphasis>A record</emphasis> for <emphasis "
29625
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
29627
"Also, create an <emphasis>A record</emphasis> for <emphasis "
29628
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
29630
#: serverguide/C/dns.xml:159(programlisting)
29635
"; BIND data file for local loopback interface\n"
29638
"@ IN SOA ns.example.com. root.example.com. (\n"
29640
" 604800 ; Refresh\n"
29642
" 2419200 ; Expire\n"
29643
" 604800 ) ; Negative Cache TTL\n"
29645
"@ IN NS ns.example.com.\n"
29646
"@ IN A 127.0.0.1\n"
29648
"ns IN A 192.168.1.10\n"
29652
"; BIND data file for local loopback interface\n"
29655
"@ IN SOA ns.example.com. root.example.com. (\n"
29657
" 604800 ; Refresh\n"
29659
" 2419200 ; Expire\n"
29660
" 604800 ) ; Negative Cache TTL\n"
29662
"@ IN NS ns.example.com.\n"
29663
"@ IN A 127.0.0.1\n"
29665
"ns IN A 192.168.1.10\n"
29667
#: serverguide/C/dns.xml:176(para)
29669
"You must increment the <emphasis>Serial Number</emphasis> every time you "
29670
"make changes to the zone file. If you make multiple changes before "
29671
"restarting BIND9, simply increment the Serial once."
29673
"You must increment the <emphasis>Serial Number</emphasis> every time you "
29674
"make changes to the zone file. If you make multiple changes before "
29675
"restarting BIND9, simply increment the Serial once."
29677
#: serverguide/C/dns.xml:180(para)
29679
"Now, you can add DNS records to the bottom of the zone file. See <xref "
29680
"linkend=\"dns-record-types\"/> for details."
29682
"Now, you can add DNS records to the bottom of the zone file. See <xref "
29683
"linkend=\"dns-record-types\"/> for details."
29685
#: serverguide/C/dns.xml:184(para)
29687
"Many admins like to use the last date edited as the serial of a zone, such "
29688
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
29689
"<emphasis>ss</emphasis> is the Serial Number)"
29691
"Many admins like to use the last date edited as the serial of a zone, such "
29692
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
29693
"<emphasis>ss</emphasis> is the Serial Number)"
29695
#: serverguide/C/dns.xml:189(para)
29697
"Once you have made a change to the zone file "
29698
"<application>BIND9</application> will need to be restarted for the changes "
29701
"Once you have made a change to the zone file "
29702
"<application>BIND9</application> will need to be restarted for the changes "
29705
#: serverguide/C/dns.xml:198(title)
29706
msgid "Reverse Zone File"
29707
msgstr "Reverse Zone File"
29709
#: serverguide/C/dns.xml:199(para)
29711
"Now that the zone is setup and resolving names to IP Adresses a "
29712
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
29713
"DNS to resolve an address to a name."
29715
"Now that the zone is setup and resolving names to IP Adresses a "
29716
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
29717
"DNS to resolve an address to a name."
29719
#: serverguide/C/dns.xml:203(para)
29720
msgid "Edit /etc/bind/named.conf.local and add the following:"
29721
msgstr "Edit /etc/bind/named.conf.local and add the following:"
29723
#: serverguide/C/dns.xml:206(programlisting)
29727
"zone \"1.168.192.in-addr.arpa\" {\n"
29730
" file \"/etc/bind/db.192\";\n"
29734
"zone \"1.168.192.in-addr.arpa\" {\n"
29737
" file \"/etc/bind/db.192\";\n"
29740
#: serverguide/C/dns.xml:214(para)
29742
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
29743
"whatever network you are using. Also, name the zone file "
29744
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
29745
"first octet of your network."
29747
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
29748
"whatever network you are using. Also, name the zone file "
29749
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
29750
"first octet of your network."
29752
#: serverguide/C/dns.xml:219(para)
29753
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
29754
msgstr "Now create the <filename>/etc/bind/db.192</filename> file:"
29756
#: serverguide/C/dns.xml:223(command)
29757
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
29758
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
29760
#: serverguide/C/dns.xml:225(para)
29762
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
29763
"same options as <filename>/etc/bind/db.example.com</filename>:"
29765
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
29766
"same options as <filename>/etc/bind/db.example.com</filename>:"
29768
#: serverguide/C/dns.xml:229(programlisting)
29773
"; BIND reverse data file for local loopback interface\n"
29776
"@ IN SOA ns.example.com. root.example.com. (\n"
29778
" 604800 ; Refresh\n"
29780
" 2419200 ; Expire\n"
29781
" 604800 ) ; Negative Cache TTL\n"
29784
"10 IN PTR ns.example.com.\n"
29788
"; BIND reverse data file for local loopback interface\n"
29791
"@ IN SOA ns.example.com. root.example.com. (\n"
29793
" 604800 ; Refresh\n"
29795
" 2419200 ; Expire\n"
29796
" 604800 ) ; Negative Cache TTL\n"
29799
"10 IN PTR ns.example.com.\n"
29801
#: serverguide/C/dns.xml:244(para)
29803
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
29804
"incremented on each change as well. For each <emphasis>A record</emphasis> "
29805
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
29806
"create a <emphasis>PTR record</emphasis> in "
29807
"<filename>/etc/bind/db.192</filename>."
29809
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
29810
"incremented on each change as well. For each <emphasis>A record</emphasis> "
29811
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
29812
"create a <emphasis>PTR record</emphasis> in "
29813
"<filename>/etc/bind/db.192</filename>."
29815
#: serverguide/C/dns.xml:249(para)
29817
"After creating the reverse zone file restart "
29818
"<application>BIND9</application>:"
29820
"After creating the reverse zone file restart "
29821
"<application>BIND9</application>:"
29823
#: serverguide/C/dns.xml:258(title)
29824
msgid "Secondary Master"
29825
msgstr "Secondary Master"
29827
#: serverguide/C/dns.xml:259(para)
29829
"Once a <emphasis>Primary Master</emphasis> has been configured a "
29830
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
29831
"availability of the domain should the Primary become unavailable."
29833
"Once a <emphasis>Primary Master</emphasis> has been configured a "
29834
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
29835
"availability of the domain should the Primary become unavailable."
29837
#: serverguide/C/dns.xml:263(para)
29839
"First, on the Primary Master server, the zone transfer needs to be allowed. "
29840
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
29841
"and Reverse zone definitions in "
29842
"<filename>/etc/bind/named.conf.local</filename>:"
29844
"First, on the Primary Master server, the zone transfer needs to be allowed. "
29845
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
29846
"and Reverse zone definitions in "
29847
"<filename>/etc/bind/named.conf.local</filename>:"
29849
#: serverguide/C/dns.xml:267(programlisting)
29853
"zone \"example.com\" {\n"
29855
"\tfile \"/etc/bind/db.example.com\";\n"
29856
" allow-transfer { 192.168.1.11; };\n"
29859
"zone \"1.168.192.in-addr.arpa\" {\n"
29862
" file \"/etc/bind/db.192\";\n"
29863
"\tallow-transfer { 192.168.1.11; };\n"
29867
"zone \"example.com\" {\n"
29869
"\tfile \"/etc/bind/db.example.com\";\n"
29870
" allow-transfer { 192.168.1.11; };\n"
29873
"zone \"1.168.192.in-addr.arpa\" {\n"
29876
" file \"/etc/bind/db.192\";\n"
29877
"\tallow-transfer { 192.168.1.11; };\n"
29880
#: serverguide/C/dns.xml:282(para)
29882
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
29883
"Secondary nameserver."
29885
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
29886
"Secondary nameserver."
29888
#: serverguide/C/dns.xml:286(para)
29890
"Next, on the Secondary Master, install the <application>bind9</application> "
29891
"package the same way as on the Primary. Then edit the "
29892
"<filename>/etc/bind/named.conf.local</filename> and add the following "
29893
"declarations for the Forward and Reverse zones:"
29895
"Next, on the Secondary Master, install the <application>bind9</application> "
29896
"package the same way as on the Primary. Then edit the "
29897
"<filename>/etc/bind/named.conf.local</filename> and add the following "
29898
"declarations for the Forward and Reverse zones:"
29900
#: serverguide/C/dns.xml:290(programlisting)
29904
"zone \"example.com\" {\n"
29906
" file \"/var/cache/bind/db.example.com\";\n"
29907
" masters { 192.168.1.10; };\n"
29910
"zone \"1.168.192.in-addr.arpa\" {\n"
29912
" file \"/var/cache/bind/db.192\";\n"
29913
" masters { 192.168.1.10; };\n"
29917
"zone \"example.com\" {\n"
29919
" file \"/var/cache/bind/db.example.com\";\n"
29920
" masters { 192.168.1.10; };\n"
29923
"zone \"1.168.192.in-addr.arpa\" {\n"
29925
" file \"/var/cache/bind/db.192\";\n"
29926
" masters { 192.168.1.10; };\n"
29929
#: serverguide/C/dns.xml:304(para)
29931
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
29932
"Primary nameserver."
29934
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
29935
"Primary nameserver."
29937
#: serverguide/C/dns.xml:308(para)
29938
msgid "Restart <application>BIND9</application> on the Secondary Master:"
29939
msgstr "Restart <application>BIND9</application> on the Secondary Master:"
29941
#: serverguide/C/dns.xml:314(para)
29943
"In <filename>/var/log/syslog</filename> you should see something similar to:"
29945
"In <filename>/var/log/syslog</filename> you should see something similar to:"
29947
#: serverguide/C/dns.xml:317(programlisting)
29951
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
29952
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
29955
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
29956
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
29958
#: serverguide/C/dns.xml:322(para)
29960
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
29961
"on the Primary is larger than the one on the Secondary."
29963
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
29964
"on the Primary is larger than the one on the Secondary."
29966
#: serverguide/C/dns.xml:328(para)
29968
"The default directory for non-authoritative zone files is "
29969
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
29970
"<application>AppArmor</application> to allow the "
29971
"<application>named</application> daemon to write to it. For more information "
29972
"on AppArmor see <xref linkend=\"apparmor\"/>."
29974
"The default directory for non-authoritative zone files is "
29975
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
29976
"<application>AppArmor</application> to allow the "
29977
"<application>named</application> daemon to write to it. For more information "
29978
"on AppArmor see <xref linkend=\"apparmor\"/>."
29980
#: serverguide/C/dns.xml:339(para)
29982
"This section covers ways to help determine the cause when problems happen "
29983
"with DNS and <application>BIND9</application>."
29985
"This section covers ways to help determine the cause when problems happen "
29986
"with DNS and <application>BIND9</application>."
29988
#: serverguide/C/dns.xml:345(title)
29989
msgid "resolv.conf"
29990
msgstr "resolv.conf"
29992
#: serverguide/C/dns.xml:346(para)
29994
"The first step in testing <application>BIND9</application> is to add the "
29995
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
29996
"be configured as well as another host to double check things. Simply edit "
29997
"<filename>/etc/resolv.conf</filename> and add the following:"
29999
"The first step in testing <application>BIND9</application> is to add the "
30000
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
30001
"be configured as well as another host to double check things. Simply edit "
30002
"<filename>/etc/resolv.conf</filename> and add the following:"
30004
#: serverguide/C/dns.xml:351(programlisting)
30008
"nameserver\t192.168.1.10\n"
30009
"nameserver\t192.168.1.11\n"
30012
"nameserver\t192.168.1.10\n"
30013
"nameserver\t192.168.1.11\n"
30015
#: serverguide/C/dns.xml:356(para)
30017
"You should also add the IP Address of the Secondary nameserver in case the "
30018
"Primary becomes unavailable."
30020
"You should also add the IP Address of the Secondary nameserver in case the "
30021
"Primary becomes unavailable."
30023
#: serverguide/C/dns.xml:362(title)
30027
#: serverguide/C/dns.xml:363(para)
30029
"If you installed the <application>dnsutils</application> package you can "
30030
"test your setup using the DNS lookup utility <application>dig</application>:"
30032
"If you installed the <application>dnsutils</application> package you can "
30033
"test your setup using the DNS lookup utility <application>dig</application>:"
30035
#: serverguide/C/dns.xml:369(para)
30037
"After installing <application>BIND9</application> use "
30038
"<application>dig</application> against the loopback interface to make sure "
30039
"it is listening on port 53. From a terminal prompt:"
30041
"After installing <application>BIND9</application> use "
30042
"<application>dig</application> against the loopback interface to make sure "
30043
"it is listening on port 53. From a terminal prompt:"
30045
#: serverguide/C/dns.xml:374(command)
30046
msgid "dig -x 127.0.0.1"
30047
msgstr "dig -x 127.0.0.1"
30049
#: serverguide/C/dns.xml:376(para)
30050
msgid "You should see lines similar to the following in the command output:"
30051
msgstr "You should see lines similar to the following in the command output:"
30053
#: serverguide/C/dns.xml:379(programlisting)
30057
";; Query time: 1 msec\n"
30058
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
30061
";; Query time: 1 msec\n"
30062
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
30064
#: serverguide/C/dns.xml:385(para)
30066
"If you have configured <application>BIND9</application> as a "
30067
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
30070
"If you have configured <application>BIND9</application> as a "
30071
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
30074
#: serverguide/C/dns.xml:390(command)
30075
msgid "dig ubuntu.com"
30076
msgstr "dig ubuntu.com"
30078
#: serverguide/C/dns.xml:392(para)
30079
msgid "Note the query time toward the end of the command output:"
30080
msgstr "Note the query time toward the end of the command output:"
30082
#: serverguide/C/dns.xml:395(programlisting)
30086
";; Query time: 49 msec\n"
30089
";; Query time: 49 msec\n"
30091
#: serverguide/C/dns.xml:398(para)
30092
msgid "After a second dig there should be improvement:"
30093
msgstr "After a second dig there should be improvement:"
30095
#: serverguide/C/dns.xml:401(programlisting)
30099
";; Query time: 1 msec\n"
30102
";; Query time: 1 msec\n"
30104
#: serverguide/C/dns.xml:408(title)
30108
#: serverguide/C/dns.xml:410(para)
30110
"Now to demonstrate how applications make use of DNS to resolve a host name "
30111
"use the <application>ping</application> utility to send an ICMP echo "
30112
"request. From a terminal prompt enter:"
30114
"Now to demonstrate how applications make use of DNS to resolve a host name "
30115
"use the <application>ping</application> utility to send an ICMP echo "
30116
"request. From a terminal prompt enter:"
30118
#: serverguide/C/dns.xml:416(command)
30119
msgid "ping example.com"
30120
msgstr "ping example.com"
30122
#: serverguide/C/dns.xml:418(para)
30124
"This tests if the nameserver can resolve the name "
30125
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
30128
"This tests if the nameserver can resolve the name "
30129
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
30132
#: serverguide/C/dns.xml:422(programlisting)
30136
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
30137
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
30138
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
30141
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
30142
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
30143
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
30145
#: serverguide/C/dns.xml:429(title)
30146
msgid "named-checkzone"
30147
msgstr "named-checkzone"
30149
#: serverguide/C/dns.xml:430(para)
30151
"A great way to test your zone files is by using the <application>named-"
30152
"checkzone</application> utility installed with the "
30153
"<application>bind9</application> package. This utility allows you to make "
30154
"sure the configuration is correct before restarting "
30155
"<application>BIND9</application> and making the changes live."
30157
"A great way to test your zone files is by using the <application>named-"
30158
"checkzone</application> utility installed with the "
30159
"<application>bind9</application> package. This utility allows you to make "
30160
"sure the configuration is correct before restarting "
30161
"<application>BIND9</application> and making the changes live."
30163
#: serverguide/C/dns.xml:437(para)
30165
"To test our example Forward zone file enter the following from a command "
30168
"To test our example Forward zone file enter the following from a command "
30171
#: serverguide/C/dns.xml:441(command)
30172
msgid "named-checkzone example.com /etc/bind/db.example.com"
30173
msgstr "named-checkzone example.com /etc/bind/db.example.com"
30175
#: serverguide/C/dns.xml:443(para)
30177
"If everything is configured correctly you should see output similar to:"
30179
"If everything is configured correctly you should see output similar to:"
30181
#: serverguide/C/dns.xml:446(programlisting)
30185
"zone example.com/IN: loaded serial 6\n"
30189
"zone example.com/IN: loaded serial 6\n"
30192
#: serverguide/C/dns.xml:452(para)
30193
msgid "Similarly, to test the Reverse zone file enter the following:"
30194
msgstr "Similarly, to test the Reverse zone file enter the following:"
30196
#: serverguide/C/dns.xml:456(command)
30197
msgid "named-checkzone example.com /etc/bind/db.192"
30198
msgstr "named-checkzone example.com /etc/bind/db.192"
30200
#: serverguide/C/dns.xml:458(para)
30201
msgid "The output should be similar to:"
30202
msgstr "The output should be similar to:"
30204
#: serverguide/C/dns.xml:461(programlisting)
30208
"zone example.com/IN: loaded serial 3\n"
30212
"zone example.com/IN: loaded serial 3\n"
30215
#: serverguide/C/dns.xml:468(para)
30217
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
30220
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
30223
#: serverguide/C/dns.xml:475(title)
30227
#: serverguide/C/dns.xml:476(para)
30229
"<application>BIND9</application> has a wide variety of logging configuration "
30230
"options available. There are two main options. The "
30231
"<emphasis>channel</emphasis> option configures where logs go, and the "
30232
"<emphasis>category</emphasis> option determines what information to log."
30234
"<application>BIND9</application> has a wide variety of logging configuration "
30235
"options available. There are two main options. The "
30236
"<emphasis>channel</emphasis> option configures where logs go, and the "
30237
"<emphasis>category</emphasis> option determines what information to log."
30239
#: serverguide/C/dns.xml:480(para)
30240
msgid "If no logging option is configured the default option is:"
30241
msgstr "If no logging option is configured the default option is:"
30243
#: serverguide/C/dns.xml:483(programlisting)
30248
" category default { default_syslog; default_debug; };\n"
30249
" category unmatched { null; };\n"
30254
" category default { default_syslog; default_debug; };\n"
30255
" category unmatched { null; };\n"
30258
#: serverguide/C/dns.xml:489(para)
30260
"This section covers configuring <application>BIND9</application> to send "
30261
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
30264
"This section covers configuring <application>BIND9</application> to send "
30265
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
30268
#: serverguide/C/dns.xml:494(para)
30270
"First, we need to configure a channel to specify which file to send the "
30271
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
30274
"First, we need to configure a channel to specify which file to send the "
30275
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
30278
#: serverguide/C/dns.xml:498(programlisting)
30283
" channel query.log { \n"
30284
" file \"/var/log/query.log\";\n"
30285
" severity debug 3; \n"
30291
" channel query.log { \n"
30292
" file \"/var/log/query.log\";\n"
30293
" severity debug 3; \n"
30297
#: serverguide/C/dns.xml:508(para)
30298
msgid "Next, configure a category to send all DNS queries to the query file:"
30300
"Next, configure a category to send all DNS queries to the query file:"
30302
#: serverguide/C/dns.xml:511(programlisting)
30307
" channel query.log { \n"
30308
" file \"/var/log/query.log\"; \n"
30309
" severity debug 3; \n"
30311
" <emphasis>category queries { query.log; };</emphasis> \n"
30316
" channel query.log { \n"
30317
" file \"/var/log/query.log\"; \n"
30318
" severity debug 3; \n"
30320
" <emphasis>category queries { query.log; };</emphasis> \n"
30323
#: serverguide/C/dns.xml:523(para)
30325
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
30326
"level isn't specified level 1 is the default."
