« back to all changes in this revision
Viewing changes to serverguide/po/km.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/km.po
1
# Khmer translation for ubuntu-docs
2
# Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2009.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-04-25 19:14+0000\n"
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
"Language-Team: Khmer <km@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:46+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr ""
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr ""
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr ""
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr ""
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
48
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
49
msgid "Introduction"
50
msgstr "បណ្តើម"
51
52
#: serverguide/C/windows-networking.xml:27(para)
53
msgid ""
54
"Successfully networking your Ubuntu system with Windows clients involves "
55
"providing and integrating with services common to Windows environments. Such "
56
"services assist the sharing of data and information about the computers and "
57
"users involved in the network, and may be classified under three major "
58
"categories of functionality:"
59
msgstr ""
60
61
#: serverguide/C/windows-networking.xml:35(para)
62
msgid ""
63
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
64
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
65
"folders, volumes, and the sharing of printers throughout the network."
66
msgstr ""
67
68
#: serverguide/C/windows-networking.xml:41(para)
69
msgid ""
70
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
71
"information about the computers and users of the network with such "
72
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
73
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
74
msgstr ""
75
76
#: serverguide/C/windows-networking.xml:48(para)
77
msgid ""
78
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
79
"the identity of a computer or user of the network and determining the "
80
"information the computer or user is authorized to access using such "
81
"principles and technologies as file permissions, group policies, and the "
82
"Kerberos authentication service."
83
msgstr ""
84
85
#: serverguide/C/windows-networking.xml:56(para)
86
msgid ""
87
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
88
"clients and share network resources among them. One of the principal pieces "
89
"of software your Ubuntu system includes for Windows networking is the Samba "
90
"suite of SMB server applications and tools."
91
msgstr ""
92
93
#: serverguide/C/windows-networking.xml:62(para)
94
msgid ""
95
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
96
"of the common Samba use cases, and how to install and configure the "
97
"necessary packages. Additional detailed documentation and information on "
98
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
99
"website</ulink>."
100
msgstr ""
101
102
#: serverguide/C/windows-networking.xml:70(title)
103
msgid "Samba File Server"
104
msgstr "ខំព្យូរើ បំរើសេវា ឯកសារ Samba"
105
106
#: serverguide/C/windows-networking.xml:72(para)
107
msgid ""
108
"One of the most common ways to network Ubuntu and Windows computers is to "
109
"configure Samba as a File Server. This section covers setting up a "
110
"<application>Samba</application> server to share files with Windows clients."
111
msgstr ""
112
113
#: serverguide/C/windows-networking.xml:77(para)
114
msgid ""
115
"The server will be configured to share files with any client on the network "
116
"without prompting for a password. If your environment requires stricter "
117
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
118
msgstr ""
119
120
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
121
msgid "Installation"
122
msgstr "ការតំលើង"
123
124
#: serverguide/C/windows-networking.xml:85(para)
125
msgid ""
126
"The first step is to install the <application>samba</application> package. "
127
"From a terminal prompt enter:"
128
msgstr ""
129
130
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
131
msgid "sudo apt-get install samba"
132
msgstr "sudo apt-get install samba"
133
134
#: serverguide/C/windows-networking.xml:93(para)
135
msgid ""
136
"That's all there is to it; you are now ready to configure Samba to share "
137
"files."
138
msgstr ""
139
140
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
141
msgid "Configuration"
142
msgstr "ការកំណត់ទំរង់"
143
144
#: serverguide/C/windows-networking.xml:101(para)
145
msgid ""
146
"The main Samba configuration file is located in "
147
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
148
"a significant amount of comments in order to document various configuration "
149
"directives."
150
msgstr ""
151
152
#: serverguide/C/windows-networking.xml:106(para)
153
msgid ""
154
"Not all the available options are included in the default configuration "
155
"file. See the <filename>smb.conf</filename><application>man</application> "
156
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
157
"Collection/\">Samba HOWTO Collection</ulink> for more details."
158
msgstr ""
159
160
#: serverguide/C/windows-networking.xml:116(para)
161
msgid ""
162
"First, edit the following key/value pairs in the "
163
"<emphasis>[global]</emphasis> section of "
164
"<filename>/etc/samba/smb.conf</filename>:"
165
msgstr ""
166
167
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
168
#, no-wrap
169
msgid ""
170
"\n"
171
" workgroup = EXAMPLE\n"
172
" ...\n"
173
" security = user\n"
174
msgstr ""
175
176
#: serverguide/C/windows-networking.xml:127(para)
177
msgid ""
178
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
179
"section, and is commented by default. Also, change "
180
"<emphasis>EXAMPLE</emphasis> to better match your environment."
181
msgstr ""
182
183
#: serverguide/C/windows-networking.xml:135(para)
184
msgid ""
185
"Create a new section at the bottom of the file, or uncomment one of the "
186
"examples, for the directory to be shared:"
187
msgstr ""
188
189
#: serverguide/C/windows-networking.xml:139(programlisting)
190
#, no-wrap
191
msgid ""
192
"\n"
193
"[share]\n"
194
" comment = Ubuntu File Server Share\n"
195
" path = /srv/samba/share\n"
196
" browsable = yes\n"
197
" guest ok = yes\n"
198
" read only = no\n"
199
" create mask = 0755\n"
200
msgstr ""
201
202
#: serverguide/C/windows-networking.xml:151(para)
203
msgid ""
204
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
205
"fit your needs."
206
msgstr ""
207
208
#: serverguide/C/windows-networking.xml:156(para)
209
msgid "<emphasis>path:</emphasis> the path to the directory to share."
210
msgstr ""
211
212
#: serverguide/C/windows-networking.xml:159(para)
213
msgid ""
214
"This example uses <filename>/srv/samba/sharename</filename> because, "
215
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
216
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
217
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
218
"specific data should be served. Technically Samba shares can be placed "
219
"anywhere on the filesystem as long as the permissions are correct, but "
220
"adhering to standards is recommended."
221
msgstr ""
222
223
#: serverguide/C/windows-networking.xml:168(para)
224
msgid ""
225
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
226
"directory using <application>Windows Explorer</application>."
227
msgstr ""
228
229
#: serverguide/C/windows-networking.xml:174(para)
230
msgid ""
231
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
232
"without supplying a password."
233
msgstr ""
234
235
#: serverguide/C/windows-networking.xml:179(para)
236
msgid ""
237
"<emphasis>read only:</emphasis> determines if the share is read only or if "
238
"write privileges are granted. Write privileges are allowed only when the "
239
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
240
"is <emphasis>yes</emphasis>, then access to the share is read only."
241
msgstr ""
242
243
#: serverguide/C/windows-networking.xml:184(para)
244
msgid ""
245
"<emphasis>create mask:</emphasis> determines the permissions new files will "
246
"have when created."
247
msgstr ""
248
249
#: serverguide/C/windows-networking.xml:193(para)
250
msgid ""
251
"Now that <application>Samba</application> is configured, the directory needs "
252
"to be created and the permissions changed. From a terminal enter:"
253
msgstr ""
254
255
#: serverguide/C/windows-networking.xml:199(command)
256
msgid "sudo mkdir -p /srv/samba/share"
257
msgstr "sudo mkdir -p /srv/samba/share"
258
259
#: serverguide/C/windows-networking.xml:200(command)
260
msgid "sudo chown nobody.nogroup /srv/samba/share/"
261
msgstr ""
262
263
#: serverguide/C/windows-networking.xml:204(para)
264
msgid ""
265
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
266
"directory tree if it doesn't exist. Change the share name to fit your "
267
"environment."
268
msgstr ""
269
270
#: serverguide/C/windows-networking.xml:213(para)
271
msgid ""
272
"Finally, restart the <application>samba</application> services to enable the "
273
"new configuration:"
274
msgstr ""
275
276
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
277
msgid "sudo restart smbd"
278
msgstr ""
279
280
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
281
msgid "sudo restart nmbd"
282
msgstr ""
283
284
#: serverguide/C/windows-networking.xml:226(para)
285
msgid ""
286
"Once again, the above configuration gives all access to any client on the "
287
"local network. For a more secure configuration see <xref linkend=\"samba-"
288
"fileprint-security\"/>."
289
msgstr ""
290
291
#: serverguide/C/windows-networking.xml:232(para)
292
msgid ""
293
"From a Windows client you should now be able to browse to the Ubuntu file "
294
"server and see the shared directory. To check that everything is working try "
295
"creating a directory from Windows."
296
msgstr ""
297
298
#: serverguide/C/windows-networking.xml:237(para)
299
msgid ""
300
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
301
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
302
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
303
"share actually exists and the permissions are correct."
304
msgstr ""
305
306
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
307
msgid "Resources"
308
msgstr "ធនធាន"
309
310
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
311
msgid ""
312
"For in depth Samba configurations see the <ulink "
313
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
314
"Collection</ulink>"
315
msgstr ""
316
317
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
318
msgid ""
319
"The guide is also available in <ulink "
320
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
321
"format</ulink>."
322
msgstr ""
323
324
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
325
msgid ""
326
"O'Reilly's <ulink "
327
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
328
"another good reference."
329
msgstr ""
330
331
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
332
msgid ""
333
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
334
"</ulink> page."
335
msgstr ""
336
337
#: serverguide/C/windows-networking.xml:275(title)
338
msgid "Samba Print Server"
339
msgstr "ខំព្យូរើបំរើសេវា បោះពុម្ភ Samba"
340
341
#: serverguide/C/windows-networking.xml:277(para)
342
msgid ""
343
"Another common use of Samba is to configure it to share printers installed, "
344
"either locally or over the network, on an Ubuntu server. Similar to <xref "
345
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
346
"any client on the local network to use the installed printers without "
347
"prompting for a username and password."
348
msgstr ""
349
350
#: serverguide/C/windows-networking.xml:283(para)
351
msgid ""
352
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
353
"security\"/>."
354
msgstr ""
355
356
#: serverguide/C/windows-networking.xml:290(para)
357
msgid ""
358
"Before installing and configuring Samba it is best to already have a working "
359
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
360
"for details."
361
msgstr ""
362
363
#: serverguide/C/windows-networking.xml:295(para)
364
msgid ""
365
"To install the <application>samba</application> package, from a terminal "
366
"enter:"
367
msgstr ""
368
369
#: serverguide/C/windows-networking.xml:306(para)
370
msgid ""
371
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
372
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
373
"network, and change <emphasis>security</emphasis> to <emphasis "
374
"role=\"italic\">share</emphasis>:"
375
msgstr ""
376
377
#: serverguide/C/windows-networking.xml:318(para)
378
msgid ""
379
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
380
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
381
msgstr ""
382
383
#: serverguide/C/windows-networking.xml:322(programlisting)
384
#, no-wrap
385
msgid ""
386
"\n"
387
" browsable = yes\n"
388
" guest ok = yes\n"
389
msgstr ""
390
391
#: serverguide/C/windows-networking.xml:327(para)
392
msgid "After editing <filename>smb.conf</filename> restart Samba:"
393
msgstr "ក្រោយកំណែប្រែ <filename>smb.conf</filename> ផ្តើមឡើងវិញ Samba:"
394
395
#: serverguide/C/windows-networking.xml:336(para)
396
msgid ""
397
"The default Samba configuration will automatically share any printers "
398
"installed. Simply install the printer locally on your Windows clients."
399
msgstr ""
400
401
#: serverguide/C/windows-networking.xml:365(para)
402
msgid ""
403
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
404
"more information on configuring CUPS."
405
msgstr ""
406
407
#: serverguide/C/windows-networking.xml:379(title)
408
msgid "Securing a Samba File and Print Server"
409
msgstr ""
410
411
#: serverguide/C/windows-networking.xml:382(title)
412
msgid "Samba Security Modes"
413
msgstr "បែបសុវត្ថភាព Samba"
414
415
#: serverguide/C/windows-networking.xml:384(para)
416
msgid ""
417
"There are two security levels available to the Common Internet Filesystem "
418
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
419
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
420
"allows more flexibility, providing four ways of implementing user-level "
421
"security and one way to implement share-level:"
422
msgstr ""
423
424
#: serverguide/C/windows-networking.xml:393(para)
425
msgid ""
426
"<emphasis>security = user:</emphasis> requires clients to supply a username "
427
"and password to connect to shares. Samba user accounts are separate from "
428
"system accounts, but the <application>libpam-smbpass</application> package "
429
"will sync system users and passwords with the Samba user database."
430
msgstr ""
431
432
#: serverguide/C/windows-networking.xml:400(para)
433
msgid ""
434
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
435
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
436
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
437
"linkend=\"samba-dc\"/> for further information."
438
msgstr ""
439
440
#: serverguide/C/windows-networking.xml:407(para)
441
msgid ""
442
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
443
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
444
"integration\"/> for details."
445
msgstr ""
446
447
#: serverguide/C/windows-networking.xml:413(para)
448
msgid ""
449
"<emphasis>security = server:</emphasis> this mode is left over from before "
450
"Samba could become a member server, and due to some security issues should "
451
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
452
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
453
"of the Samba guide for more details."
454
msgstr ""
455
456
#: serverguide/C/windows-networking.xml:421(para)
457
msgid ""
458
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
459
"without supplying a username and password."
460
msgstr ""
461
462
#: serverguide/C/windows-networking.xml:428(para)
463
msgid ""
464
"The security mode you choose will depend on your environment and what you "
465
"need the Samba server to accomplish."
466
msgstr ""
467
468
#: serverguide/C/windows-networking.xml:434(title)
469
msgid "Security = User"
470
msgstr "សុវត្ថភាព = អ្នកប្រើប្រាស់"
471
472
#: serverguide/C/windows-networking.xml:436(para)
473
msgid ""
474
"This section will reconfigure the Samba file and print server, from <xref "
475
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
476
"require authentication."
477
msgstr ""
478
479
#: serverguide/C/windows-networking.xml:441(para)
480
msgid ""
481
"First, install the <application>libpam-smbpass</application> package which "
482
"will sync the system users to the Samba user database:"
483
msgstr ""
484
485
#: serverguide/C/windows-networking.xml:447(command)
486
msgid "sudo apt-get install libpam-smbpass"
487
msgstr ""
488
489
#: serverguide/C/windows-networking.xml:451(para)
490
msgid ""
491
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
492
"<application>libpam-smbpass</application> is already installed."
493
msgstr ""
494
495
#: serverguide/C/windows-networking.xml:457(para)
496
msgid ""
497
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
498
"<emphasis>[share]</emphasis> section change:"
499
msgstr ""
500
"កែប្រែ <filename>/etc/samba/smb.conf</filename>, និង ក្នុងបំលាស់ប្តូរ ផ្នែក "
501
"<emphasis>[share]</emphasis> ៖"
502
503
#: serverguide/C/windows-networking.xml:461(programlisting)
504
#, no-wrap
505
msgid ""
506
"\n"
507
" guest ok = no\n"
508
msgstr ""
509
510
#: serverguide/C/windows-networking.xml:465(para)
511
msgid "Finally, restart Samba for the new settings to take effect:"
512
msgstr "ពេលបញ្ចប់, ផ្តើមឡើងវិញ Samba សំរាប់ការកំណត់ថ្មី ទទួលផល ៖"
513
514
#: serverguide/C/windows-networking.xml:474(para)
515
msgid ""
516
"Now when connecting to the shared directories or printers you should be "
517
"prompted for a username and password."
518
msgstr ""
519
520
#: serverguide/C/windows-networking.xml:479(para)
521
msgid ""
522
"If you choose to map a network drive to the share you can check the "
523
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
524
"enter the username and password once, at least until the password changes."
525
msgstr ""
526
527
#: serverguide/C/windows-networking.xml:487(title)
528
msgid "Share Security"
529
msgstr "ចែករំលែក សុវត្ថភាព"
530
531
#: serverguide/C/windows-networking.xml:489(para)
532
msgid ""
533
"There are several options available to increase the security for each "
534
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
535
"this section will cover some common options."
536
msgstr ""
537
538
#: serverguide/C/windows-networking.xml:495(title)
539
msgid "Groups"
540
msgstr "ក្រុម"
541
542
#: serverguide/C/windows-networking.xml:497(para)
543
msgid ""
544
"Groups define a collection of computers or users which have a common level "
545
"of access to particular network resources and offer a level of granularity "
546
"in controlling access to such resources. For example, if a group <emphasis "
547
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
548
"role=\"italic\">freda</emphasis>, <emphasis "
549
"role=\"italic\">danika</emphasis>, and <emphasis "
550
"role=\"italic\">rob</emphasis> and a second group <emphasis "
551
"role=\"italic\">support</emphasis> is defined and consists of users "
552
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
553
"role=\"italic\">jeremy</emphasis>, and <emphasis "
554
"role=\"italic\">vincent</emphasis> then certain network resources configured "
555
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
556
"subsequently enable access by freda, danika, and rob, but not jeremy or "
557
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
558
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
559
"role=\"italic\">support</emphasis> groups, she will be able to access "
560
"resources configured for access by both groups, whereas all other users will "
561
"have only access to resources explicitly allowing the group they are part of."
562
msgstr ""
563
564
#: serverguide/C/windows-networking.xml:511(para)
565
msgid ""
566
"By default Samba looks for the local system groups defined in "
567
"<filename>/etc/group</filename> to determine which users belong to which "
568
"groups. For more information on adding and removing users from groups see "
569
"<xref linkend=\"adding-deleting-users\"/>."
570
msgstr ""
571
572
#: serverguide/C/windows-networking.xml:517(para)
573
msgid ""
574
"When defining groups in the Samba configuration file, "
575
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
576
"preface the group name with an \"@\" symbol. For example, if you wished to "
577
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
578
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
579
"do so by entering the group name as <emphasis "
580
"role=\"bold\">@sysadmin</emphasis>."
581
msgstr ""
582
583
#: serverguide/C/windows-networking.xml:526(title)
584
msgid "File Permissions"
585
msgstr "ការអនុញ្ញាត ឯកសារ"
586
587
#: serverguide/C/windows-networking.xml:528(para)
588
msgid ""
589
"File Permissions define the explicit rights a computer or user has to a "
590
"particular directory, file, or set of files. Such permissions may be defined "
591
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
592
"the explicit permissions of a defined file share."
593
msgstr ""
594
595
#: serverguide/C/windows-networking.xml:534(para)
596
msgid ""
597
"For example, if you have defined a Samba share called "
598
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
599
"only</emphasis> permissions to the group of users known as <emphasis "
600
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
601
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
602
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
603
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
604
"under the <emphasis>[share]</emphasis> entry:"
605
msgstr ""
606
607
#: serverguide/C/windows-networking.xml:543(programlisting)
608
#, no-wrap
609
msgid ""
610
"\n"
611
" read list = @qa\n"
612
" write list = @sysadmin, vincent\n"
613
msgstr ""
614
615
#: serverguide/C/windows-networking.xml:548(para)
616
msgid ""
617
"Another possible Samba permission is to declare "
618
"<emphasis>administrative</emphasis> permissions to a particular shared "
619
"resource. Users having administrative permissions may read, write, or modify "
620
"any information contained in the resource the user has been given explicit "
621
"administrative permissions to."
622
msgstr ""
623
624
#: serverguide/C/windows-networking.xml:554(para)
625
msgid ""
626
"For example, if you wanted to give the user <emphasis "
627
"role=\"italic\">melissa</emphasis> administrative permissions to the "
628
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
629
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
630
"under the <emphasis>[share]</emphasis> entry:"
631
msgstr ""
632
633
#: serverguide/C/windows-networking.xml:561(programlisting)
634
#, no-wrap
635
msgid ""
636
"\n"
637
" admin users = melissa\n"
638
msgstr ""
639
640
#: serverguide/C/windows-networking.xml:565(para)
641
msgid ""
642
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
643
"the changes to take effect:"
644
msgstr ""
645
"ក្រោយកំណែប្រែ <filename>/etc/samba/smb.conf</filename>, ផ្តើមឡើងវិញ Samba "
646
"សំរាប់បំលាស់ប្តូរថ្មី ទទួលផល ៖"
647
648
#: serverguide/C/windows-networking.xml:575(para)
649
msgid ""
650
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
651
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
652
"<emphasis role=\"italic\">security = share</emphasis>"
653
msgstr ""
654
655
#: serverguide/C/windows-networking.xml:581(para)
656
msgid ""
657
"Now that Samba has been configured to limit which groups have access to the "
658
"shared directory, the filesystem permissions need to be updated."
659
msgstr ""
660
661
#: serverguide/C/windows-networking.xml:586(para)
662
msgid ""
663
"Traditional Linux file permissions do not map well to Windows NT Access "
664
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
665
"providing more fine grained control. For example, to enable ACLs on "
666
"<filename>/srv</filename> an EXT3 filesystem, edit "
667
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
668
msgstr ""
669
670
#: serverguide/C/windows-networking.xml:593(programlisting)
671
#, no-wrap
672
msgid ""
673
"\n"
674
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
675
"0 1\n"
676
msgstr ""
677
678
#: serverguide/C/windows-networking.xml:597(para)
679
msgid "Then remount the partition:"
680
msgstr ""
681
682
#: serverguide/C/windows-networking.xml:602(command)
683
msgid "sudo mount -v -o remount /srv"
684
msgstr ""
685
686
#: serverguide/C/windows-networking.xml:606(para)
687
msgid ""
688
"The above example assumes <filename>/srv</filename> on a separate partition. "
689
"If <filename>/srv</filename>, or wherever you have configured your share "
690
"path, is part of the <filename>/</filename> partition a reboot may be "
691
"required."
692
msgstr ""
693
694
#: serverguide/C/windows-networking.xml:613(para)
695
msgid ""
696
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
697
"group will be given read, write, and execute permissions to "
698
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
699
"will be given read and execute permissions, and the files will be owned by "
700
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
701
msgstr ""
702
703
#: serverguide/C/windows-networking.xml:621(command)
704
msgid "sudo chown -R melissa /srv/samba/share/"
705
msgstr ""
706
707
#: serverguide/C/windows-networking.xml:622(command)
708
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
709
msgstr ""
710
711
#: serverguide/C/windows-networking.xml:623(command)
712
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
713
msgstr ""
714
715
#: serverguide/C/windows-networking.xml:627(para)
716
msgid ""
717
"The <application>setfacl</application> command above gives "
718
"<emphasis>execute</emphasis> permissions to all files in the "
719
"<filename>/srv/samba/share</filename> directory, which you may or may not "
720
"want."
721
msgstr ""
722
723
#: serverguide/C/windows-networking.xml:633(para)
724
msgid ""
725
"Now from a Windows client you should notice the new file permissions are "
726
"implemented. See the <application>acl</application> and "
727
"<application>setfacl</application> man pages for more information on POSIX "
728
"ACLs."
729
msgstr ""
730
731
#: serverguide/C/windows-networking.xml:641(title)
732
msgid "Samba AppArmor Profile"
733
msgstr ""
734
735
#: serverguide/C/windows-networking.xml:643(para)
736
msgid ""
737
"Ubuntu comes with the <application>AppArmor</application> security module, "
738
"which provides mandatory access controls. The default AppArmor profile for "
739
"Samba will need to be adapted to your configuration. For more details on "
740
"using AppArmor see <xref linkend=\"apparmor\"/>."
741
msgstr ""
742
743
#: serverguide/C/windows-networking.xml:649(para)
744
msgid ""
745
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
746
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
747
"of the <application>apparmor-profiles</application> packages. To install the "
748
"package, from a terminal prompt enter:"
749
msgstr ""
750
751
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
752
msgid "sudo apt-get install apparmor-profiles"
753
msgstr ""
754
755
#: serverguide/C/windows-networking.xml:660(para)
756
msgid "This package contains profiles for several other binaries."
757
msgstr ""
758
759
#: serverguide/C/windows-networking.xml:665(para)
760
msgid ""
761
"By default the profiles for <application>smbd</application> and "
762
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
763
"allowing Samba to work without modifying the profile, and only logging "
764
"errors. To place the <application>smbd</application> profile into "
765
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
766
"profile will need to be modified to reflect any directories that are shared."
767
msgstr ""
768
769
#: serverguide/C/windows-networking.xml:672(para)
770
msgid ""
771
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
772
"for <emphasis>[share]</emphasis> from the file server example:"
773
msgstr ""
774
775
#: serverguide/C/windows-networking.xml:677(programlisting)
776
#, no-wrap
777
msgid ""
778
"\n"
779
" /srv/samba/share/ r,\n"
780
" /srv/samba/share/** rwkix,\n"
781
msgstr ""
782
783
#: serverguide/C/windows-networking.xml:682(para)
784
msgid ""
785
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
786
msgstr ""
787
788
#: serverguide/C/windows-networking.xml:687(command)
789
msgid "sudo aa-enforce /usr/sbin/smbd"
790
msgstr ""
791
792
#: serverguide/C/windows-networking.xml:688(command)
793
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
794
msgstr ""
795
796
#: serverguide/C/windows-networking.xml:691(para)
797
msgid ""
798
"You should now be able to read, write, and execute files in the shared "
799
"directory as normal, and the <application>smbd</application> binary will "
800
"have access to only the configured files and directories. Be sure to add "
801
"entries for each directory you configure Samba to share. Also, any errors "
802
"will be logged to <filename>/var/log/syslog</filename>."
803
msgstr ""
804
805
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
806
msgid ""
807
"O'Reilly's <ulink "
808
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
809
"also a good reference."
810
msgstr ""
811
812
#: serverguide/C/windows-networking.xml:722(para)
813
msgid ""
814
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
815
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
816
"security."
817
msgstr ""
818
819
#: serverguide/C/windows-networking.xml:728(para)
820
msgid ""
821
"For more information on Samba and ACLs see the <ulink "
822
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
823
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
824
msgstr ""
825
826
#: serverguide/C/windows-networking.xml:744(title)
827
msgid "Samba as a Domain Controller"
828
msgstr ""
829
830
#: serverguide/C/windows-networking.xml:746(para)
831
msgid ""
832
"Although it cannot act as an Active Directory Primary Domain Controller "
833
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
834
"domain controller. A major advantage of this configuration is the ability to "
835
"centralize user and machine credentials. Samba can also use multiple "
836
"backends to store the user information."
837
msgstr ""
838
839
#: serverguide/C/windows-networking.xml:753(title)
840
msgid "Primary Domain Controller"
841
msgstr "ឧបករត្រួតពិនិត្យ ឈ្មោះកម្មសិទ្ធិបថម"
842
843
#: serverguide/C/windows-networking.xml:755(para)
844
msgid ""
845
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
846
"using the default smbpasswd backend."
847
msgstr ""
848
849
#: serverguide/C/windows-networking.xml:762(para)
850
msgid ""
851
"First, install Samba, and <application>libpam-smbpass</application> to sync "
852
"the user accounts, by entering the following in a terminal prompt:"
853
msgstr ""
854
855
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
856
msgid "sudo apt-get install samba libpam-smbpass"
857
msgstr ""
858
859
#: serverguide/C/windows-networking.xml:774(para)
860
msgid ""
861
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
862
"The <emphasis>security</emphasis> mode should be set to <emphasis "
863
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
864
"should relate to your organization:"
865
msgstr ""
866
867
#: serverguide/C/windows-networking.xml:789(para)
868
msgid ""
869
"In the commented <quote>Domains</quote> section add or uncomment the "
870
"following:"
871
msgstr ""
872
873
#: serverguide/C/windows-networking.xml:793(programlisting)
874
#, no-wrap
875
msgid ""
876
"\n"
877
" domain logons = yes\n"
878
" logon path = \\\\%N\\%U\\profile\n"
879
" logon drive = H:\n"
880
" logon home = \\\\%N\\%U\n"
881
" logon script = logon.cmd\n"
882
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
883
"/var/lib/samba -s /bin/false %u\n"
884
msgstr ""
885
886
#: serverguide/C/windows-networking.xml:804(para)
887
msgid ""
888
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
889
"Samba to act as a domain controller."
890
msgstr ""
891
892
#: serverguide/C/windows-networking.xml:809(para)
893
msgid ""
894
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
895
"their home directory. It is also possible to configure a "
896
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
897
"directory."
898
msgstr ""
899
900
#: serverguide/C/windows-networking.xml:815(para)
901
msgid ""
902
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
903
msgstr ""
904
905
#: serverguide/C/windows-networking.xml:820(para)
906
msgid ""
907
"<emphasis>logon home:</emphasis> specifies the home directory location."
908
msgstr ""
909
910
#: serverguide/C/windows-networking.xml:825(para)
911
msgid ""
912
"<emphasis>logon script:</emphasis> determines the script to be run locally "
913
"once a user has logged in. The script needs to be placed in the "
914
"<emphasis>[netlogon]</emphasis> share."
915
msgstr ""
916
917
#: serverguide/C/windows-networking.xml:831(para)
918
msgid ""
919
"<emphasis>add machine script:</emphasis> a script that will automatically "
920
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
921
"workstation to join the domain."
922
msgstr ""
923
924
#: serverguide/C/windows-networking.xml:835(para)
925
msgid ""
926
"In this example the <emphasis>machines</emphasis> group will need to be "
927
"created using the <application>addgroup</application> utility see <xref "
928
"linkend=\"adding-deleting-users\"/> for details."
929
msgstr ""
930
931
#: serverguide/C/windows-networking.xml:839(para)
932
msgid ""
933
"Also, rights need to be explicitly provided to the <emphasis>Domain "
934
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
935
"(and other admin functions) to work. This is achieved by executing:"
936
msgstr ""
937
938
#: serverguide/C/windows-networking.xml:844(command)
939
msgid ""
940
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
941
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
942
"SeRemoteShutdownPrivilege"
943
msgstr ""
944
945
#: serverguide/C/windows-networking.xml:851(para)
946
msgid ""
947
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
948
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
949
"commented."
950
msgstr ""
951
952
#: serverguide/C/windows-networking.xml:860(para)
953
msgid ""
954
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
955
"role=\"italic\">logon home</emphasis> to be mapped:"
956
msgstr ""
957
958
#: serverguide/C/windows-networking.xml:865(programlisting)
959
#, no-wrap
960
msgid ""
961
"\n"
962
"[homes]\n"
963
" comment = Home Directories\n"
964
" browseable = no\n"
965
" read only = no\n"
966
" create mask = 0700\n"
967
" directory mask = 0700\n"
968
" valid users = %S\n"
969
msgstr ""
970
971
#: serverguide/C/windows-networking.xml:878(para)
972
msgid ""
973
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
974
"share needs to be configured. To enable the share, uncomment:"
975
msgstr ""
976
977
#: serverguide/C/windows-networking.xml:883(programlisting)
978
#, no-wrap
979
msgid ""
980
"\n"
981
"[netlogon]\n"
982
" comment = Network Logon Service\n"
983
" path = /srv/samba/netlogon\n"
984
" guest ok = yes\n"
985
" read only = yes\n"
986
" share modes = no\n"
987
msgstr ""
988
989
#: serverguide/C/windows-networking.xml:893(para)
990
msgid ""
991
"The original <emphasis>netlogon</emphasis> share path is "
992
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
993
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
994
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
995
"location for site-specific data provided by the system."
996
msgstr ""
997
998
#: serverguide/C/windows-networking.xml:904(para)
999
msgid ""
1000
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1001
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1002
msgstr ""
1003
1004
#: serverguide/C/windows-networking.xml:910(command)
1005
msgid "sudo mkdir -p /srv/samba/netlogon"
1006
msgstr ""
1007
1008
#: serverguide/C/windows-networking.xml:911(command)
1009
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1010
msgstr ""
1011
1012
#: serverguide/C/windows-networking.xml:914(para)
1013
msgid ""
1014
"You can enter any normal Windows logon script commands in "
1015
"<filename>logon.cmd</filename> to customize the client's environment."
1016
msgstr ""
1017
1018
#: serverguide/C/windows-networking.xml:922(para)
1019
msgid ""
1020
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1021
"workstation to the domain, a system group needs to be mapped to the Windows "
1022
"<emphasis>Domain Admins</emphasis> group. Using the "
1023
"<application>net</application> utility, from a terminal enter:"
1024
msgstr ""
1025
1026
#: serverguide/C/windows-networking.xml:929(command)
1027
msgid ""
1028
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1029
"type=d"
1030
msgstr ""
1031
1032
#: serverguide/C/windows-networking.xml:933(para)
1033
msgid ""
1034
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1035
"prefer. Also, the user used to join the domain needs to be a member of the "
1036
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1037
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1038
"allows <application>sudo</application> use."
1039
msgstr ""
1040
1041
#: serverguide/C/windows-networking.xml:944(para)
1042
msgid "Finally, restart Samba to enable the new domain controller:"
1043
msgstr ""
1044
"ទីបញ្ចប់, ផ្តើមឡើងវិញ Samba សំរាប់អនុញ្ញាត ឧបករត្រួតពិនិត្យ "
1045
"ឈ្មោះកម្មសិទ្ធិថ្មី ៖"
1046
1047
#: serverguide/C/windows-networking.xml:956(para)
1048
msgid ""
1049
"You should now be able to join Windows clients to the Domain in the same "
1050
"manner as joining them to an NT4 domain running on a Windows server."
1051
msgstr ""
1052
1053
#: serverguide/C/windows-networking.xml:966(title)
1054
msgid "Backup Domain Controller"
1055
msgstr "បង្កើតច្បាប់ចំលង ឧបករត្រួតពិនិត្យ ឈ្មោះកម្មសិទ្ធិ"
1056
1057
#: serverguide/C/windows-networking.xml:968(para)
1058
msgid ""
1059
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1060
"Backup Domain Controller (BDC) as well. This will allow clients to "
1061
"authenticate in case the PDC becomes unavailable."
1062
msgstr ""
1063
1064
#: serverguide/C/windows-networking.xml:973(para)
1065
msgid ""
1066
"When configuring Samba as a BDC you need a way to sync account information "
1067
"with the PDC. There are multiple ways of accomplishing this "
1068
"<application>scp</application>, <application>rsync</application>, or by "
1069
"using <application>LDAP</application> as the <emphasis>passdb "
1070
"backend</emphasis>."