30328
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
30329
"level isn't specified level 1 is the default."
30331
#: serverguide/C/dns.xml:529(para)
30333
"Since the <emphasis>named daemon</emphasis> runs as the "
30334
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
30335
"file must be created and the ownership changed:"
30337
"Since the <emphasis>named daemon</emphasis> runs as the "
30338
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
30339
"file must be created and the ownership changed:"
30341
#: serverguide/C/dns.xml:534(command)
30342
msgid "sudo touch /var/log/query.log"
30343
msgstr "sudo touch /var/log/query.log"
30345
#: serverguide/C/dns.xml:535(command)
30346
msgid "sudo chown bind /var/log/query.log"
30347
msgstr "sudo chown bind /var/log/query.log"
30349
#: serverguide/C/dns.xml:539(para)
30351
"Before <application>named</application> daemon can write to the new log file "
30352
"the <application>AppArmor</application> profile must be updated. First, edit "
30353
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
30355
"Before <application>named</application> daemon can write to the new log file "
30356
"the <application>AppArmor</application> profile must be updated. First, edit "
30357
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
30359
#: serverguide/C/dns.xml:543(programlisting)
30363
"/var/log/query.log w,\n"
30366
"/var/log/query.log w,\n"
30368
#: serverguide/C/dns.xml:546(para)
30369
msgid "Next, reload the profile:"
30370
msgstr "Next, reload the profile:"
30372
#: serverguide/C/dns.xml:550(command)
30373
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
30374
msgstr "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
30376
#: serverguide/C/dns.xml:552(para)
30378
"For more information on <application>AppArmor</application> see <xref "
30379
"linkend=\"apparmor\"/>"
30381
"For more information on <application>AppArmor</application> see <xref "
30382
"linkend=\"apparmor\"/>"
30384
#: serverguide/C/dns.xml:557(para)
30386
"Now restart <application>BIND9</application> for the changes to take effect:"
30388
"Now restart <application>BIND9</application> for the changes to take effect:"
30390
#: serverguide/C/dns.xml:565(para)
30392
"You should see the file <filename>/var/log/query.log</filename> fill with "
30393
"query information. This is a simple example of the "
30394
"<application>BIND9</application> logging options. For coverage of advanced "
30395
"options see <xref linkend=\"dns-more-info\"/>."
30397
"You should see the file <filename>/var/log/query.log</filename> fill with "
30398
"query information. This is a simple example of the "
30399
"<application>BIND9</application> logging options. For coverage of advanced "
30400
"options see <xref linkend=\"dns-more-info\"/>."
30402
#: serverguide/C/dns.xml:574(title)
30403
msgid "Common Record Types"
30404
msgstr "Common Record Types"
30406
#: serverguide/C/dns.xml:575(para)
30407
msgid "This section covers some of the most common DNS record types."
30408
msgstr "This section covers some of the most common DNS record types."
30410
#: serverguide/C/dns.xml:580(para)
30412
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
30414
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
30416
#: serverguide/C/dns.xml:583(programlisting)
30420
"www IN A 192.168.1.12\n"
30423
"www IN A 192.168.1.12\n"
30425
#: serverguide/C/dns.xml:588(para)
30427
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
30428
"record. You cannot create a CNAME record pointing to another CNAME record."
30430
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
30431
"record. You cannot create a CNAME record pointing to another CNAME record."
30433
#: serverguide/C/dns.xml:591(programlisting)
30437
"web IN CNAME www\n"
30440
"web IN CNAME www\n"
30442
#: serverguide/C/dns.xml:596(para)
30444
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
30445
"to. Must point to an A record, not a CNAME."
30447
"<emphasis>MX</emphasis> record: Used to define where e-mail should be sent "
30448
"to. Must point to an A record, not a CNAME."
30450
#: serverguide/C/dns.xml:599(programlisting)
30454
" IN MX 1 mail.example.com.\n"
30455
"mail IN A 192.168.1.13\n"
30458
" IN MX 1 mail.example.com.\n"
30459
"mail IN A 192.168.1.13\n"
30461
#: serverguide/C/dns.xml:605(para)
30463
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
30464
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
30465
"Secondary servers are defined."
30467
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
30468
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
30469
"Secondary servers are defined."
30471
#: serverguide/C/dns.xml:609(programlisting)
30475
" IN NS ns.example.com.\n"
30476
"\tIN NS ns2.example.com.\n"
30477
"ns IN A 192.168.1.10\n"
30478
"ns2\tIN A\t 192.168.1.11\n"
30481
" IN NS ns.example.com.\n"
30482
"\tIN NS ns2.example.com.\n"
30483
"ns IN A 192.168.1.10\n"
30484
"ns2\tIN A\t 192.168.1.11\n"
30486
#: serverguide/C/dns.xml:622(para)
30488
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
30489
"HOWTO</ulink> explains more advanced options for configuring BIND9."
30491
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
30492
"HOWTO</ulink> explains more advanced options for configuring BIND9."
30494
#: serverguide/C/dns.xml:627(para)
30496
"For in depth coverage of <emphasis>DNS</emphasis> and "
30497
"<application>BIND9</application> see <ulink "
30498
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
30500
"For in depth coverage of <emphasis>DNS</emphasis> and "
30501
"<application>BIND9</application> see <ulink "
30502
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
30504
#: serverguide/C/dns.xml:632(para)
30506
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
30507
"BIND</ulink> is a popular book now in it's fifth edition."
30509
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
30510
"BIND</ulink> is a popular book now in it's fifth edition."
30512
#: serverguide/C/dns.xml:637(para)
30514
"A great place to ask for <application>BIND9</application> assistance, and "
30515
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
30516
"server</emphasis> IRC channel on <ulink "
30517
"url=\"http://freenode.net\">freenode</ulink>."
30519
"A great place to ask for <application>BIND9</application> assistance, and "
30520
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
30521
"server</emphasis> IRC channel on <ulink "
30522
"url=\"http://freenode.net\">freenode</ulink>."
30524
#: serverguide/C/dns.xml:643(para)
30526
"Also, see the <ulink "
30527
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
30528
"HOWTO</ulink> in the Ubuntu Wiki."
30530
"Also, see the <ulink "
30531
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
30532
"HOWTO</ulink> in the Ubuntu Wiki."
30534
#: serverguide/C/databases.xml:13(title)
30538
#: serverguide/C/databases.xml:14(para)
30539
msgid "Ubuntu provides two popular database servers. They are:"
30540
msgstr "Ubuntu provides two popular database servers. They are:"
30542
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
30544
msgstr "PostgreSQL"
30546
#: serverguide/C/databases.xml:25(para)
30548
"They are available in the main repository. This section explains how to "
30549
"install and configure these database servers."
30551
"They are available in the main repository. This section explains how to "
30552
"install and configure these database servers."
30554
#: serverguide/C/databases.xml:32(para)
30556
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
30557
"It is intended for mission-critical, heavy-load production systems as well "
30558
"as for embedding into mass-deployed software."
30560
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
30561
"It is intended for mission-critical, heavy-load production systems as well "
30562
"as for embedding into mass-deployed software."
30564
#: serverguide/C/databases.xml:41(para)
30565
msgid "To install MySQL, run the following command from a terminal prompt:"
30566
msgstr "To install MySQL, run the following command from a terminal prompt:"
30568
#: serverguide/C/databases.xml:46(command)
30569
msgid "sudo apt-get install mysql-server"
30570
msgstr "sudo apt-get install mysql-server"
30572
#: serverguide/C/databases.xml:48(para)
30574
"During the installation process you will be prompted to enter a password for "
30575
"the <application>MySQL</application> root user."
30577
"During the installation process you will be prompted to enter a password for "
30578
"the <application>MySQL</application> root user."
30580
#: serverguide/C/databases.xml:53(para)
30582
"Once the installation is complete, the MySQL server should be started "
30583
"automatically. You can run the following command from a terminal prompt to "
30584
"check whether the MySQL server is running:"
30586
"Once the installation is complete, the MySQL server should be started "
30587
"automatically. You can run the following command from a terminal prompt to "
30588
"check whether the MySQL server is running:"
30590
#: serverguide/C/databases.xml:61(command)
30591
msgid "sudo netstat -tap | grep mysql"
30592
msgstr "sudo netstat -tap | grep mysql"
30594
#: serverguide/C/databases.xml:70(programlisting)
30598
"tcp 0 0 localhost:mysql *:* LISTEN "
30602
"tcp 0 0 localhost:mysql *:* LISTEN "
30605
#: serverguide/C/databases.xml:74(para)
30607
"If the server is not running correctly, you can type the following command "
30610
"If the server is not running correctly, you can type the following command "
30613
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
30614
msgid "sudo /etc/init.d/mysql restart"
30615
msgstr "sudo /etc/init.d/mysql restart"
30617
#: serverguide/C/databases.xml:85(para)
30619
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
30620
"the basic settings -- log file, port number, etc. For example, to configure "
30621
"<application>MySQL</application> to listen for connections from network "
30622
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
30623
"server's IP address:"
30625
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
30626
"the basic settings -- log file, port number, etc. For example, to configure "
30627
"<application>MySQL</application> to listen for connections from network "
30628
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
30629
"server's IP address:"
30631
#: serverguide/C/databases.xml:91(programlisting)
30635
"bind-address = 192.168.0.5\n"
30638
"bind-address = 192.168.0.5\n"
30640
#: serverguide/C/databases.xml:95(para)
30641
msgid "Replace 192.168.0.5 with the appropriate address."
30642
msgstr "Replace 192.168.0.5 with the appropriate address."
30644
#: serverguide/C/databases.xml:99(para)
30646
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
30647
"<application>mysql</application> daemon will need to be restarted:"
30649
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
30650
"<application>mysql</application> daemon will need to be restarted:"
30652
#: serverguide/C/databases.xml:107(para)
30654
"If you would like to change the "
30655
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
30658
"If you would like to change the "
30659
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
30662
#: serverguide/C/databases.xml:113(command)
30663
msgid "sudo dpkg-reconfigure mysql-server-5.1"
30664
msgstr "sudo dpkg-reconfigure mysql-server-5.1"
30666
#: serverguide/C/databases.xml:116(para)
30668
"The <application>mysql</application> daemon will be stopped, and you will be "
30669
"prompted to enter a new password."
30671
"The <application>mysql</application> daemon will be stopped, and you will be "
30672
"prompted to enter a new password."
30674
#: serverguide/C/databases.xml:125(para)
30676
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
30677
"more information."
30679
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
30680
"more information."
30682
#: serverguide/C/databases.xml:130(para)
30684
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
30685
"<application>mysql-doc-5.0</application> package. To install the package "
30686
"enter the following in a terminal:"
30688
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
30689
"<application>mysql-doc-5.0</application> package. To install the package "
30690
"enter the following in a terminal:"
30692
#: serverguide/C/databases.xml:135(command)
30693
msgid "sudo apt-get install mysql-doc-5.0"
30694
msgstr "sudo apt-get install mysql-doc-5.0"
30696
#: serverguide/C/databases.xml:137(para)
30698
"The documentation is in HTML format, to view them enter "
30699
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
30700
"chapter/index.html</command> in your browser's address bar."
30702
"The documentation is in HTML format, to view them enter "
30703
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
30704
"chapter/index.html</command> in your browser's address bar."
30706
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
30708
"For general SQL information see <ulink "
30709
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
30710
"Special Edition</ulink> by Rafe Colburn."
30712
"For general SQL information see <ulink "
30713
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
30714
"Special Edition</ulink> by Rafe Colburn."
30716
#: serverguide/C/databases.xml:149(para)
30718
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
30719
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
30721
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
30722
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
30724
#: serverguide/C/databases.xml:158(para)
30726
"PostgreSQL is an object-relational database system that has the features of "
30727
"traditional commercial database systems with enhancements to be found in "
30728
"next-generation DBMS systems."
30730
"PostgreSQL is an object-relational database system that has the features of "
30731
"traditional commercial database systems with enhancements to be found in "
30732
"next-generation DBMS systems."
30734
#: serverguide/C/databases.xml:165(para)
30736
"To install PostgreSQL, run the following command in the command prompt:"
30738
"To install PostgreSQL, run the following command in the command prompt:"
30740
#: serverguide/C/databases.xml:172(command)
30741
msgid "sudo apt-get install postgresql"
30742
msgstr "sudo apt-get install postgresql"
30744
#: serverguide/C/databases.xml:176(para)
30746
"Once the installation is complete, you should configure the PostgreSQL "
30747
"server based on your needs, although the default configuration is viable."
30749
"Once the installation is complete, you should configure the PostgreSQL "
30750
"server based on your needs, although the default configuration is viable."
30752
#: serverguide/C/databases.xml:184(para)
30754
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
30755
"client authentication methods. By default, IDENT authentication method is "
30756
"used for <application>postgres</application> and local users. Please refer "
30757
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
30758
"PostgreSQL Administrator's Guide</ulink>."
30760
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
30761
"client authentication methods. By default, IDENT authentication method is "
30762
"used for <application>postgres</application> and local users. Please refer "
30763
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
30764
"PostgreSQL Administrator's Guide</ulink>."
30766
#: serverguide/C/databases.xml:191(para)
30768
"The following discussion assumes that you wish to enable TCP/IP connections "
30769
"and use the MD5 method for client authentication. PostgreSQL configuration "
30770
"files are stored in the "
30771
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
30772
"example, if you install PostgreSQL 8.4, the configuration files are stored "
30773
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
30775
"The following discussion assumes that you wish to enable TCP/IP connections "
30776
"and use the MD5 method for client authentication. PostgreSQL configuration "
30777
"files are stored in the "
30778
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
30779
"example, if you install PostgreSQL 8.4, the configuration files are stored "
30780
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
30782
#: serverguide/C/databases.xml:201(para)
30784
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
30785
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
30787
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
30788
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
30790
#: serverguide/C/databases.xml:208(para)
30792
"To enable TCP/IP connections, edit the file "
30793
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
30795
"To enable TCP/IP connections, edit the file "
30796
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
30798
#: serverguide/C/databases.xml:210(para)
30800
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
30803
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
30806
#: serverguide/C/databases.xml:213(programlisting)
30810
"listen_addresses = 'localhost'\n"
30813
"listen_addresses = 'localhost'\n"
30815
#: serverguide/C/databases.xml:217(para)
30817
"To allow other computers to connect to your "
30818
"<application>PostgreSQL</application> server replace 'localhost' with the "
30819
"<emphasis>IP Address</emphasis> of your server."
30821
"To allow other computers to connect to your "
30822
"<application>PostgreSQL</application> server replace 'localhost' with the "
30823
"<emphasis>IP Address</emphasis> of your server."
30825
#: serverguide/C/databases.xml:222(para)
30827
"You may also edit all other parameters, if you know what you are doing! For "
30828
"details, refer to the configuration file or to the PostgreSQL documentation."
30830
"You may also edit all other parameters, if you know what you are doing! For "
30831
"details, refer to the configuration file or to the PostgreSQL documentation."
30833
#: serverguide/C/databases.xml:227(para)
30835
"Now that we can connect to our <application>PostgreSQL</application> server, "
30836
"the next step is to set a password for the <emphasis>postgres</emphasis> "
30837
"user. Run the following command at a terminal prompt to connect to the "
30838
"default PostgreSQL template database:"
30840
"Now that we can connect to our <application>PostgreSQL</application> server, "
30841
"the next step is to set a password for the <emphasis>postgres</emphasis> "
30842
"user. Run the following command at a terminal prompt to connect to the "
30843
"default PostgreSQL template database:"
30845
#: serverguide/C/databases.xml:234(command)
30846
msgid "sudo -u postgres psql template1"
30847
msgstr "sudo -u postgres psql template1"
30849
#: serverguide/C/databases.xml:236(para)
30851
"The above command connects to PostgreSQL database "
30852
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
30853
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
30854
"run the following SQL command at the <application>psql</application> prompt "
30855
"to configure the password for the user <emphasis "
30856
"role=\"italics\">postgres</emphasis>."
30858
"The above command connects to PostgreSQL database "
30859
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
30860
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
30861
"run the following SQL command at the <application>psql</application> prompt "
30862
"to configure the password for the user <emphasis "
30863
"role=\"italics\">postgres</emphasis>."
30865
#: serverguide/C/databases.xml:244(command)
30866
msgid "ALTER USER postgres with encrypted password 'your_password';"
30867
msgstr "ALTER USER postgres with encrypted password 'your_password';"
30869
#: serverguide/C/databases.xml:246(para)
30871
"After configuring the password, edit the file "
30872
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
30873
"<emphasis>MD5</emphasis> authentication with the "
30874
"<emphasis>postgres</emphasis> user:"
30876
"After configuring the password, edit the file "
30877
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
30878
"<emphasis>MD5</emphasis> authentication with the "
30879
"<emphasis>postgres</emphasis> user:"
30881
#: serverguide/C/databases.xml:252(programlisting)
30885
"local all postgres md5\n"
30888
"local all postgres md5\n"
30890
#: serverguide/C/databases.xml:256(para)
30892
"Finally, you should restart the <application>PostgreSQL</application> "
30893
"service to initialize the new configuration. From a terminal prompt enter "
30894
"the following to restart <application>PostgreSQL</application>:"
30896
"Finally, you should restart the <application>PostgreSQL</application> "
30897
"service to initialise the new configuration. From a terminal prompt enter "
30898
"the following to restart <application>PostgreSQL</application>:"
30900
#: serverguide/C/databases.xml:262(command)
30901
msgid "sudo /etc/init.d/postgresql-8.4 restart"
30902
msgstr "sudo /etc/init.d/postgresql-8.4 restart"
30904
#: serverguide/C/databases.xml:265(para)
30906
"The above configuration is not complete by any means. Please refer <ulink "
30907
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
30908
"Administrator's Guide</ulink> to configure more parameters."
30910
"The above configuration is not complete by any means. Please refer <ulink "
30911
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
30912
"Administrator's Guide</ulink> to configure more parameters."
30914
#: serverguide/C/databases.xml:276(para)
30916
"As mentioned above the <ulink "
30917
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
30918
"Guide</ulink> is an excellent resource. The guide is also available in the "
30919
"<application>postgresql-doc-8.4</application> package. Execute the following "
30920
"in a terminal to install the package:"
30922
"As mentioned above the <ulink "
30923
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
30924
"Guide</ulink> is an excellent resource. The guide is also available in the "
30925
"<application>postgresql-doc-8.4</application> package. Execute the following "
30926
"in a terminal to install the package:"
30928
#: serverguide/C/databases.xml:282(command)
30929
msgid "sudo apt-get install postgresql-doc-8.4"
30930
msgstr "sudo apt-get install postgresql-doc-8.4"
30932
#: serverguide/C/databases.xml:284(para)
30934
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
30935
"8.4/html/index.html</command> into the address bar of your browser."
30937
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
30938
"8.4/html/index.html</command> into the address bar of your browser."
30940
#: serverguide/C/databases.xml:296(para)
30942
"Also, see the <ulink "
30943
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
30944
"Wiki</ulink> page for more information."
30946
"Also, see the <ulink "
30947
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
30948
"Wiki</ulink> page for more information."
30950
#: serverguide/C/clustering.xml:13(title)
30952
msgstr "Clustering"
30954
#: serverguide/C/clustering.xml:16(title)
30958
#: serverguide/C/clustering.xml:18(para)
30960
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
30961
"multiple hosts. The replication is transparent to other applications on the "
30962
"host systems. Any block device hard disks, partitions, RAID devices, logical "
30963
"volumes, etc can be mirrored."
30965
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
30966
"multiple hosts. The replication is transparent to other applications on the "
30967
"host systems. Any block device hard disks, partitions, RAID devices, logical "
30968
"volumes, etc can be mirrored."
30970
#: serverguide/C/clustering.xml:24(para)
30972
"To get started using <application>drbd</application>, first install the "
30973
"necessary packages. From a terminal enter:"
30975
"To get started using <application>drbd</application>, first install the "
30976
"necessary packages. From a terminal enter:"
30978
#: serverguide/C/clustering.xml:29(command)
30979
msgid "sudo apt-get install drbd8-utils"
30980
msgstr "sudo apt-get install drbd8-utils"
30982
#: serverguide/C/clustering.xml:33(para)
30984
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
30985
"virtual machine you will need to manually compile the "
30986
"<application>drbd</application> module. It may be easier to install the "
30987
"<application>linux-server</application> package inside the virtual machine."
30989
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
30990
"virtual machine you will need to manually compile the "
30991
"<application>drbd</application> module. It may be easier to install the "
30992
"<application>linux-server</application> package inside the virtual machine."
30994
#: serverguide/C/clustering.xml:40(para)
30996
"This section covers setting up a <application>drbd</application> to "
30997
"replicate a separate <filename>/srv</filename> partition, with an "
30998
"<application>ext3</application> filesystem between two hosts. The partition "
30999
"size is not particularly relevant, but both partitions need to be the same "
31002
"This section covers setting up a <application>drbd</application> to "
31003
"replicate a separate <filename>/srv</filename> partition, with an "
31004
"<application>ext3</application> filesystem between two hosts. The partition "
31005
"size is not particularly relevant, but both partitions need to be the same "
31008
#: serverguide/C/clustering.xml:49(para)
31010
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
31011
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
31012
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
31013
"See <xref linkend=\"dns\"/> for details."
31015
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
31016
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
31017
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
31018
"See <xref linkend=\"dns\"/> for details."
31020
#: serverguide/C/clustering.xml:57(para)
31022
"To configure <application>drbd</application>, on the first host edit "
31023
"<filename>/etc/drbd.conf</filename>:"
31025
"To configure <application>drbd</application>, on the first host edit "
31026
"<filename>/etc/drbd.conf</filename>:"
31028
#: serverguide/C/clustering.xml:61(programlisting)
31032
"global { usage-count no; }\n"
31033
"common { syncer { rate 100M; } }\n"
31037
" wfc-timeout 15;\n"
31038
" degr-wfc-timeout 60;\n"
31041
" cram-hmac-alg sha1;\n"
31042
" shared-secret \"secret\";\n"
31045
" device /dev/drbd0;\n"
31046
" disk /dev/sdb1;\n"
31047
" address 192.168.0.1:7788;\n"
31048
" meta-disk internal;\n"
31051
" device /dev/drbd0;\n"
31052
" disk /dev/sdb1;\n"
31053
" address 192.168.0.2:7788;\n"
31054
" meta-disk internal;\n"
31059
"global { usage-count no; }\n"
31060
"common { syncer { rate 100M; } }\n"
31064
" wfc-timeout 15;\n"
31065
" degr-wfc-timeout 60;\n"
31068
" cram-hmac-alg sha1;\n"
31069
" shared-secret \"secret\";\n"
31072
" device /dev/drbd0;\n"
31073
" disk /dev/sdb1;\n"
31074
" address 192.168.0.1:7788;\n"
31075
" meta-disk internal;\n"
31078
" device /dev/drbd0;\n"
31079
" disk /dev/sdb1;\n"
31080
" address 192.168.0.2:7788;\n"
31081
" meta-disk internal;\n"
31085
#: serverguide/C/clustering.xml:90(para)
31087
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
31088
"this example their default values are fine."
31090
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
31091
"this example their default values are fine."
31093
#: serverguide/C/clustering.xml:98(para)
31094
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
31095
msgstr "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
31097
#: serverguide/C/clustering.xml:103(command)
31098
msgid "scp /etc/drbd.conf drbd02:~"
31099
msgstr "scp /etc/drbd.conf drbd02:~"
31101
#: serverguide/C/clustering.xml:109(para)
31103
"And, on <emphasis>drbd02</emphasis> move the file to "
31104
"<filename>/etc</filename>:"
31106
"And, on <emphasis>drbd02</emphasis> move the file to "
31107
"<filename>/etc</filename>:"
31109
#: serverguide/C/clustering.xml:114(command)
31110
msgid "sudo mv drbd.conf /etc/"
31111
msgstr "sudo mv drbd.conf /etc/"
31113
#: serverguide/C/clustering.xml:120(para)
31115
"Next, on both hosts, start the <application>drbd</application> daemon:"
31117
"Next, on both hosts, start the <application>drbd</application> daemon:"
31119
#: serverguide/C/clustering.xml:125(command)
31120
msgid "sudo /etc/init.d/drbd start"
31121
msgstr "sudo /etc/init.d/drbd start"
31123
#: serverguide/C/clustering.xml:131(para)
31125
"Now using the <application>drbdadm</application> utility initialize the meta "
31126
"data storage. On each server execute:"
31128
"Now using the <application>drbdadm</application> utility initialise the meta "
31129
"data storage. On each server execute:"
31131
#: serverguide/C/clustering.xml:137(command)
31132
msgid "sudo drbdadm create-md r0"
31133
msgstr "sudo drbdadm create-md r0"
31135
#: serverguide/C/clustering.xml:143(para)
31137
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
31138
"primary, enter the following:"
31140
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
31141
"primary, enter the following:"
31143
#: serverguide/C/clustering.xml:148(command)
31144
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
31145
msgstr "sudo drbdadm -- --overwrite-data-of-peer primary all"
31147
#: serverguide/C/clustering.xml:154(para)
31149
"After executing the above command, the data will start syncing with the "
31150
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
31153
"After executing the above command, the data will start syncing with the "
31154
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
31157
#: serverguide/C/clustering.xml:160(command)
31158
msgid "watch -n1 cat /proc/drbd"
31159
msgstr "watch -n1 cat /proc/drbd"
31161
#: serverguide/C/clustering.xml:163(para)
31162
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
31163
msgstr "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
31165
#: serverguide/C/clustering.xml:170(para)
31167
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
31169
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
31171
#: serverguide/C/clustering.xml:175(command)
31172
msgid "sudo mkfs.ext3 /dev/drbd0"
31173
msgstr "sudo mkfs.ext3 /dev/drbd0"
31175
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
31176
msgid "sudo mount /dev/drbd0 /srv"
31177
msgstr "sudo mount /dev/drbd0 /srv"
31179
#: serverguide/C/clustering.xml:186(para)
31181
"To test that the data is actually syncing between the hosts copy some files "
31182
"on the <emphasis>drbd01</emphasis>, the primary, to "
31183
"<filename>/srv</filename>:"
31185
"To test that the data is actually syncing between the hosts copy some files "
31186
"on the <emphasis>drbd01</emphasis>, the primary, to "
31187
"<filename>/srv</filename>:"
31189
#: serverguide/C/clustering.xml:195(para)
31190
msgid "Next, unmount <filename>/srv</filename>:"
31191
msgstr "Next, unmount <filename>/srv</filename>:"
31193
#: serverguide/C/clustering.xml:203(para)
31195
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
31196
"<emphasis>secondary</emphasis> role:"
31198
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
31199
"<emphasis>secondary</emphasis> role:"
31201
#: serverguide/C/clustering.xml:208(command)
31202
msgid "sudo drbdadm secondary r0"
31203
msgstr "sudo drbdadm secondary r0"
31205
#: serverguide/C/clustering.xml:211(para)
31207
"Now on the <emphasis>secondary</emphasis> server "
31208
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
31210
"Now on the <emphasis>secondary</emphasis> server "
31211
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
31213
#: serverguide/C/clustering.xml:216(command)
31214
msgid "sudo drbdadm primary r0"
31215
msgstr "sudo drbdadm primary r0"
31217
#: serverguide/C/clustering.xml:219(para)
31218
msgid "Lastly, mount the partition:"
31219
msgstr "Lastly, mount the partition:"
31221
#: serverguide/C/clustering.xml:227(para)
31223
"Using <emphasis>ls</emphasis> you should see "
31224
"<filename>/srv/default</filename> copied from the former "
31225
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
31227
"Using <emphasis>ls</emphasis> you should see "
31228
"<filename>/srv/default</filename> copied from the former "
31229
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
31231
#: serverguide/C/clustering.xml:238(para)
31233
"For more information on <application>DRBD</application> see the <ulink "
31234
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
31236
"For more information on <application>DRBD</application> see the <ulink "
31237
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
31239
#: serverguide/C/clustering.xml:243(para)
31242
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
31243
">drbd.conf man page</ulink> contains details on the options not covered in "
31247
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
31248
">drbd.conf man page</ulink> contains details on the options not covered in "
31251
#: serverguide/C/clustering.xml:249(para)
31253
"Also, see the <ulink "
31254
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
31255
"rbdadm man page</ulink>."
31257
"Also, see the <ulink "
31258
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
31259
"rbdadm man page</ulink>."
31261
#: serverguide/C/clustering.xml:254(para)
31263
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
31264
"Wiki</ulink> page also has more information."
31266
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
31267
"Wiki</ulink> page also has more information."
31269
#: serverguide/C/chat.xml:13(title)
31270
msgid "Chat Applications"
31271
msgstr "Chat Applications"
31273
#: serverguide/C/chat.xml:19(para)
31275
"In this section, we will discuss how to install and configure a IRC server, "
31276
"<application>ircd-irc2</application>. We will also discuss how to install "
31277
"and configure Jabber, an instance messaging server."
31279
"In this section, we will discuss how to install and configure a IRC server, "
31280
"<application>ircd-irc2</application>. We will also discuss how to install "
31281
"and configure Jabber, an instance messaging server."
31283
#: serverguide/C/chat.xml:28(title)
31285
msgstr "IRC Server"
31287
#: serverguide/C/chat.xml:30(para)
31289
"The Ubuntu repository has many Internet Relay Chat servers. This section "
31290
"explains how to install and configure the original IRC server "
31291
"<application>ircd-irc2</application>."
31293
"The Ubuntu repository has many Internet Relay Chat servers. This section "
31294
"explains how to install and configure the original IRC server "
31295
"<application>ircd-irc2</application>."
31297
#: serverguide/C/chat.xml:39(para)
31299
"To install <application>ircd-irc2</application>, run the following command "
31300
"in the command prompt:"
31302
"To install <application>ircd-irc2</application>, run the following command "
31303
"in the command prompt:"
31305
#: serverguide/C/chat.xml:45(command)
31306
msgid "sudo apt-get install ircd-irc2"
31307
msgstr "sudo apt-get install ircd-irc2"
31309
#: serverguide/C/chat.xml:48(para)
31311
"The configuration files are stored in <filename>/etc/ircd</filename> "
31312
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
31313
"irc2</filename> directory."
31315
"The configuration files are stored in <filename>/etc/ircd</filename> "
31316
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
31317
"irc2</filename> directory."
31319
#: serverguide/C/chat.xml:59(para)
31321
"The IRC settings can be done in the configuration file "
31322
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
31323
"this file by editing the following line:"
31325
"The IRC settings can be done in the configuration file "
31326
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
31327
"this file by editing the following line:"
31329
#: serverguide/C/chat.xml:64(programlisting)
31333
"M:irc.localhost::Debian ircd default configuration::000A\n"
31336
"M:irc.localhost::Debian ircd default configuration::000A\n"
31338
#: serverguide/C/chat.xml:68(para)
31340
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
31341
"you set irc.livecipher.com as IRC host name, please make sure "
31342
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
31343
"name should not be same as the host name."
31345
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
31346
"you set irc.livecipher.com as IRC host name, please make sure "
31347
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
31348
"name should not be same as the host name."
31350
#: serverguide/C/chat.xml:75(para)
31352
"The IRC admin details can be configured by editing the following line:"
31354
"The IRC admin details can be configured by editing the following line:"
31356
#: serverguide/C/chat.xml:80(programlisting)
31360
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
31361
"Server::IRCnet:\n"
31364
"A:Organisation, IRC dept.:Daemon <ircd@example.irc.org>:Client "
31365
"Server::IRCnet:\n"
31367
#: serverguide/C/chat.xml:84(para)
31369
"You should add specific lines to configure the list of IRC ports to listen "
31370
"on, to configure Operator credentials, to configure client authentication, "
31371
"etc. For details, please refer to the example configuration file "
31372
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
31374
"You should add specific lines to configure the list of IRC ports to listen "
31375
"on, to configure Operator credentials, to configure client authentication, "
31376
"etc. For details, please refer to the example configuration file "
31377
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
31379
#: serverguide/C/chat.xml:92(para)
31381
"The IRC banner to be displayed in the IRC client, when the user connects to "
31382
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
31384
"The IRC banner to be displayed in the IRC client, when the user connects to "
31385
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
31387
#: serverguide/C/chat.xml:97(para)
31389
"After making necessary changes to the configuration file, you can restart "
31390
"the IRC server using following command:"
31392
"After making necessary changes to the configuration file, you can restart "
31393
"the IRC server using following command:"
31395
#: serverguide/C/chat.xml:101(programlisting)
31399
"sudo /etc/init.d/ircd-irc2 restart\n"
31402
"sudo /etc/init.d/ircd-irc2 restart\n"
31404
#: serverguide/C/chat.xml:109(para)
31406
"You may also be interested to take a look at other IRC servers available in "
31407
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
31408
"<application>ircd-hybrid</application>."
31410
"You may also be interested to take a look at other IRC servers available in "
31411
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
31412
"<application>ircd-hybrid</application>."
31414
#: serverguide/C/chat.xml:117(para)
31416
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
31417
"FAQ</ulink> for more details about the IRC Server."
31419
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
31420
"FAQ</ulink> for more details about the IRC Server."
31422
#: serverguide/C/chat.xml:124(para)
31424
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
31425
"IRCD</ulink> page has more information."
31427
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
31428
"IRCD</ulink> page has more information."
31430
#: serverguide/C/chat.xml:132(title)
31431
msgid "Jabber Instant Messaging Server"
31432
msgstr "Jabber Instant Messaging Server"
31434
#: serverguide/C/chat.xml:134(para)
31436
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
31437
"XMPP, an open standard for instant messaging, and used by many popular "
31438
"applications. This section covers setting up a <emphasis>Jabberd "
31439
"2</emphasis> server on a local LAN. This configuration can also be adapted "
31440
"to providing messaging services to users over the Internet."
31442
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
31443
"XMPP, an open standard for instant messaging, and used by many popular "
31444
"applications. This section covers setting up a <emphasis>Jabberd "
31445
"2</emphasis> server on a local LAN. This configuration can also be adapted "
31446
"to providing messaging services to users over the Internet."
31448
#: serverguide/C/chat.xml:143(para)
31449
msgid "To install <application>jabberd2</application>, in a terminal enter:"
31450
msgstr "To install <application>jabberd2</application>, in a terminal enter:"
31452
#: serverguide/C/chat.xml:148(command)
31453
msgid "sudo apt-get install jabberd2"
31454
msgstr "sudo apt-get install jabberd2"
31456
#: serverguide/C/chat.xml:155(para)
31458
"A couple of XML configuration files will be used to configure "
31459
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
31460
"authentication. This is a very simple form of authentication. However, "
31461
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
31462
"Postgresql, etc for for user authentication."
31464
"A couple of XML configuration files will be used to configure "
31465
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
31466
"authentication. This is a very simple form of authentication. However, "
31467
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
31468
"Postgresql, etc for for user authentication."
31470
#: serverguide/C/chat.xml:162(para)
31471
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
31472
msgstr "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
31474
#: serverguide/C/chat.xml:166(programlisting)
31478
" <id>jabber.example.com</id>\n"
31481
" <id>jabber.example.com</id>\n"
31483
#: serverguide/C/chat.xml:171(para)
31485
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
31486
"id, of your server."
31488
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
31489
"id, of your server."
31491
#: serverguide/C/chat.xml:176(para)
31492
msgid "Now in the <storage> section change the <driver> to:"
31493
msgstr "Now in the <storage> section change the <driver> to:"
31495
#: serverguide/C/chat.xml:180(programlisting)
31499
" <driver>db</driver>\n"
31502
" <driver>db</driver>\n"
31504
#: serverguide/C/chat.xml:184(para)
31506
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
31507
"<emphasis><local></emphasis> section change:"
31509
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
31510
"<emphasis><local></emphasis> section change:"
31512
#: serverguide/C/chat.xml:188(programlisting)
31516
" <id>jabber.example.com</id>\n"
31519
" <id>jabber.example.com</id>\n"
31521
#: serverguide/C/chat.xml:192(para)
31523
"And in the <authreg> section adjust the <module> section to:"
31525
"And in the <authreg> section adjust the <module> section to:"
31527
#: serverguide/C/chat.xml:196(programlisting)
31531
" <module>db</module>\n"
31534
" <module>db</module>\n"
31536
#: serverguide/C/chat.xml:200(para)
31538
"Finally, restart <application>jabberd2</application> to enable the new "
31541
"Finally, restart <application>jabberd2</application> to enable the new "
31544
#: serverguide/C/chat.xml:205(command)
31545
msgid "sudo /etc/init.d/jabberd2 restart"
31546
msgstr "sudo /etc/init.d/jabberd2 restart"
31548
#: serverguide/C/chat.xml:208(para)
31550
"You should now be able to connect to the server using a Jabber client like "
31551
"<application>Pidgin</application> for example."
31553
"You should now be able to connect to the server using a Jabber client like "
31554
"<application>Pidgin</application> for example."
31556
#: serverguide/C/chat.xml:213(para)
31558
"The advantage of using Berkeley DB for user data is that after being "
31559
"configured no additional maintenance is required. If you need more control "
31560
"over user accounts and credentials another authentication method is "
31563
"The advantage of using Berkeley DB for user data is that after being "
31564
"configured no additional maintenance is required. If you need more control "
31565
"over user accounts and credentials another authentication method is "
31568
#: serverguide/C/chat.xml:225(para)
31570
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
31571
"Site</ulink> contains more details on configuring "
31572
"<application>Jabberd2</application>."
31574
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
31575
"Site</ulink> contains more details on configuring "
31576
"<application>Jabberd2</application>."
31578
#: serverguide/C/chat.xml:231(para)
31580
"For more authentication options see the <ulink "
31581
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
31584
"For more authentication options see the <ulink "
31585
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
31588
#: serverguide/C/chat.xml:236(para)
31590
"Also, the <ulink "
31591
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
31592
"Jabber Server Ubuntu Wiki</ulink> page has more information."