1071
msgstr ""
1072
1073
#: serverguide/C/windows-networking.xml:979(para)
1074
msgid ""
1075
"Using LDAP is the most robust way to sync account information, because both "
1076
"domain controllers can use the same information in real time. However, "
1077
"setting up a LDAP server may be overly complicated for a small number of "
1078
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1079
msgstr ""
1080
1081
#: serverguide/C/windows-networking.xml:988(para)
1082
msgid ""
1083
"First, install <application>samba</application> and <application>libpam-"
1084
"smbpass</application>. From a terminal enter:"
1085
msgstr ""
1086
1087
#: serverguide/C/windows-networking.xml:999(para)
1088
msgid ""
1089
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1090
"following in the <emphasis>[global]</emphasis>:"
1091
msgstr ""
1092
1093
#: serverguide/C/windows-networking.xml:1012(para)
1094
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1095
msgstr ""
1096
1097
#: serverguide/C/windows-networking.xml:1016(programlisting)
1098
#, no-wrap
1099
msgid ""
1100
"\n"
1101
" domain logons = yes\n"
1102
" domain master = no\n"
1103
msgstr ""
1104
1105
#: serverguide/C/windows-networking.xml:1024(para)
1106
msgid ""
1107
"Make sure a user has rights to read the files in "
1108
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1109
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1110
"files, enter:"
1111
msgstr ""
1112
1113
#: serverguide/C/windows-networking.xml:1030(command)
1114
msgid "sudo chgrp -R admin /var/lib/samba"
1115
msgstr ""
1116
1117
#: serverguide/C/windows-networking.xml:1036(para)
1118
msgid ""
1119
"Next, sync the user accounts, using <application>scp</application> to copy "
1120
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1121
msgstr ""
1122
1123
#: serverguide/C/windows-networking.xml:1042(command)
1124
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1125
msgstr ""
1126
1127
#: serverguide/C/windows-networking.xml:1046(para)
1128
msgid ""
1129
"Replace <emphasis>username</emphasis> with a valid username and "
1130
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1131
msgstr ""
1132
1133
#: serverguide/C/windows-networking.xml:1055(para)
1134
msgid "Finally, restart <application>samba</application>:"
1135
msgstr "ពេលបញ្ចប់, ផ្តើមឡើងវិញ <application>samba</application>:"
1136
1137
#: serverguide/C/windows-networking.xml:1067(para)
1138
msgid ""
1139
"You can test that your Backup Domain controller is working by stopping the "
1140
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1141
"the domain."
1142
msgstr ""
1143
1144
#: serverguide/C/windows-networking.xml:1072(para)
1145
msgid ""
1146
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1147
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1148
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1149
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1150
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1151
msgstr ""
1152
1153
#: serverguide/C/windows-networking.xml:1102(para)
1154
msgid ""
1155
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1156
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1157
"up a Primary Domain Controller."
1158
msgstr ""
1159
1160
#: serverguide/C/windows-networking.xml:1108(para)
1161
msgid ""
1162
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1163
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1164
"explains setting up a Backup Domain Controller."
1165
msgstr ""
1166
1167
#: serverguide/C/windows-networking.xml:1123(title)
1168
msgid "Samba Active Directory Integration"
1169
msgstr ""
1170
1171
#: serverguide/C/windows-networking.xml:1126(title)
1172
msgid "Accessing a Samba Share"
1173
msgstr ""
1174
1175
#: serverguide/C/windows-networking.xml:1128(para)
1176
msgid ""
1177
"Another, use for Samba is to integrate into an existing Windows network. "
1178
"Once part of an Active Directory domain, Samba can provide file and print "
1179
"services to AD users."
1180
msgstr ""
1181
1182
#: serverguide/C/windows-networking.xml:1133(para)
1183
msgid ""
1184
"The simplest way to join an AD domain is to use <application>Likewise-"
1185
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1186
"open\"/>."
1187
msgstr ""
1188
1189
#: serverguide/C/windows-networking.xml:1138(para)
1190
msgid ""
1191
"Once part of the domain, enter the following command in the terminal prompt:"
1192
msgstr ""
1193
1194
#: serverguide/C/windows-networking.xml:1143(command)
1195
msgid "sudo apt-get install samba smbfs smbclient"
1196
msgstr ""
1197
1198
#: serverguide/C/windows-networking.xml:1146(para)
1199
msgid ""
1200
"Since the <application>likewise-open</application> and "
1201
"<application>samba</application> packages use separate "
1202
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1203
"<filename role=\"directory\">/var/lib/samba</filename>:"
1204
msgstr ""
1205
1206
#: serverguide/C/windows-networking.xml:1152(command)
1207
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1208
msgstr ""
1209
1210
#: serverguide/C/windows-networking.xml:1153(command)
1211
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1212
msgstr ""
1213
1214
#: serverguide/C/windows-networking.xml:1156(para)
1215
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1216
msgstr ""
1217
1218
#: serverguide/C/windows-networking.xml:1160(programlisting)
1219
#, no-wrap
1220
msgid ""
1221
"\n"
1222
" workgroup = EXAMPLE\n"
1223
" ...\n"
1224
" security = ads\n"
1225
" realm = EXAMPLE.COM\n"
1226
" ...\n"
1227
" idmap backend = lwopen\n"
1228
" idmap uid = 50-9999999999\n"
1229
" idmap gid = 50-9999999999\n"
1230
msgstr ""
1231
1232
#: serverguide/C/windows-networking.xml:1171(para)
1233
msgid ""
1234
"Restart <application>samba</application> for the new settings to take effect:"
1235
msgstr ""
1236
"ផ្តើមឡើងវិញ <application>samba</application> សំរាប់ការកំណត់ថ្មី ទទួលផល ៖"
1237
1238
#: serverguide/C/windows-networking.xml:1180(para)
1239
msgid ""
1240
"You should now be able to access any <application>Samba</application> shares "
1241
"from a Windows client. However, be sure to give the appropriate AD users or "
1242
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1243
"security\"/> for more details."
1244
msgstr ""
1245
1246
#: serverguide/C/windows-networking.xml:1188(title)
1247
msgid "Accessing a Windows Share"
1248
msgstr ""
1249
1250
#: serverguide/C/windows-networking.xml:1190(para)
1251
msgid ""
1252
"Now that the Samba server is part of the Active Directory domain you can "
1253
"access any Windows server shares:"
1254
msgstr ""
1255
1256
#: serverguide/C/windows-networking.xml:1197(para)
1257
msgid ""
1258
"To mount a Windows file share enter the following in a terminal prompt:"
1259
msgstr ""
1260
1261
#: serverguide/C/windows-networking.xml:1201(command)
1262
msgid "mount.cifs //fs01.example.com/share mount_point"
1263
msgstr ""
1264
1265
#: serverguide/C/windows-networking.xml:1204(para)
1266
msgid ""
1267
"It is also possible to access shares on computers not part of an AD domain, "
1268
"but a username and password will need to be provided."
1269
msgstr ""
1270
1271
#: serverguide/C/windows-networking.xml:1212(para)
1272
msgid ""
1273
"To mount the share during boot place an entry in "
1274
"<filename>/etc/fstab</filename>, for example:"
1275
msgstr ""
1276
1277
#: serverguide/C/windows-networking.xml:1216(programlisting)
1278
#, no-wrap
1279
msgid ""
1280
"\n"
1281
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1282
"0 0\n"
1283
msgstr ""
1284
1285
#: serverguide/C/windows-networking.xml:1223(para)
1286
msgid ""
1287
"Another way to copy files from a Windows server is to use the "
1288
"<application>smbclient</application> utility. To list the files in a Windows "
1289
"share:"
1290
msgstr ""
1291
1292
#: serverguide/C/windows-networking.xml:1229(command)
1293
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1294
msgstr ""
1295
1296
#: serverguide/C/windows-networking.xml:1235(para)
1297
msgid "To copy a file from the share, enter:"
1298
msgstr "ដើម្បីចំលង មួយឯកសារ ពីការចែករំលែក, បញ្ចូល ៖"
1299
1300
#: serverguide/C/windows-networking.xml:1240(command)
1301
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1302
msgstr ""
1303
1304
#: serverguide/C/windows-networking.xml:1243(para)
1305
msgid ""
1306
"This will copy the <filename>file.txt</filename> into the current directory."
1307
msgstr ""
1308
1309
#: serverguide/C/windows-networking.xml:1250(para)
1310
msgid "And to copy a file to the share:"
1311
msgstr "និង ដើម្បីចំលង មួយឯកសារ ទៅការចែករំលែក ៖"
1312
1313
#: serverguide/C/windows-networking.xml:1255(command)
1314
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1315
msgstr ""
1316
1317
#: serverguide/C/windows-networking.xml:1258(para)
1318
msgid ""
1319
"This will copy the <filename>/etc/hosts</filename> to "
1320
"<filename>//fs01.example.com/share/hosts</filename>."
1321
msgstr ""
1322
1323
#: serverguide/C/windows-networking.xml:1265(para)
1324
msgid ""
1325
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1326
"<application>smbclient</application> command all at once. This is useful for "
1327
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1328
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1329
"and directory commands, simply execute:"
1330
msgstr ""
1331
1332
#: serverguide/C/windows-networking.xml:1272(command)
1333
msgid "smbclient //fs01.example.com/share -k"
1334
msgstr ""
1335
1336
#: serverguide/C/windows-networking.xml:1279(para)
1337
msgid ""
1338
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1339
"<emphasis>//192.168.0.5/share</emphasis>, "
1340
"<emphasis>username=steve,password=secret</emphasis>, and "
1341
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1342
"file name, and an actual username and password with rights to the share."
1343
msgstr ""
1344
1345
#: serverguide/C/windows-networking.xml:1290(para)
1346
msgid ""
1347
"For more <application>smbclient</application> options see the man page: "
1348
"<command>man smbclient</command>, also available <ulink "
1349
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1350
">online</ulink>."
1351
msgstr ""
1352
1353
#: serverguide/C/windows-networking.xml:1295(para)
1354
msgid ""
1355
"The <application>mount.cifs</application><ulink "
1356
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1357
"\">man page</ulink> is also useful for more detailed information."
1358
msgstr ""
1359
1360
#: serverguide/C/windows-networking.xml:1308(title)
1361
msgid "Likewise Open"
1362
msgstr ""
1363
1364
#: serverguide/C/windows-networking.xml:1310(para)
1365
msgid ""
1366
"<application>Likewise Open</application> simplifies the necessary "
1367
"configuration needed to authenticate a Linux machine to an Active Directory "
1368
"domain. Based on <application>winbind</application>, the "
1369
"<application>likewise-open</application> package takes the pain out of "
1370
"integrating Ubuntu authentication into an existing Windows network."
1371
msgstr ""
1372
1373
#: serverguide/C/windows-networking.xml:1319(para)
1374
msgid ""
1375
"There are two ways to use Likewise Open, <application>likewise-"
1376
"open</application> the command line utility and <application>likewise-open-"
1377
"gui</application>. This section focuses on the command line utility."
1378
msgstr ""
1379
1380
#: serverguide/C/windows-networking.xml:1324(para)
1381
msgid ""
1382
"To install the <application>likewise-open</application> package, open a "
1383
"terminal prompt and enter:"
1384
msgstr ""
1385
1386
#: serverguide/C/windows-networking.xml:1329(command)
1387
msgid "sudo apt-get install likewise-open"
1388
msgstr ""
1389
1390
#: serverguide/C/windows-networking.xml:1334(title)
1391
msgid "Joining a Domain"
1392
msgstr ""
1393
1394
#: serverguide/C/windows-networking.xml:1336(para)
1395
msgid ""
1396
"The main executable file of the <application>likewise-open</application> "
1397
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1398
"join your computer to the domain. Before you join a domain you will need to "
1399
"make sure you have:"
1400
msgstr ""
1401
1402
#: serverguide/C/windows-networking.xml:1344(para)
1403
msgid ""
1404
"Access to an Active Directory user with appropriate rights to join the "
1405
"domain."
1406
msgstr ""
1407
1408
#: serverguide/C/windows-networking.xml:1349(para)
1409
msgid ""
1410
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1411
"you want to join. If your AD domain does not match a valid domain such as "
1412
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1413
"the form of <emphasis>domainname.local</emphasis>."
1414
msgstr ""
1415
1416
#: serverguide/C/windows-networking.xml:1356(para)
1417
msgid ""
1418
"DNS for the domain setup properly. In a production AD environment this "
1419
"should be the case. Proper Microsoft DNS is needed so that client "
1420
"workstations can determine the Active Directory domain is available."
1421
msgstr ""
1422
1423
#: serverguide/C/windows-networking.xml:1360(para)
1424
msgid ""
1425
"If you don't have a Windows DNS server on your network, see <xref "
1426
"linkend=\"likewise-open-ms-dns\"/> for details."
1427
msgstr ""
1428
1429
#: serverguide/C/windows-networking.xml:1367(para)
1430
msgid "To join a domain, from a terminal prompt enter:"
1431
msgstr ""
1432
1433
#: serverguide/C/windows-networking.xml:1372(command)
1434
msgid "sudo domainjoin-cli join example.com Administrator"
1435
msgstr ""
1436
1437
#: serverguide/C/windows-networking.xml:1376(para)
1438
msgid ""
1439
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1440
"<emphasis>Administrator</emphasis> with the appropriate user name."
1441
msgstr ""
1442
1443
#: serverguide/C/windows-networking.xml:1382(para)
1444
msgid ""
1445
"You will then be prompted for the user's password. If all goes well a "
1446
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1447
msgstr ""
1448
1449
#: serverguide/C/windows-networking.xml:1388(para)
1450
msgid ""
1451
"After joining the domain, it is necessary to reboot before attempting to "
1452
"authenticate against the domain."
1453
msgstr ""
1454
1455
#: serverguide/C/windows-networking.xml:1394(para)
1456
msgid ""
1457
"After successfully joining an Ubuntu machine to an Active Directory domain "
1458
"you can authenticate using any valid AD user. To login you will need to "
1459
"enter the user name as 'domain\\username'. For example to ssh to a server "
1460
"joined to the domain enter:"
1461
msgstr ""
1462
1463
#: serverguide/C/windows-networking.xml:1401(command)
1464
msgid "ssh 'example\\steve'@hostname"
1465
msgstr ""
1466
1467
#: serverguide/C/windows-networking.xml:1405(para)
1468
msgid ""
1469
"If configuring a Desktop the user name will need to be prefixed with "
1470
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1471
msgstr ""
1472
1473
#: serverguide/C/windows-networking.xml:1411(para)
1474
msgid ""
1475
"To make likewise-open use a default domain, you can add the following "
1476
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1477
msgstr ""
1478
1479
#: serverguide/C/windows-networking.xml:1415(programlisting)
1480
#, no-wrap
1481
msgid ""
1482
"\n"
1483
"winbind use default domain = yes\n"
1484
msgstr ""
1485
1486
#: serverguide/C/windows-networking.xml:1419(para)
1487
msgid "Then restart the <application>likewise-open</application> daemons:"
1488
msgstr ""
1489
1490
#: serverguide/C/windows-networking.xml:1424(command)
1491
msgid "sudo /etc/init.d/likewise-open restart"
1492
msgstr ""
1493
1494
#: serverguide/C/windows-networking.xml:1428(para)
1495
msgid ""
1496
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1497
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1498
"using only their username."
1499
msgstr ""
1500
1501
#: serverguide/C/windows-networking.xml:1434(para)
1502
msgid ""
1503
"The <application>domainjoin-cli</application> utility can also be used to "
1504
"leave the domain. From a terminal:"
1505
msgstr ""
1506
1507
#: serverguide/C/windows-networking.xml:1439(command)
1508
msgid "sudo domainjoin-cli leave"
1509
msgstr ""
1510
1511
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1512
msgid "Other Utilities"
1513
msgstr ""
1514
1515
#: serverguide/C/windows-networking.xml:1446(para)
1516
msgid ""
1517
"The <application>likewise-open</application> package comes with a few other "
1518
"utilities that may be useful for gathering information about the Active "
1519
"Directory environment. These utilities are used to join the machine to the "
1520
"domain, and are the same as those available in the <application>samba-"
1521
"common</application> and <application>winbind</application> packages:"
1522
msgstr ""
1523
1524
#: serverguide/C/windows-networking.xml:1455(para)
1525
msgid ""
1526
"<application>lwinet</application>: Returns information about the network and "
1527
"the domain."
1528
msgstr ""
1529
1530
#: serverguide/C/windows-networking.xml:1460(para)
1531
msgid ""
1532
"<application>lwimsg</application>: Allows interaction with the "
1533
"<application>likewise-winbindd</application> daemon."
1534
msgstr ""
1535
1536
#: serverguide/C/windows-networking.xml:1465(para)
1537
msgid ""
1538
"<application>lwiinfo</application>: Displays information about various parts "
1539
"of the Domain."
1540
msgstr ""
1541
1542
#: serverguide/C/windows-networking.xml:1471(para)
1543
msgid "Please refer to each utility's man page specific for details."
1544
msgstr ""
1545
1546
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1547
msgid "Troubleshooting"
1548
msgstr ""
1549
1550
#: serverguide/C/windows-networking.xml:1481(para)
1551
msgid ""
1552
"If the client has trouble joining the domain, double check that the "
1553
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1554
"example:"
1555
msgstr ""
1556
1557
#: serverguide/C/windows-networking.xml:1486(programlisting)
1558
#, no-wrap
1559
msgid ""
1560
"\n"
1561
"nameserver 192.168.0.1\n"
1562
msgstr ""
1563
1564
#: serverguide/C/windows-networking.xml:1491(para)
1565
msgid ""
1566
"For more information when joining a domain, use the <emphasis>--loglevel "
1567
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1568
"<application>domainjoin-cli</application> utility:"
1569
msgstr ""
1570
1571
#: serverguide/C/windows-networking.xml:1497(command)
1572
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1573
msgstr ""
1574
1575
#: serverguide/C/windows-networking.xml:1501(para)
1576
msgid ""
1577
"If an Active Directory user has trouble logging in, check the "
1578
"<filename>/var/log/auth.log</filename> for details."
1579
msgstr ""
1580
1581
#: serverguide/C/windows-networking.xml:1506(para)
1582
msgid ""
1583
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1584
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1585
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1586
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1587
"<emphasis>hosts</emphasis> option. For example:"
1588
msgstr ""
1589
1590
#: serverguide/C/windows-networking.xml:1512(programlisting)
1591
#, no-wrap
1592
msgid ""
1593
"\n"
1594
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1595
msgstr ""
1596
1597
#: serverguide/C/windows-networking.xml:1516(para)
1598
msgid "Change the above to:"
1599
msgstr ""
1600
1601
#: serverguide/C/windows-networking.xml:1520(programlisting)
1602
#, no-wrap
1603
msgid ""
1604
"\n"
1605
"hosts: files dns [NOTFOUND=return]\n"
1606
msgstr ""
1607
1608
#: serverguide/C/windows-networking.xml:1524(para)
1609
msgid "Then restart networking by entering:"
1610
msgstr ""
1611
1612
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1613
msgid "sudo /etc/init.d/networking restart"
1614
msgstr ""
1615
1616
#: serverguide/C/windows-networking.xml:1532(para)
1617
msgid "You should now be able to join the Active Directory domain."
1618
msgstr ""
1619
1620
#: serverguide/C/windows-networking.xml:1540(title)
1621
msgid "Microsoft DNS"
1622
msgstr ""
1623
1624
#: serverguide/C/windows-networking.xml:1542(para)
1625
msgid ""
1626
"The following are instructions for installing DNS on an Active Directory "
1627
"domain controller running Windows Server 2003, but the instructions should "
1628
"be similar for other versions:"
1629
msgstr ""
1630
1631
#: serverguide/C/windows-networking.xml:1551(para)
1632
msgid ""
1633
"Click "
1634
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1635
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1636
"This will open the <application>Server Role Mangement</application> utility."
1637
msgstr ""
1638
1639
#: serverguide/C/windows-networking.xml:1559(para)
1640
msgid "Click <guilabel>Add or remove a role</guilabel>"
1641
msgstr ""
1642
1643
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1644
msgid "Click Next"
1645
msgstr ""
1646
1647
#: serverguide/C/windows-networking.xml:1561(para)
1648
msgid "Select \"DNS Server\""
1649
msgstr ""
1650
1651
#: serverguide/C/windows-networking.xml:1563(para)
1652
msgid "Click Next again to proceed"
1653
msgstr ""
1654
1655
#: serverguide/C/windows-networking.xml:1564(para)
1656
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1657
msgstr ""
1658
1659
#: serverguide/C/windows-networking.xml:1566(para)
1660
msgid ""
1661
"Make sure \"This server maintains the zone\" is selected and click Next."
1662
msgstr ""
1663
1664
#: serverguide/C/windows-networking.xml:1567(para)
1665
msgid "Enter your domain name and click Next"
1666
msgstr ""
1667
1668
#: serverguide/C/windows-networking.xml:1568(para)
1669
msgid "Click Next to \"Allow only secure dynamic updates\""
1670
msgstr ""
1671
1672
#: serverguide/C/windows-networking.xml:1570(para)
1673
msgid ""
1674
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1675
"should not forward queries\" and click Next."
1676
msgstr ""
1677
1678
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1679
msgid "Click Finish"
1680
msgstr ""
1681
1682
#: serverguide/C/windows-networking.xml:1577(para)
1683
msgid ""
1684
"DNS is now installed and can be further configured using the "
1685
"<application>Microsoft Management Console</application> DNS snap-in."
1686
msgstr ""
1687
1688
#: serverguide/C/windows-networking.xml:1585(para)
1689
msgid "Click Start"
1690
msgstr ""
1691
1692
#: serverguide/C/windows-networking.xml:1586(para)
1693
msgid "Control Panel"
1694
msgstr ""
1695
1696
#: serverguide/C/windows-networking.xml:1587(para)
1697
msgid "Network Connections"
1698
msgstr ""
1699
1700
#: serverguide/C/windows-networking.xml:1588(para)
1701
msgid "Right Click \"Local Area Connection\""
1702
msgstr ""
1703
1704
#: serverguide/C/windows-networking.xml:1589(para)
1705
msgid "Click Properties"
1706
msgstr ""
1707
1708
#: serverguide/C/windows-networking.xml:1590(para)
1709
msgid "Double click \"Internet Protocol (TCP/IP)\""
1710
msgstr ""
1711
1712
#: serverguide/C/windows-networking.xml:1591(para)
1713
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1714
msgstr ""
1715
1716
#: serverguide/C/windows-networking.xml:1592(para)
1717
msgid "Click Ok"
1718
msgstr ""
1719
1720
#: serverguide/C/windows-networking.xml:1593(para)
1721
msgid "Click Ok again to save the settings"
1722
msgstr ""
1723
1724
#: serverguide/C/windows-networking.xml:1582(para)
1725
msgid ""
1726
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1727
msgstr ""
1728
1729
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1730
msgid "References"
1731
msgstr ""
1732
1733
#: serverguide/C/windows-networking.xml:1602(para)
1734
msgid ""
1735
"Please refer to the <ulink "
1736
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1737
"further information."
1738
msgstr ""
1739
1740
#: serverguide/C/windows-networking.xml:1606(para)
1741
msgid ""
1742
"For more <application>domainjoin-cli</application> options see the man page: "
1743
"<command>man domainjoin-cli</command>."
1744
msgstr ""
1745
1746
#: serverguide/C/windows-networking.xml:1610(para)
1747
msgid ""
1748
"Also, see the <ulink "
1749
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1750
"LikewiseOpen</ulink> page."
1751
msgstr ""
1752
1753
#: serverguide/C/web-servers.xml:13(title)
1754
msgid "Web Servers"
1755
msgstr ""
1756
1757
#: serverguide/C/web-servers.xml:14(para)
1758
msgid ""
1759
"A Web server is a software responsible for accepting HTTP requests from "
1760
"clients, which are known as Web browsers, and serving them HTTP responses "
1761
"along with optional data contents, which usually are Web pages such as HTML "
1762
"documents and linked objects (images, etc.)."
1763
msgstr ""
1764
1765
#: serverguide/C/web-servers.xml:19(title)
1766
msgid "HTTPD - Apache2 Web Server"
1767
msgstr ""
1768
1769
#: serverguide/C/web-servers.xml:20(para)
1770
msgid ""
1771
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1772
"are used to serve Web Pages requested by client computers. Clients typically "
1773
"request and view Web Pages using Web Browser applications such as "
1774
"<application>Firefox</application>, <application>Opera</application>, or "
1775
"<application>Mozilla</application>."
1776
msgstr ""
1777
1778
#: serverguide/C/web-servers.xml:24(para)
1779
msgid ""
1780
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1781
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1782
"resource. For example, to view the home page of the <ulink "
1783
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1784
"the FQDN. To request specific information about <ulink "
1785
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1786
"enter the FQDN followed by a path."
1787
msgstr ""
1788
1789
#: serverguide/C/web-servers.xml:29(para)
1790
msgid ""
1791
"The most common protocol used to transfer Web pages is the Hyper Text "
1792
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1793
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1794
"protocol for uploading and downloading files, are also supported."
1795
msgstr ""
1796
1797
#: serverguide/C/web-servers.xml:33(para)
1798
msgid ""
1799
"Apache Web Servers are often used in combination with the "
1800
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1801
"(<application>PHP</application>) scripting language, and other popular "
1802
"scripting languages such as <application>Python</application> and "
1803
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1804
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1805
"for the development and deployment of Web-based applications."
1806
msgstr ""
1807
1808
#: serverguide/C/web-servers.xml:42(para)
1809
msgid ""
1810
"The <application>Apache2</application> web server is available in Ubuntu "
1811
"Linux. To install Apache2:"
1812
msgstr ""
1813
1814
#: serverguide/C/web-servers.xml:48(para)
1815
msgid "At a terminal prompt enter the following command:"
1816
msgstr ""
1817
1818
#: serverguide/C/web-servers.xml:53(command)
1819
msgid "sudo apt-get install apache2"
1820
msgstr ""
1821
1822
#: serverguide/C/web-servers.xml:63(para)
1823
msgid ""
1824
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1825
"text configuration files. These <emphasis>directives</emphasis> are "
1826
"separated between the following files and directories:"
1827
msgstr ""
1828
1829
#: serverguide/C/web-servers.xml:71(para)
1830
msgid ""
1831
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1832
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1833
msgstr ""
1834
1835
#: serverguide/C/web-servers.xml:77(para)
1836
msgid ""
1837
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1838
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1839
"serve content may add files, or symlinks, to this directory."
1840
msgstr ""
1841
1842
#: serverguide/C/web-servers.xml:83(para)
1843
msgid ""
1844
"<emphasis>envvars:</emphasis> file where Apache2 "
1845
"<emphasis>environment</emphasis> variables are set."
1846
msgstr ""
1847
1848
#: serverguide/C/web-servers.xml:88(para)
1849
msgid ""
1850
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1851
"file, named after the <application>httpd</application> daemon. The file can "
1852
"be used for <emphasis>user specific</emphasis> configuration options that "
1853
"globally effect Apache2."
1854
msgstr ""
1855
1856
#: serverguide/C/web-servers.xml:95(para)
1857
msgid ""
1858
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1859
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1860
"modules will have specific configuration files, however."
1861
msgstr ""
1862
1863
#: serverguide/C/web-servers.xml:101(para)
1864
msgid ""
1865
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1866
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1867
"configuration file is symlinked it will be enabled the next time "
1868
"<application>apache2</application> is restarted."
1869
msgstr ""
1870
1871
#: serverguide/C/web-servers.xml:108(para)
1872
msgid ""
1873
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1874
"TCP ports Apache2 is listening on."
1875
msgstr ""
1876
1877
#: serverguide/C/web-servers.xml:113(para)
1878
msgid ""
1879
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1880
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1881
"to be configured for multiple sites that have separate configurations."
1882
msgstr ""
1883
1884
#: serverguide/C/web-servers.xml:119(para)
1885
msgid ""
1886
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1887
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1888
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1889
"a configuration file in sites-available is symlinked, the site configured by "
1890
"it will be active once Apache2 is restarted."
1891
msgstr ""
1892
1893
#: serverguide/C/web-servers.xml:127(para)
1894
msgid ""
1895
"In addition, other configuration files may be added using the "
1896
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1897
"many configuration files. Any directive may be placed in any of these "
1898
"configuration files. Changes to the main configuration files are only "
1899
"recognized by Apache2 when it is started or restarted."
1900
msgstr ""
1901
1902
#: serverguide/C/web-servers.xml:136(para)
1903
msgid ""
1904
"The server also reads a file containing mime document types; the filename is "
1905
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1906
"<filename>/etc/mime.types</filename> by default."
1907
msgstr ""
1908
1909
#: serverguide/C/web-servers.xml:141(title)
1910
msgid "Basic Settings"
1911
msgstr ""
1912
1913
#: serverguide/C/web-servers.xml:142(para)
1914
msgid ""
1915
"This section explains Apache2 server essential configuration parameters. "
1916
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1917
"Documentation</ulink> for more details."
1918
msgstr ""
1919
1920
#: serverguide/C/web-servers.xml:150(para)
1921
msgid ""
1922
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1923
"it is configured with a single default virtual host (using the "
1924
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1925
"if you have a single site, or used as a template for additional virtual "
1926
"hosts if you have multiple sites. If left alone, the default virtual host "
1927
"will serve as your default site, or the site users will see if the URL they "
1928
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1929
"your custom sites. To modify the default virtual host, edit the file "
1930
"<filename>/etc/apache2/sites-available/default</filename>."
1931
msgstr ""
1932
1933
#: serverguide/C/web-servers.xml:163(para)
1934
msgid ""
1935
"The directives set for a virtual host only apply to that particular virtual "
1936
"host. If a directive is set server-wide and not defined within the virtual "
1937
"host settings, the default setting is used. For example, you can define a "
1938
"Webmaster email address and not define individual email addresses for each "
1939
"virtual host."
1940
msgstr ""
1941
1942
#: serverguide/C/web-servers.xml:171(para)
1943
msgid ""
1944
"If you wish to configure a new virtual host or site, copy that file into the "
1945
"same directory with a name you choose. For example:"
1946
msgstr ""
1947
1948
#: serverguide/C/web-servers.xml:177(command)
1949
msgid ""
1950
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1951
"available/mynewsite"
1952
msgstr ""
1953
1954
#: serverguide/C/web-servers.xml:180(para)
1955
msgid ""
1956
"Edit the new file to configure the new site using some of the directives "
1957
"described below."
1958
msgstr ""
1959
1960
#: serverguide/C/web-servers.xml:187(para)
1961
msgid ""
1962
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1963
"to be advertised for the server's administrator. The default value is "
1964
"webmaster@localhost. This should be changed to an email address that is "
1965
"delivered to you (if you are the server's administrator). If your website "
1966
"has a problem, Apache2 will display an error message containing this email "
1967
"address to report the problem to. Find this directive in your site's "
1968
"configuration file in /etc/apache2/sites-available."
1969
msgstr ""
1970
1971
#: serverguide/C/web-servers.xml:198(para)
1972
msgid ""
1973
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1974
"the IP address, Apache2 should listen on. If the IP address is not "
1975
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1976
"it runs on. The default value for the Listen directive is 80. Change this to "
1977
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1978
"that it will not be available to the Internet, to (for example) 81 to change "
1979
"the port that it listens on, or leave it as is for normal operation. This "
1980
"directive can be found and changed in its own file, "
1981
"<filename>/etc/apache2/ports.conf</filename>"
1982
msgstr ""
1983
1984
#: serverguide/C/web-servers.xml:211(para)
1985
msgid ""
1986
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1987
"FQDN your site should answer to. The default virtual host has no ServerName "
1988
"directive specified, so it will respond to all requests that do not match a "
1989
"ServerName directive in another virtual host. If you have just acquired the "
1990
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1991
"value of the ServerName directive in your virtual host configuration file "
1992
"should be ubunturocks.com. Add this directive to the new virtual host file "
1993
"you created earlier (<filename>/etc/apache2/sites-"
1994
"available/mynewsite</filename>)."
1995
msgstr ""
1996
1997
#: serverguide/C/web-servers.xml:223(para)
1998
msgid ""
1999
"You may also want your site to respond to www.ubunturocks.com, since many "
2000
"users will assume the www prefix is appropriate. Use the "
2001
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2002
"wildcards in the ServerAlias directive."
2003
msgstr ""
2004
2005
#: serverguide/C/web-servers.xml:230(para)
2006
msgid ""
2007
"For example, the following configuration will cause your site to respond to "
2008
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2009
msgstr ""
2010
2011
#: serverguide/C/web-servers.xml:236(programlisting)
2012
#, no-wrap
2013
msgid ""
2014
"\n"
2015
"ServerAlias *.ubunturocks.com\n"
2016
msgstr ""
2017
2018
#: serverguide/C/web-servers.xml:242(para)
2019
msgid ""
2020
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2021
"should look for the files that make up the site. The default value is "
2022
"/var/www. No site is configured there, but if you uncomment the "
2023
"<emphasis>RedirectMatch</emphasis> directive in "
2024
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2025
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2026
"this value in your site's virtual host file, and remember to create that "
2027
"directory if necessary!"
2028
msgstr ""
2029
2030
#: serverguide/C/web-servers.xml:254(para)
2031
msgid ""
2032
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2033
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2034
"enabled point to \"available\" sites."