31594
"Also, the <ulink "
31595
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
31596
"Jabber Server Ubuntu Wiki</ulink> page has more information."
31598
#: serverguide/C/backups.xml:13(title)
31602
#: serverguide/C/backups.xml:14(para)
31604
"There are many ways to backup an Ubuntu installation. The most important "
31605
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
31606
"consisting of what to backup, where to back it up to, and how to restore it."
31608
"There are many ways to backup an Ubuntu installation. The most important "
31609
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
31610
"consisting of what to backup, where to back it up to, and how to restore it."
31612
#: serverguide/C/backups.xml:18(para)
31614
"The following sections discuss various ways of accomplishing these tasks."
31616
"The following sections discuss various ways of accomplishing these tasks."
31618
#: serverguide/C/backups.xml:22(title)
31619
msgid "Shell Scripts"
31620
msgstr "Shell Scripts"
31622
#: serverguide/C/backups.xml:23(para)
31624
"One of the simplest ways to backup a system is using a <emphasis>shell "
31625
"script</emphasis>. For example, a script can be used to configure which "
31626
"directories to backup, and use those directories as arguments to the "
31627
"<application>tar</application> utility creating an archive file. The archive "
31628
"file can then be moved or copied to another location. The archive can also "
31629
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
31631
"One of the simplest ways to backup a system is using a <emphasis>shell "
31632
"script</emphasis>. For example, a script can be used to configure which "
31633
"directories to backup, and use those directories as arguments to the "
31634
"<application>tar</application> utility creating an archive file. The archive "
31635
"file can then be moved or copied to another location. The archive can also "
31636
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
31638
#: serverguide/C/backups.xml:29(para)
31640
"The <application>tar</application> utility creates one archive file out of "
31641
"many files or directories. <application>tar</application> can also filter "
31642
"the files through compression utilities reducing the size of the archive "
31645
"The <application>tar</application> utility creates one archive file out of "
31646
"many files or directories. <application>tar</application> can also filter "
31647
"the files through compression utilities reducing the size of the archive "
31650
#: serverguide/C/backups.xml:35(title)
31651
msgid "Simple Shell Script"
31652
msgstr "Simple Shell Script"
31654
#: serverguide/C/backups.xml:36(para)
31656
"The following shell script uses <application>tar</application> to create an "
31657
"archive file on a remotely mounted NFS file system. The archive filename is "
31658
"determined using additional command line utilities."
31660
"The following shell script uses <application>tar</application> to create an "
31661
"archive file on a remotely mounted NFS file system. The archive filename is "
31662
"determined using additional command line utilities."
31664
#: serverguide/C/backups.xml:40(programlisting)
31669
"####################################\n"
31671
"# Backup to NFS mount script.\n"
31673
"####################################\n"
31675
"# What to backup. \n"
31676
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
31678
"# Where to backup to.\n"
31679
"dest=\"/mnt/backup\"\n"
31681
"# Create archive filename.\n"
31682
"day=$(date +%A)\n"
31683
"hostname=$(hostname -s)\n"
31684
"archive_file=\"$hostname-$day.tgz\"\n"
31686
"# Print start status message.\n"
31687
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
31691
"# Backup the files using tar.\n"
31692
"tar czf $dest/$archive_file $backup_files\n"
31694
"# Print end status message.\n"
31696
"echo \"Backup finished\"\n"
31699
"# Long listing of files in $dest to check file sizes.\n"
31704
"####################################\n"
31706
"# Backup to NFS mount script.\n"
31708
"####################################\n"
31710
"# What to backup. \n"
31711
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
31713
"# Where to backup to.\n"
31714
"dest=\"/mnt/backup\"\n"
31716
"# Create archive filename.\n"
31717
"day=$(date +%A)\n"
31718
"hostname=$(hostname -s)\n"
31719
"archive_file=\"$hostname-$day.tgz\"\n"
31721
"# Print start status message.\n"
31722
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
31726
"# Backup the files using tar.\n"
31727
"tar czf $dest/$archive_file $backup_files\n"
31729
"# Print end status message.\n"
31731
"echo \"Backup finished\"\n"
31734
"# Long listing of files in $dest to check file sizes.\n"
31737
#: serverguide/C/backups.xml:77(para)
31739
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
31740
"would like to backup. The list should be customized to fit your needs."
31742
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
31743
"would like to backup. The list should be customised to fit your needs."
31745
#: serverguide/C/backups.xml:83(para)
31747
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
31748
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
31749
"day of the week, giving a backup history of seven days. There are other ways "
31750
"to accomplish this including other ways using the "
31751
"<application>date</application> utility."
31753
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
31754
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
31755
"day of the week, giving a backup history of seven days. There are other ways "
31756
"to accomplish this including other ways using the "
31757
"<application>date</application> utility."
31759
#: serverguide/C/backups.xml:90(para)
31761
"<emphasis>$hostname:</emphasis> variable containing the "
31762
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
31763
"archive filename gives you the option of placing daily archive files from "
31764
"multiple systems in the same directory."
31766
"<emphasis>$hostname:</emphasis> variable containing the "
31767
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
31768
"archive filename gives you the option of placing daily archive files from "
31769
"multiple systems in the same directory."
31771
#: serverguide/C/backups.xml:97(para)
31772
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
31773
msgstr "<emphasis>$archive_file:</emphasis> the full archive filename."
31775
#: serverguide/C/backups.xml:102(para)
31777
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
31778
"needs to be created and in this case <emphasis>mounted</emphasis> before "
31779
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
31780
"details using <emphasis>NFS</emphasis>."
31782
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
31783
"needs to be created and in this case <emphasis>mounted</emphasis> before "
31784
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
31785
"details using <emphasis>NFS</emphasis>."
31787
#: serverguide/C/backups.xml:109(para)
31789
"<emphasis>status messages:</emphasis> optional messages printed to the "
31790
"console using the <application>echo</application> utility."
31792
"<emphasis>status messages:</emphasis> optional messages printed to the "
31793
"console using the <application>echo</application> utility."
31795
#: serverguide/C/backups.xml:115(para)
31797
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
31798
"<application>tar</application> command used to create the archive file."
31800
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
31801
"<application>tar</application> command used to create the archive file."
31803
#: serverguide/C/backups.xml:121(para)
31804
msgid "<emphasis>c:</emphasis> creates an archive."
31805
msgstr "<emphasis>c:</emphasis> creates an archive."
31807
#: serverguide/C/backups.xml:126(para)
31809
"<emphasis>z:</emphasis> filter the archive through the "
31810
"<application>gzip</application> utility compressing the archive."
31812
"<emphasis>z:</emphasis> filter the archive through the "
31813
"<application>gzip</application> utility compressing the archive."
31815
#: serverguide/C/backups.xml:131(para)
31817
"<emphasis>f:</emphasis> use archive file. Otherwise the "
31818
"<application>tar</application> output will be sent to STDOUT."
31820
"<emphasis>f:</emphasis> use archive file. Otherwise the "
31821
"<application>tar</application> output will be sent to STDOUT."
31823
#: serverguide/C/backups.xml:138(para)
31825
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
31826
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
31827
"of the destination directory. This is useful for a quick file size check of "
31828
"the archive file. This check should not replace testing the archive file."
31830
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
31831
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
31832
"of the destination directory. This is useful for a quick file size check of "
31833
"the archive file. This check should not replace testing the archive file."
31835
#: serverguide/C/backups.xml:145(para)
31837
"This is a simple example of a backup shell script. There are large amount of "
31838
"options that can be included in a backup script. See <xref linkend=\"backup-"
31839
"shellscript-references\"/> for links to resources providing more in depth "
31840
"shell scripting information."
31842
"This is a simple example of a backup shell script. There are large amount of "
31843
"options that can be included in a backup script. See <xref linkend=\"backup-"
31844
"shellscript-references\"/> for links to resources providing more in depth "
31845
"shell scripting information."
31847
#: serverguide/C/backups.xml:152(title)
31848
msgid "Executing the Script"
31849
msgstr "Executing the Script"
31851
#: serverguide/C/backups.xml:154(title)
31852
msgid "Executing from a Terminal"
31853
msgstr "Executing from a Terminal"
31855
#: serverguide/C/backups.xml:155(para)
31857
"The simplest way of executing the above backup script is to copy and paste "
31858
"the contents into a file. <filename>backup.sh</filename> for example. Then "
31859
"from a terminal prompt:"
31861
"The simplest way of executing the above backup script is to copy and paste "
31862
"the contents into a file. <filename>backup.sh</filename> for example. Then "
31863
"from a terminal prompt:"
31865
#: serverguide/C/backups.xml:160(command)
31866
msgid "sudo bash backup.sh"
31867
msgstr "sudo bash backup.sh"
31869
#: serverguide/C/backups.xml:162(para)
31871
"This is a great way to test the script to make sure everything works as "
31874
"This is a great way to test the script to make sure everything works as "
31877
#: serverguide/C/backups.xml:167(title)
31878
msgid "Executing with cron"
31879
msgstr "Executing with cron"
31881
#: serverguide/C/backups.xml:168(para)
31883
"The <application>cron</application> utility can be used to automate the "
31884
"script execution. The <application>cron</application> daemon allows the "
31885
"execution of scripts, or commands, at a specified time and date."
31887
"The <application>cron</application> utility can be used to automate the "
31888
"script execution. The <application>cron</application> daemon allows the "
31889
"execution of scripts, or commands, at a specified time and date."
31891
#: serverguide/C/backups.xml:172(para)
31893
"<application>cron</application> is configured through entries in a "
31894
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
31895
"separated into fields:"
31897
"<application>cron</application> is configured through entries in a "
31898
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
31899
"separated into fields:"
31901
#: serverguide/C/backups.xml:176(programlisting)
31905
"# m h dom mon dow command\n"
31908
"# m h dom mon dow command\n"
31910
#: serverguide/C/backups.xml:181(para)
31912
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
31914
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
31916
#: serverguide/C/backups.xml:186(para)
31918
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
31920
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
31922
#: serverguide/C/backups.xml:191(para)
31923
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
31924
msgstr "<emphasis>dom:</emphasis> day of month the command executes on."
31926
#: serverguide/C/backups.xml:196(para)
31928
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
31930
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
31932
#: serverguide/C/backups.xml:201(para)
31934
"<emphasis>dow:</emphasis> the day of the week the command executes on "
31935
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
31938
"<emphasis>dow:</emphasis> the day of the week the command executes on "
31939
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
31942
#: serverguide/C/backups.xml:206(para)
31943
msgid "<emphasis>command:</emphasis> the command to execute."
31944
msgstr "<emphasis>command:</emphasis> the command to execute."
31946
#: serverguide/C/backups.xml:211(para)
31948
"To add or change entries in a <filename>crontab</filename> file the "
31949
"<application>crontab -e</application> command should be used. Also, the "
31950
"contents of a <filename>crontab</filename> file can be viewed using the "
31951
"<application>crontab -l</application> command."
31953
"To add or change entries in a <filename>crontab</filename> file the "
31954
"<application>crontab -e</application> command should be used. Also, the "
31955
"contents of a <filename>crontab</filename> file can be viewed using the "
31956
"<application>crontab -l</application> command."
31958
#: serverguide/C/backups.xml:215(para)
31960
"To execute the <application>backup.sh</application> script listed above "
31961
"using <application>cron</application>. Enter the following from a terminal "
31964
"To execute the <application>backup.sh</application> script listed above "
31965
"using <application>cron</application>. Enter the following from a terminal "
31968
#: serverguide/C/backups.xml:220(command)
31969
msgid "sudo crontab -e"
31970
msgstr "sudo crontab -e"
31972
#: serverguide/C/backups.xml:223(para)
31974
"Using <application>sudo</application> with the <application>crontab -"
31975
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
31976
"This is necessary if you are backing up directories only the root user has "
31979
"Using <application>sudo</application> with the <application>crontab -"
31980
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
31981
"This is necessary if you are backing up directories only the root user has "
31984
#: serverguide/C/backups.xml:228(para)
31985
msgid "Add the following entry to the <filename>crontab</filename> file:"
31986
msgstr "Add the following entry to the <filename>crontab</filename> file:"
31988
#: serverguide/C/backups.xml:231(programlisting)
31992
"# m h dom mon dow command\n"
31993
"0 0 * * * bash /usr/local/bin/backup.sh\n"
31996
"# m h dom mon dow command\n"
31997
"0 0 * * * bash /usr/local/bin/backup.sh\n"
31999
#: serverguide/C/backups.xml:235(para)
32001
"The <application>backup.sh</application> script will now be executed every "
32004
"The <application>backup.sh</application> script will now be executed every "
32007
#: serverguide/C/backups.xml:239(para)
32009
"The <application>backup.sh</application> script will need to be copied to "
32010
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
32011
"to execute properly. The script can reside anywhere on the file system "
32012
"simply change the script path appropriately."
32014
"The <application>backup.sh</application> script will need to be copied to "
32015
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
32016
"to execute properly. The script can reside anywhere on the file system "
32017
"simply change the script path appropriately."
32019
#: serverguide/C/backups.xml:244(para)
32021
"For more in depth <application>crontab</application> options see <xref "
32022
"linkend=\"backup-shellscript-references\"/>."
32024
"For more in depth <application>crontab</application> options see <xref "
32025
"linkend=\"backup-shellscript-references\"/>."
32027
#: serverguide/C/backups.xml:250(title)
32028
msgid "Restoring from the Archive"
32029
msgstr "Restoring from the Archive"
32031
#: serverguide/C/backups.xml:251(para)
32033
"Once an archive has been created it is important to test the archive. The "
32034
"archive can be tested by listing the files it contains, but the best test is "
32035
"to <emphasis>restore</emphasis> a file from the archive."
32037
"Once an archive has been created it is important to test the archive. The "
32038
"archive can be tested by listing the files it contains, but the best test is "
32039
"to <emphasis>restore</emphasis> a file from the archive."
32041
#: serverguide/C/backups.xml:257(para)
32042
msgid "To see a listing of the archive contents. From a terminal prompt:"
32043
msgstr "To see a listing of the archive contents. From a terminal prompt:"
32045
#: serverguide/C/backups.xml:261(command)
32046
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
32047
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
32049
#: serverguide/C/backups.xml:265(para)
32050
msgid "To restore a file from the archive to a different directory enter:"
32051
msgstr "To restore a file from the archive to a different directory enter:"
32053
#: serverguide/C/backups.xml:269(command)
32054
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
32055
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
32057
#: serverguide/C/backups.xml:271(para)
32059
"The <emphasis>-C</emphasis> option to <application>tar</application> "
32060
"redirects the extracted files to the specified directory. The above example "
32061
"will extract the <filename>/etc/hosts</filename> file to "
32062
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
32063
"recreates the directory structure that it contains."
32065
"The <emphasis>-C</emphasis> option to <application>tar</application> "
32066
"redirects the extracted files to the specified directory. The above example "
32067
"will extract the <filename>/etc/hosts</filename> file to "
32068
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
32069
"recreates the directory structure that it contains."
32071
#: serverguide/C/backups.xml:276(para)
32073
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
32074
"the file to restore."
32076
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
32077
"the file to restore."
32079
#: serverguide/C/backups.xml:281(para)
32080
msgid "To restore all files in the archive enter the following:"
32081
msgstr "To restore all files in the archive enter the following:"
32083
#: serverguide/C/backups.xml:285(command)
32087
#: serverguide/C/backups.xml:286(command)
32088
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
32089
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
32091
#: serverguide/C/backups.xml:291(para)
32092
msgid "This will overwrite the files currently on the file system."
32093
msgstr "This will overwrite the files currently on the file system."
32095
#: serverguide/C/backups.xml:300(para)
32097
"For more information on shell scripting see the <ulink "
32098
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
32100
"For more information on shell scripting see the <ulink "
32101
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
32103
#: serverguide/C/backups.xml:305(para)
32105
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
32106
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
32107
"great resource for shell scripting."
32109
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
32110
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
32111
"great resource for shell scripting."
32113
#: serverguide/C/backups.xml:311(para)
32115
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
32116
"Wiki Page</ulink> contains details on advanced "
32117
"<application>cron</application> options."
32119
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
32120
"Wiki Page</ulink> contains details on advanced "
32121
"<application>cron</application> options."
32123
#: serverguide/C/backups.xml:318(para)
32125
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
32126
"tar Manual</ulink> for more <application>tar</application> options."
32128
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
32129
"tar Manual</ulink> for more <application>tar</application> options."
32131
#: serverguide/C/backups.xml:324(para)
32133
"The Wikipedia <ulink "
32134
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
32135
"Scheme</ulink> article contains information on other backup rotation schemes."
32137
"The Wikipedia <ulink "
32138
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
32139
"Scheme</ulink> article contains information on other backup rotation schemes."
32141
#: serverguide/C/backups.xml:330(para)
32143
"The shell script uses <application>tar</application> to create the archive, "
32144
"but there many other command line utilities that can be used. For example:"
32146
"The shell script uses <application>tar</application> to create the archive, "
32147
"but there many other command line utilities that can be used. For example:"
32149
#: serverguide/C/backups.xml:336(para)
32151
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
32152
"files to and from archives."
32154
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
32155
"files to and from archives."
32157
#: serverguide/C/backups.xml:341(para)
32159
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
32160
"the <application>coreutils</application> package. A low level utility that "
32161
"can copy data from one format to another"
32163
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
32164
"the <application>coreutils</application> package. A low level utility that "
32165
"can copy data from one format to another"
32167
#: serverguide/C/backups.xml:347(para)
32169
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
32170
"snap shot utility used to create copies of an entire file system."
32172
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
32173
"snap shot utility used to create copies of an entire file system."
32175
#: serverguide/C/backups.xml:358(title)
32176
msgid "Archive Rotation"
32177
msgstr "Archive Rotation"
32179
#: serverguide/C/backups.xml:359(para)
32181
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
32182
"allows for seven different archives. For a server whose data doesn't change "
32183
"often this may be enough. If the server has a large amount of data a more "
32184
"robust rotation scheme should be used."
32186
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
32187
"allows for seven different archives. For a server whose data doesn't change "
32188
"often this may be enough. If the server has a large amount of data a more "
32189
"robust rotation scheme should be used."
32191
#: serverguide/C/backups.xml:365(title)
32192
msgid "Rotating NFS Archives"
32193
msgstr "Rotating NFS Archives"
32195
#: serverguide/C/backups.xml:366(para)
32197
"In this section the shell script will be slightly modified to implement a "
32198
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
32200
"In this section the shell script will be slightly modified to implement a "
32201
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
32203
#: serverguide/C/backups.xml:372(para)
32205
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
32208
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
32211
#: serverguide/C/backups.xml:377(para)
32213
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
32214
"weekly backups a month."
32216
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
32217
"weekly backups a month."
32219
#: serverguide/C/backups.xml:382(para)
32221
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
32222
"rotating two monthly backups based on if the month is odd or even."
32224
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
32225
"rotating two monthly backups based on if the month is odd or even."