2035
msgstr ""
2036
2037
#: serverguide/C/web-servers.xml:260(para)
2038
msgid ""
2039
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2040
"<application>a2ensite</application> utility and restart Apache2:"
2041
msgstr ""
2042
2043
#: serverguide/C/web-servers.xml:266(command)
2044
msgid "sudo a2ensite mynewsite"
2045
msgstr ""
2046
2047
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2048
msgid "sudo /etc/init.d/apache2 restart"
2049
msgstr ""
2050
2051
#: serverguide/C/web-servers.xml:271(para)
2052
msgid ""
2053
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2054
"name for the VirtualHost. One method is to name the file after the "
2055
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2056
msgstr ""
2057
2058
#: serverguide/C/web-servers.xml:278(para)
2059
msgid ""
2060
"Similarly, use the <application>a2dissite</application> utility to disable "
2061
"sites. This is can be useful when troubleshooting configuration problems "
2062
"with multiple VirtualHosts:"
2063
msgstr ""
2064
2065
#: serverguide/C/web-servers.xml:284(command)
2066
msgid "sudo a2dissite mynewsite"
2067
msgstr ""
2068
2069
#: serverguide/C/web-servers.xml:290(title)
2070
msgid "Default Settings"
2071
msgstr ""
2072
2073
#: serverguide/C/web-servers.xml:292(para)
2074
msgid ""
2075
"This section explains configuration of the Apache2 server default settings. "
2076
"For example, if you add a virtual host, the settings you configure for the "
2077
"virtual host take precedence for that virtual host. For a directive not "
2078
"defined within the virtual host settings, the default value is used."
2079
msgstr ""
2080
2081
#: serverguide/C/web-servers.xml:304(para)
2082
msgid ""
2083
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2084
"server when a user requests an index of a directory by specifying a forward "
2085
"slash (/) at the end of the directory name."
2086
msgstr ""
2087
2088
#: serverguide/C/web-servers.xml:311(para)
2089
msgid ""
2090
"For example, when a user requests the page "
2091
"http://www.example.com/this_directory/, he or she will get either the "
2092
"DirectoryIndex page if it exists, a server-generated directory list if it "
2093
"does not and the Indexes option is specified, or a Permission Denied page if "
2094
"neither is true. The server will try to find one of the files listed in the "
2095
"DirectoryIndex directive and will return the first one it finds. If it does "
2096
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2097
"set for that directory, the server will generate and return a list, in HTML "
2098
"format, of the subdirectories and files in the directory. The default value, "
2099
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2100
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2101
"Apache2 finds a file in a requested directory matching any of these names, "
2102
"the first will be displayed."
2103
msgstr ""
2104
2105
#: serverguide/C/web-servers.xml:332(para)
2106
msgid ""
2107
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2108
"file for Apache2 to use for specific error events. For example, if a user "
2109
"requests a resource that does not exist, a 404 error will occur, and per "
2110
"Apache2's default configuration, the file "
2111
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2112
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2113
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2114
"redirects requests to the /error directory to "
2115
"<filename>/usr/share/apache2/error/</filename>."
2116
msgstr ""
2117
2118
#: serverguide/C/web-servers.xml:344(para)
2119
msgid ""
2120
"To see a list of the default ErrorDocument directives, use this command:"
2121
msgstr ""
2122
2123
#: serverguide/C/web-servers.xml:350(command)
2124
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2125
msgstr ""
2126
2127
#: serverguide/C/web-servers.xml:355(para)
2128
msgid ""
2129
"By default, the server writes the transfer log to the file "
2130
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2131
"per-site basis in your virtual host configuration files with the "
2132
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2133
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2134
"specify the file to which errors are logged, via the "
2135
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2136
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2137
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2138
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2139
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2140
"/etc/apache2/apache2.conf</filename> for the default value)."
2141
msgstr ""
2142
2143
#: serverguide/C/web-servers.xml:370(para)
2144
msgid ""
2145
"Some options are specified on a per-directory basis rather than per-server. "
2146
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2147
"is enclosed in XML-like tags, like so:"
2148
msgstr ""
2149
2150
#: serverguide/C/web-servers.xml:376(programlisting)
2151
#, no-wrap
2152
msgid ""
2153
"\n"
2154
"<Directory /var/www/mynewsite>\n"
2155
"...\n"
2156
"</Directory>\n"
2157
msgstr ""
2158
2159
#: serverguide/C/web-servers.xml:382(para)
2160
msgid ""
2161
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2162
"one or more of the following values (among others), separated by spaces:"
2163
msgstr ""
2164
2165
#: serverguide/C/web-servers.xml:394(para)
2166
msgid ""
2167
"Most files should not be executed as CGI scripts. This would be very "
2168
"dangerous. CGI scripts should kept in a directory separate from and outside "
2169
"your DocumentRoot, and only this directory should have the ExecCGI option "
2170
"set. This is the default, and the default location for CGI scripts is "
2171
"<filename>/usr/lib/cgi-bin</filename>."
2172
msgstr ""
2173
2174
#: serverguide/C/web-servers.xml:389(para)
2175
msgid ""
2176
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2177
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2178
msgstr ""
2179
2180
#: serverguide/C/web-servers.xml:405(para)
2181
msgid ""
2182
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2183
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2184
"other files. This is not a common option. See <ulink "
2185
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2186
"HOWTO</ulink> for more information."
2187
msgstr ""
2188
2189
#: serverguide/C/web-servers.xml:414(para)
2190
msgid ""
2191
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2192
"includes, but disable the <emphasis>#exec</emphasis> and "
2193
"<emphasis>#include</emphasis> commands in CGI scripts."
2194
msgstr ""
2195
2196
#: serverguide/C/web-servers.xml:426(para)
2197
msgid ""
2198
"For security reasons, this should usually not be set, and certainly should "
2199
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2200
"per-directory basis only if you are certain you want users to see the entire "
2201
"contents of the directory."
2202
msgstr ""
2203
2204
#: serverguide/C/web-servers.xml:421(para)
2205
msgid ""
2206
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2207
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2208
"index.html) exists in the requested directory. <placeholder-1/>"
2209
msgstr ""
2210
2211
#: serverguide/C/web-servers.xml:436(para)
2212
msgid ""
2213
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2214
"multiviews; this option is disabled by default for security reasons. See the "
2215
"<ulink "
2216
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2217
"Apache2 documentation on this option</ulink>."
2218
msgstr ""
2219
2220
#: serverguide/C/web-servers.xml:444(para)
2221
msgid ""
2222
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2223
"symbolic links if the target file or directory has the same owner as the "
2224
"link."
2225
msgstr ""
2226
2227
#: serverguide/C/web-servers.xml:456(title)
2228
msgid "httpd Settings"
2229
msgstr ""
2230
2231
#: serverguide/C/web-servers.xml:458(para)
2232
msgid ""
2233
"This section explains some basic <application>httpd</application> daemon "
2234
"configuration settings."
2235
msgstr ""
2236
2237
#: serverguide/C/web-servers.xml:462(para)
2238
msgid ""
2239
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2240
"the path to the lockfile used when the server is compiled with either "
2241
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2242
"stored on the local disk. It should be left to the default value unless the "
2243
"logs directory is located on an NFS share. If this is the case, the default "
2244
"value should be changed to a location on the local disk and to a directory "
2245
"that is readable only by root."
2246
msgstr ""
2247
2248
#: serverguide/C/web-servers.xml:471(para)
2249
msgid ""
2250
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2251
"file in which the server records its process ID (pid). This file should only "
2252
"be readable by root. In most cases, it should be left to the default value."
2253
msgstr ""
2254
2255
#: serverguide/C/web-servers.xml:477(para)
2256
msgid ""
2257
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2258
"used by the server to answer requests. This setting determines the server's "
2259
"access. Any files inaccessible to this user will also be inaccessible to "
2260
"your website's visitors. The default value for User is www-data."
2261
msgstr ""
2262
2263
#: serverguide/C/web-servers.xml:484(para)
2264
msgid ""
2265
"Unless you know exactly what you are doing, do not set the User directive to "
2266
"root. Using root as the User will create large security holes for your Web "
2267
"server."
2268
msgstr ""
2269
2270
#: serverguide/C/web-servers.xml:490(para)
2271
msgid ""
2272
"The Group directive is similar to the User directive. Group sets the group "
2273
"under which the server will answer requests. The default group is also www-"
2274
"data."
2275
msgstr ""
2276
2277
#: serverguide/C/web-servers.xml:496(title)
2278
msgid "Apache2 Modules"
2279
msgstr ""
2280
2281
#: serverguide/C/web-servers.xml:498(para)
2282
msgid ""
2283
"Apache2 is a modular server. This implies that only the most basic "
2284
"functionality is included in the core server. Extended features are "
2285
"available through modules which can be loaded into Apache2. By default, a "
2286
"base set of modules is included in the server at compile-time. If the server "
2287
"is compiled to use dynamically loaded modules, then modules can be compiled "
2288
"separately, and added at any time using the LoadModule directive. Otherwise, "
2289
"Apache2 must be recompiled to add or remove modules."
2290
msgstr ""
2291
2292
#: serverguide/C/web-servers.xml:510(para)
2293
msgid ""
2294
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2295
"Configuration directives may be conditionally included on the presence of a "
2296
"particular module by enclosing them in an "
2297
"<emphasis><IfModule></emphasis> block."
2298
msgstr ""
2299
2300
#: serverguide/C/web-servers.xml:517(para)
2301
msgid ""
2302
"You can install additional Apache2 modules and use them with your Web "
2303
"server. For example, run the following command from a terminal prompt to "
2304
"install the <emphasis>MySQL Authentication</emphasis> module:"
2305
msgstr ""
2306
2307
#: serverguide/C/web-servers.xml:524(command)
2308
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2309
msgstr ""
2310
2311
#: serverguide/C/web-servers.xml:527(para)
2312
msgid ""
2313
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2314
"additional modules."
2315
msgstr ""
2316
2317
#: serverguide/C/web-servers.xml:531(para)
2318
msgid ""
2319
"Use the <application>a2enmod</application> utility to enable a module:"
2320
msgstr ""
2321
2322
#: serverguide/C/web-servers.xml:537(command)
2323
msgid "sudo a2enmod auth_mysql"
2324
msgstr ""
2325
2326
#: serverguide/C/web-servers.xml:541(para)
2327
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2328
msgstr ""
2329
2330
#: serverguide/C/web-servers.xml:546(command)
2331
msgid "sudo a2dismod auth_mysql"
2332
msgstr ""
2333
2334
#: serverguide/C/web-servers.xml:553(title)
2335
msgid "HTTPS Configuration"
2336
msgstr ""
2337
2338
#: serverguide/C/web-servers.xml:555(para)
2339
msgid ""
2340
"The <application>mod_ssl</application> module adds an important feature to "
2341
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2342
"browser is communicating using SSL, the https:// prefix is used at the "
2343
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2344
"bar."
2345
msgstr ""
2346
2347
#: serverguide/C/web-servers.xml:564(para)
2348
msgid ""
2349
"The <application>mod_ssl</application> module is available in "
2350
"<application>apache2-common</application> package. Execute the following "
2351
"command from a terminal prompt to enable the "
2352
"<application>mod_ssl</application> module:"
2353
msgstr ""
2354
2355
#: serverguide/C/web-servers.xml:571(command)
2356
msgid "sudo a2enmod ssl"
2357
msgstr ""
2358
2359
#: serverguide/C/web-servers.xml:574(para)
2360
msgid ""
2361
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2362
"available/default-ssl</filename>. In order for "
2363
"<application>Apache2</application> to provide HTTPS, a "
2364
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2365
"needed. The default HTTPS configuration will use a certificate and key "
2366
"generated by the <application>ssl-cert</application> package. They are good "
2367
"for testing, but the auto-generated certificate and key should be replaced "
2368
"by a certificate specific to the site or server. For information on "
2369
"generating a key and obtaining a certificate see <xref "
2370
"linkend=\"certificates-and-security\"/>"
2371
msgstr ""
2372
2373
#: serverguide/C/web-servers.xml:584(para)
2374
msgid ""
2375
"To configure <application>Apache2</application> for HTTPS, enter the "
2376
"following:"
2377
msgstr ""
2378
2379
#: serverguide/C/web-servers.xml:589(command)
2380
msgid "sudo a2ensite default-ssl"
2381
msgstr ""
2382
2383
#: serverguide/C/web-servers.xml:593(para)
2384
msgid ""
2385
"The directories <filename>/etc/ssl/certs</filename> and "
2386
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2387
"install the certificate and key in another directory make sure to change "
2388
"<emphasis>SSLCertificateFile</emphasis> and "
2389
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2390
msgstr ""
2391
2392
#: serverguide/C/web-servers.xml:600(para)
2393
msgid ""
2394
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2395
"settings:"
2396
msgstr ""
2397
2398
#: serverguide/C/web-servers.xml:611(para)
2399
msgid ""
2400
"Depending on how you obtained your certificate you may need to enter a "
2401
"passphrase when <application>Apache2</application> starts."
2402
msgstr ""
2403
2404
#: serverguide/C/web-servers.xml:617(para)
2405
msgid ""
2406
"You can access the secure server pages by typing https://your_hostname/url/ "
2407
"in your browser address bar."
2408
msgstr ""
2409
2410
#: serverguide/C/web-servers.xml:628(para)
2411
msgid ""
2412
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2413
"Documentation</ulink> contains in depth information on Apache2 configuration "
2414
"directives. Also, see the <application>apache2-doc</application> package for "
2415
"the official Apache2 docs."
2416
msgstr ""
2417
2418
#: serverguide/C/web-servers.xml:635(para)
2419
msgid ""
2420
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2421
"Documentation</ulink> site for more SSL related information."
2422
msgstr ""
2423
2424
#: serverguide/C/web-servers.xml:641(para)
2425
msgid ""
2426
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2427
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2428
"configurations."
2429
msgstr ""
2430
2431
#: serverguide/C/web-servers.xml:647(para)
2432
msgid ""
2433
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2434
"server</emphasis> IRC channel on <ulink "
2435
"url=\"http://freenode.net/\">freenode.net</ulink>."
2436
msgstr ""
2437
2438
#: serverguide/C/web-servers.xml:653(para)
2439
msgid ""
2440
"Usually integrated with PHP and MySQL the <ulink "
2441
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2442
"Ubuntu Wiki </ulink> page is a good resource."
2443
msgstr ""
2444
2445
#: serverguide/C/web-servers.xml:664(title)
2446
msgid "PHP5 - Scripting Language"
2447
msgstr ""
2448
2449
#: serverguide/C/web-servers.xml:665(para)
2450
msgid ""
2451
"PHP is a general-purpose scripting language suited for Web development. The "
2452
"PHP script can be embedded into HTML. This section explains how to install "
2453
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2454
msgstr ""
2455
2456
#: serverguide/C/web-servers.xml:669(para)
2457
msgid ""
2458
"This section assumes you have installed and configured Apache2 Web Server "
2459
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2460
"sections in this document to install and configure Apache2 and MySQL "
2461
"respectively."
2462
msgstr ""
2463
2464
#: serverguide/C/web-servers.xml:676(para)
2465
msgid "The PHP5 is available in Ubuntu Linux."
2466
msgstr ""
2467
2468
#: serverguide/C/web-servers.xml:678(para)
2469
msgid ""
2470
"To install PHP5 you can enter the following command in the terminal prompt: "
2471
"<screen>\n"
2472
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2473
"</screen>"
2474
msgstr ""
2475
2476
#: serverguide/C/web-servers.xml:687(para)
2477
msgid ""
2478
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2479
"line you should install <application>php5-cli</application> package. To "
2480
"install <application>php5-cli</application> you can enter the following "
2481
"command in the terminal prompt: <screen>\n"
2482
"<command>sudo apt-get install php5-cli</command>\n"
2483
"</screen>"
2484
msgstr ""
2485
2486
#: serverguide/C/web-servers.xml:696(para)
2487
msgid ""
2488
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2489
"accomplish this, you should install <application>php5-cgi</application> "
2490
"package. You can run the following command in a terminal prompt to install "
2491
"<application>php5-cgi</application> package: <screen>\n"
2492
"<command>sudo apt-get install php5-cgi</command>\n"
2493
"</screen>"
2494
msgstr ""
2495
2496
#: serverguide/C/web-servers.xml:706(para)
2497
msgid ""
2498
"To use <application>MySQL</application> with PHP5 you should install "
2499
"<application>php5-mysql</application> package. To install <application>php5-"
2500
"mysql</application> you can enter the following command in the terminal "
2501
"prompt: <screen>\n"
2502
"<command>sudo apt-get install php5-mysql</command>\n"
2503
"</screen>"
2504
msgstr ""
2505
2506
#: serverguide/C/web-servers.xml:714(para)
2507
msgid ""
2508
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2509
"install <application>php5-pgsql</application> package. To install "
2510
"<application>php5-pgsql</application> you can enter the following command in "
2511
"the terminal prompt: <screen>\n"
2512
"<command>sudo apt-get install php5-pgsql</command>\n"
2513
"</screen>"
2514
msgstr ""
2515
2516
#: serverguide/C/web-servers.xml:727(para)
2517
msgid ""
2518
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2519
"you have installed <application>php5-cli</application> package, you can run "
2520
"PHP5 scripts from your command prompt."
2521
msgstr ""
2522
2523
#: serverguide/C/web-servers.xml:734(para)
2524
msgid ""
2525
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2526
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2527
"when you install the module. Please verify if the files "
2528
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2529
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2530
"not exists, you can enable the module using <command>a2enmod</command> "
2531
"command."
2532
msgstr ""
2533
2534
#: serverguide/C/web-servers.xml:745(para)
2535
msgid ""
2536
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2537
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2538
"following command at a terminal prompt to restart your web server: "
2539
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2540
msgstr ""
2541
2542
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2543
msgid "Testing"
2544
msgstr ""
2545
2546
#: serverguide/C/web-servers.xml:754(para)
2547
msgid ""
2548
"To verify your installation, you can run following PHP5 phpinfo script:"
2549
msgstr ""
2550
2551
#: serverguide/C/web-servers.xml:757(programlisting)
2552
#, no-wrap
2553
msgid ""
2554
"\n"
2555
"<?php\n"
2556
" phpinfo();\n"
2557
"?>\n"
2558
msgstr ""
2559
2560
#: serverguide/C/web-servers.xml:762(para)
2561
msgid ""
2562
"You can save the content in a file <filename>phpinfo.php</filename> and "
2563
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2564
"server. When point your browser to "
2565
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2566
"various PHP5 configuration parameters."
2567
msgstr ""
2568
2569
#: serverguide/C/web-servers.xml:776(para)
2570
msgid ""
2571
"For more in depth information see <ulink "
2572
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2573
msgstr ""
2574
2575
#: serverguide/C/web-servers.xml:781(para)
2576
msgid ""
2577
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2578
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2579
"5</ulink> and the <ulink "
2580
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2581
msgstr ""
2582
2583
#: serverguide/C/web-servers.xml:788(para)
2584
msgid ""
2585
"Also, see the <ulink "
2586
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2587
"Ubuntu Wiki</ulink> page for more information."
2588
msgstr ""
2589
2590
#: serverguide/C/web-servers.xml:799(title)
2591
msgid "Squid - Proxy Server"
2592
msgstr ""
2593
2594
#: serverguide/C/web-servers.xml:800(para)
2595
msgid ""
2596
"Squid is a full-featured web proxy cache server application which provides "
2597
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2598
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2599
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2600
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2601
"caching. Squid also supports a wide variety of caching protocols, such as "
2602
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2603
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2604
"Protocol. (WCCP)"
2605
msgstr ""
2606
2607
#: serverguide/C/web-servers.xml:808(para)
2608
msgid ""
2609
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2610
"and caching server needs, and scales from the branch office to enterprise "
2611
"level networks while providing extensive, granular access control mechanisms "
2612
"and monitoring of critical parameters via the Simple Network Management "
2613
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2614
"Squid proxy, or caching servers, ensure your system is configured with a "
2615
"large amount of physical memory, as Squid maintains an in-memory cache for "
2616
"increased performance."
2617
msgstr ""
2618
2619
#: serverguide/C/web-servers.xml:817(para)
2620
msgid ""
2621
"At a terminal prompt, enter the following command to install the Squid "
2622
"server:"
2623
msgstr ""
2624
2625
#: serverguide/C/web-servers.xml:822(command)
2626
msgid "sudo apt-get install squid"
2627
msgstr ""
2628
2629
#: serverguide/C/web-servers.xml:828(para)
2630
msgid ""
2631
"Squid is configured by editing the directives contained within the "
2632
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2633
"examples illustrate some of the directives which may be modified to affect "
2634
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2635
"see the References section."
2636
msgstr ""
2637
2638
#: serverguide/C/web-servers.xml:834(para)
2639
msgid ""
2640
"Prior to editing the configuration file, you should make a copy of the "
2641
"original file and protect it from writing so you will have the original "
2642
"settings as a reference, and to re-use as necessary."
2643
msgstr ""
2644
2645
#: serverguide/C/web-servers.xml:837(para)
2646
msgid ""
2647
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2648
"writing with the following commands entered at a terminal prompt:"
2649
msgstr ""
2650
2651
#: serverguide/C/web-servers.xml:842(command)
2652
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2653
msgstr ""
2654
2655
#: serverguide/C/web-servers.xml:843(command)
2656
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2657
msgstr ""
2658
2659
#: serverguide/C/web-servers.xml:849(para)
2660
msgid ""
2661
"To set your Squid server to listen on TCP port 8888 instead of the default "
2662
"TCP port 3128, change the http_port directive as such:"
2663
msgstr ""
2664
2665
#: serverguide/C/web-servers.xml:853(programlisting)
2666
#, no-wrap
2667
msgid ""
2668
"\n"
2669
"http_port 8888\n"
2670
msgstr ""
2671
2672
#: serverguide/C/web-servers.xml:858(para)
2673
msgid ""
2674
"Change the visible_hostname directive in order to give the Squid server a "
2675
"specific hostname. This hostname does not necessarily need to be the "
2676
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2677
msgstr ""
2678
2679
#: serverguide/C/web-servers.xml:862(programlisting)
2680
#, no-wrap
2681
msgid ""
2682
"\n"
2683
"visible_hostname weezie\n"
2684
msgstr ""
2685
2686
#: serverguide/C/web-servers.xml:867(para)
2687
msgid ""
2688
"Using Squid's access control, you may configure use of Internet services "
2689
"proxied by Squid to be available only users with certain Internet Protocol "
2690
"(IP) addresses. For example, we will illustrate access by users of the "
2691
"192.168.42.0/24 subnetwork only:"
2692
msgstr ""
2693
2694
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2695
msgid ""
2696
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2697
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2698
msgstr ""
2699
2700
#: serverguide/C/web-servers.xml:875(programlisting)
2701
#, no-wrap
2702
msgid ""
2703
"\n"
2704
"acl fortytwo_network src 192.168.42.0/24\n"
2705
msgstr ""
2706
2707
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2708
msgid ""
2709
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2710
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2711
msgstr ""
2712
2713
#: serverguide/C/web-servers.xml:882(programlisting)
2714
#, no-wrap
2715
msgid ""
2716
"\n"
2717
"http_access allow fortytwo_network\n"
2718
msgstr ""
2719
2720
#: serverguide/C/web-servers.xml:887(para)
2721
msgid ""
2722
"Using the excellent access control features of Squid, you may configure use "
2723
"of Internet services proxied by Squid to be available only during normal "
2724
"business hours. For example, we'll illustrate access by employees of a "
2725
"business which is operating between 9:00AM and 5:00PM, Monday through "
2726
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2727
msgstr ""
2728
2729
#: serverguide/C/web-servers.xml:895(programlisting)
2730
#, no-wrap
2731
msgid ""
2732
"\n"
2733
"acl biz_network src 10.1.42.0/24\n"
2734
"acl biz_hours time M T W T F 9:00-17:00\n"
2735
msgstr ""
2736
2737
#: serverguide/C/web-servers.xml:903(programlisting)
2738
#, no-wrap
2739
msgid ""
2740
"\n"
2741
"http_access allow biz_network biz_hours\n"
2742
msgstr ""
2743
2744
#: serverguide/C/web-servers.xml:910(para)
2745
msgid ""
2746
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2747
"save the file and restart the <application>squid</application> server "
2748
"application to effect the changes using the following command entered at a "
2749
"terminal prompt:"
2750
msgstr ""
2751
2752
#: serverguide/C/web-servers.xml:917(command)
2753
msgid "sudo /etc/init.d/squid restart"
2754
msgstr ""
2755
2756
#: serverguide/C/web-servers.xml:924(ulink)
2757
msgid "Squid Website"
2758
msgstr ""
2759
2760
#: serverguide/C/web-servers.xml:926(para)
2761
msgid ""
2762
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2763
"Squid</ulink> page."
2764
msgstr ""
2765
2766
#: serverguide/C/web-servers.xml:933(title)
2767
msgid "Ruby on Rails"
2768
msgstr ""
2769
2770
#: serverguide/C/web-servers.xml:934(para)
2771
msgid ""
2772
"Ruby on Rails is an open source web framework for developing database backed "
2773
"web applications. It is optimized for sustainable productivity of the "
2774
"programmer since it lets the programmer to write code by favouring "
2775
"convention over configuration."
2776
msgstr ""
2777
2778
#: serverguide/C/web-servers.xml:941(para)
2779
msgid ""
2780
"Before installing <application>Rails</application> you should install "
2781
"<application>Apache</application> and <application>MySQL</application>. To "
2782
"install the <application>Apache</application> package, please refer to <xref "
2783
"linkend=\"httpd\"/>. For instructions on installing "
2784
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2785
msgstr ""
2786
2787
#: serverguide/C/web-servers.xml:949(para)
2788
msgid ""
2789
"Once you have <application>Apache</application> and "
2790
"<application>MySQL</application> packages installed, you are ready to "
2791
"install <application>Ruby on Rails</application> package."
2792
msgstr ""
2793
2794
#: serverguide/C/web-servers.xml:956(para)
2795
msgid ""
2796
"To install the <application>Ruby</application> base packages and "
2797
"<application>Ruby on Rails</application>, you can enter the following "
2798
"command in the terminal prompt:"
2799
msgstr ""
2800
2801
#: serverguide/C/web-servers.xml:962(command)
2802
msgid "sudo apt-get install rails"
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:968(para)
2806
msgid ""
2807
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2808
"configuration file to setup your domains."
2809
msgstr ""
2810
2811
#: serverguide/C/web-servers.xml:972(para)
2812
msgid ""
2813
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2814
msgstr ""
2815
2816
#: serverguide/C/web-servers.xml:976(programlisting)
2817
#, no-wrap
2818
msgid ""
2819
"\n"
2820
"DocumentRoot /path/to/rails/application/public\n"
2821
msgstr ""
2822
2823
#: serverguide/C/web-servers.xml:979(para)
2824
msgid ""
2825
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2826
"directive:"
2827
msgstr ""
2828
2829
#: serverguide/C/web-servers.xml:983(programlisting)
2830
#, no-wrap
2831
msgid ""
2832
"\n"
2833
"<Directory \"/path/to/rails/application/public\">\n"
2834
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2835
" AllowOverride All\n"
2836
" Order allow,deny\n"
2837
" allow from all\n"
2838
" AddHandler cgi-script .cgi\n"
2839
"</Directory>\n"
2840
msgstr ""
2841
2842
#: serverguide/C/web-servers.xml:993(para)
2843
msgid ""
2844
"You should also enable the <application>mod_rewrite</application> module for "
2845
"Apache. To enable <application>mod_rewrite</application> module, please "
2846
"enter the following command in a terminal prompt:"
2847
msgstr ""
2848
2849
#: serverguide/C/web-servers.xml:999(command)
2850
msgid "sudo a2enmod rewrite"
2851
msgstr ""
2852
2853
#: serverguide/C/web-servers.xml:1002(para)
2854
msgid ""
2855
"Finally you will need to change the ownership of the "
2856
"<filename>/path/to/rails/application/public</filename> and "
2857
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2858
"used to run the <application>Apache</application> process:"
2859
msgstr ""
2860
2861
#: serverguide/C/web-servers.xml:1008(command)
2862
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2863
msgstr ""
2864
2865
#: serverguide/C/web-servers.xml:1009(command)
2866
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2867
msgstr ""
2868
2869
#: serverguide/C/web-servers.xml:1012(para)
2870
msgid ""
2871
"That's it! Now you have your Server ready for your <application>Ruby on "
2872
"Rails</application> applications."
2873
msgstr ""
2874
2875
#: serverguide/C/web-servers.xml:1021(para)
2876
msgid ""
2877
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2878
"for more information."
2879
msgstr ""
2880
2881
#: serverguide/C/web-servers.xml:1026(para)
2882
msgid ""
2883
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2884
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2885
"resource."
2886
msgstr ""
2887
2888
#: serverguide/C/web-servers.xml:1032(para)
2889
msgid ""
2890
"Another place for more information is the <ulink "
2891
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2892
"Wiki</ulink> page."
2893
msgstr ""
2894
2895
#: serverguide/C/web-servers.xml:1043(title)
2896
msgid "Apache Tomcat"
2897
msgstr ""
2898
2899
#: serverguide/C/web-servers.xml:1044(para)
2900
msgid ""
2901
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2902
"JSP (Java Server Pages) web applications."
2903
msgstr ""
2904
2905
#: serverguide/C/web-servers.xml:1046(para)
2906
msgid ""
2907
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2908
"different ways of running Tomcat. You can install them as a classic unique "
2909
"system-wide instance, that will be started at boot time and will run as the "
2910
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2911
"will run with your own user rights, and that you should start and stop by "
2912
"yourself. This second way is particularly useful in a development server "
2913
"context where multiple users need to test on their own private Tomcat "
2914
"instances."
2915
msgstr ""
2916
2917
#: serverguide/C/web-servers.xml:1056(title)
2918
msgid "System-wide installation"
2919
msgstr ""
2920
2921
#: serverguide/C/web-servers.xml:1057(para)
2922
msgid ""
2923
"To install the <application>Tomcat</application> server, you can enter the "
2924
"following command in the terminal prompt:"
2925
msgstr ""
2926
2927
#: serverguide/C/web-servers.xml:1060(command)
2928
msgid "sudo apt-get install tomcat6"
2929
msgstr ""
2930
2931
#: serverguide/C/web-servers.xml:1062(para)
2932
msgid ""
2933
"This will install a Tomcat server with just a default ROOT webapp that "
2934
"displays a minimal \"It works\" page by default."
2935
msgstr ""
2936
2937
#: serverguide/C/web-servers.xml:1068(para)
2938
msgid ""
2939
"Tomcat configuration files can be found in "
2940
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2941
"will be described here, please see <ulink "
2942
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2943
"documentation</ulink> for more."
2944
msgstr ""
2945
2946
#: serverguide/C/web-servers.xml:1074(title)
2947
msgid "Changing default ports"
2948
msgstr ""
2949
2950
#: serverguide/C/web-servers.xml:1075(para)
2951
msgid ""
2952
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2953
"connector on port 8009. You might want to change those default ports to "
2954
"avoid conflict with another server on the system. This is done by changing "
2955
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2956
msgstr ""
2957
2958
#: serverguide/C/web-servers.xml:1080(programlisting)
2959
#, no-wrap
2960
msgid ""
2961
"\n"
2962
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2963
" connectionTimeout=\"20000\" \n"
2964
" redirectPort=\"8443\" />\n"
2965
"...\n"
2966
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2967
"/>\n"
2968
msgstr ""
2969
2970
#: serverguide/C/web-servers.xml:1089(title)
2971
msgid "Changing JVM used"
2972
msgstr ""
2973
2974
#: serverguide/C/web-servers.xml:1090(para)
2975
msgid ""
2976
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2977
"then try some other JVMs. If you have various JVMs installed, you can set "
2978
"which should be used by setting JAVA_HOME in "
2979
"<filename>/etc/default/tomcat6</filename>:"
2980
msgstr ""
2981
2982
#: serverguide/C/web-servers.xml:1094(programlisting)
2983
#, no-wrap
2984
msgid ""
2985
"\n"
2986
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2987
msgstr ""
2988
2989
#: serverguide/C/web-servers.xml:1099(title)
2990
msgid "Declaring users and roles"
2991
msgstr ""
2992
2993
#: serverguide/C/web-servers.xml:1100(para)
2994
msgid ""
2995
"Usernames, passwords and roles (groups) can be defined centrally in a "
2996
"Servlet container. In Tomcat 6.0 this is done in the "
2997
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2998
msgstr ""
2999
3000
#: serverguide/C/web-servers.xml:1103(programlisting)
3001
#, no-wrap
3002
msgid ""
3003
"\n"
3004
"<role rolename=\"admin\"/>\n"
3005
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3006
msgstr ""
3007
3008
#: serverguide/C/web-servers.xml:1111(title)
3009
msgid "Using Tomcat standard webapps"
3010
msgstr ""
3011
3012
#: serverguide/C/web-servers.xml:1112(para)
3013
msgid ""
3014
"Tomcat is shipped with webapps that you can install for documentation, "
3015
"administration or demo purposes."
3016
msgstr ""
3017
3018
#: serverguide/C/web-servers.xml:1115(title)
3019
msgid "Tomcat documentation"
3020
msgstr ""
3021
3022
#: serverguide/C/web-servers.xml:1116(para)
3023
msgid ""
3024
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3025
"documentation, packaged as a webapp that you can access by default at "
3026
"http://yourserver:8080/docs. You can install it by entering the following "
3027
"command in the terminal prompt:"
3028
msgstr ""
3029
3030
#: serverguide/C/web-servers.xml:1121(command)
3031
msgid "sudo apt-get install tomcat6-docs"
3032
msgstr ""
3033
3034
#: serverguide/C/web-servers.xml:1125(title)
3035
msgid "Tomcat administration webapps"
3036
msgstr ""
3037
3038
#: serverguide/C/web-servers.xml:1126(para)
3039
msgid ""
3040
"The <application>tomcat6-admin</application> package contains two webapps "
3041
"that can be used to administer the Tomcat server using a web interface. You "
3042
"can install them by entering the following command in the terminal prompt:"
3043
msgstr ""
3044
3045
#: serverguide/C/web-servers.xml:1131(command)
3046
msgid "sudo apt-get install tomcat6-admin"
3047
msgstr ""
3048
3049
#: serverguide/C/web-servers.xml:1133(para)
3050
msgid ""
3051
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3052
"access by default at http://yourserver:8080/manager/html. It is primarily "
3053
"used to get server status and restart webapps."
3054
msgstr ""
3055
3056
#: serverguide/C/web-servers.xml:1136(para)
3057
msgid ""
3058
"Access to the <emphasis>manager</emphasis> application is protected by "
3059
"default: you need to define a user with the role \"manager\" in "
3060
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3061
msgstr ""
3062
3063
#: serverguide/C/web-servers.xml:1140(para)
3064
msgid ""
3065
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3066
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3067
"used to create virtual hosts dynamically."
3068
msgstr ""
3069
3070
#: serverguide/C/web-servers.xml:1144(para)
3071
msgid ""
3072
"Access to the <emphasis>host-manager</emphasis> application is also "
3073
"protected by default: you need to define a user with the role \"admin\" in "
3074
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3075
msgstr ""
3076
3077
#: serverguide/C/web-servers.xml:1149(para)
3078
msgid ""
3079
"For security reasons, the tomcat6 user cannot write to the "
3080
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3081
"these admin webapps (application deployment, virtual host creation) need "
3082
"write access to that directory. If you want to use these features execute "
3083
"the following, to give users in the tomcat6 group the necessary rights:"
3084
msgstr ""
3085
3086
#: serverguide/C/web-servers.xml:1156(command)
3087
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3088
msgstr ""
3089
3090
#: serverguide/C/web-servers.xml:1157(command)
3091
msgid "sudo chmod -R g+w /etc/tomcat6"
3092
msgstr ""
3093
3094
#: serverguide/C/web-servers.xml:1162(title)
3095
msgid "Tomcat examples webapps"
3096
msgstr ""
3097
3098
#: serverguide/C/web-servers.xml:1163(para)
3099
msgid ""
3100
"The <application>tomcat6-examples</application> package contains two webapps "
3101
"that can be used to test or demonstrate Servlets and JSP features, which you "
3102
"can access them by default at http://yourserver:8080/examples. You can "
3103
"install them by entering the following command in the terminal prompt:"
3104
msgstr ""
3105
3106
#: serverguide/C/web-servers.xml:1169(command)
3107
msgid "sudo apt-get install tomcat6-examples"
3108
msgstr ""
3109
3110
#: serverguide/C/web-servers.xml:1175(title)
3111
msgid "Using private instances"
3112
msgstr ""
3113
3114
#: serverguide/C/web-servers.xml:1176(para)
3115
msgid ""
3116
"Tomcat is heavily used in development and testing scenarios where using a "
3117
"single system-wide instance doesn't meet the requirements of multiple users "
3118
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3119
"help deploy your own user-oriented instances, allowing every user on a "
3120
"system to run (without root rights) separate private instances while still "
3121
"using the system-installed libraries."
3122
msgstr ""
3123
3124
#: serverguide/C/web-servers.xml:1183(para)
3125
msgid ""
3126
"It is possible to run the system-wide instance and the private instances in "
3127
"parallel, as long as they do not use the same TCP ports."
3128
msgstr ""
3129
3130
#: serverguide/C/web-servers.xml:1187(title)
3131
msgid "Installing private instance support"
3132
msgstr ""
3133
3134
#: serverguide/C/web-servers.xml:1188(para)
3135
msgid ""
3136
"You can install everything necessary to run private instances by entering "
3137
"the following command in the terminal prompt:"
3138
msgstr ""
3139
3140
#: serverguide/C/web-servers.xml:1191(command)
3141
msgid "sudo apt-get install tomcat6-user"
3142
msgstr ""
3143
3144
#: serverguide/C/web-servers.xml:1195(title)
3145
msgid "Creating a private instance"
3146
msgstr ""
3147
3148
#: serverguide/C/web-servers.xml:1196(para)
3149
msgid ""
3150
"You can create a private instance directory by entering the following "
3151
"command in the terminal prompt:"
3152
msgstr ""
3153
3154
#: serverguide/C/web-servers.xml:1199(command)
3155
msgid "tomcat6-instance-create my-instance"
3156
msgstr ""
3157
3158
#: serverguide/C/web-servers.xml:1201(para)
3159
msgid ""
3160
"This will create a new <filename>my-instance</filename> directory with all "
3161
"the necessary subdirectories and scripts. You can for example install your "
3162
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3163
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3164
"are deployed by default."
3165
msgstr ""
3166
3167
#: serverguide/C/web-servers.xml:1209(title)
3168
msgid "Configuring your private instance"
3169
msgstr ""
3170
3171
#: serverguide/C/web-servers.xml:1210(para)
3172
msgid ""
3173
"You will find the classic Tomcat configuration files for your private "
3174
"instance in the <filename>conf/</filename> subdirectory. You should for "
3175
"example certainly edit the <filename>conf/server.xml</filename> file to "
3176
"change the default ports used by your private Tomcat instance to avoid "
3177
"conflict with other instances that might be running."
3178
msgstr ""
3179
3180
#: serverguide/C/web-servers.xml:1218(title)
3181
msgid "Starting/stopping your private instance"
3182
msgstr ""
3183
3184
#: serverguide/C/web-servers.xml:1219(para)
3185
msgid ""
3186
"You can start your private instance by entering the following command in the "
3187
"terminal prompt (supposing your instance is located in the <filename>my-"
3188
"instance</filename> directory):"
3189
msgstr ""
3190
3191
#: serverguide/C/web-servers.xml:1223(command)
3192
msgid "my-instance/bin/startup.sh"
3193
msgstr ""
3194
3195
#: serverguide/C/web-servers.xml:1225(para)
3196
msgid ""
3197
"You should check the <filename>logs/</filename> subdirectory for any error. "
3198
"If you have a <emphasis>java.net.BindException: Address already in "
3199
"use<null>:8080</emphasis> error, it means that the port you're using "
3200
"is already taken and that you should change it."
3201
msgstr ""
3202
3203
#: serverguide/C/web-servers.xml:1230(para)
3204
msgid ""
3205
"You can stop your instance by entering the following command in the terminal "
3206
"prompt (supposing your instance is located in the <filename>my-"
3207
"instance</filename> directory):"
3208
msgstr ""
3209
3210
#: serverguide/C/web-servers.xml:1234(command)
3211
msgid "my-instance/bin/shutdown.sh"
3212
msgstr ""
3213
3214
#: serverguide/C/web-servers.xml:1243(para)
3215
msgid ""
3216
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3217
"website for more information."
3218
msgstr ""
3219
3220
#: serverguide/C/web-servers.xml:1248(para)
3221
msgid ""
3222
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3223
"Definitive Guide</ulink> is a good resource for building web applications "
3224
"with Tomcat."
3225
msgstr ""
3226
3227
#: serverguide/C/web-servers.xml:1254(para)
3228
msgid ""
3229
"For additional books see the <ulink "
3230
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3231
"page."
3232
msgstr ""
3233
3234
#: serverguide/C/web-servers.xml:1259(para)
3235
msgid ""
3236
"Also, see the<ulink "
3237
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3238
"Tomcat</ulink> page."
3239
msgstr ""
3240
3241
#: serverguide/C/vpn.xml:13(title)
3242
msgid "VPN"
3243
msgstr ""
3244
3245
#: serverguide/C/vpn.xml:15(para)
3246
msgid ""
3247
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3248
"network connection between two or more networks. There are several ways to "
3249
"create a VPN using software as well as dedicated hardware appliances. This "
3250
"chapter will cover installing and configuring "
3251
"<application>OpenVPN</application> to create a VPN between two servers."
3252
msgstr ""
3253
3254
#: serverguide/C/vpn.xml:23(title)
3255
msgid "OpenVPN"
3256
msgstr ""
3257
3258
#: serverguide/C/vpn.xml:25(para)
3259
msgid ""
3260
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3261
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3262
"clients through a bridge interface on the VPN server. This guide will assume "
3263
"that one VPN node, the server in this case, has a bridge interface "
3264
"configured. For more information on setting up a bridge see <xref "
3265
"linkend=\"bridging\"/>."
3266
msgstr ""
3267
3268
#: serverguide/C/vpn.xml:35(para)
3269
msgid "To install <application>openvpn</application> in a terminal enter:"
3270
msgstr ""
3271
3272
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3273
msgid "sudo apt-get install openvpn"
3274
msgstr ""
3275
3276
#: serverguide/C/vpn.xml:45(title)
3277
msgid "Server Certificates"
3278
msgstr ""
3279
3280
#: serverguide/C/vpn.xml:47(para)
3281
msgid ""
3282
"Now that the <application>openvpn</application> package is installed, the "
3283
"certificates for the VPN server need to be created."
3284
msgstr ""
3285
3286
#: serverguide/C/vpn.xml:52(para)
3287
msgid ""
3288
"First, copy the <filename>easy-rsa</filename> directory to "
3289
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3290
"scripts will not be lost when the package is updated. You will also need to "
3291
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3292
"the current user permission to create files. From a terminal enter:"
3293
msgstr ""
3294
3295
#: serverguide/C/vpn.xml:59(command)
3296
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3297
msgstr ""
3298
3299
#: serverguide/C/vpn.xml:60(command)
3300
msgid ""
3301
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3302
"rsa/"
3303
msgstr ""
3304
3305
#: serverguide/C/vpn.xml:61(command)
3306
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3307
msgstr ""
3308
3309
#: serverguide/C/vpn.xml:64(para)
3310
msgid ""
3311
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3312
"following to your environment:"
3313
msgstr ""
3314
3315
#: serverguide/C/vpn.xml:68(programlisting)
3316
#, no-wrap
3317
msgid ""
3318
"\n"
3319
"export KEY_COUNTRY=\"US\"\n"
3320
"export KEY_PROVINCE=\"NC\"\n"
3321
"export KEY_CITY=\"Winston-Salem\"\n"
3322
"export KEY_ORG=\"Example Company\"\n"
3323
"export KEY_EMAIL=\"steve@example.com\"\n"
3324
msgstr ""
3325
3326
#: serverguide/C/vpn.xml:76(para)
3327
msgid "Enter the following to create the server certificates:"
3328
msgstr ""
3329
3330
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3331
msgid "cd /etc/openvpn/easy-rsa/"
3332
msgstr ""
3333
3334
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3335
msgid "source vars"
3336
msgstr ""
3337
3338
#: serverguide/C/vpn.xml:83(command)
3339
msgid "./clean-all"
3340
msgstr ""
3341
3342
#: serverguide/C/vpn.xml:84(command)
3343
msgid "./build-dh"
3344
msgstr ""
3345
3346
#: serverguide/C/vpn.xml:85(command)
3347
msgid "./pkitool --initca"
3348
msgstr ""
3349
3350
#: serverguide/C/vpn.xml:86(command)
3351
msgid "./pkitool --server server"
3352
msgstr ""
3353
3354
#: serverguide/C/vpn.xml:87(command)
3355
msgid "cd keys"
3356
msgstr ""
3357
3358
#: serverguide/C/vpn.xml:88(command)
3359
msgid "openvpn --genkey --secret ta.key"
3360
msgstr ""
3361
3362
#: serverguide/C/vpn.xml:89(command)
3363
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3364
msgstr ""
3365
3366
#: serverguide/C/vpn.xml:94(title)
3367
msgid "Client Certificates"
3368
msgstr ""
3369
3370
#: serverguide/C/vpn.xml:96(para)
3371
msgid ""
3372
"The VPN client will also need a certificate to authenticate itself to the "
3373
"server. To create the certificate, enter the following in a terminal:"
3374
msgstr ""
3375
3376
#: serverguide/C/vpn.xml:104(command)
3377
msgid "./pkitool hostname"
3378
msgstr ""
3379
3380
#: serverguide/C/vpn.xml:108(para)
3381
msgid ""
3382
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3383
"machine connecting to the VPN."
3384
msgstr ""
3385
3386
#: serverguide/C/vpn.xml:113(para)
3387
msgid "Copy the following files to the client:"
3388
msgstr ""
3389
3390
#: serverguide/C/vpn.xml:118(para)
3391
msgid "/etc/openvpn/ca.crt"
3392
msgstr ""
3393
3394
#: serverguide/C/vpn.xml:119(para)
3395
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3396
msgstr ""
3397
3398
#: serverguide/C/vpn.xml:120(para)
3399
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3400
msgstr ""
3401
3402
#: serverguide/C/vpn.xml:121(para)
3403
msgid "/etc/openvpn/ta.key"
3404
msgstr ""
3405
3406
#: serverguide/C/vpn.xml:125(para)
3407
msgid ""
3408
"Remember to adjust the above file names for your client machine's "
3409
"<emphasis>hostname</emphasis>."
3410
msgstr ""
3411
3412
#: serverguide/C/vpn.xml:130(para)
3413
msgid ""
3414
"It is best to use a secure method to copy the certificate and key files. The "
3415
"<application>scp</application> utility is a good choice, but copying the "
3416
"files to removable media then to the client, also works well."
3417
msgstr ""
3418
3419
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3420
msgid "Server Configuration"
3421
msgstr ""
3422
3423
#: serverguide/C/vpn.xml:143(para)
3424
msgid ""
3425
"Now configure the <application>openvpn</application> server by creating "
3426
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3427
"terminal enter:"
3428
msgstr ""
3429
3430
#: serverguide/C/vpn.xml:149(command)
3431
msgid ""
3432
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3433
"/etc/openvpn/"
3434
msgstr ""
3435
3436
#: serverguide/C/vpn.xml:150(command)
3437
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3438
msgstr ""
3439
3440
#: serverguide/C/vpn.xml:153(para)
3441
msgid ""
3442
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3443
"options to:"
3444
msgstr ""
3445
3446
#: serverguide/C/vpn.xml:157(programlisting)
3447
#, no-wrap
3448
msgid ""
3449
"\n"
3450
"local 172.18.100.101\n"
3451
"dev tap0\n"
3452
"up \"/etc/openvpn/up.sh br0\"\n"
3453
"down \"/etc/openvpn/down.sh br0\"\n"
3454
";server 10.8.0.0 255.255.255.0\n"
3455
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3456
"push \"route 172.18.100.1 255.255.255.0\"\n"
3457
"push \"dhcp-option DNS 172.18.100.20\"\n"
3458
"push \"dhcp-option DOMAIN example.com\"\n"
3459
"tls-auth ta.key 0 # This file is secret\n"
3460
"user nobody\n"
3461
"group nogroup\n"
3462
msgstr ""
3463
3464
#: serverguide/C/vpn.xml:174(para)
3465
msgid ""
3466
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3467
msgstr ""
3468
3469
#: serverguide/C/vpn.xml:179(para)
3470
msgid ""
3471
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3472
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3473
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3474
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3475
"to clients."
3476
msgstr ""
3477
3478
#: serverguide/C/vpn.xml:186(para)
3479
msgid ""
3480
"<emphasis>push</emphasis>: are directives to add networking options for "
3481
"clients."
3482
msgstr ""
3483
3484
#: serverguide/C/vpn.xml:191(para)
3485
msgid ""
3486
"<emphasis>user and group</emphasis>: configure which user and group the "
3487
"<application>openvpn</application> daemon executes as."
3488
msgstr ""
3489
3490
#: serverguide/C/vpn.xml:198(para)
3491
msgid ""
3492
"Replace all IP addresses and domain names above with those of your network."
3493
msgstr ""
3494
3495
#: serverguide/C/vpn.xml:203(para)
3496
msgid ""
3497
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3498
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3499
msgstr ""
3500
3501
#: serverguide/C/vpn.xml:207(programlisting)
3502
#, no-wrap
3503
msgid ""
3504
"\n"
3505
"#!/bin/sh\n"
3506
"\n"
3507
"BR=$1\n"
3508
"DEV=$2\n"
3509
"MTU=$3\n"
3510
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3511
"/usr/sbin/brctl addif $BR $DEV\n"
3512
msgstr ""
3513
3514
#: serverguide/C/vpn.xml:217(para)
3515
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3516
msgstr ""
3517
3518
#: serverguide/C/vpn.xml:221(programlisting)
3519
#, no-wrap
3520
msgid ""
3521
"\n"
3522
"#!/bin/sh\n"
3523
"\n"
3524
"BR=$1\n"
3525
"DEV=$2\n"
3526
"\n"
3527
"/usr/sbin/brctl delif $BR $DEV\n"
3528
"/sbin/ifconfig $DEV down\n"
3529
msgstr ""
3530
3531
#: serverguide/C/vpn.xml:231(para)
3532
msgid "Then make them executable:"
3533
msgstr ""
3534
3535
#: serverguide/C/vpn.xml:236(command)
3536
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3537
msgstr ""
3538
3539
#: serverguide/C/vpn.xml:237(command)
3540
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3541
msgstr ""
3542
3543
#: serverguide/C/vpn.xml:240(para)
3544
msgid ""
3545
"After configuring the server, restart <application>openvpn</application> by "
3546
"entering:"
3547
msgstr ""
3548
3549
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3550
msgid "sudo /etc/init.d/openvpn restart"
3551
msgstr ""
3552
3553
#: serverguide/C/vpn.xml:250(title)
3554
msgid "Client Configuration"
3555
msgstr ""
3556
3557
#: serverguide/C/vpn.xml:252(para)
3558
msgid "First, install <application>openvpn</application> on the client:"
3559
msgstr ""
3560
3561
#: serverguide/C/vpn.xml:260(para)
3562
msgid ""
3563
"Then with the server configured and the client certificates copied to the "
3564
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3565
"file by copying the example. In a terminal on the client machine enter:"
3566
msgstr ""
3567
3568
#: serverguide/C/vpn.xml:266(command)
3569
msgid ""
3570
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3571
"/etc/openvpn"
3572
msgstr ""
3573
3574
#: serverguide/C/vpn.xml:269(para)
3575
msgid ""
3576
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3577
"following options:"
3578
msgstr ""
3579
3580
#: serverguide/C/vpn.xml:273(programlisting)
3581
#, no-wrap
3582
msgid ""
3583
"\n"
3584
"dev tap\n"
3585
"remote vpn.example.com 1194\n"
3586
"cert hostname.crt\n"
3587
"key hostname.key\n"
3588
"tls-auth ta.key 1\n"
3589
msgstr ""
3590
3591
#: serverguide/C/vpn.xml:282(para)
3592
msgid ""
3593
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3594
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3595
"key filenames."
3596
msgstr ""
3597
3598
#: serverguide/C/vpn.xml:288(para)
3599
msgid "Finally, restart <application>openvpn</application>:"
3600
msgstr ""
3601
3602
#: serverguide/C/vpn.xml:296(para)
3603
msgid "You should now be able to connect to the remote LAN through the VPN."
3604
msgstr ""
3605
3606
#: serverguide/C/vpn.xml:307(para)
3607
msgid ""
3608
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3609
"additional information."
3610
msgstr ""
3611
3612
#: serverguide/C/vpn.xml:312(para)
3613
msgid ""
3614
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3615
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3616
msgstr ""
3617
3618
#: serverguide/C/vpn.xml:318(para)
3619
msgid ""
3620
"Another source of further information is the <ulink "
3621
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3622
"OpenVPN</ulink> page."
3623
msgstr ""
3624
3625
#: serverguide/C/virtualization.xml:13(title)
3626
msgid "Virtualization"
3627
msgstr ""
3628
3629
#: serverguide/C/virtualization.xml:14(para)
3630
msgid ""
3631
"Virtualization is being adopted in many different environments and "
3632
"situations. If you are a developer, virtualization can provide you with a "
3633
"contained environment where you can safely do almost any sort of development "
3634
"safe from messing up your main working environment. If you are a systems "
3635
"administrator, you can use virtualization to more easily separate your "
3636
"services and move them around based on demand."
3637
msgstr ""
3638
3639
#: serverguide/C/virtualization.xml:20(para)
3640
msgid ""
3641
"The default virtualization technology supported in Ubuntu is "
3642
"<application>KVM</application>, a technology that takes advantage of "
3643
"virtualization extensions built into Intel and AMD hardware. For hardware "
3644
"without virtualization extensions <application>Xen</application> and "
3645
"<application>Qemu</application> are popular solutions."
3646
msgstr ""
3647
3648
#: serverguide/C/virtualization.xml:27(title)
3649
msgid "libvirt"
3650
msgstr ""
3651
3652
#: serverguide/C/virtualization.xml:28(para)
3653
msgid ""
3654
"The <application>libvirt</application> library is used to interface with "
3655
"different virtualization technologies. Before getting started with "
3656
"<application>libvirt</application> it is best to make sure your hardware "
3657
"supports the necessary virtualization extensions for "
3658
"<application>KVM</application>. Enter the following from a terminal prompt:"
3659
msgstr ""
3660
3661
#: serverguide/C/virtualization.xml:35(command)
3662
msgid "kvm-ok"
3663
msgstr ""
3664
3665
#: serverguide/C/virtualization.xml:37(para)
3666
msgid ""
3667
"A message will be printed informing you if your CPU "
3668
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3669
"virtualization."
3670
msgstr ""
3671
3672
#: serverguide/C/virtualization.xml:41(para)
3673
msgid ""
3674
"On most computer whose processor supports virtualization, it is necessary to "
3675
"activate an option in the BIOS to enable it."
3676
msgstr ""
3677
3678
#: serverguide/C/virtualization.xml:47(title)
3679
msgid "Virtual Networking"
3680
msgstr ""
3681
3682
#: serverguide/C/virtualization.xml:49(para)
3683
msgid ""
3684
"There are a few different ways to allow a virtual machine access to the "
3685
"external network. The default virtual network configuration is "
3686
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3687
"traffic is NATed through the host interface to the outside network."
3688
msgstr ""
3689
3690
#: serverguide/C/virtualization.xml:54(para)
3691
msgid ""
3692
"To enable external hosts to directly access services on virtual machines a "
3693
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3694
"interfaces to connect to the outside network through the physical interface, "
3695
"making them appear as normal hosts to the rest of the network. For "
3696
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3697
msgstr ""
3698
3699
#: serverguide/C/virtualization.xml:63(para)
3700
msgid "To install the necessary packages, from a terminal prompt enter:"
3701
msgstr ""
3702
3703
#: serverguide/C/virtualization.xml:67(command)
3704
msgid "sudo apt-get install kvm libvirt-bin"
3705
msgstr ""
3706
3707
#: serverguide/C/virtualization.xml:69(para)
3708
msgid ""
3709
"After installing <application>libvirt-bin</application>, the user used to "
3710
"manage virtual machines will need to be added to the "
3711
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3712
"the advanced networking options."
3713
msgstr ""
3714
3715
#: serverguide/C/virtualization.xml:73(para)
3716
msgid "In a terminal enter:"
3717
msgstr ""
3718
3719
#: serverguide/C/virtualization.xml:77(command)
3720
msgid "sudo adduser $USER libvirtd"
3721
msgstr ""
3722
3723
#: serverguide/C/virtualization.xml:80(para)
3724
msgid ""
3725
"If the user chosen is the current user, you will need to log out and back in "
3726
"for the new group membership to take effect."
3727
msgstr ""
3728
3729
#: serverguide/C/virtualization.xml:84(para)
3730
msgid ""
3731
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3732
"Installing a virtual machine follows the same process as installing the "
3733
"operating system directly on the hardware. You either need a way to automate "
3734
"the installation, or a keyboard and monitor will need to be attached to the "
3735
"physical machine."
3736
msgstr ""
3737
3738
#: serverguide/C/virtualization.xml:89(para)
3739
msgid ""
3740
"In the case of virtual machines a Graphical User Interface (GUI) is "
3741
"analogous to using a physical keyboard and mouse. Instead of installing a "
3742
"GUI the <application>virt-viewer</application> application can be used to "
3743
"connect to a virtual machine's console using <application>VNC</application>. "
3744
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3745
msgstr ""
3746
3747
#: serverguide/C/virtualization.xml:94(para)
3748
msgid ""
3749
"There are several ways to automate the Ubuntu installation process, for "
3750
"example using preseeds, kickstart, etc. Refer to the <ulink "
3751
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
3752
"Installation Guide</ulink> for details."
3753
msgstr ""
3754
3755
#: serverguide/C/virtualization.xml:98(para)
3756
msgid ""
3757
"Yet another way to install an Ubuntu virtual machine is to use "
3758
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3759
"builder</application> allows you to setup advanced partitions, execute "
3760
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3761
"vmbuilder\"/>"
3762
msgstr ""
3763
3764
#: serverguide/C/virtualization.xml:104(title)
3765
msgid "virt-install"
3766
msgstr ""
3767
3768
#: serverguide/C/virtualization.xml:105(para)
3769
msgid ""
3770
"<application>virt-install</application> is part of the <application>python-"
3771
"virtinst</application> package. To install it, from a terminal prompt enter:"
3772
msgstr ""
3773
3774
#: serverguide/C/virtualization.xml:109(command)
3775
msgid "sudo apt-get install python-virtinst"
3776
msgstr ""
3777
3778
#: serverguide/C/virtualization.xml:111(para)
3779
msgid ""
3780
"There are several options available when using <application>virt-"
3781
"install</application>. For example:"
3782
msgstr ""
3783
3784
#: serverguide/C/virtualization.xml:115(command)
3785
msgid ""
3786
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3787
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3788
msgstr ""
3789
3790
#: serverguide/C/virtualization.xml:122(para)
3791
msgid ""
3792
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3793
"be <emphasis>web_devel</emphasis> in this example."
3794
msgstr ""
3795
3796
#: serverguide/C/virtualization.xml:127(para)
3797
msgid ""
3798
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3799
"machine will use."
3800
msgstr ""
3801
3802
#: serverguide/C/virtualization.xml:132(para)
3803
msgid ""
3804
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3805
"disk which can be a file, partition, or logical volume. In this example a "
3806
"file named <filename>web_devel.img</filename>."
3807
msgstr ""
3808
3809
#: serverguide/C/virtualization.xml:138(para)
3810
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3811
msgstr ""
3812
3813
#: serverguide/C/virtualization.xml:143(para)
3814
msgid ""
3815
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3816
"file can be either an ISO file or the path to the host's CDROM device."
3817
msgstr ""
3818
3819
#: serverguide/C/virtualization.xml:149(para)
3820
msgid ""
3821
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3822
"technologies."
3823
msgstr ""
3824
3825
#: serverguide/C/virtualization.xml:154(para)
3826
msgid ""
3827
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3828
msgstr ""
3829
3830
#: serverguide/C/virtualization.xml:159(para)
3831
msgid ""
3832
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3833
"virtual machine's console."
3834
msgstr ""
3835
3836
#: serverguide/C/virtualization.xml:164(para)
3837
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3838
msgstr ""
3839
3840
#: serverguide/C/virtualization.xml:169(para)
3841
msgid ""
3842
"After launching <application>virt-install</application> you can connect to "
3843
"the virtual machine's console either locally using a GUI or with the "
3844
"<application>virt-viewer</application> utility."
3845
msgstr ""
3846
3847
#: serverguide/C/virtualization.xml:175(title)
3848
msgid "virt-clone"
3849
msgstr ""
3850
3851
#: serverguide/C/virtualization.xml:176(para)
3852
msgid ""
3853
"The <application>virt-clone</application> application can be used to copy "
3854
"one virtual machine to another. For example:"
3855
msgstr ""
3856
3857
#: serverguide/C/virtualization.xml:180(command)
3858
msgid ""
3859
"sudo virt-clone -o web_devel -n database_devel -f "
3860
"/path/to/database_devel.img --connect=qemu:///system"
3861
msgstr ""
3862
3863
#: serverguide/C/virtualization.xml:184(para)
3864
msgid "<emphasis>-o:</emphasis> original virtual machine."
3865
msgstr ""
3866
3867
#: serverguide/C/virtualization.xml:189(para)
3868
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3869
msgstr ""
3870
3871
#: serverguide/C/virtualization.xml:194(para)
3872
msgid ""
3873
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3874
"be used by the new virtual machine."
3875
msgstr ""
3876
3877
#: serverguide/C/virtualization.xml:199(para)
3878
msgid ""
3879
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3880
msgstr ""
3881
3882
#: serverguide/C/virtualization.xml:204(para)
3883
msgid ""
3884
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3885
"help troubleshoot problems with <application>virt-clone</application>."
3886
msgstr ""
3887
3888
#: serverguide/C/virtualization.xml:209(para)
3889
msgid ""
3890
"Replace <emphasis>web_devel</emphasis> and "
3891
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3892
msgstr ""
3893
3894
#: serverguide/C/virtualization.xml:215(title)
3895
msgid "Virtual Machine Management"
3896
msgstr ""
3897
3898
#: serverguide/C/virtualization.xml:217(title)
3899
msgid "virsh"
3900
msgstr ""
3901
3902
#: serverguide/C/virtualization.xml:218(para)
3903
msgid ""
3904
"There are several utilities available to manage virtual machines and "
3905
"<application>libvirt</application>. The <application>virsh</application> "
3906
"utility can be used from the command line. Some examples:"
3907
msgstr ""
3908
3909
#: serverguide/C/virtualization.xml:224(para)
3910
msgid "To list running virtual machines:"
3911
msgstr ""
3912
3913
#: serverguide/C/virtualization.xml:228(command)
3914
msgid "virsh -c qemu:///system list"
3915
msgstr ""
3916
3917
#: serverguide/C/virtualization.xml:232(para)
3918
msgid "To start a virtual machine:"
3919
msgstr ""
3920
3921
#: serverguide/C/virtualization.xml:236(command)
3922
msgid "virsh -c qemu:///system start web_devel"
3923
msgstr ""
3924
3925
#: serverguide/C/virtualization.xml:240(para)
3926
msgid "Similarly, to start a virtual machine at boot:"
3927
msgstr ""
3928
3929
#: serverguide/C/virtualization.xml:244(command)
3930
msgid "virsh -c qemu:///system autostart web_devel"
3931
msgstr ""
3932
3933
#: serverguide/C/virtualization.xml:248(para)
3934
msgid "Reboot a virtual machine with:"
3935
msgstr ""
3936
3937
#: serverguide/C/virtualization.xml:252(command)
3938
msgid "virsh -c qemu:///system reboot web_devel"
3939
msgstr ""
3940
3941
#: serverguide/C/virtualization.xml:256(para)
3942
msgid ""
3943
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3944
"order to be restored later. The following will save the virtual machine "
3945
"state into a file named according to the date:"
3946
msgstr ""
3947
3948
#: serverguide/C/virtualization.xml:261(command)
3949
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3950
msgstr ""
3951
3952
#: serverguide/C/virtualization.xml:263(para)
3953
msgid "Once saved the virtual machine will no longer be running."
3954
msgstr ""
3955
3956
#: serverguide/C/virtualization.xml:268(para)
3957
msgid "A saved virtual machine can be restored using:"
3958
msgstr ""
3959
3960
#: serverguide/C/virtualization.xml:272(command)
3961
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3962
msgstr ""
3963
3964
#: serverguide/C/virtualization.xml:276(para)
3965
msgid "To shutdown a virtual machine do:"
3966
msgstr ""
3967
3968
#: serverguide/C/virtualization.xml:280(command)
3969
msgid "virsh -c qemu:///system shutdown web_devel"
3970
msgstr ""
3971
3972
#: serverguide/C/virtualization.xml:284(para)
3973
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3974
msgstr ""
3975
3976
#: serverguide/C/virtualization.xml:288(command)
3977
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3978
msgstr ""
3979
3980
#: serverguide/C/virtualization.xml:293(para)
3981
msgid ""
3982
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3983
"appropriate virtual machine name, and <filename>web_devel-"
3984
"022708.state</filename> with a descriptive file name."
3985
msgstr ""
3986
3987
#: serverguide/C/virtualization.xml:300(title)
3988
msgid "Virtual Machine Manager"
3989
msgstr ""
3990
3991
#: serverguide/C/virtualization.xml:301(para)
3992
msgid ""
3993
"The <application>virt-manager</application> package contains a graphical "
3994
"utility to manage local and remote virtual machines. To install virt-manager "
3995
"enter:"
3996
msgstr ""
3997
3998
#: serverguide/C/virtualization.xml:306(command)
3999
msgid "sudo apt-get install virt-manager"
4000
msgstr ""
4001
4002
#: serverguide/C/virtualization.xml:308(para)
4003
msgid ""
4004
"Since <application>virt-manager</application> requires a Graphical User "
4005
"Interface (GUI) environment it is recommended to be installed on a "
4006
"workstation or test machine instead of a production server. To connect to "
4007
"the local <application>libvirt</application> service enter:"
4008
msgstr ""
4009
4010
#: serverguide/C/virtualization.xml:314(command)
4011
msgid "virt-manager -c qemu:///system"
4012
msgstr ""
4013
4014
#: serverguide/C/virtualization.xml:316(para)
4015
msgid ""
4016
"You can connect to the <application>libvirt</application> service running on "
4017
"another host by entering the following in a terminal prompt:"
4018
msgstr ""
4019
4020
#: serverguide/C/virtualization.xml:320(command)
4021
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4022
msgstr ""
4023
4024
#: serverguide/C/virtualization.xml:323(para)
4025
msgid ""
4026
"The above example assumes that <application>SSH</application> connectivity "
4027
"between the management system and virtnode1.mydomain.com has already been "
4028
"configured, and uses SSH keys for authentication. SSH "
4029
"<emphasis>keys</emphasis> are needed because "
4030
"<application>libvirt</application> sends the password prompt to another "
4031
"process. For details on configuring <application>SSH</application> see <xref "
4032
"linkend=\"openssh-server\"/>"
4033
msgstr ""
4034
4035
#: serverguide/C/virtualization.xml:333(title)
4036
msgid "Virtual Machine Viewer"
4037
msgstr ""
4038
4039
#: serverguide/C/virtualization.xml:334(para)
4040
msgid ""
4041
"The <application>virt-viewer</application> application allows you to connect "
4042
"to a virtual machine's console. <application>virt-viewer</application> does "
4043
"require a Graphical User Interface (GUI) to interface with the virtual "
4044
"machine."