32227
#: serverguide/C/backups.xml:388(para)
32228
msgid "Here is the new script:"
32229
msgstr "Here is the new script:"
32231
#: serverguide/C/backups.xml:391(programlisting)
32236
"####################################\n"
32238
"# Backup to NFS mount script with\n"
32239
"# grandfather-father-son rotation.\n"
32241
"####################################\n"
32243
"# What to backup. \n"
32244
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
32246
"# Where to backup to.\n"
32247
"dest=\"/mnt/backup\"\n"
32249
"# Setup variables for the archive filename.\n"
32250
"day=$(date +%A)\n"
32251
"hostname=$(hostname -s)\n"
32253
"# Find which week of the month 1-4 it is.\n"
32254
"day_num=$(date +%d)\n"
32255
"if (( $day_num <= 7 )); then\n"
32256
" week_file=\"$hostname-week1.tgz\"\n"
32257
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
32258
" week_file=\"$hostname-week2.tgz\"\n"
32259
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
32260
" week_file=\"$hostname-week3.tgz\"\n"
32261
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
32262
" week_file=\"$hostname-week4.tgz\"\n"
32265
"# Find if the Month is odd or even.\n"
32266
"month_num=$(date +%m)\n"
32267
"month=$(expr $month_num % 2)\n"
32268
"if [ $month -eq 0 ]; then\n"
32269
" month_file=\"$hostname-month2.tgz\"\n"
32271
" month_file=\"$hostname-month1.tgz\"\n"
32274
"# Create archive filename.\n"
32275
"if [ $day_num == 1 ]; then\n"
32276
"\tarchive_file=$month_file\n"
32277
"elif [ $day != \"Saturday\" ]; then\n"
32278
" archive_file=\"$hostname-$day.tgz\"\n"
32280
"\tarchive_file=$week_file\n"
32283
"# Print start status message.\n"
32284
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
32288
"# Backup the files using tar.\n"
32289
"tar czf $dest/$archive_file $backup_files\n"
32291
"# Print end status message.\n"
32293
"echo \"Backup finished\"\n"
32296
"# Long listing of files in $dest to check file sizes.\n"
32301
"####################################\n"
32303
"# Backup to NFS mount script with\n"
32304
"# grandfather-father-son rotation.\n"
32306
"####################################\n"
32308
"# What to backup. \n"
32309
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
32311
"# Where to backup to.\n"
32312
"dest=\"/mnt/backup\"\n"
32314
"# Setup variables for the archive filename.\n"
32315
"day=$(date +%A)\n"
32316
"hostname=$(hostname -s)\n"
32318
"# Find which week of the month 1-4 it is.\n"
32319
"day_num=$(date +%d)\n"
32320
"if (( $day_num <= 7 )); then\n"
32321
" week_file=\"$hostname-week1.tgz\"\n"
32322
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
32323
" week_file=\"$hostname-week2.tgz\"\n"
32324
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
32325
" week_file=\"$hostname-week3.tgz\"\n"
32326
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
32327
" week_file=\"$hostname-week4.tgz\"\n"
32330
"# Find if the Month is odd or even.\n"
32331
"month_num=$(date +%m)\n"
32332
"month=$(expr $month_num % 2)\n"
32333
"if [ $month -eq 0 ]; then\n"
32334
" month_file=\"$hostname-month2.tgz\"\n"
32336
" month_file=\"$hostname-month1.tgz\"\n"
32339
"# Create archive filename.\n"
32340
"if [ $day_num == 1 ]; then\n"
32341
"\tarchive_file=$month_file\n"
32342
"elif [ $day != \"Saturday\" ]; then\n"
32343
" archive_file=\"$hostname-$day.tgz\"\n"
32345
"\tarchive_file=$week_file\n"
32348
"# Print start status message.\n"
32349
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
32353
"# Backup the files using tar.\n"
32354
"tar czf $dest/$archive_file $backup_files\n"
32356
"# Print end status message.\n"
32358
"echo \"Backup finished\"\n"
32361
"# Long listing of files in $dest to check file sizes.\n"
32364
#: serverguide/C/backups.xml:456(para)
32366
"The script can be executed using the same methods as in <xref "
32367
"linkend=\"backup-executing-shellscript\"/>."
32369
"The script can be executed using the same methods as in <xref "
32370
"linkend=\"backup-executing-shellscript\"/>."
32372
#: serverguide/C/backups.xml:459(para)
32374
"It is good practice to take backup media off site in case of a disaster. In "
32375
"the shell script example the backup media is another server providing an NFS "
32376
"share. In all likelihood taking the NFS server to another location would not "
32377
"be practical. Depending upon connection speeds it may be an option to copy "
32378
"the archive file over a WAN link to a server in another location."
32380
"It is good practice to take backup media off site in case of a disaster. In "
32381
"the shell script example the backup media is another server providing an NFS "
32382
"share. In all likelihood taking the NFS server to another location would not "
32383
"be practical. Depending upon connection speeds it may be an option to copy "
32384
"the archive file over a WAN link to a server in another location."
32386
#: serverguide/C/backups.xml:465(para)
32388
"Another option is to copy the archive file to an external hard drive which "
32389
"can then be taken off site. Since the price of external hard drives continue "
32390
"to decrease it may be cost-effective to use two drives for each archive "
32391
"level. This would allow you to have one external drive attached to the "
32392
"backup server and one in another location."
32394
"Another option is to copy the archive file to an external hard drive which "
32395
"can then be taken off site. Since the price of external hard drives continue "
32396
"to decrease it may be cost-effective to use two drives for each archive "
32397
"level. This would allow you to have one external drive attached to the "
32398
"backup server and one in another location."
32400
#: serverguide/C/backups.xml:472(title)
32401
msgid "Tape Drives"
32402
msgstr "Tape Drives"
32404
#: serverguide/C/backups.xml:473(para)
32406
"A tape drive attached to the server can be used instead of a NFS share. "
32407
"Using a tape drive simplifies archive rotation, and taking the media off "
32410
"A tape drive attached to the server can be used instead of a NFS share. "
32411
"Using a tape drive simplifies archive rotation, and taking the media off "
32414
#: serverguide/C/backups.xml:477(para)
32416
"When using a tape drive the filename portions of the script aren't needed "
32417
"because the date is sent directly to the tape device. Some commands to "
32418
"manipulate the tape are needed. This is accomplished using "
32419
"<application>mt</application>, a magnetic tape control utility part of the "
32420
"<application>cpio</application> package."
32422
"When using a tape drive the filename portions of the script aren't needed "
32423
"because the date is sent directly to the tape device. Some commands to "
32424
"manipulate the tape are needed. This is accomplished using "
32425
"<application>mt</application>, a magnetic tape control utility part of the "
32426
"<application>cpio</application> package."
32428
#: serverguide/C/backups.xml:482(para)
32429
msgid "Here is the shell script modified to use a tape drive:"
32430
msgstr "Here is the shell script modified to use a tape drive:"
32432
#: serverguide/C/backups.xml:485(programlisting)
32437
"####################################\n"
32439
"# Backup to tape drive script.\n"
32441
"####################################\n"
32443
"# What to backup. \n"
32444
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
32446
"# Where to backup to.\n"
32447
"dest=\"/dev/st0\"\n"
32449
"# Print start status message.\n"
32450
"echo \"Backing up $backup_files to $dest\"\n"
32454
"# Make sure the tape is rewound.\n"
32455
"mt -f $dest rewind\n"
32457
"# Backup the files using tar.\n"
32458
"tar czf $dest $backup_files\n"
32460
"# Rewind and eject the tape.\n"
32461
"mt -f $dest rewoffl\n"
32463
"# Print end status message.\n"
32465
"echo \"Backup finished\"\n"
32470
"####################################\n"
32472
"# Backup to tape drive script.\n"
32474
"####################################\n"
32476
"# What to backup. \n"
32477
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
32479
"# Where to backup to.\n"
32480
"dest=\"/dev/st0\"\n"
32482
"# Print start status message.\n"
32483
"echo \"Backing up $backup_files to $dest\"\n"
32487
"# Make sure the tape is rewound.\n"
32488
"mt -f $dest rewind\n"
32490
"# Backup the files using tar.\n"
32491
"tar czf $dest $backup_files\n"
32493
"# Rewind and eject the tape.\n"
32494
"mt -f $dest rewoffl\n"
32496
"# Print end status message.\n"
32498
"echo \"Backup finished\"\n"
32501
#: serverguide/C/backups.xml:519(para)
32503
"The default device name for a SCSI tape drive is "
32504
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
32507
"The default device name for a SCSI tape drive is "
32508
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
32511
#: serverguide/C/backups.xml:524(para)
32513
"Restoring from a tape drive is basically the same as restoring from a file. "
32514
"Simply rewind the tape and use the device path instead of a file path. For "
32515
"example to restore the <filename>/etc/hosts</filename> file to "
32516
"<filename>/tmp/etc/hosts</filename>:"
32518
"Restoring from a tape drive is basically the same as restoring from a file. "
32519
"Simply rewind the tape and use the device path instead of a file path. For "
32520
"example to restore the <filename>/etc/hosts</filename> file to "
32521
"<filename>/tmp/etc/hosts</filename>:"
32523
#: serverguide/C/backups.xml:529(command)
32524
msgid "mt -f /dev/st0 rewind"
32525
msgstr "mt -f /dev/st0 rewind"
32527
#: serverguide/C/backups.xml:530(command)
32528
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
32529
msgstr "tar -xzf /dev/st0 -C /tmp etc/hosts"
32531
#: serverguide/C/backups.xml:535(title)
32535
#: serverguide/C/backups.xml:536(para)
32537
"<application>Bacula</application> is a backup program enabling you to "
32538
"backup, restore, and verify data across your network. There are Bacula "
32539
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
32542
"<application>Bacula</application> is a backup program enabling you to "
32543
"backup, restore, and verify data across your network. There are Bacula "
32544
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
32547
#: serverguide/C/backups.xml:542(para)
32549
"<application>Bacula</application> is made up of several components and "
32550
"services used to manage which files to backup and where to back them up to:"
32552
"<application>Bacula</application> is made up of several components and "
32553
"services used to manage which files to backup and where to back them up to:"
32555
#: serverguide/C/backups.xml:548(para)
32557
"<application>Bacula Director:</application> a service that controls all "
32558
"backup, restore, verify, and archive operations."
32560
"<application>Bacula Director:</application> a service that controls all "
32561
"backup, restore, verify, and archive operations."
32563
#: serverguide/C/backups.xml:553(para)
32565
"<application>Bacula Console:</application> an application allowing "
32566
"communication with the Director. There are three versions of the Console:"
32568
"<application>Bacula Console:</application> an application allowing "
32569
"communication with the Director. There are three versions of the Console:"
32571
#: serverguide/C/backups.xml:558(para)
32572
msgid "Text based command line version."
32573
msgstr "Text based command line version."
32575
#: serverguide/C/backups.xml:559(para)
32576
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
32577
msgstr "Gnome based GTK+ Graphical User Interface (GUI) interface."
32579
#: serverguide/C/backups.xml:560(para)
32580
msgid "wxWidgets GUI interface."
32581
msgstr "wxWidgets GUI interface."
32583
#: serverguide/C/backups.xml:564(para)
32585
"<application>Bacula File:</application> also known as the "
32586
"<application>Bacula Client</application> program. This application is "
32587
"installed on machines to be backed up, and is responsible for the data "
32588
"requested by the Director."
32590
"<application>Bacula File:</application> also known as the "
32591
"<application>Bacula Client</application> program. This application is "
32592
"installed on machines to be backed up, and is responsible for the data "
32593
"requested by the Director."
32595
#: serverguide/C/backups.xml:570(para)
32597
"<application>Bacula Storage:</application> the programs that perform the "
32598
"storage and recovery of data to the physical media."
32600
"<application>Bacula Storage:</application> the programs that perform the "
32601
"storage and recovery of data to the physical media."
32603
#: serverguide/C/backups.xml:575(para)
32605
"<application>Bacula Catalog:</application> is responsible for maintaining "
32606
"the file indexes and volume databases for all files backed up, enabling "
32607
"quick location and restoration of archived files. The Catalog supports three "
32608
"different databases MySQL, PostgreSQL, and SQLite."
32610
"<application>Bacula Catalogue:</application> is responsible for maintaining "
32611
"the file indexes and volume databases for all files backed up, enabling "
32612
"quick location and restoration of archived files. The Catalogue supports "
32613
"three different databases MySQL, PostgreSQL, and SQLite."
32615
#: serverguide/C/backups.xml:581(para)
32617
"<application>Bacula Monitor:</application> allows the monitoring of the "
32618
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
32619
"available as a GTK+ GUI application."
32621
"<application>Bacula Monitor:</application> allows the monitoring of the "
32622
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
32623
"available as a GTK+ GUI application."
32625
#: serverguide/C/backups.xml:587(para)
32627
"These services and applications can be run on multiple servers and clients, "
32628
"or they can be installed on one machine if backing up a single disk or "
32631
"These services and applications can be run on multiple servers and clients, "
32632
"or they can be installed on one machine if backing up a single disk or "
32635
#: serverguide/C/backups.xml:594(para)
32637
"There are multiple packages containing the different "
32638
"<application>Bacula</application> components. To install Bacula, from a "
32639
"terminal prompt enter:"
32641
"There are multiple packages containing the different "
32642
"<application>Bacula</application> components. To install Bacula, from a "
32643
"terminal prompt enter:"
32645
#: serverguide/C/backups.xml:599(command)
32646
msgid "sudo apt-get install bacula"
32647
msgstr "sudo apt-get install bacula"
32649
#: serverguide/C/backups.xml:601(para)
32651
"By default installing the <application>bacula</application> package will use "
32652
"a <application>MySQL</application> database for the Catalog. If you want to "
32653
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
32654
"director-sqlite3</application> or <application>bacula-director-"
32655
"pgsql</application> respectively."
32657
"By default installing the <application>bacula</application> package will use "
32658
"a <application>MySQL</application> database for the Catalogue. If you want "
32659
"to use SQLite or PostgreSQL, for the Catalogue, install <application>bacula-"
32660
"director-sqlite3</application> or <application>bacula-director-"
32661
"pgsql</application> respectively."
32663
#: serverguide/C/backups.xml:607(para)
32665
"During the install process you will be asked to supply credentials for the "
32666
"database <emphasis>administrator</emphasis> and the "
32667
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
32668
"database administrator will need to have the appropriate rights to create a "
32669
"database, see <xref linkend=\"mysql\"/> for more information."
32671
"During the install process you will be asked to supply credentials for the "
32672
"database <emphasis>administrator</emphasis> and the "
32673
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
32674
"database administrator will need to have the appropriate rights to create a "
32675
"database, see <xref linkend=\"mysql\"/> for more information."
32677
#: serverguide/C/backups.xml:617(para)
32679
"<application>Bacula</application> configuration files are formatted based on "
32680
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
32681
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
32682
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
32685
"<application>Bacula</application> configuration files are formatted based on "
32686
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
32687
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
32688
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
32691
#: serverguide/C/backups.xml:622(para)
32693
"The various <application>Bacula</application> components must authorize "
32694
"themselves to each other. This is accomplished using the "
32695
"<emphasis>password</emphasis> directive. For example, the "
32696
"<emphasis>Storage</emphasis> resource password in the "
32697
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
32698
"<emphasis>Director</emphasis> resource password in "
32699
"<filename>/etc/bacula/bacula-sd.conf</filename>."
32701
"The various <application>Bacula</application> components must authorise "
32702
"themselves to each other. This is accomplished using the "
32703
"<emphasis>password</emphasis> directive. For example, the "
32704
"<emphasis>Storage</emphasis> resource password in the "
32705
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
32706
"<emphasis>Director</emphasis> resource password in "
32707
"<filename>/etc/bacula/bacula-sd.conf</filename>."
32709
#: serverguide/C/backups.xml:628(para)
32711
"By default the backup job named <emphasis>Client1</emphasis> is configured "
32712
"to archive the <application>Bacula</application> Catalog. If you plan on "
32713
"using the server to backup more than one client you should change the name "
32714
"of this job to something more descriptive. To change the name edit "
32715
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
32717
"By default the backup job named <emphasis>Client1</emphasis> is configured "
32718
"to archive the <application>Bacula</application> Catalogue. If you plan on "
32719
"using the server to backup more than one client you should change the name "
32720
"of this job to something more descriptive. To change the name edit "
32721
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
32723
#: serverguide/C/backups.xml:633(programlisting)
32728
"# Define the main nightly save backup job\n"
32729
"# By default, this job will back up to disk in \n"
32731
" Name = \"BackupServer\"\n"
32732
" JobDefs = \"DefaultJob\"\n"
32733
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
32738
"# Define the main nightly save backup job\n"
32739
"# By default, this job will back up to disk in \n"
32741
" Name = \"BackupServer\"\n"
32742
" JobDefs = \"DefaultJob\"\n"
32743
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
32746
#: serverguide/C/backups.xml:644(para)
32748
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
32749
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
32750
"your appropriate hostname, or other descriptive name."
32752
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
32753
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
32754
"your appropriate hostname, or other descriptive name."
32756
#: serverguide/C/backups.xml:649(para)
32758
"The <emphasis>Console</emphasis> can be used to query the "
32759
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
32760
"<emphasis>non-root</emphasis> user, the user needs to be in the "
32761
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
32762
"the following from a terminal:"
32764
"The <emphasis>Console</emphasis> can be used to query the "
32765
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
32766
"<emphasis>non-root</emphasis> user, the user needs to be in the "
32767
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
32768
"the following from a terminal:"
32770
#: serverguide/C/backups.xml:655(command)
32771
msgid "sudo adduser $username bacula"
32772
msgstr "sudo adduser $username bacula"
32774
#: serverguide/C/backups.xml:658(para)
32776
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
32777
"you are adding the current user to the group you should log out and back in "
32778
"for the new permissions to take effect."
32780
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
32781
"you are adding the current user to the group you should log out and back in "
32782
"for the new permissions to take effect."
32784
#: serverguide/C/backups.xml:665(title)
32785
msgid "Localhost Backup"
32786
msgstr "Localhost Backup"
32788
#: serverguide/C/backups.xml:666(para)
32790
"This section describes how to backup specified directories on a single host "
32791
"to a local tape drive."
32793
"This section describes how to backup specified directories on a single host "
32794
"to a local tape drive."
32796
#: serverguide/C/backups.xml:671(para)
32798
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
32799
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
32801
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
32802
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
32804
#: serverguide/C/backups.xml:674(programlisting)
32809
" Name = \"Tape Drive\"\n"
32810
" Device Type = tape\n"
32811
" Media Type = DDS-4\n"
32812
" Archive Device = /dev/st0\n"
32813
" Hardware end of medium = No;\n"
32814
" AutomaticMount = yes; # when device opened, read it\n"
32815
" AlwaysOpen = Yes;\n"
32816
" RemovableMedia = yes;\n"
32817
" RandomAccess = no;\n"
32818
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
32823
" Name = \"Tape Drive\"\n"
32824
" Device Type = tape\n"
32825
" Media Type = DDS-4\n"
32826
" Archive Device = /dev/st0\n"
32827
" Hardware end of medium = No;\n"
32828
" AutomaticMount = yes; # when device opened, read it\n"
32829
" AlwaysOpen = Yes;\n"
32830
" RemovableMedia = yes;\n"
32831
" RandomAccess = no;\n"
32832
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
32835
#: serverguide/C/backups.xml:688(para)
32837
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
32838
"Type and Archive Device to match your hardware."