4045
msgstr ""
4046
4047
#: serverguide/C/virtualization.xml:338(para)
4048
msgid ""
4049
"To install <application>virt-viewer</application> from a terminal enter:"
4050
msgstr ""
4051
4052
#: serverguide/C/virtualization.xml:342(command)
4053
msgid "sudo apt-get install virt-viewer"
4054
msgstr ""
4055
4056
#: serverguide/C/virtualization.xml:344(para)
4057
msgid ""
4058
"Once a virtual machine is installed and running you can connect to the "
4059
"virtual machine's console by using:"
4060
msgstr ""
4061
4062
#: serverguide/C/virtualization.xml:348(command)
4063
msgid "virt-viewer -c qemu:///system web_devel"
4064
msgstr ""
4065
4066
#: serverguide/C/virtualization.xml:350(para)
4067
msgid ""
4068
"Similar to <application>virt-manager</application>, <application>virt-"
4069
"viewer</application> can connect to a remote host using "
4070
"<emphasis>SSH</emphasis> with key authentication, as well:"
4071
msgstr ""
4072
4073
#: serverguide/C/virtualization.xml:355(command)
4074
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4075
msgstr ""
4076
4077
#: serverguide/C/virtualization.xml:357(para)
4078
msgid ""
4079
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4080
"appropriate virtual machine name."
4081
msgstr ""
4082
4083
#: serverguide/C/virtualization.xml:360(para)
4084
msgid ""
4085
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4086
"can also setup <application>SSH</application> access to the virtual machine. "
4087
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4088
"more details."
4089
msgstr ""
4090
4091
#: serverguide/C/virtualization.xml:369(para)
4092
msgid ""
4093
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4094
"for more details."
4095
msgstr ""
4096
4097
#: serverguide/C/virtualization.xml:374(para)
4098
msgid ""
4099
"For more information on <application>libvirt</application> see the <ulink "
4100
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4101
msgstr ""
4102
4103
#: serverguide/C/virtualization.xml:379(para)
4104
msgid ""
4105
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4106
"Manager</ulink> site has more information on <application>virt-"
4107
"manager</application> development."
4108
msgstr ""
4109
4110
#: serverguide/C/virtualization.xml:385(para)
4111
msgid ""
4112
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4113
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4114
"technology in Ubuntu."
4115
msgstr ""
4116
4117
#: serverguide/C/virtualization.xml:391(para)
4118
msgid ""
4119
"Another good resource is the <ulink "
4120
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4121
msgstr ""
4122
4123
#: serverguide/C/virtualization.xml:399(title)
4124
msgid "JeOS and vmbuilder"
4125
msgstr ""
4126
4127
#: serverguide/C/virtualization.xml:405(title)
4128
msgid "What is JeOS"
4129
msgstr ""
4130
4131
#: serverguide/C/virtualization.xml:407(para)
4132
msgid ""
4133
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4134
"variant of the Ubuntu Server operating system, configured specifically for "
4135
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4136
"only as an option either:"
4137
msgstr ""
4138
4139
#: serverguide/C/virtualization.xml:414(para)
4140
msgid ""
4141
"While installing from the Server Edition ISO (pressing "
4142
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4143
"installation\", which is the package selection equivalent to JeOS)."
4144
msgstr ""
4145
4146
#: serverguide/C/virtualization.xml:420(para)
4147
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4148
msgstr ""
4149
4150
#: serverguide/C/virtualization.xml:426(para)
4151
msgid ""
4152
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4153
"kernel that only contains the base elements needed to run within a "
4154
"virtualized environment."
4155
msgstr ""
4156
4157
#: serverguide/C/virtualization.xml:431(para)
4158
msgid ""
4159
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4160
"in the latest virtualization products from VMware. This combination of "
4161
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4162
"delivers a highly efficient use of server resources in large virtual "
4163
"deployments."
4164
msgstr ""
4165
4166
#: serverguide/C/virtualization.xml:437(para)
4167
msgid ""
4168
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4169
"can configure their supporting OS exactly as they require. They have the "
4170
"peace of mind that updates, whether for security or enhancement reasons, "
4171
"will be limited to the bare minimum of what is required in their specific "
4172
"environment. In turn, users deploying virtual appliances built on top of "
4173
"JeOS will have to go through fewer updates and therefore less maintenance "
4174
"than they would have had to with a standard full installation of a server."
4175
msgstr ""
4176
4177
#: serverguide/C/virtualization.xml:446(title)
4178
msgid "What is vmbuilder"
4179
msgstr ""
4180
4181
#: serverguide/C/virtualization.xml:448(para)
4182
msgid ""
4183
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4184
"will fetch the various package and build a virtual machine tailored for your "
4185
"needs in about a minute. vmbuilder is a script that automates the process of "
4186
"creating a ready to use Linux based VM. The currently supported hypervisors "
4187
"are KVM and Xen."
4188
msgstr ""
4189
4190
#: serverguide/C/virtualization.xml:454(para)
4191
msgid ""
4192
"You can pass command line options to add extra packages, remove packages, "
4193
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4194
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4195
"a local mirror, you can bootstrap a VM in less than a minute."
4196
msgstr ""
4197
4198
#: serverguide/C/virtualization.xml:460(para)
4199
msgid ""
4200
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4201
"vm-builder</application> started with little emphasis as a hack to help "
4202
"developers test their new code in a virtual machine without having to "
4203
"restart from scratch each time. As a few Ubuntu administrators started to "
4204
"notice this script, a few of them went on improving it and adapting it for "
4205
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4206
"virtualization specialist, not the golf player) decided to rewrite it from "
4207
"scratch for Intrepid as a python script with a few new design goals:"
4208
msgstr ""
4209
4210
#: serverguide/C/virtualization.xml:470(para)
4211
msgid "Develop it so that it can be reused by other distributions."
4212
msgstr ""
4213
4214
#: serverguide/C/virtualization.xml:475(para)
4215
msgid ""
4216
"Use a plugin mechanisms for all virtualization interactions so that others "
4217
"can easily add logic for other virtualization environments."
4218
msgstr ""
4219
4220
#: serverguide/C/virtualization.xml:480(para)
4221
msgid ""
4222
"Provide an easy to maintain web interface as an option to the command line "
4223
"interface."
4224
msgstr ""
4225
4226
#: serverguide/C/virtualization.xml:486(para)
4227
msgid "But the general principles and commands remain the same."
4228
msgstr ""
4229
4230
#: serverguide/C/virtualization.xml:493(title)
4231
msgid "Initial Setup"
4232
msgstr ""
4233
4234
#: serverguide/C/virtualization.xml:495(para)
4235
msgid ""
4236
"It is assumed that you have installed and configured "
4237
"<application>libvirt</application> and <application>KVM</application> "
4238
"locally on the machine you are using. For details on how to perform this, "
4239
"please refer to:"
4240
msgstr ""
4241
4242
#: serverguide/C/virtualization.xml:507(para)
4243
msgid ""
4244
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4245
"page."
4246
msgstr ""
4247
4248
#: serverguide/C/virtualization.xml:513(para)
4249
msgid ""
4250
"We also assume that you know how to use a text based text editor such as "
4251
"nano or vi. If you have not used any of them before, you can get an overview "
4252
"of the various text editors available by reading the <ulink "
4253
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4254
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4255
"principle should remain on other virtualization technologies."
4256
msgstr ""
4257
4258
#: serverguide/C/virtualization.xml:521(title)
4259
msgid "Install vmbuilder"
4260
msgstr ""
4261
4262
#: serverguide/C/virtualization.xml:523(para)
4263
msgid ""
4264
"The name of the package that we need to install is <application>python-vm-"
4265
"builder</application>. In a terminal prompt enter:"
4266
msgstr ""
4267
4268
#: serverguide/C/virtualization.xml:528(command)
4269
msgid "sudo apt-get install python-vm-builder"
4270
msgstr ""
4271
4272
#: serverguide/C/virtualization.xml:532(para)
4273
msgid ""
4274
"If you are running Hardy, you can still perform most of this using the older "
4275
"version of the package named <application>ubuntu-vm-builder</application>, "
4276
"there are only a few changes to the syntax of the tool."
4277
msgstr ""
4278
4279
#: serverguide/C/virtualization.xml:541(title)
4280
msgid "Defining Your Virtual Machine"
4281
msgstr ""
4282
4283
#: serverguide/C/virtualization.xml:543(para)
4284
msgid ""
4285
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4286
"are a few thing to consider:"
4287
msgstr ""
4288
4289
#: serverguide/C/virtualization.xml:549(para)
4290
msgid ""
4291
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4292
"will know how to extend disk size to fit their need, so either plan for a "
4293
"large virtual disk to allow for your appliance to grow, or explain fairly "
4294
"well in your documentation how to allocate more space. It might actually be "
4295
"a good idea to store data on some separate external storage."
4296
msgstr ""
4297
4298
#: serverguide/C/virtualization.xml:556(para)
4299
msgid ""
4300
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4301
"whatever you think is a safe minimum for your appliance."
4302
msgstr ""
4303
4304
#: serverguide/C/virtualization.xml:562(para)
4305
msgid ""
4306
"The <application>vmbuilder</application> command has 2 main parameters: the "
4307
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4308
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4309
"and can be found using the following command:"
4310
msgstr ""
4311
4312
#: serverguide/C/virtualization.xml:568(command)
4313
msgid "vmbuilder --help"
4314
msgstr ""
4315
4316
#: serverguide/C/virtualization.xml:572(title)
4317
msgid "Base Parameters"
4318
msgstr ""
4319
4320
#: serverguide/C/virtualization.xml:574(para)
4321
msgid ""
4322
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4323
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4324
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4325
msgstr ""
4326
4327
#: serverguide/C/virtualization.xml:580(command)
4328
msgid ""
4329
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4330
"-libvirt qemu:///system"
4331
msgstr ""
4332
4333
#: serverguide/C/virtualization.xml:583(para)
4334
msgid ""
4335
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4336
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4337
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4338
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4339
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4340
"libvirt</emphasis> tells to inform the local virtualization environment to "
4341
"add the resulting VM to the list of available machines."
4342
msgstr ""
4343
4344
#: serverguide/C/virtualization.xml:591(para)
4345
msgid "Notes:"
4346
msgstr ""
4347
4348
#: serverguide/C/virtualization.xml:597(para)
4349
msgid ""
4350
"Because of the nature of operations performed by vmbuilder, it needs to have "
4351
"root privilege, hence the use of sudo."
4352
msgstr ""
4353
4354
#: serverguide/C/virtualization.xml:602(para)
4355
msgid ""
4356
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4357
"a 64 bit machine (--arch amd64)."
4358
msgstr ""
4359
4360
#: serverguide/C/virtualization.xml:607(para)
4361
msgid ""
4362
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4363
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4364
"use <emphasis>--flavour</emphasis> server instead."
4365
msgstr ""
4366
4367
#: serverguide/C/virtualization.xml:615(title)
4368
msgid "JeOS Installation Parameters"
4369
msgstr ""
4370
4371
#: serverguide/C/virtualization.xml:618(title)
4372
msgid "JeOS Networking"
4373
msgstr ""
4374
4375
#: serverguide/C/virtualization.xml:621(title)
4376
msgid "Assigning a fixed IP address"
4377
msgstr ""
4378
4379
#: serverguide/C/virtualization.xml:623(para)
4380
msgid ""
4381
"As a virtual appliance that may be deployed on various very different "
4382
"networks, it is very difficult to know what the actual network will look "
4383
"like. In order to simplify configuration, it is a good idea to take an "
4384
"approach similar to what network hardware vendors usually do, namely "
4385
"assigning an initial fixed IP address to the appliance in a private class "
4386
"network that you will provide in your documentation. An address in the range "
4387
"192.168.0.0/255 is usually a good choice."
4388
msgstr ""
4389
4390
#: serverguide/C/virtualization.xml:630(para)
4391
msgid "To do this we'll use the following parameters:"
4392
msgstr ""
4393
4394
#: serverguide/C/virtualization.xml:636(para)
4395
msgid ""
4396
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4397
"dhcp if not specified)"
4398
msgstr ""
4399
4400
#: serverguide/C/virtualization.xml:641(para)
4401
msgid ""
4402
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4403
"255.255.255.0)"
4404
msgstr ""
4405
4406
#: serverguide/C/virtualization.xml:646(para)
4407
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4408
msgstr ""
4409
4410
#: serverguide/C/virtualization.xml:651(para)
4411
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4412
msgstr ""
4413
4414
#: serverguide/C/virtualization.xml:656(para)
4415
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4416
msgstr ""
4417
4418
#: serverguide/C/virtualization.xml:661(para)
4419
msgid ""
4420
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4421
msgstr ""
4422
4423
#: serverguide/C/virtualization.xml:667(para)
4424
msgid ""
4425
"We assume for now that default values are good enough, so the resulting "
4426
"invocation becomes:"
4427
msgstr ""
4428
4429
#: serverguide/C/virtualization.xml:672(command)
4430
msgid ""
4431
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4432
"-libvirt qemu:///system --ip 192.168.0.100"
4433
msgstr ""
4434
4435
#: serverguide/C/virtualization.xml:677(title)
4436
msgid "Modifying the libvirt Template to use Bridging"
4437
msgstr ""
4438
4439
#: serverguide/C/virtualization.xml:679(para)
4440
msgid ""
4441
"Because our appliance will be likely to need to be accessed by remote hosts, "
4442
"we need to configure libvirt so that the appliance uses bridge networking. "
4443
"To do this we use vmbuilder template mechanism to modify the default one."
4444
msgstr ""
4445
4446
#: serverguide/C/virtualization.xml:684(para)
4447
msgid ""
4448
"In our working directory we create the template hierarchy and copy the "
4449
"default template:"
4450
msgstr ""
4451
4452
#: serverguide/C/virtualization.xml:689(command)
4453
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4454
msgstr ""
4455
4456
#: serverguide/C/virtualization.xml:690(command)
4457
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4458
msgstr ""
4459
4460
#: serverguide/C/virtualization.xml:693(para)
4461
msgid ""
4462
"We can then edit "
4463
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4464
"change:"
4465
msgstr ""
4466
4467
#: serverguide/C/virtualization.xml:697(programlisting)
4468
#, no-wrap
4469
msgid ""
4470
"\n"
4471
" <interface type='network'>\n"
4472
" <source network='default'/>\n"
4473
" </interface>\n"
4474
msgstr ""
4475
4476
#: serverguide/C/virtualization.xml:703(para)
4477
msgid "To:"
4478
msgstr ""
4479
4480
#: serverguide/C/virtualization.xml:707(programlisting)
4481
#, no-wrap
4482
msgid ""
4483
"\n"
4484
" <interface type='bridge'>\n"
4485
" <source bridge='br0'/>\n"
4486
" </interface>\n"
4487
msgstr ""
4488
4489
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4490
msgid "Partitioning"
4491
msgstr ""
4492
4493
#: serverguide/C/virtualization.xml:719(para)
4494
msgid ""
4495
"Partitioning of the virtual appliance will have to take into consideration "
4496
"what you are planning to do with is. Because most appliances want to have a "
4497
"separate storage for data, having a separate <filename>/var</filename> would "
4498
"make sense."
4499
msgstr ""
4500
4501
#: serverguide/C/virtualization.xml:724(para)
4502
msgid ""
4503
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4504
msgstr ""
4505
4506
#: serverguide/C/virtualization.xml:728(programlisting)
4507
#, no-wrap
4508
msgid ""
4509
"\n"
4510
"--part PATH\n"
4511
" Allows you to specify a partition table in a partition file, located at "
4512
"PATH. Each line of the partition file should specify\n"
4513
" (root first):\n"
4514
" mountpoint size\n"
4515
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4516
"disk starts on a\n"
4517
" line with ’---’. ie :\n"
4518
" root 1000\n"
4519
" /opt 1000\n"
4520
" swap 256\n"
4521
" ---\n"
4522
" /var 2000\n"
4523
" /log 1500\n"
4524
msgstr ""
4525
4526
#: serverguide/C/virtualization.xml:743(para)
4527
msgid ""
4528
"In our case we will define a text file name "
4529
"<filename>vmbuilder.partition</filename> which will contain the following:"
4530
msgstr ""
4531
4532
#: serverguide/C/virtualization.xml:747(programlisting)
4533
#, no-wrap
4534
msgid ""
4535
"\n"
4536
"root 8000\n"
4537
"swap 4000\n"
4538
"---\n"
4539
"/var 20000\n"
4540
msgstr ""
4541
4542
#: serverguide/C/virtualization.xml:755(para)
4543
msgid ""
4544
"Note that as we are using virtual disk images, the actual sizes that we put "
4545
"here are maximum sizes for these volumes."
4546
msgstr ""
4547
4548
#: serverguide/C/virtualization.xml:760(para)
4549
msgid "Our command line now looks like:"
4550
msgstr ""
4551
4552
#: serverguide/C/virtualization.xml:765(command)
4553
msgid ""
4554
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4555
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4556
msgstr ""
4557
4558
#: serverguide/C/virtualization.xml:770(para)
4559
msgid ""
4560
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4561
"next line."
4562
msgstr ""
4563
4564
#: serverguide/C/virtualization.xml:777(title)
4565
msgid "User and Password"
4566
msgstr ""
4567
4568
#: serverguide/C/virtualization.xml:779(para)
4569
msgid ""
4570
"Again setting up a virtual appliance, you will need to provide a default "
4571
"user and password that is generic so that you can include it in your "
4572
"documentation. We will see later on in this tutorial how we will provide "
4573
"some security by defining a script that will be run the first time a user "
4574
"actually logs in the appliance, that will, among other things, ask him to "
4575
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4576
"as my user name, and <emphasis>'default'</emphasis> as the password."
4577
msgstr ""
4578
4579
#: serverguide/C/virtualization.xml:787(para)
4580
msgid "To do this we use the following optional parameters:"
4581
msgstr ""
4582
4583
#: serverguide/C/virtualization.xml:793(para)
4584
msgid ""
4585
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4586
"Default: ubuntu."
4587
msgstr ""
4588
4589
#: serverguide/C/virtualization.xml:798(para)
4590
msgid ""
4591
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4592
"added. Default: Ubuntu."
4593
msgstr ""
4594
4595
#: serverguide/C/virtualization.xml:803(para)
4596
msgid ""
4597
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4598
"Default: ubuntu."
4599
msgstr ""
4600
4601
#: serverguide/C/virtualization.xml:809(para)
4602
msgid "Our resulting command line becomes:"
4603
msgstr ""
4604
4605
#: serverguide/C/virtualization.xml:814(command)
4606
msgid ""
4607
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4608
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4609
"-user user --name user --pass default"
4610
msgstr ""
4611
4612
#: serverguide/C/virtualization.xml:822(title)
4613
msgid "Installing Required Packages"
4614
msgstr ""
4615
4616
#: serverguide/C/virtualization.xml:824(para)
4617
msgid ""
4618
"In this example we will be installing a package "
4619
"<application>(Limesurvey)</application> that accesses a "
4620
"<application>MySQL</application> database and has a web interface. We will "
4621
"therefore require our OS to provide us with:"
4622
msgstr ""
4623
4624
#: serverguide/C/virtualization.xml:831(para)
4625
msgid "Apache"
4626
msgstr ""
4627
4628
#: serverguide/C/virtualization.xml:832(para)
4629
msgid "PHP"
4630
msgstr ""
4631
4632
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4633
msgid "MySQL"
4634
msgstr ""
4635
4636
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4637
msgid "OpenSSH Server"
4638
msgstr ""
4639
4640
#: serverguide/C/virtualization.xml:835(para)
4641
msgid "Limesurvey (as an example application that we have packaged)"
4642
msgstr ""
4643
4644
#: serverguide/C/virtualization.xml:838(para)
4645
msgid ""
4646
"This is done using vmbuilder by specifying the --addpkg option multiple "
4647
"times:"
4648
msgstr ""
4649
4650
#: serverguide/C/virtualization.xml:842(programlisting)
4651
#, no-wrap
4652
msgid ""
4653
"\n"
4654
"--addpkg PKG\n"
4655
" Install PKG into the guest (can be specfied multiple times)\n"
4656
msgstr ""
4657
4658
#: serverguide/C/virtualization.xml:847(para)
4659
msgid ""
4660
"However, due to the way vmbuilder operates, packages that have to ask "
4661
"questions to the user during the post install phase are not supported and "
4662
"should instead be installed while interactivity can occur. This is the case "
4663
"of Limesurvey, which we will have to install later, once the user logs in."
4664
msgstr ""
4665
4666
#: serverguide/C/virtualization.xml:853(para)
4667
msgid ""
4668
"Other packages that ask simple debconf question, such as <application>mysql-"
4669
"server</application> asking to set a password, the package can be installed "
4670
"immediately, but we will have to reconfigure it the first time the user logs "
4671
"in."
4672
msgstr ""
4673
4674
#: serverguide/C/virtualization.xml:859(para)
4675
msgid ""
4676
"If some packages that we need to install are not in main, we need to enable "
4677
"the additional repositories using --comp and --ppa:"
4678
msgstr ""
4679
4680
#: serverguide/C/virtualization.xml:863(programlisting)
4681
#, no-wrap
4682
msgid ""
4683
"\n"
4684
"--components COMP1,COMP2,...,COMPN\n"
4685
" A comma separated list of distro components to include (e.g. "
4686
"main,universe). This defaults\n"
4687
" to \"main\"\n"
4688
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4689
msgstr ""
4690
4691
#: serverguide/C/virtualization.xml:870(para)
4692
msgid ""
4693
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4694
"PPA (personal package archive) address so that it is added to the VM "
4695
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4696
"to the command line:"
4697
msgstr ""
4698
4699
#: serverguide/C/virtualization.xml:876(command)
4700
msgid ""
4701
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4702
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4703
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4704
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4705
"server --ppa nijaba"
4706
msgstr ""
4707
4708
#: serverguide/C/virtualization.xml:883(title)
4709
msgid "OpenSSH"
4710
msgstr ""
4711
4712
#: serverguide/C/virtualization.xml:885(para)
4713
msgid ""
4714
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4715
"it will allow our admins to access the appliance remotely. However, pushing "
4716
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4717
"security risk as all these server will share the same secret key, making it "
4718
"very easy for hackers to target our appliance with all the tools they need "
4719
"to crack it open in a breeze. As for the user password, we will instead rely "
4720
"on a script that will install OpenSSH the first time a user logs in so that "
4721
"the key generated will be different for each appliance. For this we'll use a "
4722
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4723
"interaction."
4724
msgstr ""
4725
4726
#: serverguide/C/virtualization.xml:897(title)
4727
msgid "Speed Considerations"
4728
msgstr ""
4729
4730
#: serverguide/C/virtualization.xml:900(title)
4731
msgid "Package Caching"
4732
msgstr ""
4733
4734
#: serverguide/C/virtualization.xml:902(para)
4735
msgid ""
4736
"When vmbuilder creates builds your system, it has to go fetch each one of "
4737
"the packages that composes it over the network to one of the official "
4738
"repositories, which, depending on your internet connection speed and the "
4739
"load of the mirror, can have a big impact on the actual build time. In order "
4740
"to reduce this, it is recommended to either have a local repository (which "
4741
"can be created using <application>apt-mirror</application>) or using a "
4742
"caching proxy such as <application>apt-proxy</application>. The later option "
4743
"being much simpler to implement and requiring less disk space, it is the one "
4744
"we will pick in this tutorial. To install it, simply type:"
4745
msgstr ""
4746
4747
#: serverguide/C/virtualization.xml:912(command)
4748
msgid "sudo apt-get install apt-proxy"
4749
msgstr ""
4750
4751
#: serverguide/C/virtualization.xml:915(para)
4752
msgid ""
4753
"Once this is complete, your (empty) proxy is ready for use on "
4754
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4755
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4756
"option:"
4757
msgstr ""
4758
4759
#: serverguide/C/virtualization.xml:920(programlisting)
4760
#, no-wrap
4761
msgid ""
4762
"\n"
4763
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4764
" is http://archive.ubuntu.com/ubuntu for official\n"
4765
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4766
" otherwise\n"
4767
msgstr ""
4768
4769
#: serverguide/C/virtualization.xml:927(para)
4770
msgid "So we add to the command line:"
4771
msgstr ""
4772
4773
#: serverguide/C/virtualization.xml:932(command)
4774
msgid "--mirror http://mirroraddress:9999/ubuntu"
4775
msgstr ""
4776
4777
#: serverguide/C/virtualization.xml:936(para)
4778
msgid ""
4779
"The mirror address specified here will also be used in the "
4780
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4781
"is useful to specify here an address that can be resolved by the guest or to "
4782
"plan on reseting this address later on, such as in a <emphasis>--"
4783
"firstboot</emphasis> script."
4784
msgstr ""
4785
4786
#: serverguide/C/virtualization.xml:945(title)
4787
msgid "Install a Local Mirror"
4788
msgstr ""
4789
4790
#: serverguide/C/virtualization.xml:947(para)
4791
msgid ""
4792
"If we are in a larger environment, it may make sense to setup a local mirror "
4793
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4794
"script that will handle the mirroring for you. You should plan on having "
4795
"about 20 gigabyte of free space per supported release and architecture."
4796
msgstr ""
4797
4798
#: serverguide/C/virtualization.xml:953(para)
4799
msgid ""
4800
"By default, <application>apt-mirror</application> uses the configuration "
4801
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4802
"replicate only the architecture of the local machine. If you would like to "
4803
"support other architectures on your mirror, simply duplicate the lines "
4804
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4805
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4806
"archives as well, you will have:"
4807
msgstr ""
4808
4809
#: serverguide/C/virtualization.xml:960(programlisting)
4810
#, no-wrap
4811
msgid ""
4812
"\n"
4813
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
4814
"multiverse \n"
4815
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4816
"universe multiverse\n"
4817
"\n"
4818
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4819
"universe multiverse \n"
4820
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4821
"universe multiverse \n"
4822
"\n"
4823
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4824
"universe multiverse \n"
4825
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4826
"restricted universe multiverse \n"
4827
"\n"
4828
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4829
"universe multiverse \n"
4830
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4831
"restricted universe multiverse \n"
4832
"\n"
4833
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4834
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4835
"installer \n"
4836
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4837
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4838
"installer \n"
4839
msgstr ""
4840
4841
#: serverguide/C/virtualization.xml:977(para)
4842
msgid ""
4843
"Notice that the source packages are not mirrored as they are seldom used "
4844
"compared to the binaries and they do take a lot more space, but they can be "
4845
"easily added to the list."
4846
msgstr ""
4847
4848
#: serverguide/C/virtualization.xml:982(para)
4849
msgid ""
4850
"Once the mirror has finished replicating (and this can be quite long), you "
4851
"need to configure Apache so that your mirror files (in "
4852
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4853
"default), are published by your Apache server. For more information on "
4854
"Apache see <xref linkend=\"httpd\"/>."
4855
msgstr ""
4856
4857
#: serverguide/C/virtualization.xml:991(title)
4858
msgid "Installing in a RAM Disk"
4859
msgstr ""
4860
4861
#: serverguide/C/virtualization.xml:993(para)
4862
msgid ""
4863
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4864
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4865
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4866
"-tmpfs</emphasis> will help you do just that:"
4867
msgstr ""
4868
4869
#: serverguide/C/virtualization.xml:999(programlisting)
4870
#, no-wrap
4871
msgid ""
4872
"\n"
4873
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4874
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4875
msgstr ""
4876
4877
#: serverguide/C/virtualization.xml:1004(para)
4878
msgid ""
4879
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4880
"have 1G of free ram."
4881
msgstr ""
4882
4883
#: serverguide/C/virtualization.xml:1011(title)
4884
msgid "Package the Application"
4885
msgstr ""
4886
4887
#: serverguide/C/virtualization.xml:1013(para)
4888
msgid "Two option are available to us:"
4889
msgstr ""
4890
4891
#: serverguide/C/virtualization.xml:1019(para)
4892
msgid ""
4893
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4894
"package. Since this is outside of the scope of this tutorial, we will not "
4895
"perform this here and invite the reader to read the documentation on how to "
4896
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4897
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4898
"repository for your package so that updates can be conveniently pulled from "
4899
"it. See the <ulink url=\"http://www.debian-"
4900
"administration.org/articles/286\">Debian Administration</ulink> article for "
4901
"a tutorial on this."
4902
msgstr ""
4903
4904
#: serverguide/C/virtualization.xml:1028(para)
4905
msgid ""
4906
"Manually install the application under <filename>/opt</filename> as "
4907
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4908
"guidelines</ulink>."
4909
msgstr ""
4910
4911
#: serverguide/C/virtualization.xml:1035(para)
4912
msgid ""
4913
"In our case we'll use <application>Limesurvey</application> as example web "
4914
"application for which we wish to provide a virtual appliance. As noted "
4915
"before, we've made a version of the package available in a PPA (Personal "
4916
"Package Archive)."
4917
msgstr ""
4918
4919
#: serverguide/C/virtualization.xml:1042(title)
4920
msgid "Finishing Install"
4921
msgstr ""
4922
4923
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
4924
msgid "First Boot"
4925
msgstr ""
4926
4927
#: serverguide/C/virtualization.xml:1047(para)
4928
msgid ""
4929
"As we mentioned earlier, the first time the machine boots we'll need to "
4930
"install <application>openssh-server</application> so that the key generated "
4931
"for it is unique for each machine. To do this, we'll write a script called "
4932
"<filename>boot.sh</filename> as follows:"
4933
msgstr ""
4934
4935
#: serverguide/C/virtualization.xml:1053(programlisting)
4936
#, no-wrap
4937
msgid ""
4938
"\n"
4939
"# This script will run the first time the virtual machine boots\n"
4940
"# It is ran as root.\n"
4941
"\n"
4942
"apt-get update\n"
4943
"apt-get install -qqy --force-yes openssh-server\n"
4944
msgstr ""
4945
4946
#: serverguide/C/virtualization.xml:1061(para)
4947
msgid ""
4948
"And we add the <command>--firstboot boot.sh</command> option to our command "
4949
"line."
4950
msgstr ""
4951
4952
#: serverguide/C/virtualization.xml:1067(title)
4953
msgid "First Login"
4954
msgstr ""
4955
4956
#: serverguide/C/virtualization.xml:1069(para)
4957
msgid ""
4958
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4959
"set them up the first time a user logs in using a script named login.sh. "
4960
"We'll also use this script to let the user specify:"
4961
msgstr ""
4962
4963
#: serverguide/C/virtualization.xml:1075(para)
4964
msgid "His own password"
4965
msgstr ""
4966
4967
#: serverguide/C/virtualization.xml:1076(para)
4968
msgid "Define the keyboard and other locale info he wants to use"
4969
msgstr ""
4970
4971
#: serverguide/C/virtualization.xml:1079(para)
4972
msgid "So we'll define <filename>login.sh</filename> as follows:"
4973
msgstr ""
4974
4975
#: serverguide/C/virtualization.xml:1083(programlisting)
4976
#, no-wrap
4977
msgid ""
4978
"\n"
4979
"# This script is ran the first time a user logs in\n"
4980
"\n"
4981
"echo \"Your appliance is about to be finished to be set up.\"\n"
4982
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4983
"echo \"starting by changing your user password.\"\n"
4984
"\n"
4985
"passwd\n"
4986
"\n"
4987
"#give the opportunity to change the keyboard\n"
4988
"sudo dpkg-reconfigure console-setup\n"
4989
"\n"
4990
"#configure the mysql server root password\n"
4991
"sudo dpkg-reconfigure mysql-server-5.0\n"
4992
"\n"
4993
"#install limesurvey\n"
4994
"sudo apt-get install -qqy --force-yes limesurvey\n"
4995
"\n"
4996
"echo \"Your appliance is now configured. To use it point your\"\n"
4997
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4998
msgstr ""
4999
5000
#: serverguide/C/virtualization.xml:1105(para)
5001
msgid ""
5002
"And we add the <command>--firstlogin login.sh</command> option to our "
5003
"command line."
5004
msgstr ""
5005
5006
#: serverguide/C/virtualization.xml:1112(title)
5007
msgid "Useful Additions"
5008
msgstr ""
5009
5010
#: serverguide/C/virtualization.xml:1115(title)
5011
msgid "Configuring Automatic Updates"
5012
msgstr ""
5013
5014
#: serverguide/C/virtualization.xml:1117(para)
5015
msgid ""
5016
"To have your system be configured to update itself on a regular basis, we "
5017
"will just install <application>unattended-upgrades</application>, so we add "
5018
"the following option to our command line:"
5019
msgstr ""
5020
5021
#: serverguide/C/virtualization.xml:1123(command)
5022
msgid "--addpkg unattended-upgrades"
5023
msgstr ""
5024
5025
#: serverguide/C/virtualization.xml:1126(para)
5026
msgid ""
5027
"As we have put our application package in a PPA, the process will update not "
5028
"only the system, but also the application each time we update the version in "
5029
"the PPA."
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:1133(title)
5033
msgid "ACPI Event Handling"
5034
msgstr ""
5035
5036
#: serverguide/C/virtualization.xml:1135(para)
5037
msgid ""
5038
"For your virtual machine to be able to handle restart and shutdown events it "
5039
"is being sent, it is a good idea to install the acpid package as well. To do "
5040
"this we just add the following option:"
5041
msgstr ""
5042
5043
#: serverguide/C/virtualization.xml:1141(command)
5044
msgid "--addpkg acpid"
5045
msgstr ""
5046
5047
#: serverguide/C/virtualization.xml:1147(title)
5048
msgid "Final Command"
5049
msgstr ""
5050
5051
#: serverguide/C/virtualization.xml:1149(para)
5052
msgid "Here is the command with all the options discussed above:"
5053
msgstr ""
5054
5055
#: serverguide/C/virtualization.xml:1154(command)
5056
msgid ""
5057
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5058
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5059
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5060
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5061
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5062
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5063
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5064
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5065
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5066
"firstlogin login.sh"
5067
msgstr ""
5068
5069
#: serverguide/C/virtualization.xml:1169(para)
5070
msgid ""
5071
"If you are interested in learning more, have questions or suggestions, "
5072
"please contact the Ubuntu Server Team at:"
5073
msgstr ""
5074
5075
#: serverguide/C/virtualization.xml:1174(para)
5076
msgid "IRC: #ubuntu-server on freenode"
5077
msgstr ""
5078
5079
#: serverguide/C/virtualization.xml:1179(para)
5080
msgid ""
5081
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5082
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5083
msgstr ""
5084
5085
#: serverguide/C/virtualization.xml:1184(para)
5086
msgid ""
5087
"Also, see the <ulink "
5088
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5089
"Wiki</ulink> page."
5090
msgstr ""
5091
5092
#: serverguide/C/virtualization.xml:1192(title)
5093
msgid "UEC"
5094
msgstr ""
5095
5096
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5097
msgid "Overview"
5098
msgstr ""
5099
5100
#: serverguide/C/virtualization.xml:1197(para)
5101
msgid ""
5102
"This tutorial covers <application>UEC</application> installation from the "
5103
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5104
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5105
"and one or more nodes attached."
5106
msgstr ""
5107
5108
#: serverguide/C/virtualization.xml:1202(para)
5109
msgid ""
5110
"From this Tutorial you will learn how to install, configure, register and "
5111
"perform several operations on a basic <application>UEC</application> setup "
5112
"that results in a cloud with a one controller <emphasis>\"front-"
5113
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5114
"instances. You will also use examples to help get you started using your own "
5115
"private compute cloud."
5116
msgstr ""
5117
5118
#: serverguide/C/virtualization.xml:1210(title)
5119
msgid "Prerequisites"
5120
msgstr ""
5121
5122
#: serverguide/C/virtualization.xml:1212(para)
5123
msgid ""
5124
"To deploy a minimal cloud infrastructure, you’ll need at least "
5125
"<emphasis>two</emphasis> dedicated systems:"
5126
msgstr ""
5127
5128
#: serverguide/C/virtualization.xml:1218(para)
5129
msgid "A front end."
5130
msgstr ""
5131
5132
#: serverguide/C/virtualization.xml:1223(para)
5133
msgid "One or more node(s)."
5134
msgstr ""
5135
5136
#: serverguide/C/virtualization.xml:1229(para)
5137
msgid ""
5138
"The following are recommendations, rather than fixed requirements. However, "
5139
"our experience in developing this documentation indicated the following "
5140
"suggestions."
5141
msgstr ""
5142
5143
#: serverguide/C/virtualization.xml:1234(title)
5144
msgid "Front End Requirements"
5145
msgstr ""
5146
5147
#: serverguide/C/virtualization.xml:1236(para)
5148
msgid "Use the following table for a system that will run one or more of:"
5149
msgstr ""
5150
5151
#: serverguide/C/virtualization.xml:1241(para)
5152
msgid "Cloud Controller (CLC)"
5153
msgstr ""
5154
5155
#: serverguide/C/virtualization.xml:1242(para)
5156
msgid "Cluster Controller (CC)"
5157
msgstr ""
5158
5159
#: serverguide/C/virtualization.xml:1243(para)
5160
msgid "Walrus (the S3-like storage service)"
5161
msgstr ""
5162
5163
#: serverguide/C/virtualization.xml:1244(para)
5164
msgid "Storage Controller (SC)"
5165
msgstr ""
5166
5167
#: serverguide/C/virtualization.xml:1248(title)
5168
msgid "UEC Front End Requirements"
5169
msgstr ""
5170
5171
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5172
msgid "Hardware"
5173
msgstr ""
5174
5175
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5176
msgid "Minimum"
5177
msgstr ""
5178
5179
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5180
msgid "Suggested"
5181
msgstr ""
5182
5183
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5184
msgid "Notes"
5185
msgstr ""
5186
5187
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5188
msgid "CPU"
5189
msgstr ""
5190
5191
#: serverguide/C/virtualization.xml:1265(para)
5192
msgid "1 GHz"
5193
msgstr ""
5194
5195
#: serverguide/C/virtualization.xml:1266(para)
5196
msgid "2 x 2 GHz"
5197
msgstr ""
5198
5199
#: serverguide/C/virtualization.xml:1267(para)
5200
msgid ""
5201
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5202
"a dual core processor."
5203
msgstr ""
5204
5205
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5206
msgid "Memory"
5207
msgstr ""
5208
5209
#: serverguide/C/virtualization.xml:1271(para)
5210
msgid "2 GB"
5211
msgstr ""
5212
5213
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5214
msgid "4 GB"
5215
msgstr ""
5216
5217
#: serverguide/C/virtualization.xml:1273(para)
5218
msgid "The Java web front end benefits from lots of available memory."
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5222
msgid "Disk"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5226
msgid "5400 RPM IDE"
5227
msgstr ""
5228
5229
#: serverguide/C/virtualization.xml:1278(para)
5230
msgid "7200 RPM SATA"
5231
msgstr ""
5232
5233
#: serverguide/C/virtualization.xml:1279(para)
5234
msgid ""
5235
"Slower disks will work, but will yield much longer instance startup times."
5236
msgstr ""
5237
5238
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5239
msgid "Disk Space"
5240
msgstr ""
5241
5242
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5243
msgid "40 GB"
5244
msgstr ""
5245
5246
#: serverguide/C/virtualization.xml:1284(para)
5247
msgid "200 GB"
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1285(para)
5251
msgid ""
5252
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5253
"does not like to run out of disk space."
5254
msgstr ""
5255
5256
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5257
msgid "Networking"
5258
msgstr ""
5259
5260
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5261
msgid "100 Mbps"
5262
msgstr ""
5263
5264
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5265
msgid "1000 Mbps"
5266
msgstr ""
5267
5268
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5269
msgid ""
5270
"Machine images are hundreds of MB, and need to be copied over the network to "
5271
"nodes."
5272
msgstr ""
5273
5274
#: serverguide/C/virtualization.xml:1299(title)
5275
msgid "Node Requirements"
5276
msgstr ""
5277
5278
#: serverguide/C/virtualization.xml:1301(para)
5279
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5280
msgstr ""
5281
5282
#: serverguide/C/virtualization.xml:1306(para)
5283
msgid "the Node Controller (NC)"
5284
msgstr ""
5285
5286
#: serverguide/C/virtualization.xml:1310(title)
5287
msgid "UEC Node Requirements"
5288
msgstr ""
5289
5290
#: serverguide/C/virtualization.xml:1327(para)
5291
msgid "VT Extensions"
5292
msgstr ""
5293
5294
#: serverguide/C/virtualization.xml:1328(para)
5295
msgid "VT, 64-bit, Multicore"
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1329(para)
5299
msgid ""
5300
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5301
"only run 1 VM per CPU core on a Node."
5302
msgstr ""
5303
5304
#: serverguide/C/virtualization.xml:1333(para)
5305
msgid "1 GB"
5306
msgstr ""
5307
5308
#: serverguide/C/virtualization.xml:1335(para)
5309
msgid "Additional memory means more, and larger guests."
5310
msgstr ""
5311
5312
#: serverguide/C/virtualization.xml:1340(para)
5313
msgid "7200 RPM SATA or SCSI"
5314
msgstr ""
5315
5316
#: serverguide/C/virtualization.xml:1341(para)
5317
msgid ""
5318
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5319
"bottleneck."
5320
msgstr ""
5321
5322
#: serverguide/C/virtualization.xml:1346(para)
5323
msgid "100 GB"
5324
msgstr ""
5325
5326
#: serverguide/C/virtualization.xml:1347(para)
5327
msgid ""
5328
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5329
"space."
5330
msgstr ""
5331
5332
#: serverguide/C/virtualization.xml:1363(title)
5333
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5334
msgstr ""
5335
5336
#: serverguide/C/virtualization.xml:1367(para)
5337
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5338
msgstr ""
5339
5340
#: serverguide/C/virtualization.xml:1372(para)
5341
msgid ""
5342
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5343
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5344
"components are present."
5345
msgstr ""
5346
5347
#: serverguide/C/virtualization.xml:1377(para)
5348
msgid ""
5349
"You can then choose which components to install, based on your chosen <ulink "
5350
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5351
msgstr ""
5352
5353
#: serverguide/C/virtualization.xml:1382(para)
5354
msgid ""
5355
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5356
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5357
msgstr ""
5358
5359
#: serverguide/C/virtualization.xml:1388(para)
5360
msgid ""
5361
"It will ask two other cloud-specific questions during the course of the "
5362
"install:"
5363
msgstr ""
5364
5365
#: serverguide/C/virtualization.xml:1393(para)
5366
msgid "Name of your cluster."
5367
msgstr ""
5368
5369
#: serverguide/C/virtualization.xml:1396(para)
5370
msgid "e.g. <emphasis>cluster1</emphasis>."
5371
msgstr ""
5372
5373
#: serverguide/C/virtualization.xml:1399(para)
5374
msgid ""
5375
"A range of public IP addresses on the LAN that the cloud can allocate to "
5376
"instances."
5377
msgstr ""
5378
5379
#: serverguide/C/virtualization.xml:1402(para)
5380
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5381
msgstr ""
5382
5383
#: serverguide/C/virtualization.xml:1410(title)
5384
msgid "Installing the Node Controller(s)"
5385
msgstr ""
5386
5387
#: serverguide/C/virtualization.xml:1412(para)
5388
msgid ""
5389
"The node controller install is even simpler. Just make sure that you are "
5390
"connected to the network on which the cloud/cluster controller is already "
5391
"running."
5392
msgstr ""
5393
5394
#: serverguide/C/virtualization.xml:1418(para)
5395
msgid "Boot from the same ISO on the node(s)."
5396
msgstr ""
5397
5398
#: serverguide/C/virtualization.xml:1423(para)
5399
msgid ""
5400
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5401
msgstr ""
5402
5403
#: serverguide/C/virtualization.xml:1428(para)
5404
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5405
msgstr ""
5406
5407
#: serverguide/C/virtualization.xml:1433(para)
5408
msgid ""
5409
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5410
"install for you."
5411
msgstr ""
5412
5413
#: serverguide/C/virtualization.xml:1438(para)
5414
msgid "Confirm the partitioning scheme."
5415
msgstr ""
5416
5417
#: serverguide/C/virtualization.xml:1443(para)
5418
msgid ""
5419
"The rest of the installation should proceed uninterrupted; complete the "
5420
"installation and reboot the node."
5421
msgstr ""
5422
5423
#: serverguide/C/virtualization.xml:1451(title)
5424
msgid "Register the Node(s)"
5425
msgstr ""
5426
5427
#: serverguide/C/virtualization.xml:1456(para)
5428
msgid ""
5429
"Nodes are the physical systems within <application>UEC</application> that "
5430
"actually run the virtual machine instances of the cloud."
5431
msgstr ""
5432
5433
#: serverguide/C/virtualization.xml:1460(para)
5434
msgid "All component registration should be automatic, assuming:"
5435
msgstr ""
5436
5437
#: serverguide/C/virtualization.xml:1466(para)
5438
msgid "Public SSH keys have been exchanged properly."
5439
msgstr ""
5440
5441
#: serverguide/C/virtualization.xml:1471(para)
5442
msgid "The services are configured properly."
5443
msgstr ""
5444
5445
#: serverguide/C/virtualization.xml:1476(para)
5446
msgid ""
5447
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5448
msgstr ""
5449
5450
#: serverguide/C/virtualization.xml:1481(para)
5451
msgid "Verify Registration."
5452
msgstr ""
5453
5454
#: serverguide/C/virtualization.xml:1487(para)
5455
msgid ""
5456
"Steps a to e should only be required if you're using the <ulink "
5457
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5458
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5459
"should already be completed automatically for you, and therefore you can "
5460
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5461
msgstr ""
5462
5463
#: serverguide/C/virtualization.xml:1495(para)
5464
msgid "Exchange Public Keys"
5465
msgstr ""
5466
5467
#: serverguide/C/virtualization.xml:1497(para)
5468
msgid ""
5469
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5470
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5471
"Controller as the eucalyptus user."
5472
msgstr ""
5473
5474
#: serverguide/C/virtualization.xml:1502(para)
5475
msgid ""
5476
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5477
"ssh key by:"
5478
msgstr ""
5479
5480
#: serverguide/C/virtualization.xml:1508(para)
5481
msgid ""
5482
"On the target controller, temporarily set a password for the eucalyptus user:"
5483
msgstr ""
5484
5485
#: serverguide/C/virtualization.xml:1512(command)
5486
msgid "sudo passwd eucalyptus"
5487
msgstr ""
5488
5489
#: serverguide/C/virtualization.xml:1516(para)
5490
msgid "Then, on the Cloud Controller:"
5491
msgstr ""
5492
5493
#: serverguide/C/virtualization.xml:1520(command)
5494
msgid ""
5495
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5496
"eucalyptus@<IP_OF_NODE>"
5497
msgstr ""
5498
5499
#: serverguide/C/virtualization.xml:1524(para)
5500
msgid ""
5501
"You can now remove the password of the eucalyptus account on the target "
5502
"controller, if you wish:"
5503
msgstr ""
5504
5505
#: serverguide/C/virtualization.xml:1528(command)
5506
msgid "sudo passwd -d eucalyptus"
5507
msgstr ""
5508
5509
#: serverguide/C/virtualization.xml:1535(para)
5510
msgid "Configuring the Services"
5511
msgstr ""
5512
5513
#: serverguide/C/virtualization.xml:1537(para)
5514
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5515
msgstr ""
5516
5517
#: serverguide/C/virtualization.xml:1543(para)
5518
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5519
msgstr ""
5520
5521
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5522
msgid ""
5523
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5524
"cc.conf</filename>"
5525
msgstr ""
5526
5527
#: serverguide/C/virtualization.xml:1549(para)
5528
msgid ""
5529
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5530
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5531
"addresses."
5532
msgstr ""
5533
5534
#: serverguide/C/virtualization.xml:1556(para)
5535
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5536
msgstr ""
5537
5538
#: serverguide/C/virtualization.xml:1560(para)
5539
msgid ""
5540
"Define the shell variable WALRUS_IP_ADDR in "
5541
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5542
"address."
5543
msgstr ""
5544
5545
#: serverguide/C/virtualization.xml:1565(para)
5546
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5547
msgstr ""
5548
5549
#: serverguide/C/virtualization.xml:1571(para)
5550
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5551
msgstr ""
5552
5553
#: serverguide/C/virtualization.xml:1577(para)
5554
msgid ""
5555
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5556
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5557
"addresses."
5558
msgstr ""
5559
5560
#: serverguide/C/virtualization.xml:1587(para)
5561
msgid "Publish"
5562
msgstr ""
5563
5564
#: serverguide/C/virtualization.xml:1589(para)
5565
msgid "Now start the publication services."
5566
msgstr ""
5567
5568
#: serverguide/C/virtualization.xml:1595(emphasis)
5569
msgid "Walrus Controller:"
5570
msgstr ""
5571
5572
#: serverguide/C/virtualization.xml:1597(command)
5573
msgid "sudo start eucalyptus-walrus-publication"
5574
msgstr ""
5575
5576
#: serverguide/C/virtualization.xml:1601(emphasis)
5577
msgid "Cluster Controller:"
5578
msgstr ""
5579
5580
#: serverguide/C/virtualization.xml:1603(command)
5581
msgid "sudo start eucalyptus-cc-publication"
5582
msgstr ""
5583
5584
#: serverguide/C/virtualization.xml:1607(emphasis)
5585
msgid "Storage Controller:"
5586
msgstr ""
5587
5588
#: serverguide/C/virtualization.xml:1609(command)
5589
msgid "sudo start eucalyptus-sc-publication"
5590
msgstr ""
5591
5592
#: serverguide/C/virtualization.xml:1613(emphasis)
5593
msgid "Node Controller:"
5594
msgstr ""
5595
5596
#: serverguide/C/virtualization.xml:1615(command)
5597
msgid "sudo start eucalyptus-nc-publication"
5598
msgstr ""
5599
5600
#: serverguide/C/virtualization.xml:1622(para)
5601
msgid "Start the Listener"
5602
msgstr ""
5603
5604
#: serverguide/C/virtualization.xml:1624(para)
5605
msgid ""
5606
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5607
"Controller(s)</emphasis>, run:"
5608
msgstr ""
5609
5610
#: serverguide/C/virtualization.xml:1629(command)
5611
msgid "sudo start uec-component-listener"
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:1634(para)
5615
msgid "Verify Registration"
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:1637(command)
5619
msgid "cat /var/log/eucalyptus/registration.log"
5620
msgstr ""
5621
5622
#: serverguide/C/virtualization.xml:1638(computeroutput)
5623
#, no-wrap
5624
msgid ""
5625
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5626
"10.1.1.75\n"
5627
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5628
"0\n"
5629
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5630
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5631
"0\n"
5632
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5633
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5634
"returned 0\n"
5635
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5636
"10.1.1.71\n"
5637
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:1649(para)
5641
msgid "The output on your machine will vary from the example above."
5642
msgstr ""
5643
5644
#: serverguide/C/virtualization.xml:1659(title)
5645
msgid "Obtain Credentials"
5646
msgstr ""
5647
5648
#: serverguide/C/virtualization.xml:1661(para)
5649
msgid ""
5650
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5651
"users of the cloud will need to retrieve their credentials. This can be done "
5652
"either through a web browser, or at the command line."
5653
msgstr ""
5654
5655
#: serverguide/C/virtualization.xml:1667(title)
5656
msgid "From a Web Browser"
5657
msgstr ""
5658
5659
#: serverguide/C/virtualization.xml:1671(para)
5660
msgid ""
5661
"From your web browser (either remotely or on your Ubuntu server) access the "
5662
"following URL:"
5663
msgstr ""
5664
5665
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
5666
#, no-wrap
5667
msgid ""
5668
"\n"
5669
"https://<cloud-controller-ip-address>:8443/\n"
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1679(para)
5673
msgid ""
5674
"You must use a secure connection, so make sure you use \"https\" not "
5675
"\"http\" in your URL. You will get a security certificate warning. You will "
5676
"have to add an exception to view the page. If you do not accept it you will "
5677
"not be able to view the Eucalyptus configuration page."
5678
msgstr ""
5679
5680
#: serverguide/C/virtualization.xml:1687(para)
5681
msgid ""
5682
"Use username <emphasis>'admin'</emphasis> and password "
5683
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5684
"to change your password)."
5685
msgstr ""
5686
5687
#: serverguide/C/virtualization.xml:1693(para)
5688
msgid ""
5689
"Then follow the on-screen instructions to update the admin password and "
5690
"email address."
5691
msgstr ""
5692
5693
#: serverguide/C/virtualization.xml:1698(para)
5694
msgid ""
5695
"Once the first time configuration process is completed, click the "
5696
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5697
"the screen."
5698
msgstr ""
5699
5700
#: serverguide/C/virtualization.xml:1704(para)
5701
msgid ""
5702
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5703
"certificates."
5704
msgstr ""
5705
5706
#: serverguide/C/virtualization.xml:1709(para)
5707
msgid "Save them to <filename>~/.euca</filename>."
5708
msgstr ""
5709
5710
#: serverguide/C/virtualization.xml:1714(para)
5711
msgid ""
5712
"Unzip the downloaded zip file into a safe location "
5713
"(<filename>~/.euca</filename>)."
5714
msgstr ""
5715
5716
#: serverguide/C/virtualization.xml:1718(command)
5717
msgid "unzip -d ~/.euca mycreds.zip"
5718
msgstr ""
5719
5720
#: serverguide/C/virtualization.xml:1725(title)
5721
msgid "From a Command Line"
5722
msgstr ""
5723
5724
#: serverguide/C/virtualization.xml:1729(para)
5725
msgid ""
5726
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5727
"Controller</emphasis>, you can run:"
5728
msgstr ""
5729
5730
#: serverguide/C/virtualization.xml:1733(command)
5731
msgid "mkdir -p ~/.euca"
5732
msgstr ""
5733
5734
#: serverguide/C/virtualization.xml:1734(command)
5735
msgid "chmod 700 ~/.euca"
5736
msgstr ""
5737
5738
#: serverguide/C/virtualization.xml:1735(command)
5739
msgid "cd ~/.euca"
5740
msgstr ""
5741
5742
#: serverguide/C/virtualization.xml:1736(command)
5743
msgid "sudo euca_conf --get-credentials mycreds.zip"
5744
msgstr ""
5745
5746
#: serverguide/C/virtualization.xml:1737(command)
5747
msgid "unzip mycreds.zip"
5748
msgstr ""
5749
5750
#: serverguide/C/virtualization.xml:1738(command)
5751
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5752
msgstr ""
5753
5754
#: serverguide/C/virtualization.xml:1739(command)
5755
msgid "cd -"
5756
msgstr ""
5757
5758
#: serverguide/C/virtualization.xml:1746(title)
5759
msgid "Extracting and Using Your Credentials"
5760
msgstr ""
5761
5762
#: serverguide/C/virtualization.xml:1748(para)
5763
msgid ""
5764
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5765
"certificates."
5766
msgstr ""
5767
5768
#: serverguide/C/virtualization.xml:1754(para)
5769
msgid "Install the required cloud user tools:"
5770
msgstr ""
5771
5772
#: serverguide/C/virtualization.xml:1758(command)
5773
msgid "sudo apt-get install euca2ools"
5774
msgstr ""
5775
5776
#: serverguide/C/virtualization.xml:1762(para)
5777
msgid ""
5778
"To validate that everything is working correctly, get the local cluster "
5779
"availability details:"
5780
msgstr ""
5781
5782
#: serverguide/C/virtualization.xml:1766(command)
5783
msgid ". ~/.euca/eucarc"
5784
msgstr ""
5785
5786
#: serverguide/C/virtualization.xml:1767(command)
5787
msgid "euca-describe-availability-zones verbose"
5788
msgstr ""
5789
5790
#: serverguide/C/virtualization.xml:1768(computeroutput)
5791
#, no-wrap
5792
msgid ""
5793
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5794
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5795
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5796
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5797
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5798
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5799
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5800
msgstr ""
5801
5802
#: serverguide/C/virtualization.xml:1778(para)
5803
msgid "Your output from the above command will vary."
5804
msgstr ""
5805
5806
#: serverguide/C/virtualization.xml:1788(title)
5807
msgid "Install an Image from the Store"
5808
msgstr ""
5809
5810
#: serverguide/C/virtualization.xml:1790(para)
5811
msgid ""
5812
"The following is by far the simplest way to install an image. However, "
5813
"advanced users may be interested in learning how to <ulink "
5814
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5815
"own image</ulink>."
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:1795(para)
5819
msgid ""
5820
"The simplest way to add an image to <application>UEC</application> is to "
5821
"install it from the Image Store on the UEC web interface."
5822
msgstr ""
5823
5824
#: serverguide/C/virtualization.xml:1801(para)
5825
msgid ""
5826
"Access the web interface at the following URL (Make sure you specify https):"
5827
msgstr ""
5828
5829
#: serverguide/C/virtualization.xml:1809(para)
5830
msgid ""
5831
"Enter your login and password (if requested, as you may still be logged in "
5832
"from earlier)."
5833
msgstr ""
5834
5835
#: serverguide/C/virtualization.xml:1814(para)
5836
msgid "Click on the <emphasis>Store</emphasis> tab."
5837
msgstr ""
5838
5839
#: serverguide/C/virtualization.xml:1819(para)
5840
msgid "Browse available images."
5841
msgstr ""
5842
5843
#: serverguide/C/virtualization.xml:1824(para)
5844
msgid "Click on <emphasis>install</emphasis> for the image you want."
5845
msgstr ""
5846
5847
#: serverguide/C/virtualization.xml:1830(para)
5848
msgid ""
5849
"Once the image has been downloaded and installed, you can click on "
5850
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5851
"button to view the command to execute to instantiate (start) this image. The "
5852
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5853
"tab."
5854
msgstr ""
5855
5856
#: serverguide/C/virtualization.xml:1838(title)
5857
msgid "Run an Image"
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:1840(para)
5861
msgid "There are multiple ways to instantiate an image in UEC:"
5862
msgstr ""
5863
5864
#: serverguide/C/virtualization.xml:1845(para)
5865
msgid "Use the command line."
5866
msgstr ""
5867
5868
#: serverguide/C/virtualization.xml:1846(para)
5869
msgid ""
5870
"Use one of the UEC compatible management tools such as "
5871
"<emphasis>Landscape</emphasis>."
5872
msgstr ""
5873
5874
#: serverguide/C/virtualization.xml:1848(para)
5875
msgid ""
5876
"Use the <ulink "
5877
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5878
"extension to Firefox."
5879
msgstr ""
5880
5881
#: serverguide/C/virtualization.xml:1854(para)
5882
msgid "Here we will describe the process from the command line:"
5883
msgstr ""
5884
5885
#: serverguide/C/virtualization.xml:1860(para)
5886
msgid ""
5887
"Before running an instance of your image, you should first create a "
5888
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5889
"instance as root, once it boots. The key is stored, so you will only have to "
5890
"do this once."
5891
msgstr ""
5892
5893
#: serverguide/C/virtualization.xml:1864(para)
5894
msgid "Run the following command:"
5895
msgstr ""
5896
5897
#: serverguide/C/virtualization.xml:1867(programlisting)
5898
#, no-wrap
5899
msgid ""
5900
"\n"
5901
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5902
" mkdir -p -m 700 ~/.euca\n"
5903
" touch ~/.euca/mykey.priv\n"
5904
" chmod 0600 ~/.euca/mykey.priv\n"
5905
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5906
"fi\n"
5907
msgstr ""
5908
5909
#: serverguide/C/virtualization.xml:1876(para)
5910
msgid ""
5911
"You can call your key whatever you like (in this example, the key is called "
5912
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5913
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5914
"a list of created keys stored in the system."
5915
msgstr ""
5916
5917
#: serverguide/C/virtualization.xml:1883(para)
5918
msgid "You must also allow access to port 22 in your instances:"
5919
msgstr ""
5920
5921
#: serverguide/C/virtualization.xml:1887(command)
5922
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5923
msgstr ""
5924
5925
#: serverguide/C/virtualization.xml:1891(para)
5926
msgid "Next, you can create instances of your registered image:"
5927
msgstr ""
5928
5929
#: serverguide/C/virtualization.xml:1895(command)
5930
msgid "euca-run-instances $EMI -k mykey -t m1.small"
5931
msgstr ""
5932
5933
#: serverguide/C/virtualization.xml:1898(para)
5934
msgid ""
5935
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5936
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5937
"on the <emphasis>Store</emphasis> page to see the sample command."
5938
msgstr ""
5939
5940
#: serverguide/C/virtualization.xml:1905(para)
5941
msgid ""
5942
"The first time you run an instance, the system will be setting up caches for "
5943
"the image from which it will be created. This can often take some time the "
5944
"first time an instance is run given that VM images are usually quite large."
5945
msgstr ""
5946
5947
#: serverguide/C/virtualization.xml:1909(para)
5948
msgid "To monitor the state of your instance, run:"
5949
msgstr ""
5950
5951
#: serverguide/C/virtualization.xml:1913(command)
5952
msgid "watch -n5 euca-describe-instances"
5953
msgstr ""
5954
5955
#: serverguide/C/virtualization.xml:1915(para)
5956
msgid ""
5957
"In the output, you should see information about the instance, including its "
5958
"state. While first-time caching is being performed, the instance's state "
5959
"will be <emphasis>'pending'</emphasis>."
5960
msgstr ""
5961
5962
#: serverguide/C/virtualization.xml:1921(para)
5963
msgid ""
5964
"When the instance is fully started, the above state will become "
5965
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5966
"instance in the output, then connect to it:"
5967
msgstr ""
5968
5969
#: serverguide/C/virtualization.xml:1926(command)
5970
msgid ""
5971
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5972
"'{print $4}')"
5973
msgstr ""
5974
5975
#: serverguide/C/virtualization.xml:1927(command)
5976
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5977
msgstr ""
5978
5979
#: serverguide/C/virtualization.xml:1931(para)
5980
msgid ""
5981
"And when you are done with this instance, exit your SSH connection, then "
5982
"terminate your instance:"
5983
msgstr ""
5984
5985
#: serverguide/C/virtualization.xml:1935(command)
5986
msgid ""
5987
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5988
"awk '{print $2}')"
5989
msgstr ""
5990
5991
#: serverguide/C/virtualization.xml:1936(command)
5992
msgid "euca-terminate-instances $INSTANCEID"
5993
msgstr ""
5994
5995
#: serverguide/C/virtualization.xml:1944(para)
5996
msgid ""
5997
"The <application>cloud-init</application> package provides \"first boot\" "
5998
"functionality for the Ubuntu UEC images. It is in charge of taking the "
5999
"generic filesystem image that is booting and customizing it for this "
6000
"particular instance. That includes things like:"
6001
msgstr ""
6002
6003
#: serverguide/C/virtualization.xml:1952(para)
6004
msgid "Setting the hostname."
6005
msgstr ""
6006
6007
#: serverguide/C/virtualization.xml:1957(para)
6008
msgid ""
6009
"Putting the provided ssh public keys into "
6010
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6011
msgstr ""
6012
6013
#: serverguide/C/virtualization.xml:1962(para)
6014
msgid "Running a user provided script, or otherwise modifying the image."
6015
msgstr ""
6016
6017
#: serverguide/C/virtualization.xml:1968(para)
6018
msgid ""
6019
"Setting hostname and configuring a system so the person who launched it can "
6020
"actually log into it are not terribly interesting. The interesting things "
6021
"that can be done with <application>cloud-init</application> are made "
6022
"possible by data provided at launch time called <ulink "
6023
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6024
"85\">user-data</ulink>."
6025
msgstr ""
6026
6027
#: serverguide/C/virtualization.xml:1974(para)
6028
msgid "First, install the <application>cloud-init</application> package:"
6029
msgstr ""
6030
6031
#: serverguide/C/virtualization.xml:1979(command)
6032
msgid "sudo apt-get install cloud-init"
6033
msgstr ""
6034
6035
#: serverguide/C/virtualization.xml:1982(para)
6036
msgid ""
6037
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6038
"stored and executed as root late in the boot process of the instance's first "
6039
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6040
"directed to the console."
6041
msgstr ""
6042
6043
#: serverguide/C/virtualization.xml:1987(para)
6044
msgid ""
6045
"For example, create a file named <filename>ud.txt</filename> containing:"
6046
msgstr ""
6047
6048
#: serverguide/C/virtualization.xml:1991(programlisting)
6049
#, no-wrap
6050
msgid ""
6051
"\n"
6052
"#!/bin/sh\n"
6053
"echo ========== Hello World: $(date) ==========\n"
6054
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6055
msgstr ""
6056
6057
#: serverguide/C/virtualization.xml:1997(para)
6058
msgid ""
6059
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6060
msgstr ""
6061
6062
#: serverguide/C/virtualization.xml:2002(command)
6063
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6064
msgstr ""
6065
6066
#: serverguide/C/virtualization.xml:2005(para)
6067
msgid ""
6068
"Wait now for the system to come up and console to be available. To see the "
6069
"result of the data file commands enter:"
6070
msgstr ""
6071
6072
#: serverguide/C/virtualization.xml:2010(command)
6073
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6074
msgstr ""
6075
6076
#: serverguide/C/virtualization.xml:2011(computeroutput)
6077
#, no-wrap
6078
msgid ""
6079
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6080
"I have been up for 28.26 sec"
6081
msgstr ""
6082
6083
#: serverguide/C/virtualization.xml:2016(para)
6084
msgid "Your output may vary."
6085
msgstr ""
6086
6087
#: serverguide/C/virtualization.xml:2021(para)
6088
msgid ""
6089
"The simple approach shown above gives a great deal of power. The user-data "
6090
"can contain a script in any language where an interpreter already exists in "
6091
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6092
")."
6093
msgstr ""
6094
6095
#: serverguide/C/virtualization.xml:2026(para)
6096
msgid ""
6097
"For many cases, the user may not be interested in writing a program. For "
6098
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6099
"configuration based approach towards customization. To utilize the cloud-"
6100
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6101
"config'</emphasis>."
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:2031(para)
6105
msgid ""
6106
"For example, create a text file named <filename>clout-config.txt</filename> "
6107
"containing:"
6108
msgstr ""
6109
6110
#: serverguide/C/virtualization.xml:2035(programlisting)
6111
#, no-wrap
6112
msgid ""
6113
"\n"
6114
"#cloud-config\n"
6115
"apt_upgrade: true\n"
6116
"apt_sources:\n"
6117
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6118
"\n"
6119
"packages:\n"
6120
"- build-essential\n"
6121
"- pastebinit\n"
6122
"\n"
6123
"runcmd:\n"
6124
"- echo ======= Hello World =====\n"
6125
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6126
msgstr ""
6127
6128
#: serverguide/C/virtualization.xml:2050(para)
6129
msgid "Create a new instance:"
6130
msgstr ""
6131
6132
#: serverguide/C/virtualization.xml:2055(command)
6133
msgid ""
6134
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6135
"config.txt"
6136
msgstr ""
6137
6138
#: serverguide/C/virtualization.xml:2058(para)
6139
msgid "Now, when the above system is booted, it will have:"
6140
msgstr ""
6141
6142
#: serverguide/C/virtualization.xml:2063(para)
6143
msgid "Added the Apache Edgers PPA."