32840
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
32841
"Type and Archive Device to match your hardware."
32843
#: serverguide/C/backups.xml:691(para)
32844
msgid "You could also uncomment one of the other examples in the file."
32845
msgstr "You could also uncomment one of the other examples in the file."
32847
#: serverguide/C/backups.xml:696(para)
32849
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
32850
"<application>Storage</application> daemon will need to be restarted:"
32852
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
32853
"<application>Storage</application> daemon will need to be restarted:"
32855
#: serverguide/C/backups.xml:701(command)
32856
msgid "sudo /etc/init.d/bacula-sd restart"
32857
msgstr "sudo /etc/init.d/bacula-sd restart"
32859
#: serverguide/C/backups.xml:705(para)
32861
"Now add a <emphasis>Storage</emphasis> resource in "
32862
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
32864
"Now add a <emphasis>Storage</emphasis> resource in "
32865
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
32867
#: serverguide/C/backups.xml:708(programlisting)
32871
"# Definition of \"Tape Drive\" storage device\n"
32873
" Name = TapeDrive\n"
32874
" # Do not use \"localhost\" here \n"
32875
" Address = backupserver # N.B. Use a fully qualified name "
32878
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
32879
" Device = \"Tape Drive\"\n"
32880
" Media Type = tape\n"
32884
"# Definition of \"Tape Drive\" storage device\n"
32886
" Name = TapeDrive\n"
32887
" # Do not use \"localhost\" here \n"
32888
" Address = backupserver # N.B. Use a fully qualified name "
32891
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
32892
" Device = \"Tape Drive\"\n"
32893
" Media Type = tape\n"
32896
#: serverguide/C/backups.xml:720(para)
32898
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
32899
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
32900
"to the actual host name."
32902
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
32903
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
32904
"to the actual host name."
32906
#: serverguide/C/backups.xml:724(para)
32908
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
32909
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
32911
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
32912
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
32914
#: serverguide/C/backups.xml:730(para)
32916
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
32917
"directories to backup, by adding:"
32919
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
32920
"directories to backup, by adding:"
32922
#: serverguide/C/backups.xml:733(programlisting)
32926
"# LocalhostBacup FileSet.\n"
32928
" Name = \"LocalhostFiles\"\n"
32931
" signature = MD5\n"
32932
" compression=GZIP\n"
32940
"# LocalhostBacup FileSet.\n"
32942
" Name = \"LocalhostFiles\"\n"
32945
" signature = MD5\n"
32946
" compression=GZIP\n"
32953
#: serverguide/C/backups.xml:747(para)
32955
"This <emphasis>FileSet</emphasis> will backup the <filename "
32956
"role=\"directory\">/etc</filename> and <filename "
32957
"role=\"directory\">/home</filename> directories. The "
32958
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
32959
"create a MD5 signature for each file backed up, and to compress the files "
32962
"This <emphasis>FileSet</emphasis> will backup the <filename "
32963
"role=\"directory\">/etc</filename> and <filename "
32964
"role=\"directory\">/home</filename> directories. The "
32965
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
32966
"create a MD5 signature for each file backed up, and to compress the files "
32969
#: serverguide/C/backups.xml:754(para)
32970
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
32971
msgstr "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
32973
#: serverguide/C/backups.xml:757(programlisting)
32977
"# LocalhostBackup Schedule -- Daily.\n"
32979
" Name = \"LocalhostDaily\"\n"
32980
" Run = Full daily at 00:01\n"
32984
"# LocalhostBackup Schedule -- Daily.\n"
32986
" Name = \"LocalhostDaily\"\n"
32987
" Run = Full daily at 00:01\n"
32990
#: serverguide/C/backups.xml:764(para)
32992
"The job will run every day at 00:01 or 12:01 am. There are many other "
32993
"scheduling options available."
32995
"The job will run every day at 00:01 or 12:01 am. There are many other "
32996
"scheduling options available."
32998
#: serverguide/C/backups.xml:769(para)
32999
msgid "Finally create the <emphasis>Job</emphasis>:"
33000
msgstr "Finally create the <emphasis>Job</emphasis>:"
33002
#: serverguide/C/backups.xml:772(programlisting)
33006
"# Localhost backup.\n"
33008
" Name = \"LocalhostBackup\"\n"
33009
" JobDefs = \"DefaultJob\"\n"
33012
" FileSet = \"LocalhostFiles\"\n"
33013
" Schedule = \"LocalhostDaily\"\n"
33014
" Storage = TapeDrive\n"
33015
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
33019
"# Localhost backup.\n"
33021
" Name = \"LocalhostBackup\"\n"
33022
" JobDefs = \"DefaultJob\"\n"
33025
" FileSet = \"LocalhostFiles\"\n"
33026
" Schedule = \"LocalhostDaily\"\n"
33027
" Storage = TapeDrive\n"
33028
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
33031
#: serverguide/C/backups.xml:785(para)
33033
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
33036
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
33039
#: serverguide/C/backups.xml:790(para)
33041
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
33042
"current tape does not have a label <application>Bacula</application> will "
33043
"send an email letting you know. To label a tape using the "
33044
"<application>Console</application> enter the following from a terminal:"
33046
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
33047
"current tape does not have a label <application>Bacula</application> will "
33048
"send an e-mail letting you know. To label a tape using the "
33049
"<application>Console</application> enter the following from a terminal:"
33051
#: serverguide/C/backups.xml:796(command)
33055
#: serverguide/C/backups.xml:800(para)
33056
msgid "At the Bacula Console prompt enter:"
33057
msgstr "At the Bacula Console prompt enter:"
33059
#: serverguide/C/backups.xml:804(command)
33063
#: serverguide/C/backups.xml:808(para)
33065
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
33067
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
33069
#: serverguide/C/backups.xml:818(userinput)
33074
#: serverguide/C/backups.xml:812(computeroutput)
33078
"Automatically selected Catalog: MyCatalog\n"
33079
"Using Catalog \"MyCatalog\"\n"
33080
"The defined Storage resources are:\n"
33083
"Select Storage resource (1-2):<placeholder-1/>\n"
33086
"Automatically selected Catalogue: MyCatalogue\n"
33087
"Using Catalogue \"MyCatalogue\"\n"
33088
"The defined Storage resources are:\n"
33091
"Select Storage resource (1-2):<placeholder-1/>\n"
33093
#: serverguide/C/backups.xml:823(para)
33094
msgid "Enter the new <emphasis>Volume</emphasis> name:"
33095
msgstr "Enter the new <emphasis>Volume</emphasis> name:"
33097
#: serverguide/C/backups.xml:828(userinput)
33102
#: serverguide/C/backups.xml:827(computeroutput)
33106
"Enter new Volume name: <placeholder-1/>\n"
33112
"Enter new Volume name: <placeholder-1/>\n"
33117
#: serverguide/C/backups.xml:833(para)
33118
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
33119
msgstr "Replace <emphasis>Sunday</emphasis> with the desired label."
33121
#: serverguide/C/backups.xml:838(para)
33122
msgid "Now, select the <emphasis>Pool</emphasis>:"
33123
msgstr "Now, select the <emphasis>Pool</emphasis>:"
33125
#: serverguide/C/backups.xml:843(userinput)
33130
#: serverguide/C/backups.xml:842(computeroutput)
33134
"Select the Pool (1-2): <placeholder-1/>\n"
33135
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
33136
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
33139
"Select the Pool (1-2): <placeholder-1/>\n"
33140
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
33141
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
33143
#: serverguide/C/backups.xml:850(para)
33145
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
33146
"backup the localhost to an attached tape drive."
33148
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
33149
"backup the localhost to an attached tape drive."
33151
#: serverguide/C/backups.xml:858(para)
33153
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
33154
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
33157
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
33158
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
33161
#: serverguide/C/backups.xml:864(para)
33163
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
33164
"the latest Bacula news and developments."
33166
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
33167
"the latest Bacula news and developments."
33169
#: serverguide/C/backups.xml:869(para)
33171
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
33172
"Ubuntu Wiki</ulink> page."
33174
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
33175
"Ubuntu Wiki</ulink> page."
33177
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
33178
#: serverguide/C/backups.xml:0(None)
33179
msgid "translator-credits"
33181
"Launchpad Contributions:\n"
33182
" Adam Collard https://launchpad.net/~adam-collard\n"
33183
" Anthony Scarth https://launchpad.net/~maroubal2\n"
33184
" Daniel Bell https://launchpad.net/~danielbell\n"
33185
" David McBride https://launchpad.net/~david-mcbride\n"
33186
" Dean Sas https://launchpad.net/~dsas\n"
33187
" Edward Chidgey https://launchpad.net/~chidge\n"
33188
" James Thorrold https://launchpad.net/~jthorrold\n"
33189
" Malcolm Parsons https://launchpad.net/~malcolm-parsons\n"
33190
" Matthew East https://launchpad.net/~mdke\n"
33191
" Michael Fallows https://launchpad.net/~mf\n"
33192
" Robert Readman https://launchpad.net/~robert-readman\n"
33193
" ZhongHan Cai https://launchpad.net/~caizhonghan"
33196
#~ "Here is a quick description of other available "
33197
#~ "<application>eBox</application> modules:"
33199
#~ "Here is a quick description of other available "
33200
#~ "<application>eBox</application> modules:"
33203
#~ "<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
33205
#~ "<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
33208
#~ "<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
33210
#~ "<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
33213
#~ "<emphasis>UsersandGroups:</emphasis> this module will manage users and "
33214
#~ "groups contained in an <application>OpenLDAP</application> LDAP directory."
33216
#~ "<emphasis>UsersandGroups:</emphasis> this module will manage users and "
33217
#~ "groups contained in an <application>OpenLDAP</application> LDAP directory."
33220
#~ "To enable a disabled module click on the <emphasis>Module status</emphasis> "
33221
#~ "link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
33222
#~ "which modules you would like to enable and click the <quote>Save</quote> "
33225
#~ "To enable a disabled module click on the <emphasis>Module status</emphasis> "
33226
#~ "link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
33227
#~ "which modules you would like to enable and click the <quote>Save</quote> "
33231
#~ "<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
33232
#~ "subscribe to the link in order to view event alerts."
33234
#~ "<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
33235
#~ "subscribe to the link in order to view event alerts."
33237
#~ msgid "Additional Modules"
33238
#~ msgstr "Additional Modules"
33241
#~ "<emphasis>Network:</emphasis> allows configuration of the server's network "
33242
#~ "options through eBox."
33244
#~ "<emphasis>Network:</emphasis> allows configuration of the server's network "
33245
#~ "options through eBox."
33248
#~ "<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
33249
#~ "when reporting bugs to the eBox developers."
33251
#~ "<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
33252
#~ "when reporting bugs to the eBox developers."
33255
#~ "<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
33256
#~ "Network application."
33258
#~ "<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
33259
#~ "Network application."
33261
#~ msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
33262
#~ msgstr "<emphasis>Samba:</emphasis> configuration options for Samba."
33265
#~ "<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
33267
#~ "<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
33270
#~ "<emphasis>Squid:</emphasis> configuration options for the "
33271
#~ "<application>Squid</application> proxy server."
33273
#~ "<emphasis>Squid:</emphasis> configuration options for the "
33274
#~ "<application>Squid</application> proxy server."
33276
#~ msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
33277
#~ msgstr "<emphasis>Printers:</emphasis> allows the configuration of printers."
33279
#~ msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
33280
#~ msgstr "<emphasis>NTP:</emphasis> set Network Time Protocol options."
33283
#~ "<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
33284
#~ "server configuration options."
33286
#~ "<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
33287
#~ "server configuration options."
33290
#~ "<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
33293
#~ "<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
33297
#~ "<emphasis>Services:</emphasis> displays configuration information for "
33298
#~ "services that are available to the network."
33300
#~ "<emphasis>Services:</emphasis> displays configuration information for "
33301
#~ "services that are available to the network."
33304
#~ "<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
33305
#~ "Objects</emphasis>, which allow you to assign a name to an IP address or "
33308
#~ "<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
33309
#~ "Objects</emphasis>, which allow you to assign a name to an IP address or "
33313
#~ "The <varname>max=8</varname> variable does not represent the maximum length "
33314
#~ "of a password. It only means that complexity requirements will not be "
33315
#~ "checked on passwords over 8 characters. You may want to look at the "
33316
#~ "<application>libpam-cracklib</application> package for additional password "
33317
#~ "entropy assistance."
33319
#~ "The <varname>max=8</varname> variable does not represent the maximum length "
33320
#~ "of a password. It only means that complexity requirements will not be "
33321
#~ "checked on passwords over 8 characters. You may want to look at the "
33322
#~ "<application>libpam-cracklib</application> package for additional password "
33323
#~ "entropy assistance."
33325
#~ msgid "Default Modules"
33326
#~ msgstr "Default Modules"
33329
#~ "If you would like to adjust the minimum length to 6 characters, change the "
33330
#~ "appropriate variable to min=6. The modification is outlined below."
33332
#~ "If you would like to adjust the minimum length to 6 characters, change the "
33333
#~ "appropriate variable to min=6. The modification is outlined below."
33339
#~ "<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
33340
#~ "configure it by clicking on the <quote>Configure</quote> icon."
33342
#~ "<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
33343
#~ "configure it by clicking on the <quote>Configure</quote> icon."
33346
#~ "<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
33347
#~ "<application>eBox</application> log file "
33348
#~ "<filename>/var/log/ebox/ebox.log</filename>."
33350
#~ "<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
33351
#~ "<application>eBox</application> log file "
33352
#~ "<filename>/var/log/ebox/ebox.log</filename>."
33354
#~ msgid "apt-cache rdepends ebox | uniq"
33355
#~ msgstr "apt-cache rdepends ebox | uniq"
33360
#~ "password required pam_unix.so nullok obscure min=6 max=8 md5\n"
33363
#~ "password required pam_unix.so nullok obscure min=6 max=8 md5\n"
33366
#~ "<emphasis>Events:</emphasis> this module has the ability to send alerts "
33367
#~ "through rss, jabber, and log file."
33369
#~ "<emphasis>Events:</emphasis> this module has the ability to send alerts "
33370
#~ "through rss, jabber, and log file."
33373
#~ "<emphasis>State:</emphasis> alerts on the state of "
33374
#~ "<application>eBox</application>, either up or down."
33376
#~ "<emphasis>State:</emphasis> alerts on the state of "
33377
#~ "<application>eBox</application>, either up or down."
33380
#~ "<emphasis>Backup:</emphasis> is used to backup "
33381
#~ "<application>eBox</application> configuration information, and the "
33382
#~ "<emphasis>Full Backup</emphasis> option allows you to save all eBox "
33383
#~ "information not included in the <emphasis>Configuration</emphasis> option "
33384
#~ "such as log files."
33386
#~ "<emphasis>Backup:</emphasis> is used to backup "
33387
#~ "<application>eBox</application> configuration information, and the "
33388
#~ "<emphasis>Full Backup</emphasis> option allows you to save all eBox "
33389
#~ "information not included in the <emphasis>Configuration</emphasis> option "
33390
#~ "such as log files."
33393
#~ "<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
33394
#~ "about disk usage."
33396
#~ "<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
33397
#~ "about disk usage."
33400
#~ "During the installation you will be asked to supply a password for the ebox "
33401
#~ "user. After installing eBox the web interface can be accessed from: "
33402
#~ "<emphasis>https://yourserver/ebox</emphasis>."
33404
#~ "During the installation you will be asked to supply a password for the ebox "
33405
#~ "user. After installing eBox the Web interface can be accessed from: "
33406
#~ "<emphasis>https://yourserver/ebox</emphasis>."
33409
#~ "<emphasis>General:</emphasis> allows you to set the language, port number, "
33410
#~ "and contains a change password form."
33412
#~ "<emphasis>General:</emphasis> allows you to set the language, port number, "
33413
#~ "and contains a change password form."
33416
#~ "<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
33417
#~ "drops below a configured percentage, 10% by default."
33419
#~ "<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
33420
#~ "drops below a configured percentage, 10% by default."
33423
#~ "<emphasis>System:</emphasis> contains options allowing configuration of "
33424
#~ "general eBox items."
33426
#~ "<emphasis>System:</emphasis> contains options allowing configuration of "
33427
#~ "general eBox items."
33430
#~ "This section provides a quick summary of the default "
33431
#~ "<application>eBox</application> modules."
33433
#~ "This section provides a quick summary of the default "
33434
#~ "<application>eBox</application> modules."
33437
#~ "The different <application>eBox</application> modules are split into "
33438
#~ "different packages, allowing you to only install those necessary. One way to "
33439
#~ "view the available packages is to enter the following from a terminal:"
33441
#~ "The different <application>eBox</application> modules are split into "
33442
#~ "different packages, allowing you to only install those necessary. One way to "
33443
#~ "view the available packages is to enter the following from a terminal:"
33446
#~ "By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
33447
#~ "new module is installed it will not be automatically enabled."
33449
#~ "By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
33450
#~ "new module is installed it will not be automatically enabled."
33453
#~ "Once you make a change that requires a Save, the link will change from green "
33456
#~ "Once you make a change that requires a Save, the link will change from green "
33460
#~ "An important thing to remember when using <application>eBox</application> is "
33461
#~ "that when configuring most modules there is a <emphasis>Change</emphasis> "
33462
#~ "button that implements the new configuration. After clicking the Change "
33463
#~ "button most, but not all, modules will then need to be "
33464
#~ "<emphasis>Saved</emphasis>. To save the new configuration click on the "
33465
#~ "<quote>Save changes</quote> link in the top right hand corner."
33467
#~ "An important thing to remember when using <application>eBox</application> is "
33468
#~ "that when configuring most modules there is a <emphasis>Change</emphasis> "
33469
#~ "button that implements the new configuration. After clicking the Change "
33470
#~ "button most, but not all, modules will then need to be "
33471
#~ "<emphasis>Saved</emphasis>. To save the new configuration click on the "
33472
#~ "<quote>Save changes</quote> link in the top right hand corner."
33474
#~ msgid "sudo /etc/init.d/samba restart"
33475
#~ msgstr "sudo /etc/init.d/samba restart"
33478
#~ "<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
33479
#~ "times in a short time period."
33481
#~ "<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
33482
#~ "times in a short time period."
33484
#~ msgid "Available Events:"
33485
#~ msgstr "Available Events:"
33487
#~ msgid "eBox Modules"
33488
#~ msgstr "eBox Modules"
33491
#~ "<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
33492
#~ "any issues arise."
33494
#~ "<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
33495
#~ "any issues arise."
33497
#~ msgid "sudo apt-get install ebox"
33498
#~ msgstr "sudo apt-get install ebox"
33500
#~ msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
33501
#~ msgstr "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
33504
#~ "There are many ways to remotely administer a Linux server. This chapter will "
33505
#~ "cover one of the most popular <application>SSH</application> as well as "
33506
#~ "<application>eBox</application>, a web based administration framework."
33508
#~ "There are many ways to remotely administer a Linux server. This chapter will "
33509
#~ "cover one of the most popular <application>SSH</application> as well as "
33510
#~ "<application>eBox</application>, a Web based administration framework."