6144
msgstr ""
6145
6146
#: serverguide/C/virtualization.xml:2064(para)
6147
msgid "Run an upgrade to get all updates available"
6148
msgstr ""
6149
6150
#: serverguide/C/virtualization.xml:2065(para)
6151
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6152
msgstr ""
6153
6154
#: serverguide/C/virtualization.xml:2066(para)
6155
msgid "Printed a similar message to the script above"
6156
msgstr ""
6157
6158
#: serverguide/C/virtualization.xml:2070(para)
6159
msgid ""
6160
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6161
"the latest version of Apache from upstream source repositories. Package "
6162
"versions in the PPA are unsupported, and depending on your situation, this "
6163
"may or may not be desirable. See the <ulink "
6164
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6165
"Edgers</ulink> web page for more details."
6166
msgstr ""
6167
6168
#: serverguide/C/virtualization.xml:2077(para)
6169
msgid ""
6170
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6171
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6172
"It is present to allow you to get the full power of a scripting language if "
6173
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6174
msgstr ""
6175
6176
#: serverguide/C/virtualization.xml:2082(para)
6177
msgid ""
6178
"For more information on what kinds of things can be done with "
6179
"<application>cloud-config</application>, see <ulink "
6180
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6181
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6182
msgstr ""
6183
6184
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6185
msgid "More Information"
6186
msgstr ""
6187
6188
#: serverguide/C/virtualization.xml:2093(para)
6189
msgid ""
6190
"How to use the <ulink "
6191
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6192
"Controller</ulink>"
6193
msgstr ""
6194
6195
#: serverguide/C/virtualization.xml:2097(para)
6196
msgid "Controlling eucalyptus services:"
6197
msgstr ""
6198
6199
#: serverguide/C/virtualization.xml:2102(para)
6200
msgid ""
6201
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6202
msgstr ""
6203
6204
#: serverguide/C/virtualization.xml:2103(para)
6205
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6206
msgstr ""
6207
6208
#: serverguide/C/virtualization.xml:2106(para)
6209
msgid "Locations of some important files:"
6210
msgstr ""
6211
6212
#: serverguide/C/virtualization.xml:2113(emphasis)
6213
msgid "Log files:"
6214
msgstr ""
6215
6216
#: serverguide/C/virtualization.xml:2116(para)
6217
msgid "/var/log/eucalyptus"
6218
msgstr ""
6219
6220
#: serverguide/C/virtualization.xml:2121(emphasis)
6221
msgid "Configuration files:"
6222
msgstr ""
6223
6224
#: serverguide/C/virtualization.xml:2124(para)
6225
msgid "/etc/eucalyptus"
6226
msgstr ""
6227
6228
#: serverguide/C/virtualization.xml:2129(emphasis)
6229
msgid "Database:"
6230
msgstr ""
6231
6232
#: serverguide/C/virtualization.xml:2132(para)
6233
msgid "/var/lib/eucalyptus/db"
6234
msgstr ""
6235
6236
#: serverguide/C/virtualization.xml:2137(emphasis)
6237
msgid "Keys:"
6238
msgstr ""
6239
6240
#: serverguide/C/virtualization.xml:2140(para)
6241
msgid "/var/lib/eucalyptus"
6242
msgstr ""
6243
6244
#: serverguide/C/virtualization.xml:2141(para)
6245
msgid "/var/lib/eucalyptus/.ssh"
6246
msgstr ""
6247
6248
#: serverguide/C/virtualization.xml:2147(para)
6249
msgid ""
6250
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6251
"running the client tools."
6252
msgstr ""
6253
6254
#: serverguide/C/virtualization.xml:2158(para)
6255
msgid ""
6256
"For information on loading instances see the <ulink "
6257
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6258
"page."
6259
msgstr ""
6260
6261
#: serverguide/C/virtualization.xml:2163(para)
6262
msgid ""
6263
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6264
"documentation, downloads)</ulink>."
6265
msgstr ""
6266
6267
#: serverguide/C/virtualization.xml:2168(para)
6268
msgid ""
6269
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6270
"(bugs, code)</ulink>."
6271
msgstr ""
6272
6273
#: serverguide/C/virtualization.xml:2173(para)
6274
msgid ""
6275
"<ulink "
6276
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6277
"ptus Troubleshooting (1.5)</ulink>."
6278
msgstr ""
6279
6280
#: serverguide/C/virtualization.xml:2178(para)
6281
msgid ""
6282
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6283
"Cloud_Infrastructures/Eucalyptus/03-"
6284
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6285
"RightScale</ulink>."
6286
msgstr ""
6287
6288
#: serverguide/C/virtualization.xml:2184(para)
6289
msgid ""
6290
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6291
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6292
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6293
msgstr ""
6294
6295
#: serverguide/C/virtualization.xml:2193(title)
6296
msgid "Glossary"
6297
msgstr ""
6298
6299
#: serverguide/C/virtualization.xml:2195(para)
6300
msgid ""
6301
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6302
"unfamiliar to some readers. This page is intended to provide a glossary of "
6303
"such terms and acronyms."
6304
msgstr ""
6305
6306
#: serverguide/C/virtualization.xml:2202(para)
6307
msgid ""
6308
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6309
"computing resources through virtual machines, provisioned and recollected "
6310
"dynamically."
6311
msgstr ""
6312
6313
#: serverguide/C/virtualization.xml:2208(para)
6314
msgid ""
6315
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6316
"provides the web UI (an https server on port 8443), and implements the "
6317
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6318
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6319
"cloud</application> package."
6320
msgstr ""
6321
6322
#: serverguide/C/virtualization.xml:2215(para)
6323
msgid ""
6324
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6325
"Cluster Controller. There can be more than one Cluster in an installation of "
6326
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6327
"floor2, floor2)."
6328
msgstr ""
6329
6330
#: serverguide/C/virtualization.xml:2221(para)
6331
msgid ""
6332
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6333
"manages collections of node resources. This service is provided by the "
6334
"Ubuntu <application>eucalyptus-cc</application> package."
6335
msgstr ""
6336
6337
#: serverguide/C/virtualization.xml:2227(para)
6338
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6339
msgstr ""
6340
6341
#: serverguide/C/virtualization.xml:2232(para)
6342
msgid ""
6343
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6344
"pay-by-the-gigabyte public cloud computing offering."
6345
msgstr ""
6346
6347
#: serverguide/C/virtualization.xml:2237(para)
6348
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6349
msgstr ""
6350
6351
#: serverguide/C/virtualization.xml:2242(para)
6352
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6353
msgstr ""
6354
6355
#: serverguide/C/virtualization.xml:2247(para)
6356
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6357
msgstr ""
6358
6359
#: serverguide/C/virtualization.xml:2252(para)
6360
msgid ""
6361
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6362
"Linking Your Programs To Useful Systems. An open source project originally "
6363
"from the University of California at Santa Barbara, now supported by "
6364
"Eucalyptus Systems, a Canonical Partner."
6365
msgstr ""
6366
6367
#: serverguide/C/virtualization.xml:2259(para)
6368
msgid ""
6369
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6370
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6371
"cluster controller)."
6372
msgstr ""
6373
6374
#: serverguide/C/virtualization.xml:2265(para)
6375
msgid ""
6376
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6377
"running virtual machines, running a node controller. Within Ubuntu, this "
6378
"generally means that the CPU has VT extensions, and can run the KVM "
6379
"hypervisor."
6380
msgstr ""
6381
6382
#: serverguide/C/virtualization.xml:2271(para)
6383
msgid ""
6384
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6385
"on nodes which host the virtual machines that comprise the cloud. This "
6386
"service is provided by the Ubuntu package <application>eucalyptus-"
6387
"nc</application>."
6388
msgstr ""
6389
6390
#: serverguide/C/virtualization.xml:2277(para)
6391
msgid ""
6392
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6393
"gigabyte persistent storage solution for EC2."
6394
msgstr ""
6395
6396
#: serverguide/C/virtualization.xml:2282(para)
6397
msgid ""
6398
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6399
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6400
"installation can have its own Storage Controller. This component is provided "
6401
"by the <application>eucalyptus-sc</application> package."
6402
msgstr ""
6403
6404
#: serverguide/C/virtualization.xml:2289(para)
6405
msgid ""
6406
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6407
"solution, based on Eucalyptus."
6408
msgstr ""
6409
6410
#: serverguide/C/virtualization.xml:2294(para)
6411
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6412
msgstr ""
6413
6414
#: serverguide/C/virtualization.xml:2299(para)
6415
msgid ""
6416
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6417
"some modern CPUs, allowing for accelerated virtual machine hosting."
6418
msgstr ""
6419
6420
#: serverguide/C/virtualization.xml:2304(para)
6421
msgid ""
6422
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6423
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6424
"put/get abstractions."
6425
msgstr ""
6426
6427
#: serverguide/C/vcs.xml:13(title)
6428
msgid "Version Control System"
6429
msgstr ""
6430
6431
#: serverguide/C/vcs.xml:14(para)
6432
msgid ""
6433
"Version control is the art of managing changes to information. It has long "
6434
"been a critical tool for programmers, who typically spend their time making "
6435
"small changes to software and then undoing those changes the next day. But "
6436
"the usefulness of version control software extends far beyond the bounds of "
6437
"the software development world. Anywhere you can find people using computers "
6438
"to manage information that changes often, there is room for version control."
6439
msgstr ""
6440
6441
#: serverguide/C/vcs.xml:17(title)
6442
msgid "Bazaar"
6443
msgstr ""
6444
6445
#: serverguide/C/vcs.xml:18(para)
6446
msgid ""
6447
"Bazaar is a new version control system sponsored by Canonical, the "
6448
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6449
"support a central repository model, Bazaar also supports "
6450
"<emphasis>distributed version control</emphasis>, giving people the ability "
6451
"to collaborate more efficiently. In particular, Bazaar is designed to "
6452
"maximize the level of community participation in open source projects."
6453
msgstr ""
6454
6455
#: serverguide/C/vcs.xml:29(para)
6456
msgid ""
6457
"At a terminal prompt, enter the following command to install "
6458
"<application>bzr</application>: <screen>\n"
6459
"<command>sudo apt-get install bzr</command>\n"
6460
"</screen>"
6461
msgstr ""
6462
6463
#: serverguide/C/vcs.xml:40(para)
6464
msgid ""
6465
"To introduce yourself to <application>bzr</application>, use the "
6466
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6467
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6468
"</screen>"
6469
msgstr ""
6470
6471
#: serverguide/C/vcs.xml:49(title)
6472
msgid "Learning Bazaar"
6473
msgstr ""
6474
6475
#: serverguide/C/vcs.xml:50(para)
6476
msgid ""
6477
"Bazaar comes with bundled documentation installed into "
6478
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6479
"is a good place to start. The <application>bzr</application> command also "
6480
"comes with built-in help: <screen>\n"
6481
"<command>$ bzr help</command>\n"
6482
"</screen>"
6483
msgstr ""
6484
6485
#: serverguide/C/vcs.xml:60(para)
6486
msgid ""
6487
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6488
"<command>$ bzr help foo</command>\n"
6489
"</screen>"
6490
msgstr ""
6491
6492
#: serverguide/C/vcs.xml:68(title)
6493
msgid "Launchpad Integration"
6494
msgstr ""
6495
6496
#: serverguide/C/vcs.xml:69(para)
6497
msgid ""
6498
"While highly useful as a stand-alone system, Bazaar has good, optional "
6499
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6500
"the collaborative development system used by Canonical and the broader open "
6501
"source community to manage and extend Ubuntu itself. For information on how "
6502
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6503
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6504
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6505
msgstr ""
6506
6507
#: serverguide/C/vcs.xml:81(title)
6508
msgid "Subversion"
6509
msgstr ""
6510
6511
#: serverguide/C/vcs.xml:82(para)
6512
msgid ""
6513
"Subversion is an open source version control system. Using Subversion, you "
6514
"can record the history of source files and documents. It manages files and "
6515
"directories over time. A tree of files is placed into a central repository. "
6516
"The repository is much like an ordinary file server, except that it "
6517
"remembers every change ever made to files and directories."
6518
msgstr ""
6519
6520
#: serverguide/C/vcs.xml:87(para)
6521
msgid ""
6522
"To access Subversion repository using the HTTP protocol, you must install "
6523
"and configure a web server. Apache2 is proven to work with Subversion. "
6524
"Please refer to the HTTP subsection in the Apache2 section to install and "
6525
"configure Apache2. To access the Subversion repository using the HTTPS "
6526
"protocol, you must install and configure a digital certificate in your "
6527
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6528
"section to install and configure the digital certificate."
6529
msgstr ""
6530
6531
#: serverguide/C/vcs.xml:96(para)
6532
msgid ""
6533
"To install Subversion, run the following command from a terminal prompt:"
6534
msgstr ""
6535
6536
#: serverguide/C/vcs.xml:101(command)
6537
msgid "sudo apt-get install subversion libapache2-svn"
6538
msgstr ""
6539
6540
#: serverguide/C/vcs.xml:108(para)
6541
msgid ""
6542
"This step assumes you have installed above mentioned packages on your "
6543
"system. This section explains how to create a Subversion repository and "
6544
"access the project."
6545
msgstr ""
6546
6547
#: serverguide/C/vcs.xml:111(title)
6548
msgid "Create Subversion Repository"
6549
msgstr ""
6550
6551
#: serverguide/C/vcs.xml:112(para)
6552
msgid ""
6553
"The Subversion repository can be created using the following command from a "
6554
"terminal prompt:"
6555
msgstr ""
6556
6557
#: serverguide/C/vcs.xml:116(command)
6558
msgid "svnadmin create /path/to/repos/project"
6559
msgstr ""
6560
6561
#: serverguide/C/vcs.xml:121(title)
6562
msgid "Importing Files"
6563
msgstr ""
6564
6565
#: serverguide/C/vcs.xml:122(para)
6566
msgid ""
6567
"Once you create the repository you can <emphasis>import</emphasis> files "
6568
"into the repository. To import a directory, enter the following from a "
6569
"terminal prompt: <screen>\n"
6570
"<command>svn import /path/to/import/directory "
6571
"file:///path/to/repos/project</command>\n"
6572
"</screen>"
6573
msgstr ""
6574
6575
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6576
msgid "Access Methods"
6577
msgstr ""
6578
6579
#: serverguide/C/vcs.xml:135(para)
6580
msgid ""
6581
"Subversion repositories can be accessed (checked out) through many different "
6582
"methods --on local disk, or through various network protocols. A repository "
6583
"location, however, is always a URL. The table describes how different URL "
6584
"schemes map to the available access methods."
6585
msgstr ""
6586
6587
#: serverguide/C/vcs.xml:146(para)
6588
msgid "Schema"
6589
msgstr ""
6590
6591
#: serverguide/C/vcs.xml:147(para)
6592
msgid "Access Method"
6593
msgstr ""
6594
6595
#: serverguide/C/vcs.xml:152(para)
6596
msgid "file://"
6597
msgstr ""
6598
6599
#: serverguide/C/vcs.xml:153(para)
6600
msgid "direct repository access (on local disk)"
6601
msgstr ""
6602
6603
#: serverguide/C/vcs.xml:156(para)
6604
msgid "http://"
6605
msgstr ""
6606
6607
#: serverguide/C/vcs.xml:157(para)
6608
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6609
msgstr ""
6610
6611
#: serverguide/C/vcs.xml:160(para)
6612
msgid "https://"
6613
msgstr ""
6614
6615
#: serverguide/C/vcs.xml:161(para)
6616
msgid "Same as http://, but with SSL encryption"
6617
msgstr ""
6618
6619
#: serverguide/C/vcs.xml:164(para)
6620
msgid "svn://"
6621
msgstr ""
6622
6623
#: serverguide/C/vcs.xml:165(para)
6624
msgid "Access via custom protocol to an svnserve server"
6625
msgstr ""
6626
6627
#: serverguide/C/vcs.xml:168(para)
6628
msgid "svn+ssh://"
6629
msgstr ""
6630
6631
#: serverguide/C/vcs.xml:169(para)
6632
msgid "Same as svn://, but through an SSH tunnel"
6633
msgstr ""
6634
6635
#: serverguide/C/vcs.xml:175(para)
6636
msgid ""
6637
"In this section, we will see how to configure Subversion for all these "
6638
"access methods. Here, we cover the basics. For more advanced usage details, "
6639
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6640
msgstr ""
6641
6642
#: serverguide/C/vcs.xml:182(title)
6643
msgid "Direct repository access (file://)"
6644
msgstr ""
6645
6646
#: serverguide/C/vcs.xml:183(para)
6647
msgid ""
6648
"This is the simplest of all access methods. It does not require any "
6649
"Subversion server process to be running. This access method is used to "
6650
"access Subversion from the same machine. The syntax of the command, entered "
6651
"at a terminal prompt, is as follows:"
6652
msgstr ""
6653
6654
#: serverguide/C/vcs.xml:190(command)
6655
msgid "svn co file:///path/to/repos/project"
6656
msgstr ""
6657
6658
#: serverguide/C/vcs.xml:193(para)
6659
msgid "or"
6660
msgstr ""
6661
6662
#: serverguide/C/vcs.xml:196(command)
6663
msgid "svn co file://localhost/path/to/repos/project"
6664
msgstr ""
6665
6666
#: serverguide/C/vcs.xml:200(para)
6667
msgid ""
6668
"If you do not specify the hostname, there are three forward slashes (///) -- "
6669
"two for the protocol (file, in this case) plus the leading slash in the "
6670
"path. If you specify the hostname, you must use two forward slashes (//)."
6671
msgstr ""
6672
6673
#: serverguide/C/vcs.xml:202(para)
6674
msgid ""
6675
"The repository permissions depend on filesystem permissions. If the user has "
6676
"read/write permission, he can checkout from and commit to the repository."
6677
msgstr ""
6678
6679
#: serverguide/C/vcs.xml:205(title)
6680
msgid "Access via WebDAV protocol (http://)"
6681
msgstr ""
6682
6683
#: serverguide/C/vcs.xml:206(para)
6684
msgid ""
6685
"To access the Subversion repository via WebDAV protocol, you must configure "
6686
"your Apache 2 web server. Add the following snippet between the "
6687
"<emphasis><VirtualHost></emphasis> and "
6688
"<emphasis></VirtualHost></emphasis> elements in "
6689
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6690
"VirtualHost file:"
6691
msgstr ""
6692
6693
#: serverguide/C/vcs.xml:212(programlisting)
6694
#, no-wrap
6695
msgid ""
6696
"\n"
6697
" <Location /svn>\n"
6698
" DAV svn\n"
6699
" SVNPath /home/svn\n"
6700
" AuthType Basic\n"
6701
" AuthName \"Your repository name\"\n"
6702
" AuthUserFile /etc/subversion/passwd\n"
6703
" Require valid-user\n"
6704
" </Location> \n"
6705
msgstr ""
6706
6707
#: serverguide/C/vcs.xml:223(para)
6708
msgid ""
6709
"The above configuration snippet assumes that Subversion repositories are "
6710
"created under <filename>/home/svn/</filename> directory using "
6711
"<command>svnadmin</command> command. They can be accessible using "
6712
"<command>http://hostname/svn/repos_name</command> url."
6713
msgstr ""
6714
6715
#: serverguide/C/vcs.xml:229(para)
6716
msgid ""
6717
"To import or commit files to your Subversion repository over HTTP, the "
6718
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6719
"HTTP user is <command>www-data</command>. To change the ownership of the "
6720
"repository files enter the following command from terminal prompt:"
6721
msgstr ""
6722
6723
#: serverguide/C/vcs.xml:238(command)
6724
msgid "sudo chown -R www-data:www-data /path/to/repos"
6725
msgstr ""
6726
6727
#: serverguide/C/vcs.xml:241(para)
6728
msgid ""
6729
"By changing the ownership of repository as <command>www-data</command> you "
6730
"will not be able to import or commit files into the repository by running "
6731
"<command>svn import file:///</command> command as any user other than "
6732
"<command>www-data</command>."
6733
msgstr ""
6734
6735
#: serverguide/C/vcs.xml:250(para)
6736
msgid ""
6737
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6738
"that will contain user authentication details. To create a file issue the "
6739
"following command at a command prompt (which will create the file and add "
6740
"the first user):"
6741
msgstr ""
6742
6743
#: serverguide/C/vcs.xml:256(command)
6744
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6745
msgstr ""
6746
6747
#: serverguide/C/vcs.xml:259(para)
6748
msgid ""
6749
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6750
"option replaces the old file. Instead use this form:"
6751
msgstr ""
6752
6753
#: serverguide/C/vcs.xml:264(command)
6754
msgid "sudo htpasswd /etc/subversion/password user_name"
6755
msgstr ""
6756
6757
#: serverguide/C/vcs.xml:268(para)
6758
msgid ""
6759
"This command will prompt you to enter the password. Once you enter the "
6760
"password, the user is added. Now, to access the repository you can run the "
6761
"following command:"
6762
msgstr ""
6763
6764
#: serverguide/C/vcs.xml:269(command)
6765
msgid "svn co http://servername/svn"
6766
msgstr ""
6767
6768
#: serverguide/C/vcs.xml:271(para)
6769
msgid ""
6770
"The password is transmitted as plain text. If you are worried about password "
6771
"snooping, you are advised to use SSL encryption. For details, please refer "
6772
"next section."
6773
msgstr ""
6774
6775
#: serverguide/C/vcs.xml:277(title)
6776
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6777
msgstr ""
6778
6779
#: serverguide/C/vcs.xml:278(para)
6780
msgid ""
6781
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6782
"(https://) is similar to http:// except that you must install and configure "
6783
"the digital certificate in your Apache2 web server. To use SSL with "
6784
"Subversion add the above Apache2 configuration to "
6785
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6786
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6787
"configuration\"/>."
6788
msgstr ""
6789
6790
#: serverguide/C/vcs.xml:287(para)
6791
msgid ""
6792
"You can install a digital certificate issued by a signing authority. "
6793
"Alternatively, you can install your own self-signed certificate."
6794
msgstr ""
6795
6796
#: serverguide/C/vcs.xml:292(para)
6797
msgid ""
6798
"This step assumes you have installed and configured a digital certificate in "
6799
"your Apache 2 web server. Now, to access the Subversion repository, please "
6800
"refer to the above section! The access methods are exactly the same, except "
6801
"the protocol. You must use https:// to access the Subversion repository."
6802
msgstr ""
6803
6804
#: serverguide/C/vcs.xml:302(title)
6805
msgid "Access via custom protocol (svn://)"
6806
msgstr ""
6807
6808
#: serverguide/C/vcs.xml:303(para)
6809
msgid ""
6810
"Once the Subversion repository is created, you can configure the access "
6811
"control. You can edit the <filename> "
6812
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6813
"access control. For example, to set up authentication, you can uncomment the "
6814
"following lines in the configuration file:"
6815
msgstr ""
6816
6817
#: serverguide/C/vcs.xml:310(programlisting)
6818
#, no-wrap
6819
msgid ""
6820
"# [general]\n"
6821
"# password-db = passwd"
6822
msgstr ""
6823
6824
#: serverguide/C/vcs.xml:313(para)
6825
msgid ""
6826
"After uncommenting the above lines, you can maintain the user list in the "
6827
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6828
"directory and add the new user. The syntax is as follows:"
6829
msgstr ""
6830
6831
#: serverguide/C/vcs.xml:319(programlisting)
6832
#, no-wrap
6833
msgid "username = password"
6834
msgstr ""
6835
6836
#: serverguide/C/vcs.xml:320(para)
6837
msgid "For more details, please refer to the file."
6838
msgstr ""
6839
6840
#: serverguide/C/vcs.xml:324(para)
6841
msgid ""
6842
"Now, to access Subversion via the svn:// custom protocol, either from the "
6843
"same machine or a different machine, you can run svnserver using svnserve "
6844
"command. The syntax is as follows:"
6845
msgstr ""
6846
6847
#: serverguide/C/vcs.xml:329(programlisting)
6848
#, no-wrap
6849
msgid ""
6850
"$ svnserve -d --foreground -r /path/to/repos\n"
6851
"# -d -- daemon mode\n"
6852
"# --foreground -- run in foreground (useful for debugging)\n"
6853
"# -r -- root of directory to serve\n"
6854
"\n"
6855
"For more usage details, please refer to:\n"
6856
"$ svnserve --help"
6857
msgstr ""
6858
6859
#: serverguide/C/vcs.xml:337(para)
6860
msgid ""
6861
"Once you run this command, Subversion starts listening on default port "
6862
"(3690). To access the project repository, you must run the following command "
6863
"from a terminal prompt:"
6864
msgstr ""
6865
6866
#: serverguide/C/vcs.xml:340(command)
6867
msgid "svn co svn://hostname/project project --username user_name"
6868
msgstr ""
6869
6870
#: serverguide/C/vcs.xml:343(para)
6871
msgid ""
6872
"Based on server configuration, it prompts for password. Once you are "
6873
"authenticated, it checks out the code from Subversion repository. To "
6874
"synchronize the project repository with the local copy, you can run the "
6875
"<command>update</command> sub-command. The syntax of the command, entered at "
6876
"a terminal prompt, is as follows:"
6877
msgstr ""
6878
6879
#: serverguide/C/vcs.xml:351(command)
6880
msgid "cd project_dir ; svn update"
6881
msgstr ""
6882
6883
#: serverguide/C/vcs.xml:354(para)
6884
msgid ""
6885
"For more details about using each Subversion sub-command, you can refer to "
6886
"the manual. For example, to learn more about the co (checkout) command, "
6887
"please run the following command from a terminal prompt:"
6888
msgstr ""
6889
6890
#: serverguide/C/vcs.xml:358(command)
6891
msgid "svn co help"
6892
msgstr ""
6893
6894
#: serverguide/C/vcs.xml:362(title)
6895
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6896
msgstr ""
6897
6898
#: serverguide/C/vcs.xml:363(para)
6899
msgid ""
6900
"The configuration and server process is same as in the svn:// method. For "
6901
"details, please refer to the above section. This step assumes you have "
6902
"followed the above step and started the Subversion server using "
6903
"<application>svnserve</application> command."
6904
msgstr ""
6905
6906
#: serverguide/C/vcs.xml:369(para)
6907
msgid ""
6908
"It is also assumed that the ssh server is running on that machine and that "
6909
"it is allowing incoming connections. To confirm, please try to login to that "
6910
"machine using ssh. If you can login, everything is perfect. If you cannot "
6911
"login, please address it before continuing further."
6912
msgstr ""
6913
6914
#: serverguide/C/vcs.xml:375(para)
6915
msgid ""
6916
"The svn+ssh:// protocol is used to access the Subversion repository using "
6917
"SSL encryption. The data transfer is encrypted using this method. To access "
6918
"the project repository (for example with a checkout), you must use the "
6919
"following command syntax:"
6920
msgstr ""
6921
6922
#: serverguide/C/vcs.xml:382(command)
6923
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6924
msgstr ""
6925
6926
#: serverguide/C/vcs.xml:386(para)
6927
msgid ""
6928
"You must use the full path (/path/to/repos/project) to access the Subversion "
6929
"repository using this access method."
6930
msgstr ""
6931
6932
#: serverguide/C/vcs.xml:389(para)
6933
msgid ""
6934
"Based on server configuration, it prompts for password. You must enter the "
6935
"password you use to login via ssh. Once you are authenticated, it checks out "
6936
"the code from the Subversion repository."
6937
msgstr ""
6938
6939
#: serverguide/C/vcs.xml:399(title)
6940
msgid "CVS Server"
6941
msgstr ""
6942
6943
#: serverguide/C/vcs.xml:400(para)
6944
msgid ""
6945
"CVS is a version control system. You can use it to record the history of "
6946
"source files."
6947
msgstr ""
6948
6949
#: serverguide/C/vcs.xml:406(para)
6950
msgid ""
6951
"To install <application>CVS</application>, run the following command from a "
6952
"terminal prompt: <screen>\n"
6953
"<command>sudo apt-get install cvs</command>\n"
6954
"</screen> After you install <application>cvs</application>, you should "
6955
"install <application>xinetd</application> to start/stop the cvs server. At "
6956
"the prompt, enter the following command to install "
6957
"<application>xinetd</application>: <screen>\n"
6958
"<command>sudo apt-get install xinetd</command>\n"
6959
"</screen>"
6960
msgstr ""
6961
6962
#: serverguide/C/vcs.xml:439(programlisting)
6963
#, no-wrap
6964
msgid ""
6965
"\n"
6966
"service cvspserver\n"
6967
"{\n"
6968
" port = 2401\n"
6969
" socket_type = stream\n"
6970
" protocol = tcp\n"
6971
" user = root\n"
6972
" wait = no\n"
6973
" type = UNLISTED\n"
6974
" server = /usr/bin/cvs\n"
6975
" server_args = -f --allow-root /var/lib/cvs pserver\n"
6976
" disable = no\n"
6977
"}\n"
6978
msgstr ""
6979
6980
#: serverguide/C/vcs.xml:455(para)
6981
msgid ""
6982
"Be sure to edit the repository if you have changed the default repository "
6983
"(<application>/var/lib/cvs</application>) directory."
6984
msgstr ""
6985
6986
#: serverguide/C/vcs.xml:424(para)
6987
msgid ""
6988
"Once you install cvs, the repository will be automatically initialized. By "
6989
"default, the repository resides under the "
6990
"<application>/var/lib/cvs</application> directory. You can change this path "
6991
"by running following command: <screen>\n"
6992
"<command>cvs -d /your/new/cvs/repo init</command>\n"
6993
"</screen> Once the initial repository is set up, you can configure "
6994
"<application>xinetd</application> to start the CVS server. You can copy the "
6995
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
6996
"<placeholder-1/><placeholder-2/> Once you have configured "
6997
"<application>xinetd</application> you can start the cvs server by running "
6998
"following command: <screen>\n"
6999
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7000
"</screen>"
7001
msgstr ""
7002
7003
#: serverguide/C/vcs.xml:468(para)
7004
msgid ""
7005
"You can confirm that the CVS server is running by issuing the following "
7006
"command:"
7007
msgstr ""
7008
7009
#: serverguide/C/vcs.xml:475(command)
7010
msgid "sudo netstat -tap | grep cvs"
7011
msgstr ""
7012
7013
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7014
msgid ""
7015
"When you run this command, you should see the following line or something "
7016
"similar:"
7017
msgstr ""
7018
7019
#: serverguide/C/vcs.xml:484(programlisting)
7020
#, no-wrap
7021
msgid ""
7022
"\n"
7023
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7024
msgstr ""
7025
7026
#: serverguide/C/vcs.xml:488(para)
7027
msgid ""
7028
"From here you can continue to add users, add new projects, and manage the "
7029
"CVS server."
7030
msgstr ""
7031
7032
#: serverguide/C/vcs.xml:493(para)
7033
msgid ""
7034
"CVS allows the user to add users independently of the underlying OS "
7035
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7036
"although it has potential security issues. Please refer to the CVS manual "
7037
"for details."
7038
msgstr ""
7039
7040
#: serverguide/C/vcs.xml:503(title)
7041
msgid "Add Projects"
7042
msgstr ""
7043
7044
#: serverguide/C/vcs.xml:515(para)
7045
msgid ""
7046
"You can use the CVSROOT environment variable to store the CVS root "
7047
"directory. Once you export the CVSROOT environment variable, you can avoid "
7048
"using -d option in the above cvs command."
7049
msgstr ""
7050
7051
#: serverguide/C/vcs.xml:527(para)
7052
msgid ""
7053
"When you add a new project, the CVS user you use must have write access to "
7054
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7055
"the <application>src</application> group has write access to the CVS "
7056
"repository. So, you can add the user to this group, and he can then add and "
7057
"manage projects in the CVS repository."
7058
msgstr ""
7059
7060
#: serverguide/C/vcs.xml:504(para)
7061
msgid ""
7062
"This section explains how to add new project to the CVS repository. Create "
7063
"the directory and add necessary document and source files to the directory. "
7064
"Now, run the following command to add this project to CVS repository: "
7065
"<screen>\n"
7066
"<command>cd your/project</command>\n"
7067
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7068
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7069
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7070
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7071
"purpose in this context, but since CVS requires them, they must be present. "
7072
"<placeholder-2/>"
7073
msgstr ""
7074
7075
#: serverguide/C/vcs.xml:540(ulink)
7076
msgid "Bazaar Home Page"
7077
msgstr ""
7078
7079
#: serverguide/C/vcs.xml:541(ulink)
7080
msgid "Launchpad"
7081
msgstr ""
7082
7083
#: serverguide/C/vcs.xml:542(ulink)
7084
msgid "Subversion Home Page"
7085
msgstr ""
7086
7087
#: serverguide/C/vcs.xml:543(ulink)
7088
msgid "Subversion Book"
7089
msgstr ""
7090
7091
#: serverguide/C/vcs.xml:545(ulink)
7092
msgid "CVS Manual"
7093
msgstr ""
7094
7095
#: serverguide/C/vcs.xml:546(ulink)
7096
msgid "Easy Bazaar Ubuntu Wiki page"
7097
msgstr ""
7098
7099
#: serverguide/C/vcs.xml:547(ulink)
7100
msgid "Ubuntu Wiki Subversion page"
7101
msgstr ""
7102
7103
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7104
msgid "Credits and License"
7105
msgstr ""
7106
7107
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7108
msgid ""
7109
"This document is maintained by the Ubuntu documentation team "
7110
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7111
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7112
msgstr ""
7113
7114
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7115
msgid ""
7116
"This document is made available under the Creative Commons ShareAlike 2.5 "
7117
"License (CC-BY-SA)."
7118
msgstr ""
7119
7120
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7121
msgid ""
7122
"You are free to modify, extend, and improve the Ubuntu documentation source "
7123
"code under the terms of this license. All derivative works must be released "
7124
"under this license."