33515
#~ "password required pam_unix.so nullok obscure min=4 max=8 md5\n"
33518
#~ "password required pam_unix.so nullok obscure min=4 max=8 md5\n"
33521
#~ "To install the <application>ebox</application> package, which contains the "
33522
#~ "default modules, enter the following:"
33524
#~ "To install the <application>ebox</application> package, which contains the "
33525
#~ "default modules, enter the following:"
33528
#~ "<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
33529
#~ "queried depending on the purge time configured."
33531
#~ "<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
33532
#~ "queried depending on the purge time configured."
33534
#~ msgid "Dispatchers:"
33535
#~ msgstr "Dispatchers:"
33538
#~ "By default, Ubuntu requires a minimum password length of 4 characters, as "
33539
#~ "well as some basic entropy checks. These values are controlled in the file "
33540
#~ "<filename>/etc/pam.d/common-password</filename>, which is outlined below."
33542
#~ "By default, Ubuntu requires a minimum password length of 4 characters, as "
33543
#~ "well as some basic entropy checks. These values are controlled in the file "
33544
#~ "<filename>/etc/pam.d/common-password</filename>, which is outlined below."
33547
#~ "There are several ways to automate the Ubuntu installation process, for "
33548
#~ "example using preseeds, kickstart, etc. Refer to the <ulink "
33549
#~ "url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
33550
#~ "Installation Guide</ulink> for details."
33552
#~ "There are several ways to automate the Ubuntu installation process, for "
33553
#~ "example using preseeds, kickstart, etc. Refer to the <ulink "
33554
#~ "url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
33555
#~ "Installation Guide</ulink> for details."
33558
#~ "As this example is based on <application>KVM</application> and Ubuntu 10.04 "
33559
#~ "LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
33560
#~ "multiple time, we'll invoke vmbuilder with the following first parameters:"
33562
#~ "As this example is based on <application>KVM</application> and Ubuntu 10.04 "
33563
#~ "LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
33564
#~ "multiple time, we'll invoke vmbuilder with the following first parameters:"
33567
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
33568
#~ "libvirt qemu:///system"
33570
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
33571
#~ "libvirt qemu:///system"
33574
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
33575
#~ "libvirt qemu:///system --ip 192.168.0.100"
33577
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
33578
#~ "libvirt qemu:///system --ip 192.168.0.100"
33581
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
33582
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
33584
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
33585
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
33590
#~ "deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
33592
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
33595
#~ "deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
33597
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
33598
#~ "universe multiverse \n"
33600
#~ "deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
33601
#~ "universe multiverse \n"
33602
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
33603
#~ "universe multiverse \n"
33605
#~ "deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
33606
#~ "universe multiverse \n"
33607
#~ "/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
33608
#~ "universe multiverse \n"
33610
#~ "deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
33611
#~ "restricted/debian-installer universe/debian-installer multiverse/debian-"
33613
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
33614
#~ "restricted/debian-installer universe/debian-installer multiverse/debian-"
33618
#~ "deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
33620
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
33623
#~ "deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
33625
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
33626
#~ "universe multiverse \n"
33628
#~ "deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
33629
#~ "universe multiverse \n"
33630
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
33631
#~ "universe multiverse \n"
33633
#~ "deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
33634
#~ "universe multiverse \n"
33635
#~ "/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
33636
#~ "universe multiverse \n"
33638
#~ "deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
33639
#~ "restricted/debian-installer universe/debian-installer multiverse/debian-"
33641
#~ "/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
33642
#~ "restricted/debian-installer universe/debian-installer multiverse/debian-"
33645
#~ msgid "OpenNebula"
33646
#~ msgstr "OpenNebula"
33649
#~ "<application>OpenNebula</application> allows virtual machines to be placed "
33650
#~ "and re-placed dynamically on a pool of physical resources. This allows a "
33651
#~ "virtual machine to be hosted from any location available."
33653
#~ "<application>OpenNebula</application> allows virtual machines to be placed "
33654
#~ "and re-placed dynamically on a pool of physical resources. This allows a "
33655
#~ "virtual machine to be hosted from any location available."
33658
#~ "This section will detail configuring an OpenNebula cluster using three "
33659
#~ "machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
33660
#~ "Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
33661
#~ "also need a bridge configured to allow the virtual machines access to the "
33662
#~ "local network. For details see <xref linkend=\"bridging\"/>."
33664
#~ "This section will detail configuring an OpenNebula cluster using three "
33665
#~ "machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
33666
#~ "Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
33667
#~ "also need a bridge configured to allow the virtual machines access to the "
33668
#~ "local network. For details see <xref linkend=\"bridging\"/>."
33670
#~ msgid "First, from a terminal on the Front-End enter:"
33671
#~ msgstr "First, from a terminal on the Front-End enter:"
33673
#~ msgid "sudo apt-get install opennebula"
33674
#~ msgstr "sudo apt-get install opennebula"
33676
#~ msgid "On each Compute Node install:"
33677
#~ msgstr "On each Compute Node install:"
33679
#~ msgid "sudo apt-get install opennebula-node"
33680
#~ msgstr "sudo apt-get install opennebula-node"
33683
#~ "In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
33684
#~ "to have a password. On each machine execute:"
33686
#~ "In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
33687
#~ "to have a password. On each machine execute:"
33689
#~ msgid "sudo passwd oneadmin"
33690
#~ msgstr "sudo passwd oneadmin"
33693
#~ "Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
33694
#~ "Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
33696
#~ "Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
33697
#~ "Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
33700
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
33701
#~ "oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
33703
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
33704
#~ "oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
33707
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
33708
#~ "oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
33710
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
33711
#~ "oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
33714
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
33715
#~ "/var/lib/one/.ssh/authorized_keys\""
33717
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
33718
#~ "/var/lib/one/.ssh/authorized_keys\""
33721
#~ "The SSH key for the Compute Nodes needs to be added to the "
33722
#~ "<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
33723
#~ "accomplish this <application>ssh</application> to each Compute Node as a "
33724
#~ "user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
33725
#~ "session, and execute the following to copy the SSH key from "
33726
#~ "<filename>~/.ssh/known_hosts</filename> to "
33727
#~ "<filename>/etc/ssh/ssh_known_hosts</filename>:"
33729
#~ "The SSH key for the Compute Nodes needs to be added to the "
33730
#~ "<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
33731
#~ "accomplish this <application>ssh</application> to each Compute Node as a "
33732
#~ "user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
33733
#~ "session, and execute the following to copy the SSH key from "
33734
#~ "<filename>~/.ssh/known_hosts</filename> to "
33735
#~ "<filename>/etc/ssh/ssh_known_hosts</filename>:"
33738
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
33739
#~ "/etc/ssh/ssh_known_hosts\""
33741
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
33742
#~ "/etc/ssh/ssh_known_hosts\""
33745
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
33746
#~ "/etc/ssh/ssh_known_hosts\""
33748
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
33749
#~ "/etc/ssh/ssh_known_hosts\""
33752
#~ "Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
33753
#~ "appropriate host names."
33755
#~ "Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
33756
#~ "appropriate host names."
33759
#~ "This allows the <emphasis>oneadmin</emphasis> to use "
33760
#~ "<application>scp</application>, without a password or manual intervention, "
33761
#~ "to deploy an image to the Compute Nodes."
33763
#~ "This allows the <emphasis>oneadmin</emphasis> to use "
33764
#~ "<application>scp</application>, without a password or manual intervention, "
33765
#~ "to deploy an image to the Compute Nodes."
33768
#~ "On the Front-End create a directory to store the VM images, giving the "
33769
#~ "<emphasis>oneadmin</emphasis> user access to the directory:"
33771
#~ "On the Front-End create a directory to store the VM images, giving the "
33772
#~ "<emphasis>oneadmin</emphasis> user access to the directory:"
33774
#~ msgid "sudo mkdir /var/lib/one/images"
33775
#~ msgstr "sudo mkdir /var/lib/one/images"
33777
#~ msgid "sudo chown oneadmin /var/lib/one/images/"
33778
#~ msgstr "sudo chown oneadmin /var/lib/one/images/"
33781
#~ "Finally, copy a virtual machine disk file into "
33782
#~ "<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
33783
#~ "machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
33784
#~ "and-vmbuilder\"/> for details."
33786
#~ "Finally, copy a virtual machine disk file into "
33787
#~ "<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
33788
#~ "machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
33789
#~ "and-vmbuilder\"/> for details."
33792
#~ "The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
33793
#~ "and virtual machines added to the cluster."
33795
#~ "The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
33796
#~ "and virtual machines added to the cluster."
33798
#~ msgid "From a terminal prompt enter:"
33799
#~ msgstr "From a terminal prompt enter:"
33801
#~ msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
33802
#~ msgstr "onehost create node01 im_kvm vmm_kvm tm_ssh"
33804
#~ msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
33805
#~ msgstr "onehost create node02 im_kvm vmm_kvm tm_ssh"
33808
#~ "Next, create a <emphasis>Virtual Network</emphasis> template file named "
33809
#~ "<filename>vnet01.template</filename>:"
33811
#~ "Next, create a <emphasis>Virtual Network</emphasis> template file named "
33812
#~ "<filename>vnet01.template</filename>:"
33817
#~ "NAME = \"LAN\"\n"
33818
#~ "TYPE = RANGED\n"
33819
#~ "BRIDGE = br0\n"
33820
#~ "NETWORK_SIZE = C\n"
33821
#~ "NETWORK_ADDRESS = 192.168.0.0\n"
33824
#~ "NAME = \"LAN\"\n"
33825
#~ "TYPE = RANGED\n"
33826
#~ "BRIDGE = br0\n"
33827
#~ "NETWORK_SIZE = C\n"
33828
#~ "NETWORK_ADDRESS = 192.168.0.0\n"
33831
#~ "Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
33833
#~ "Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
33836
#~ "Using the <application>onevnet</application> utility, add the virtual "
33837
#~ "network to OpenNebula:"
33839
#~ "Using the <application>onevnet</application> utility, add the virtual "
33840
#~ "network to OpenNebula:"
33842
#~ msgid "onevnet create vnet01.template"
33843
#~ msgstr "onevnet create vnet01.template"
33846
#~ "Now create a <emphasis>VM Template</emphasis> file named "
33847
#~ "<filename>vm01.template</filename>:"
33849
#~ "Now create a <emphasis>VM Template</emphasis> file named "
33850
#~ "<filename>vm01.template</filename>:"
33857
#~ "MEMORY = 512\n"
33859
#~ "OS = [ BOOT = hd ]\n"
33862
#~ " source = \"/var/lib/one/images/vm01.qcow2\",\n"
33863
#~ " target = \"hda\",\n"
33864
#~ " readonly = \"no\" ]\n"
33866
#~ "NIC = [ NETWORK=\"LAN\" ]\n"
33868
#~ "GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
33873
#~ "MEMORY = 512\n"
33875
#~ "OS = [ BOOT = hd ]\n"
33878
#~ " source = \"/var/lib/one/images/vm01.qcow2\",\n"
33879
#~ " target = \"hda\",\n"
33880
#~ " readonly = \"no\" ]\n"
33882
#~ "NIC = [ NETWORK=\"LAN\" ]\n"
33884
#~ "GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
33886
#~ msgid "Start the virtual machine using <application>onevm</application>:"
33887
#~ msgstr "Start the virtual machine using <application>onevm</application>:"
33889
#~ msgid "onevm submit vm01.template"
33890
#~ msgstr "onevm submit vm01.template"
33893
#~ "Use the <application>onevm list</application> option to view information "
33894
#~ "about virtual machines. Also, the <application>onevm show vm01</application> "
33895
#~ "option will display more details about a specific virtual machine."
33897
#~ "Use the <application>onevm list</application> option to view information "
33898
#~ "about virtual machines. Also, the <application>onevm show vm01</application> "
33899
#~ "option will display more details about a specific virtual machine."
33902
#~ "See the <ulink "
33903
#~ "url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
33904
#~ "> for more information."
33906
#~ "See the <ulink "
33907
#~ "url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
33908
#~ "> for more information."
33911
#~ "You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
33912
#~ "<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
33913
#~ "url=\"http://freenode.net\">Freenode</ulink>."
33915
#~ "You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
33916
#~ "<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
33917
#~ "url=\"http://freenode.net\">Freenode</ulink>."
33923
#~ "This chapter provides an overview of security related topics as they pertain "
33924
#~ "to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
33925
#~ "to protect your server and network from any number of potential security "
33928
#~ "This chapter provides an overview of security related topics as they pertain "
33929
#~ "to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
33930
#~ "to protect your server and network from any number of potential security "
33934
#~ "There should now be a new file, "
33935
#~ "<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
33936
#~ "Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
33937
#~ "</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
33938
#~ "file named after the hostname of the server where the certificate will be "
33939
#~ "installed. For example <filename>mail.example.com.crt</filename>, is a nice "
33940
#~ "descriptive name."
33942
#~ "There should now be a new file, "
33943
#~ "<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
33944
#~ "Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
33945
#~ "</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
33946
#~ "file named after the hostname of the server where the certificate will be "
33947
#~ "installed. For example <filename>mail.example.com.crt</filename>, is a nice "
33948
#~ "descriptive name."
33951
#~ "<application>eBox</application> is a web framework used to manage server "
33952
#~ "application configuration. The modular design of eBox allows you to pick and "
33953
#~ "choose which services you want to configure using eBox."
33955
#~ "<application>eBox</application> is a web framework used to manage server "
33956
#~ "application configuration. The modular design of eBox allows you to pick and "
33957
#~ "choose which services you want to configure using eBox."
33960
#~ "<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
33961
#~ "has logged something."
33963
#~ "<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
33964
#~ "has logged something."
33969
#~ "Unattended-Upgrade::Allowed-Origins {\n"
33970
#~ " \"Ubuntu lucid-security\";\n"
33971
#~ "// \"Ubuntu lucid-updates\";\n"
33975
#~ "Unattended-Upgrade::Allowed-Origins {\n"
33976
#~ " \"Ubuntu lucid-security\";\n"
33977
#~ "// \"Ubuntu lucid-updates\";\n"
33983
#~ "# no more prompting for CD-ROM please\n"
33984
#~ "# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
33985
#~ "main restricted\n"
33988
#~ "# no more prompting for CD-ROM please\n"
33989
#~ "# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
33990
#~ "main restricted\n"
33995
#~ "deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
33996
#~ "deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
33998
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
33999
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
34000
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
34001
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
34003
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
34004
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
34005
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
34006
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
34008
#~ "deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
34009
#~ "deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
34010
#~ "deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
34011
#~ "deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
34014
#~ "deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
34015
#~ "deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
34017
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
34018
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
34019
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
34020
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
34022
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
34023
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
34024
#~ "deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
34025
#~ "deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
34027
#~ "deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
34028
#~ "deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
34029
#~ "deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
34030
#~ "deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
34034
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
34035
#~ "nterfaces man page</ulink> has details on more options for "
34036
#~ "<filename>/etc/network/interfaces</filename>."
34039
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
34040
#~ "nterfaces man page</ulink> has details on more options for "
34041
#~ "<filename>/etc/network/interfaces</filename>."
34044
#~ "Adding additional <emphasis>schemas</emphasis> to "
34045
#~ "<application>slapd</application> requires the schema to be converted to LDIF "
34046
#~ "format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
34047
#~ "directory contains some schema files already converted to LDIF format as "
34048
#~ "demonstrated in the previous section. Fortunately, the "
34049
#~ "<application>slapd</application> program can be used to automate the "
34050
#~ "conversion. The following example will add the "
34051
#~ "<emphasis>dyngoup.schema</emphasis>:"
34053
#~ "Adding additional <emphasis>schemas</emphasis> to "
34054
#~ "<application>slapd</application> requires the schema to be converted to LDIF "
34055
#~ "format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
34056
#~ "directory contains some schema files already converted to LDIF format as "
34057
#~ "demonstrated in the previous section. Fortunately, the "
34058
#~ "<application>slapd</application> program can be used to automate the "
34059
#~ "conversion. The following example will add the "
34060
#~ "<emphasis>dyngoup.schema</emphasis>:"
34063
#~ "To view the Access Control List (ACL), use the "
34064
#~ "<application>ldapsearch</application> utility:"
34066
#~ "To view the Access Control List (ACL), use the "
34067
#~ "<application>ldapsearch</application> utility:"
34070
#~ "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
34073
#~ "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
34078
#~ "Enter LDAP Password: \n"
34079
#~ "dn: olcDatabase={1}hdb,cn=config\n"
34080
#~ "olcAccess: {0}to attrs=userPassword,shadowLastChange by "
34081
#~ "dn=\"cn=admin,dc=exampl\n"
34082
#~ " e,dc=com\" write by anonymous auth by self write by * none\n"
34083
#~ "olcAccess: {1}to dn.base=\"\" by * read\n"
34084
#~ "olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
34086
#~ "Enter LDAP Password: \n"
34087
#~ "dn: olcDatabase={1}hdb,cn=config\n"
34088
#~ "olcAccess: {0}to attrs=userPassword,shadowLastChange by "
34089
#~ "dn=\"cn=admin,dc=exampl\n"
34090
#~ " e,dc=com\" write by anonymous auth by self write by * none\n"
34091
#~ "olcAccess: {1}to dn.base=\"\" by * read\n"
34092
#~ "olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
34095
#~ "sudo cp /etc/ldapscripts/ldapadduser.template.sample "
34096
#~ "/etc/ldapscripts/ldapadduser.template"
34098
#~ "sudo cp /etc/ldapscripts/ldapadduser.template.sample "
34099
#~ "/etc/ldapscripts/ldapadduser.template"
34102
#~ "Notice the <emphasis><ask></emphasis> option used for the "
34103
#~ "<emphasis>cn</emphasis> value. Using <ask> will configure "
34104
#~ "<application>ldapadduser</application> to prompt you for the attribute value "
34105
#~ "during user creation."
34107
#~ "Notice the <emphasis><ask></emphasis> option used for the "
34108
#~ "<emphasis>cn</emphasis> value. Using <ask> will configure "
34109
#~ "<application>ldapadduser</application> to prompt you for the attribute value "
34110
#~ "during user creation."
34113
#~ "Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
34114
#~ "tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
34116
#~ "Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
34117
#~ "tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
34119
#~ msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
34120
#~ msgstr "sudo mv keytab.kdc01 /etc/kr5b.keytab"
34123
#~ "A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
34124
#~ "Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
34126
#~ "A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
34127
#~ "Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
34130
#~ "This section will cover integrating <application>Amavisd-new</application>, "
34131
#~ "<application>Spamassassin</application>, and "
34132
#~ "<application>ClamAV</application> with the "
34133
#~ "<application>Postfix</application> Mail Transport Agent (MTA). "
34134
#~ "<application>Postfix</application> can also check email validity by passing "
34135
#~ "it through external content filters. These filters can sometimes determine "
34136
#~ "if a message is spam without needing to process it with more resource "
34137
#~ "intensive applications. Two common filters are <application>dkim-"
34138
#~ "filter</application> and <application>python-policyd-spf</application>."
34140
#~ "This section will cover integrating <application>Amavisd-new</application>, "
34141
#~ "<application>Spamassassin</application>, and "
34142
#~ "<application>ClamAV</application> with the "
34143
#~ "<application>Postfix</application> Mail Transport Agent (MTA). "
34144
#~ "<application>Postfix</application> can also check e-mail validity by passing "
34145
#~ "it through external content filters. These filters can sometimes determine "
34146
#~ "if a message is spam without needing to process it with more resource "
34147
#~ "intensive applications. Two common filters are <application>dkim-"
34148
#~ "filter</application> and <application>python-policyd-spf</application>."
34151
#~ "<application>dkim-filter</application> implements a Sendmail Mail Filter "
34152
#~ "(Milter) for the DomainKeys Identified Mail (DKIM) standard."
34154
#~ "<application>dkim-filter</application> implements a Sendmail Mail Filter "
34155
#~ "(Milter) for the DomainKeys Identified Mail (DKIM) standard."
34158
#~ "The message is passed through any external filters <application>dkim-"
34159
#~ "filter</application> and <application>python-policyd-spf</application> in "
34162
#~ "The message is passed through any external filters <application>dkim-"
34163
#~ "filter</application> and <application>python-policyd-spf</application> in "
34166
#~ msgid "sudo apt-get install dkim-filter python-policyd-spf"
34167
#~ msgstr "sudo apt-get install dkim-filter python-policyd-spf"
34170
#~ "<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
34171
#~ "that have a valid signature from \"example.com\". This is usually used for "
34172
#~ "discussion groups that sign thier messages."
34174
#~ "<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
34175
#~ "that have a valid signature from \"example.com\". This is usually used for "
34176
#~ "discussion groups that sign thier messages."
34179
#~ "Depending on where the source was extracted, configure a web browser to "
34180
#~ "serve the files."
34182
#~ "Depending on where the source was extracted, configure a web browser to "
34183
#~ "serve the files."
34186
#~ "This guide assumes you have a basic understanding of your Ubuntu system. "
34187
#~ "Some installation details are covered in <xref linkend=\"installation\"/>, "
34188
#~ "but if you need detailed instructions installing Ubuntu please refer to the "
34189
#~ "<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
34190
#~ "Installation Guide</ulink>."
34192
#~ "This guide assumes you have a basic understanding of your Ubuntu system. "
34193
#~ "Some installation details are covered in <xref linkend=\"installation\"/>, "
34194
#~ "but if you need detailed instructions installing Ubuntu please refer to the "
34195
#~ "<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
34196
#~ "Installation Guide</ulink>."
34199
#~ "This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
34200
#~ "Edition. For more detailed instructions, please refer to the <ulink "
34201
#~ "url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
34202
#~ "Installation Guide</ulink>."
34204
#~ "This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
34205
#~ "Edition. For more detailed instructions, please refer to the <ulink "
34206
#~ "url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
34207
#~ "Installation Guide</ulink>."
34210
#~ "Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
34211
#~ "x86 and AMD64. The table below lists recommended hardware specifications. "
34212
#~ "Depending on your needs, you might manage with less than this. However, most "
34213
#~ "users risk being frustrated if they ignore these suggestions."
34215
#~ "Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
34216
#~ "x86 and AMD64. The table below lists recommended hardware specifications. "
34217
#~ "Depending on your needs, you might manage with less than this. However, most "
34218
#~ "users risk being frustrated if they ignore these suggestions."
34221
#~ "To see all kernel configuration options you can look through "
34222
#~ "<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
34223
#~ "url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
34224
#~ "great resource on the options available."
34226
#~ "To see all kernel configuration options you can look through "
34227
#~ "<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
34228
#~ "url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
34229
#~ "great resource on the options available."
34232
#~ "Once again, for detailed instructions see the <ulink "
34233
#~ "url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
34234
#~ "Installation Guide</ulink>."
34236
#~ "Once again, for detailed instructions see the <ulink "
34237
#~ "url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
34238
#~ "Installation Guide</ulink>."
34241
#~ "Even though you are supposed to be able to <emphasis>expand</emphasis> an "
34242
#~ "ext3 or ext4 filesystem without unmounting it first, it may be a good "
34243
#~ "pratice to unmount it anyway and check the filesystem, so that you don't "
34244
#~ "mess up the day you want to reduce a logical volume (in that case unmounting "
34245
#~ "first is compulsory)."
34247
#~ "Even though you are supposed to be able to <emphasis>expand</emphasis> an "
34248
#~ "ext3 or ext4 filesystem without unmounting it first, it may be a good "
34249
#~ "pratice to unmount it anyway and check the filesystem, so that you don't "
34250
#~ "mess up the day you want to reduce a logical volume (in that case unmounting "
34251
#~ "first is compulsory)."
34254
#~ "There a many ways to configure <application>BIND9</application>. Some of the "
34255
#~ "most common configurations are a caching nameserver, primary master, and a "
34256
#~ "as a secondary master."
34258
#~ "There a many ways to configure <application>BIND9</application>. Some of the "
34259
#~ "most common configurations are a caching nameserver, primary master, and a "
34260
#~ "as a secondary master."
34263
#~ "The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
34264
#~ "incremented on each changes as well. For each <emphasis>A record</emphasis> "
34265
#~ "you configure in <filename>/etc/bind/db.example.com</filename> you need to "
34266
#~ "create a <emphasis>PTR record</emphasis> in "
34267
#~ "<filename>/etc/bind/db.192</filename>."
34269
#~ "The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
34270
#~ "incremented on each changes as well. For each <emphasis>A record</emphasis> "
34271
#~ "you configure in <filename>/etc/bind/db.example.com</filename> you need to "
34272
#~ "create a <emphasis>PTR record</emphasis> in "
34273
#~ "<filename>/etc/bind/db.192</filename>."
34276
#~ "The default directory for non-authoritative zone files is "
34277
#~ "<filename>/var/cache/bind/</filename>. This directory is also configured in "
34278
#~ "<application>AppArmor</application> to allow the "
34279
#~ "<application>named</application> daemon to write to. For more information on "
34280
#~ "AppArmor see <xref linkend=\"apparmor\"/>."
34282
#~ "The default directory for non-authoritative zone files is "
34283
#~ "<filename>/var/cache/bind/</filename>. This directory is also configured in "
34284
#~ "<application>AppArmor</application> to allow the "
34285
#~ "<application>named</application> daemon to write to. For more information on "
34286
#~ "AppArmor see <xref linkend=\"apparmor\"/>."
34289
#~ "After executing the above command, the data will start syncing with the "
34290
#~ "secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
34291
#~ "the following:"
34293
#~ "After executing the above command, the data will start syncing with the "
34294
#~ "secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
34295
#~ "the following:"
34298
#~ "The IRC admin details can be configured by editting the following line:"
34300
#~ "The IRC admin details can be configured by editting the following line:"
34303
#~ "Another option is to copy the archive file to an external hard drive which "
34304
#~ "can then be taken off site. Since the price of external hard drives continue "
34305
#~ "to decrease it may be cost affective to use two drives for each archive "
34306
#~ "level. This would allow you to have one external drive attached to the "
34307
#~ "backup server and one in another location."
34309
#~ "Another option is to copy the archive file to an external hard drive which "
34310
#~ "can then be taken off site. Since the price of external hard drives continue "
34311
#~ "to decrease it may be cost affective to use two drives for each archive "
34312
#~ "level. This would allow you to have one external drive attached to the "
34313
#~ "backup server and one in another location."
34316
#~ "<application>Bacula</application> is a backup program enabling you to "
34317
#~ "backup, restore, and verify data across your network. There are Bacula "
34318
#~ "clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
34319
#~ "wide solution."
34321
#~ "<application>Bacula</application> is a backup program enabling you to "
34322
#~ "backup, restore, and verify data across your network. There are Bacula "
34323
#~ "clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
34324
#~ "wide solution."
34327
#~ "For more <application>smbclient</application> options see the man page: "
34328
#~ "<command>man smbclient</command>, also available <ulink "
34329
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
34332
#~ "For more <application>smbclient</application> options see the man page: "
34333
#~ "<command>man smbclient</command>, also available <ulink "
34334
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
34338
#~ "The <application>mount.cifs</application><ulink "
34339
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
34340
#~ "an page</ulink> is also useful for more detailed information."
34342
#~ "The <application>mount.cifs</application><ulink "
34343
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
34344
#~ "an page</ulink> is also useful for more detailed information."
34347
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
34348
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
34349
#~ "user user --name user --pass default"
34351
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
34352
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
34353
#~ "user user --name user --pass default"
34356
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
34357
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
34358
#~ "user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
34359
#~ "prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
34360
#~ "dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
34361
#~ "addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
34362
#~ "addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
34363
#~ "upgrades --addpkg acpid --ppa nijaba \\ --mirror "
34364
#~ "http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
34365
#~ "firstlogin login.sh es"
34367
#~ "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
34368
#~ "-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
34369
#~ "user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
34370
#~ "prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
34371
#~ "dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
34372
#~ "addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
34373
#~ "addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
34374
#~ "upgrades --addpkg acpid --ppa nijaba \\ --mirror "
34375
#~ "http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
34376
#~ "firstlogin login.sh es"
34379
#~ "This tutorial covers <application>UEC</application> installation from the "
34380
#~ "Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
34381
#~ "with a single system serving as the <emphasis>\"all-in-one "
34382
#~ "controller\"</emphasis>, and one or more nodes attached."
34384
#~ "This tutorial covers <application>UEC</application> installation from the "
34385
#~ "Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
34386
#~ "with a single system serving as the <emphasis>\"all-in-one "
34387
#~ "controller\"</emphasis>, and one or more nodes attached."
34392
#~ msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
34393
#~ msgstr "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
34396
#~ "Once one or more Ubuntu Server node(s) are installed and running the "
34397
#~ "<application>eucalyptus-nc</application> service, log onto the "
34398
#~ "<emphasis>Cloud Controller (CLC)</emphasis> and run:"
34400
#~ "Once one or more Ubuntu Server node(s) are installed and running the "
34401
#~ "<application>eucalyptus-nc</application> service, log onto the "
34402
#~ "<emphasis>Cloud Controller (CLC)</emphasis> and run:"
34404
#~ msgid "sudo euca_conf --no-rsync --discover-nodes"
34405
#~ msgstr "sudo euca_conf --no-rsync --discover-nodes"
34408
#~ "This will discover the systems on the network running the "
34409
#~ "<application>eucalyptus-nc</application> service, and the administrator can "
34410
#~ "confirm the registration of each node by its IP address."
34412
#~ "This will discover the systems on the network running the "
34413
#~ "<application>eucalyptus-nc</application> service, and the administrator can "
34414
#~ "confirm the registration of each node by its IP address."
34417
#~ "If you get prompted for passwords, or receive errors from scp, you may need "
34418
#~ "to revisit the key synchronization instructions at <ulink "
34419
#~ "url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
34420
#~ "lation</ulink>."
34422
#~ "If you get prompted for passwords, or receive errors from scp, you may need "
34423
#~ "to revisit the key synchronisation instructions at <ulink "
34424
#~ "url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
34425
#~ "lation</ulink>."
34428
#~ "Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
34429
#~ "Eucalyptus environment:"
34431
#~ "Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
34432
#~ "Eucalyptus environment:"
34435
#~ "You may additionally wish to add this command to your "
34436
#~ "<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
34437
#~ "set up automatically when you log in. Eucalyptus treats this set of "
34438
#~ "credentials as <emphasis>'administrator'</emphasis> credentials that allow "
34439
#~ "the holder global privileges across the cloud. As such, they should be "
34440
#~ "protected in the same way that other elevated-priority access is protected "
34441
#~ "(e.g. should not be made visible to the general user population)."
34443
#~ "You may additionally wish to add this command to your "
34444
#~ "<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
34445
#~ "set up automatically when you log in. Eucalyptus treats this set of "
34446
#~ "credentials as <emphasis>'administrator'</emphasis> credentials that allow "
34447
#~ "the holder global privileges across the cloud. As such, they should be "
34448
#~ "protected in the same way that other elevated-priority access is protected "
34449
#~ "(e.g. should not be made visible to the general user population)."
34452
#~ "echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
34454
#~ "echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
34456
#~ msgid "Running an Image"
34457
#~ msgstr "Running an Image"
34462
#~ "if [ ! -e ~/.euca/mykey.priv ]; then\n"
34463
#~ " touch ~/.euca/mykey.priv\n"
34464
#~ " chmod 0600 ~/.euca/mykey.priv\n"
34465
#~ " euca-add-keypair mykey > ~/.euca/mykey.priv\n"
34469
#~ "if [ ! -e ~/.euca/mykey.priv ]; then\n"
34470
#~ " touch ~/.euca/mykey.priv\n"
34471
#~ " chmod 0600 ~/.euca/mykey.priv\n"
34472
#~ " euca-add-keypair mykey > ~/.euca/mykey.priv\n"
34475
#~ msgid "euca-describe-groups"
34476
#~ msgstr "euca-describe-groups"
34478
#~ msgid "euca-run-instances $EMI -k mykey -t c1.medium"
34479
#~ msgstr "euca-run-instances $EMI -k mykey -t c1.medium"
34482
#~ "Also, the <ulink "
34483
#~ "url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
34484
#~ "Wiki</ulink> page has more details."
34486
#~ "Also, the <ulink "
34487
#~ "url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
34488
#~ "Wiki</ulink> page has more details."
34491
#~ "Also, for more <application>ecryptfs</application> options see the <ulink "
34492
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
34493
#~ "yptfs man page</ulink>."
34495
#~ "Also, for more <application>ecryptfs</application> options see the <ulink "
34496
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
34497
#~ "yptfs man page</ulink>."
34500
#~ "<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
34501
#~ "the collected information to Launchpad as part of the the process of filing "
34502
#~ "a bug report. You will be given the opportunity to describe the situation "
34503
#~ "that led up to the occurrance of the bug."
34505
#~ "<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
34506
#~ "the collected information to Launchpad as part of the the process of filing "
34507
#~ "a bug report. You will be given the opportunity to describe the situation "
34508
#~ "that led up to the occurrance of the bug."
34511
#~ "The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
34512
#~ "Wiki</ulink> page has more details."
34514
#~ "The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
34515
#~ "Wiki</ulink> page has more details."
34518
#~ "For more information also see the <ulink url=\"http://ebox-"
34519
#~ "platform.com/\">eBox Home Page</ulink>."
34521
#~ "For more information also see the <ulink url=\"http://ebox-"
34522
#~ "platform.com/\">eBox Home Page</ulink>."
34525
#~ "For more <application>dpkg</application> details see the <ulink "
34526
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
34527
#~ "man page</ulink>."
34529
#~ "For more <application>dpkg</application> details see the <ulink "
34530
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
34531
#~ "man page</ulink>."
34534
#~ "The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
34535
#~ "HOWTO</ulink> and <ulink "
34536
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
34537
#~ "get man page</ulink> contain useful information regarding <application>apt-"
34538
#~ "get</application> usage."
34540
#~ "The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
34541
#~ "HOWTO</ulink> and <ulink "
34542
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
34543
#~ "get man page</ulink> contain useful information regarding <application>apt-"
34544
#~ "get</application> usage."
34547
#~ "See the <ulink "
34548
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
34549
#~ "de man page</ulink> for more <application>aptitude</application> options."
34551
#~ "See the <ulink "
34552
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
34553
#~ "de man page</ulink> for more <application>aptitude</application> options."
34556
#~ "See the <ulink "
34557
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
34558
#~ "update-motd man page</ulink> for more options available to "
34559
#~ "<application>update-motd</application>."
34561
#~ "See the <ulink "
34562
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
34563
#~ "update-motd man page</ulink> for more options available to "
34564
#~ "<application>update-motd</application>."
34567
#~ "<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
34568
#~ "of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
34569
#~ "role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
34570
#~ "authoritative and that the system should not try to continue hunting for an "
34573
#~ "<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
34574
#~ "of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
34575
#~ "role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
34576
#~ "authoritative and that the system should not try to continue hunting for an "
34581
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
34582
#~ "lient man page</ulink> has details on more options for configuring DHCP "
34583
#~ "client settings."
34586
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
34587
#~ "lient man page</ulink> has details on more options for configuring DHCP "
34588
#~ "client settings."
34591
#~ "For more information on DNS client configuration see the <ulink "
34592
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
34593
#~ "olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
34594
#~ "url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
34595
#~ "Administrator's Guide</ulink> is a good source of resolver and name service "
34596
#~ "configuration information."
34598
#~ "For more information on DNS client configuration see the <ulink "
34599
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
34600
#~ "olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
34601
#~ "url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
34602
#~ "Administrator's Guide</ulink> is a good source of resolver and name service "
34603
#~ "configuration information."
34606
#~ "For more information on <emphasis>bridging</emphasis> see the <ulink "
34607
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
34608
#~ "man page</ulink> and the Linux Foundation's <ulink "
34609
#~ "url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
34611
#~ "For more information on <emphasis>bridging</emphasis> see the <ulink "
34612
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
34613
#~ "man page</ulink> and the Linux Foundation's <ulink "
34614
#~ "url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
34617
#~ "There are man pages for <ulink "
34618
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
34619
#~ "nk> and <ulink "
34620
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
34621
#~ "that contain more useful information."
34623
#~ "There are man pages for <ulink "
34624
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
34625
#~ "nk> and <ulink "
34626
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
34627
#~ "that contain more useful information."
34630
#~ "For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
34631
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
34632
#~ "hcpd.conf man page</ulink>."
34634
#~ "For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
34635
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
34636
#~ "hcpd.conf man page</ulink>."
34638
#~ msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
34639
#~ msgstr "Copy the <filename>cacert.pem</filename> to the dicretory:"
34642
#~ "For more information on <application>kdb5_ldap_util</application> see <ulink "
34643
#~ "url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
34644
#~ "admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
34645
#~ "5.6</ulink> and the <ulink "
34646
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
34647
#~ "\">kdb5_ldap_util man page</ulink>."
34649
#~ "For more information on <application>kdb5_ldap_util</application> see <ulink "
34650
#~ "url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
34651
#~ "admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
34652
#~ "5.6</ulink> and the <ulink "
34653
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
34654
#~ "\">kdb5_ldap_util man page</ulink>."
34657
#~ "Another useful link is the <ulink "
34658
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
34659
#~ "b5.conf man page</ulink>."
34661
#~ "Another useful link is the <ulink "
34662
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
34663
#~ "b5.conf man page</ulink>."
34666
#~ "For more information on <application>fdisk</application> see the <ulink "
34667
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
34668
#~ "man page</ulink>."
34670
#~ "For more information on <application>fdisk</application> see the <ulink "
34671
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
34672
#~ "man page</ulink>."
34675
#~ "For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
34676
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
34677
#~ "vsftpd.conf man page</ulink>."
34679
#~ "For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
34680
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
34681
#~ "vsftpd.conf man page</ulink>."
34685
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
34686
#~ "bd.conf man page</ulink> contains details on the options not covered in this "
34690
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
34691
#~ "bd.conf man page</ulink> contains details on the options not covered in this "
34695
#~ "Also, see the <ulink "
34696
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
34697
#~ "adm man page</ulink>."
34699
#~ "Also, see the <ulink "
34700
#~ "url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
34701
#~ "adm man page</ulink>."