7125
msgstr ""
7126
7127
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7128
msgid ""
7129
"This documentation is distributed in the hope that it will be useful, but "
7130
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7131
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7132
msgstr ""
7133
7134
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7135
msgid ""
7136
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7137
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7138
msgstr ""
7139
7140
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7141
msgid "2010"
7142
msgstr ""
7143
7144
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7145
msgid "Ubuntu Documentation Project"
7146
msgstr ""
7147
7148
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7149
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7150
msgstr ""
7151
7152
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7153
msgid "The Ubuntu Documentation Project"
7154
msgstr ""
7155
7156
#: serverguide/C/serverguide.xml:17(para)
7157
msgid ""
7158
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7159
"information on how to install and configure various server applications on "
7160
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7161
"guide for configuring and customizing your system."
7162
msgstr ""
7163
7164
#: serverguide/C/security.xml:13(title)
7165
msgid "Security"
7166
msgstr ""
7167
7168
#: serverguide/C/security.xml:14(para)
7169
msgid ""
7170
"Security should always be considered when installing, deploying, and using "
7171
"any type of computer system. Although a fresh installation of Ubuntu is "
7172
"relatively safe for immediate use on the Internet, it is important to have a "
7173
"balanced understanding of your systems security posture based on how it will "
7174
"be used after deployment."
7175
msgstr ""
7176
7177
#: serverguide/C/security.xml:17(para)
7178
msgid ""
7179
"This chapter provides an overview of security related topics as they pertain "
7180
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7181
"protect your server and network from any number of potential security "
7182
"threats."
7183
msgstr ""
7184
7185
#: serverguide/C/security.xml:21(title)
7186
msgid "User Management"
7187
msgstr ""
7188
7189
#: serverguide/C/security.xml:22(para)
7190
msgid ""
7191
"User management is a critical part of maintaining a secure system. "
7192
"Ineffective user and privilege management often lead many systems into being "
7193
"compromised. Therefore, it is important that you understand how you can "
7194
"protect your server through simple and effective user account management "
7195
"techniques."
7196
msgstr ""
7197
7198
#: serverguide/C/security.xml:26(title)
7199
msgid "Where is root?"
7200
msgstr ""
7201
7202
#: serverguide/C/security.xml:27(para)
7203
msgid ""
7204
"Ubuntu developers made a conscientious decision to disable the "
7205
"administrative root account by default in all Ubuntu installations. This "
7206
"does not mean that the root account has been deleted or that it may not be "
7207
"accessed. It merely has been given a password which matches no possible "
7208
"encrypted value, therefore may not log in directly by itself."
7209
msgstr ""
7210
7211
#: serverguide/C/security.xml:30(para)
7212
msgid ""
7213
"Instead, users are encouraged to make use of a tool by the name of "
7214
"<application>sudo</application> to carry out system administrative duties. "
7215
"<application>Sudo</application> allows an authorized user to temporarily "
7216
"elevate their privileges using their own password instead of having to know "
7217
"the password belonging to the root account. This simple yet effective "
7218
"methodology provides accountability for all user actions, and gives the "
7219
"administrator granular control over which actions a user can perform with "
7220
"said privileges."
7221
msgstr ""
7222
7223
#: serverguide/C/security.xml:35(para)
7224
msgid ""
7225
"If for some reason you wish to enable the root account, simply give it a "
7226
"password:"
7227
msgstr ""
7228
7229
#: serverguide/C/security.xml:39(command)
7230
msgid "sudo passwd"
7231
msgstr ""
7232
7233
#: serverguide/C/security.xml:41(para)
7234
msgid ""
7235
"Sudo will prompt you for your password, and then ask you to supply a new "
7236
"password for root as shown below:"
7237
msgstr ""
7238
7239
#: serverguide/C/security.xml:44(userinput)
7240
#, no-wrap
7241
msgid "(enter your own password)"
7242
msgstr ""
7243
7244
#: serverguide/C/security.xml:45(userinput)
7245
#, no-wrap
7246
msgid "(enter a new password for root)"
7247
msgstr ""
7248
7249
#: serverguide/C/security.xml:46(userinput)
7250
#, no-wrap
7251
msgid "(repeat new password for root)"
7252
msgstr ""
7253
7254
#: serverguide/C/security.xml:44(computeroutput)
7255
#, no-wrap
7256
msgid ""
7257
"[sudo] password for username: <placeholder-1/>\n"
7258
"Enter new UNIX password: <placeholder-2/>\n"
7259
"Retype new UNIX password: <placeholder-3/>\n"
7260
"passwd: password updated successfully"
7261
msgstr ""
7262
7263
#: serverguide/C/security.xml:51(para)
7264
msgid "To disable the root account, use the following passwd syntax:"
7265
msgstr ""
7266
7267
#: serverguide/C/security.xml:55(command)
7268
msgid "sudo passwd -l root"
7269
msgstr ""
7270
7271
#: serverguide/C/security.xml:59(para)
7272
msgid ""
7273
"You should read more on <application>Sudo</application> by checking out it's "
7274
"man page:"
7275
msgstr ""
7276
7277
#: serverguide/C/security.xml:63(command)
7278
msgid "man sudo"
7279
msgstr ""
7280
7281
#: serverguide/C/security.xml:67(para)
7282
msgid ""
7283
"By default, the initial user created by the Ubuntu installer is a member of "
7284
"the group \"admin\" which is added to the file "
7285
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7286
"give any other account full root access through "
7287
"<application>sudo</application>, simply add them to the admin group."
7288
msgstr ""
7289
7290
#: serverguide/C/security.xml:73(title)
7291
msgid "Adding and Deleting Users"
7292
msgstr ""
7293
7294
#: serverguide/C/security.xml:74(para)
7295
msgid ""
7296
"The process for managing local users and groups is straight forward and "
7297
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7298
"other Debian based distributions, encourage the use of the \"adduser\" "
7299
"package for account management."
7300
msgstr ""
7301
7302
#: serverguide/C/security.xml:79(para)
7303
msgid ""
7304
"To add a user account, use the following syntax, and follow the prompts to "
7305
"give the account a password and identifiable characteristics such as a full "
7306
"name, phone number, etc."
7307
msgstr ""
7308
7309
#: serverguide/C/security.xml:83(command)
7310
msgid "sudo adduser username"
7311
msgstr ""
7312
7313
#: serverguide/C/security.xml:87(para)
7314
msgid ""
7315
"To delete a user account and its primary group, use the following syntax:"
7316
msgstr ""
7317
7318
#: serverguide/C/security.xml:91(command)
7319
msgid "sudo deluser username"
7320
msgstr ""
7321
7322
#: serverguide/C/security.xml:93(para)
7323
msgid ""
7324
"Deleting an account does not remove their respective home folder. It is up "
7325
"to you whether or not you wish to delete the folder manually or keep it "
7326
"according to your desired retention policies."
7327
msgstr ""
7328
7329
#: serverguide/C/security.xml:96(para)
7330
msgid ""
7331
"Remember, any user added later on with the same UID/GID as the previous "
7332
"owner will now have access to this folder if you have not taken the "
7333
"necessary precautions."
7334
msgstr ""
7335
7336
#: serverguide/C/security.xml:99(para)
7337
msgid ""
7338
"You may want to change these UID/GID values to something more appropriate, "
7339
"such as the root account, and perhaps even relocate the folder to avoid "
7340
"future conflicts:"
7341
msgstr ""
7342
7343
#: serverguide/C/security.xml:103(command)
7344
msgid "sudo chown -R root:root /home/username/"
7345
msgstr ""
7346
7347
#: serverguide/C/security.xml:104(command)
7348
msgid "sudo mkdir /home/archived_users/"
7349
msgstr ""
7350
7351
#: serverguide/C/security.xml:105(command)
7352
msgid "sudo mv /home/username /home/archived_users/"
7353
msgstr ""
7354
7355
#: serverguide/C/security.xml:109(para)
7356
msgid ""
7357
"To temporarily lock or unlock a user account, use the following syntax, "
7358
"respectively:"
7359
msgstr ""
7360
7361
#: serverguide/C/security.xml:113(command)
7362
msgid "sudo passwd -l username"
7363
msgstr ""
7364
7365
#: serverguide/C/security.xml:114(command)
7366
msgid "sudo passwd -u username"
7367
msgstr ""
7368
7369
#: serverguide/C/security.xml:118(para)
7370
msgid ""
7371
"To add or delete a personalized group, use the following syntax, "
7372
"respectively:"
7373
msgstr ""
7374
7375
#: serverguide/C/security.xml:122(command)
7376
msgid "sudo addgroup groupname"
7377
msgstr ""
7378
7379
#: serverguide/C/security.xml:123(command)
7380
msgid "sudo delgroup groupname"
7381
msgstr ""
7382
7383
#: serverguide/C/security.xml:127(para)
7384
msgid "To add a user to a group, use the following syntax:"
7385
msgstr ""
7386
7387
#: serverguide/C/security.xml:131(command)
7388
msgid "sudo adduser username groupname"
7389
msgstr ""
7390
7391
#: serverguide/C/security.xml:138(title)
7392
msgid "User Profile Security"
7393
msgstr ""
7394
7395
#: serverguide/C/security.xml:139(para)
7396
msgid ""
7397
"When a new user is created, the adduser utility creates a brand new home "
7398
"directory named <filename class=\"directory\">/home/username</filename>, "
7399
"respectively. The default profile is modeled after the contents found in the "
7400
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7401
"includes all profile basics."
7402
msgstr ""
7403
7404
#: serverguide/C/security.xml:142(para)
7405
msgid ""
7406
"If your server will be home to multiple users, you should pay close "
7407
"attention to the user home directory permissions to ensure confidentiality. "
7408
"By default, user home directories in Ubuntu are created with world "
7409
"read/execute permissions. This means that all users can browse and access "
7410
"the contents of other users home directories. This may not be suitable for "
7411
"your environment."
7412
msgstr ""
7413
7414
#: serverguide/C/security.xml:147(para)
7415
msgid ""
7416
"To verify your current users home directory permissions, use the following "
7417
"syntax:"
7418
msgstr ""
7419
7420
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7421
msgid "ls -ld /home/username"
7422
msgstr ""
7423
7424
#: serverguide/C/security.xml:153(para)
7425
msgid ""
7426
"The following output shows that the directory <filename "
7427
"class=\"directory\">/home/username</filename> has world readable permissions:"
7428
msgstr ""
7429
7430
#: serverguide/C/security.xml:156(computeroutput)
7431
#, no-wrap
7432
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7433
msgstr ""
7434
7435
#: serverguide/C/security.xml:160(para)
7436
msgid ""
7437
"You can remove the world readable permissions using the following syntax:"
7438
msgstr ""
7439
7440
#: serverguide/C/security.xml:164(command)
7441
msgid "sudo chmod 0750 /home/username"
7442
msgstr ""
7443
7444
#: serverguide/C/security.xml:167(para)
7445
msgid ""
7446
"Some people tend to use the recursive option (-R) indiscriminately which "
7447
"modifies all child folders and files, but this is not necessary, and may "
7448
"yield other undesirable results. The parent directory alone is sufficient "
7449
"for preventing unauthorized access to anything below the parent."
7450
msgstr ""
7451
7452
#: serverguide/C/security.xml:171(para)
7453
msgid ""
7454
"A much more efficient approach to the matter would be to modify the "
7455
"<application>adduser</application> global default permissions when creating "
7456
"user home folders. Simply edit the file "
7457
"<filename>/etc/adduser.conf</filename> and modify the "
7458
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7459
"new home directories will receive the correct permissions."
7460
msgstr ""
7461
7462
#: serverguide/C/security.xml:174(programlisting)
7463
#, no-wrap
7464
msgid ""
7465
"\n"
7466
"DIR_MODE=0750\n"
7467
msgstr ""
7468
7469
#: serverguide/C/security.xml:179(para)
7470
msgid ""
7471
"After correcting the directory permissions using any of the previously "
7472
"mentioned techniques, verify the results using the following syntax:"
7473
msgstr ""
7474
7475
#: serverguide/C/security.xml:185(para)
7476
msgid ""
7477
"The results below show that world readable permissions have been removed:"
7478
msgstr ""
7479
7480
#: serverguide/C/security.xml:188(computeroutput)
7481
#, no-wrap
7482
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7483
msgstr ""
7484
7485
#: serverguide/C/security.xml:195(title)
7486
msgid "Password Policy"
7487
msgstr ""
7488
7489
#: serverguide/C/security.xml:196(para)
7490
msgid ""
7491
"A strong password policy is one of the most important aspects of your "
7492
"security posture. Many successful security breaches involve simple brute "
7493
"force and dictionary attacks against weak passwords. If you intend to offer "
7494
"any form of remote access involving your local password system, make sure "
7495
"you adequately address minimum password complexity requirements, maximum "
7496
"password lifetimes, and frequent audits of your authentication systems."
7497
msgstr ""
7498
7499
#: serverguide/C/security.xml:200(title)
7500
msgid "Minimum Password Length"
7501
msgstr ""
7502
7503
#: serverguide/C/security.xml:201(para)
7504
msgid ""
7505
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7506
"well as some basic entropy checks. These values are controlled in the file "
7507
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7508
msgstr ""
7509
7510
#: serverguide/C/security.xml:204(programlisting)
7511
#, no-wrap
7512
msgid ""
7513
"\n"
7514
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7515
msgstr ""
7516
7517
#: serverguide/C/security.xml:207(para)
7518
msgid ""
7519
"If you would like to adjust the minimum length to 8 characters, change the "
7520
"appropriate variable to min=8. The modification is outlined below."
7521
msgstr ""
7522
7523
#: serverguide/C/security.xml:210(programlisting)
7524
#, no-wrap
7525
msgid ""
7526
"\n"
7527
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7528
"min=8\n"
7529
msgstr ""
7530
7531
#: serverguide/C/security.xml:215(title)
7532
msgid "Password Expiration"
7533
msgstr ""
7534
7535
#: serverguide/C/security.xml:216(para)
7536
msgid ""
7537
"When creating user accounts, you should make it a policy to have a minimum "
7538
"and maximum password age forcing users to change their passwords when they "
7539
"expire."
7540
msgstr ""
7541
7542
#: serverguide/C/security.xml:221(para)
7543
msgid ""
7544
"To easily view the current status of a user account, use the following "
7545
"syntax:"
7546
msgstr ""
7547
7548
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7549
msgid "sudo chage -l username"
7550
msgstr ""
7551
7552
#: serverguide/C/security.xml:227(para)
7553
msgid ""
7554
"The output below shows interesting facts about the user account, namely that "
7555
"there are no policies applied:"
7556
msgstr ""
7557
7558
#: serverguide/C/security.xml:230(computeroutput)
7559
#, no-wrap
7560
msgid ""
7561
"Last password change : Jan 20, 2008\n"
7562
"Password expires : never\n"
7563
"Password inactive : never\n"
7564
"Account expires : never\n"
7565
"Minimum number of days between password change : 0\n"
7566
"Maximum number of days between password change : 99999\n"
7567
"Number of days of warning before password expires : 7"
7568
msgstr ""
7569
7570
#: serverguide/C/security.xml:240(para)
7571
msgid ""
7572
"To set any of these values, simply use the following syntax, and follow the "
7573
"interactive prompts:"
7574
msgstr ""
7575
7576
#: serverguide/C/security.xml:244(command)
7577
msgid "sudo chage username"
7578
msgstr ""
7579
7580
#: serverguide/C/security.xml:246(para)
7581
msgid ""
7582
"The following is also an example of how you can manually change the explicit "
7583
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7584
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7585
"password expiration, and a warning time period (-W) of 14 days before "
7586
"password expiration."
7587
msgstr ""
7588
7589
#: serverguide/C/security.xml:250(command)
7590
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7591
msgstr ""
7592
7593
#: serverguide/C/security.xml:254(para)
7594
msgid "To verify changes, use the same syntax as mentioned previously:"
7595
msgstr ""
7596
7597
#: serverguide/C/security.xml:260(para)
7598
msgid ""
7599
"The output below shows the new policies that have been established for the "
7600
"account:"
7601
msgstr ""
7602
7603
#: serverguide/C/security.xml:263(computeroutput)
7604
#, no-wrap
7605
msgid ""
7606
"Last password change : Jan 20, 2008\n"
7607
"Password expires : Apr 19, 2008\n"
7608
"Password inactive : May 19, 2008\n"
7609
"Account expires : Jan 31, 2008\n"
7610
"Minimum number of days between password change : 5\n"
7611
"Maximum number of days between password change : 90\n"
7612
"Number of days of warning before password expires : 14"
7613
msgstr ""
7614
7615
#: serverguide/C/security.xml:279(title)
7616
msgid "Other Security Considerations"
7617
msgstr ""
7618
7619
#: serverguide/C/security.xml:280(para)
7620
msgid ""
7621
"Many applications use alternate authentication mechanisms that can be easily "
7622
"overlooked by even experienced system administrators. Therefore, it is "
7623
"important to understand and control how users authenticate and gain access "
7624
"to services and applications on your server."
7625
msgstr ""
7626
7627
#: serverguide/C/security.xml:285(title)
7628
msgid "SSH Access by Disabled Users"
7629
msgstr ""
7630
7631
#: serverguide/C/security.xml:286(para)
7632
msgid ""
7633
"Simply disabling/locking a user account will not prevent a user from logging "
7634
"into your server remotely if they have previously set up RSA public key "
7635
"authentication. They will still be able to gain shell access to the server, "
7636
"without the need for any password. Remember to check the users home "
7637
"directory for files that will allow for this type of authenticated SSH "
7638
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7639
msgstr ""
7640
7641
#: serverguide/C/security.xml:289(para)
7642
msgid ""
7643
"Remove or rename the directory <filename "
7644
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7645
"further SSH authentication capabilities."
7646
msgstr ""
7647
7648
#: serverguide/C/security.xml:292(para)
7649
msgid ""
7650
"Be sure to check for any established SSH connections by the disabled user, "
7651
"as it is possible they may have existing inbound or outbound connections. "
7652
"Kill any that are found."
7653
msgstr ""
7654
7655
#: serverguide/C/security.xml:295(para)
7656
msgid ""
7657
"Restrict SSH access to only user accounts that should have it. For example, "
7658
"you may create a group called \"sshlogin\" and add the group name as the "
7659
"value associated with the <varname>AllowGroups</varname> variable located in "
7660
"the file <filename>/etc/ssh/sshd_config</filename>."
7661
msgstr ""
7662
7663
#: serverguide/C/security.xml:298(programlisting)
7664
#, no-wrap
7665
msgid ""
7666
"\n"
7667
"AllowGroups sshlogin\n"
7668
msgstr ""
7669
7670
#: serverguide/C/security.xml:301(para)
7671
msgid ""
7672
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7673
"SSH service."
7674
msgstr ""
7675
7676
#: serverguide/C/security.xml:305(command)
7677
msgid "sudo adduser username sshlogin"
7678
msgstr ""
7679
7680
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7681
msgid "sudo /etc/init.d/ssh restart"
7682
msgstr ""
7683
7684
#: serverguide/C/security.xml:310(title)
7685
msgid "External User Database Authentication"
7686
msgstr ""
7687
7688
#: serverguide/C/security.xml:311(para)
7689
msgid ""
7690
"Most enterprise networks require centralized authentication and access "
7691
"controls for all system resources. If you have configured your server to "
7692
"authenticate users against external databases, be sure to disable the user "
7693
"accounts both externally and locally, this way you ensure that local "
7694
"fallback authentication is not possible."
7695
msgstr ""
7696
7697
#: serverguide/C/security.xml:320(title)
7698
msgid "Console Security"
7699
msgstr ""
7700
7701
#: serverguide/C/security.xml:321(para)
7702
msgid ""
7703
"As with any other security barrier you put in place to protect your server, "
7704
"it is pretty tough to defend against untold damage caused by someone with "
7705
"physical access to your environment, for example, theft of hard drives, "
7706
"power or service disruption and so on. Therefore, console security should be "
7707
"addressed merely as one component of your overall physical security "
7708
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7709
"very least slow down a determined one, so it is still advisable to perform "
7710
"basic precautions with regard to console security."
7711
msgstr ""
7712
7713
#: serverguide/C/security.xml:324(para)
7714
msgid ""
7715
"The following instructions will help defend your server against issues that "
7716
"could otherwise yield very serious consequences."
7717
msgstr ""
7718
7719
#: serverguide/C/security.xml:329(title)
7720
msgid "Disable Ctrl+Alt+Delete"
7721
msgstr ""
7722
7723
#: serverguide/C/security.xml:330(para)
7724
msgid ""
7725
"First and foremost, anyone that has physical access to the keyboard can "
7726
"simply use the "
7727
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7728
"eycombo> key combination to reboot the server without having to log on. "
7729
"Sure, someone could simply unplug the power source, but you should still "
7730
"prevent the use of this key combination on a production server. This forces "
7731
"an attacker to take more drastic measures to reboot the server, and will "
7732
"prevent accidental reboots at the same time."
7733
msgstr ""
7734
7735
#: serverguide/C/security.xml:335(para)
7736
msgid ""
7737
"To disable the reboot action taken by pressing the "
7738
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7739
"eycombo> key combination, comment out the following line in the file "
7740
"<filename>/etc/init/control-alt-delete.conf</filename>."
7741
msgstr ""
7742
7743
#: serverguide/C/security.xml:338(programlisting)
7744
#, no-wrap
7745
msgid ""
7746
"\n"
7747
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7748
msgstr ""
7749
7750
#: serverguide/C/security.xml:347(title)
7751
msgid "Firewall"
7752
msgstr ""
7753
7754
#: serverguide/C/security.xml:350(para)
7755
msgid ""
7756
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7757
"which is used to manipulate or decide the fate of network traffic headed "
7758
"into or through your server. All modern Linux firewall solutions use this "
7759
"system for packet filtering."
7760
msgstr ""
7761
7762
#: serverguide/C/security.xml:355(para)
7763
msgid ""
7764
"The kernel's packet filtering system would be of little use to "
7765
"administrators without a userspace interface to manage it. This is the "
7766
"purpose of iptables. When a packet reaches your server, it will be handed "
7767
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7768
"based on the rules supplied to it from userspace via iptables. Thus, "
7769
"iptables is all you need to manage your firewall if you're familiar with it, "
7770
"but many frontends are available to simplify the task."
7771
msgstr ""
7772
7773
#: serverguide/C/security.xml:365(title)
7774
msgid "ufw - Uncomplicated Firewall"
7775
msgstr ""
7776
7777
#: serverguide/C/security.xml:366(para)
7778
msgid ""
7779
"The default firewall configuration tool for Ubuntu is "
7780
"<application>ufw</application>. Developed to ease iptables firewall "
7781
"configuration, <application>ufw</application> provides a user friendly way "
7782
"to create an IPv4 or IPv6 host-based firewall."
7783
msgstr ""
7784
7785
#: serverguide/C/security.xml:370(para)
7786
msgid ""
7787
"<application>ufw</application> by default is initially disabled. From the "
7788
"<application>ufw</application> man page:"
7789
msgstr ""
7790
7791
#: serverguide/C/security.xml:374(quote)
7792
msgid ""
7793
"ufw is not intended to provide complete firewall functionality via its "
7794
"command interface, but instead provides an easy way to add or remove simple "
7795
"rules. It is currently mainly used for host-based firewalls."
7796
msgstr ""
7797
7798
#: serverguide/C/security.xml:378(para)
7799
msgid ""
7800
"The following are some examples of how to use <application>ufw</application>:"
7801
msgstr ""
7802
7803
#: serverguide/C/security.xml:383(para)
7804
msgid ""
7805
"First, <application>ufw</application> needs to be enabled. From a terminal "
7806
"prompt enter:"
7807
msgstr ""
7808
7809
#: serverguide/C/security.xml:387(command)
7810
msgid "sudo ufw enable"
7811
msgstr ""
7812
7813
#: serverguide/C/security.xml:391(para)
7814
msgid "To open a port (ssh in this example):"
7815
msgstr ""
7816
7817
#: serverguide/C/security.xml:395(command)
7818
msgid "sudo ufw allow 22"
7819
msgstr ""
7820
7821
#: serverguide/C/security.xml:399(para)
7822
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7823
msgstr ""
7824
7825
#: serverguide/C/security.xml:403(command)
7826
msgid "sudo ufw insert 1 allow 80"
7827
msgstr ""
7828
7829
#: serverguide/C/security.xml:407(para)
7830
msgid "Similarly, to close an opened port:"
7831
msgstr ""
7832
7833
#: serverguide/C/security.xml:411(command)
7834
msgid "sudo ufw deny 22"
7835
msgstr ""
7836
7837
#: serverguide/C/security.xml:415(para)
7838
msgid "To remove a rule, use delete followed by the rule:"
7839
msgstr ""
7840
7841
#: serverguide/C/security.xml:419(command)
7842
msgid "sudo ufw delete deny 22"
7843
msgstr ""
7844
7845
#: serverguide/C/security.xml:423(para)
7846
msgid ""
7847
"It is also possible to allow access from specific hosts or networks to a "
7848
"port. The following example allows ssh access from host 192.168.0.2 to any "
7849
"ip address on this host:"
7850
msgstr ""
7851
7852
#: serverguide/C/security.xml:428(command)
7853
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7854
msgstr ""
7855
7856
#: serverguide/C/security.xml:430(para)
7857
msgid ""
7858
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7859
"subnet."
7860
msgstr ""
7861
7862
#: serverguide/C/security.xml:436(para)
7863
msgid ""
7864
"Adding the <emphasis>--dry-run</emphasis> option to a "
7865
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7866
"apply them. For example, the following is what would be applied if opening "
7867
"the HTTP port:"
7868
msgstr ""
7869
7870
#: serverguide/C/security.xml:442(command)
7871
msgid "sudo ufw --dry-run allow http"
7872
msgstr ""
7873
7874
#: serverguide/C/security.xml:446(computeroutput)
7875
#, no-wrap
7876
msgid ""
7877
"*filter\n"
7878
":ufw-user-input - [0:0]\n"
7879
":ufw-user-output - [0:0]\n"
7880
":ufw-user-forward - [0:0]\n"
7881
":ufw-user-limit - [0:0]\n"
7882
":ufw-user-limit-accept - [0:0]\n"
7883
"### RULES ###\n"
7884
"\n"
7885
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7886
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7887
"\n"
7888
"### END RULES ###\n"
7889
"-A ufw-user-input -j RETURN\n"
7890
"-A ufw-user-output -j RETURN\n"
7891
"-A ufw-user-forward -j RETURN\n"
7892
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7893
"LIMIT]: \"\n"
7894
"-A ufw-user-limit -j REJECT\n"
7895
"-A ufw-user-limit-accept -j ACCEPT\n"
7896
"COMMIT\n"
7897
"Rules updated"
7898
msgstr ""
7899
7900
#: serverguide/C/security.xml:470(para)
7901
msgid "<application>ufw</application> can be disabled by:"
7902
msgstr ""
7903
7904
#: serverguide/C/security.xml:474(command)
7905
msgid "sudo ufw disable"
7906
msgstr ""
7907
7908
#: serverguide/C/security.xml:478(para)
7909
msgid "To see the firewall status, enter:"
7910
msgstr ""
7911
7912
#: serverguide/C/security.xml:482(command)
7913
msgid "sudo ufw status"
7914
msgstr ""
7915
7916
#: serverguide/C/security.xml:486(para)
7917
msgid "And for more verbose status information use:"
7918
msgstr ""
7919
7920
#: serverguide/C/security.xml:490(command)
7921
msgid "sudo ufw status verbose"
7922
msgstr ""
7923
7924
#: serverguide/C/security.xml:494(para)
7925
msgid "To view the <emphasis>numbered</emphasis> format:"
7926
msgstr ""
7927
7928
#: serverguide/C/security.xml:498(command)
7929
msgid "sudo ufw status numbered"
7930
msgstr ""
7931
7932
#: serverguide/C/security.xml:503(para)
7933
msgid ""
7934
"If the port you want to open or close is defined in "
7935
"<filename>/etc/services</filename>, you can use the port name instead of the "
7936
"number. In the above examples, replace <emphasis>22</emphasis> with "
7937
"<emphasis>ssh</emphasis>."
7938
msgstr ""
7939
7940
#: serverguide/C/security.xml:509(para)
7941
msgid ""
7942
"This is a quick introduction to using <application>ufw</application>. Please "
7943
"refer to the <application>ufw</application> man page for more information."
7944
msgstr ""
7945
7946
#: serverguide/C/security.xml:515(title)
7947
msgid "ufw Application Integration"
7948
msgstr ""
7949
7950
#: serverguide/C/security.xml:517(para)
7951
msgid ""
7952
"Applications that open ports can include an <application>ufw</application> "
7953
"profile, which details the ports needed for the application to function "
7954
"properly. The profiles are kept in <filename "
7955
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7956
"the default ports have been changed."
7957
msgstr ""
7958
7959
#: serverguide/C/security.xml:526(para)
7960
msgid ""
7961
"To view which applications have installed a profile, enter the following in "
7962
"a terminal:"
7963
msgstr ""
7964
7965
#: serverguide/C/security.xml:531(command)
7966
msgid "sudo ufw app list"
7967
msgstr ""
7968
7969
#: serverguide/C/security.xml:537(para)
7970
msgid ""
7971
"Similar to allowing traffic to a port, using an application profile is "
7972
"accomplished by entering:"
7973
msgstr ""
7974
7975
#: serverguide/C/security.xml:542(command)
7976
msgid "sudo ufw allow Samba"
7977
msgstr ""
7978
7979
#: serverguide/C/security.xml:548(para)
7980
msgid "An extended syntax is available as well:"
7981
msgstr ""
7982
7983
#: serverguide/C/security.xml:553(command)
7984
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7985
msgstr ""
7986
7987
#: serverguide/C/security.xml:556(para)
7988
msgid ""
7989
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7990
"with the application profile you are using and the IP range for your network."
7991
msgstr ""
7992
7993
#: serverguide/C/security.xml:562(para)
7994
msgid ""
7995
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7996
"application, because that information is detailed in the profile. Also, note "
7997
"that the <emphasis>app</emphasis> name replaces the "
7998
"<emphasis>port</emphasis> number."
7999
msgstr ""
8000
8001
#: serverguide/C/security.xml:571(para)
8002
msgid ""
8003
"To view details about which ports, protocols, etc are defined for an "
8004
"application, enter:"
8005
msgstr ""
8006
8007
#: serverguide/C/security.xml:576(command)
8008
msgid "sudo ufw app info Samba"
8009
msgstr ""
8010
8011
#: serverguide/C/security.xml:582(para)
8012
msgid ""
8013
"Not all applications that require opening a network port come with "
8014
"<application>ufw</application> profiles, but if you have profiled an "
8015
"application and want the file to be included with the package, please file a "
8016
"bug against the package in <ulink "
8017
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8018
msgstr ""
8019
8020
#: serverguide/C/security.xml:591(title)
8021
msgid "IP Masquerading"
8022
msgstr ""
8023
8024
#: serverguide/C/security.xml:592(para)
8025
msgid ""
8026
"The purpose of IP Masquerading is to allow machines with private, non-"
8027
"routable IP addresses on your network to access the Internet through the "
8028
"machine doing the masquerading. Traffic from your private network destined "
8029
"for the Internet must be manipulated for replies to be routable back to the "
8030
"machine that made the request. To do this, the kernel must modify the "
8031
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8032
"be routed back to it, rather than to the private IP address that made the "
8033
"request, which is impossible over the Internet. Linux uses "
8034
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8035
"connections belong to which machines and reroute each return packet "
8036
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8037
"having originated from your Ubuntu gateway machine. This process is referred "
8038
"to in Microsoft documentation as Internet Connection Sharing."
8039
msgstr ""
8040
8041
#: serverguide/C/security.xml:608(title)
8042
msgid "ufw Masquerading"
8043
msgstr ""
8044
8045
#: serverguide/C/security.xml:609(para)
8046
msgid ""
8047
"IP Masquerading can be achieved using custom <application>ufw</application> "
8048
"rules. This is possible because the current back-end for "
8049
"<application>ufw</application> is <application>iptables-"
8050
"restore</application> with the rules files located in "
8051
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8052
"legacy iptables rules used without <application>ufw</application>, and rules "
8053
"that are more network gateway or bridge related."
8054
msgstr ""
8055
8056
#: serverguide/C/security.xml:615(para)
8057
msgid ""
8058
"The rules are split into two different files, rules that should be executed "
8059
"before <application>ufw</application> command line rules, and rules that are "
8060
"executed after <application>ufw</application> command line rules."
8061
msgstr ""
8062
8063
#: serverguide/C/security.xml:621(para)
8064
msgid ""
8065
"First, packet forwarding needs to be enabled in "
8066
"<application>ufw</application>. Two configuration files will need to be "
8067
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8068
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8069
msgstr ""
8070
8071
#: serverguide/C/security.xml:625(programlisting)
8072
#, no-wrap
8073
msgid ""
8074
"\n"
8075
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8076
msgstr ""
8077
8078
#: serverguide/C/security.xml:628(para)
8079
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8080
msgstr ""
8081
8082
#: serverguide/C/security.xml:631(programlisting)
8083
#, no-wrap
8084
msgid ""
8085
"\n"
8086
"net/ipv4/ip_forward=1\n"
8087
msgstr ""
8088
8089
#: serverguide/C/security.xml:634(para)
8090
msgid "Similarly, for IPv6 forwarding uncomment:"
8091
msgstr ""
8092
8093
#: serverguide/C/security.xml:637(programlisting)
8094
#, no-wrap
8095
msgid ""
8096
"\n"
8097
"net/ipv6/conf/default/forwarding=1\n"
8098
msgstr ""
8099
8100
#: serverguide/C/security.xml:642(para)
8101
msgid ""
8102
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8103
"file. The default rules only configure the <emphasis>filter</emphasis> "
8104
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8105
"need to be configured. Add the following to the top of the file just after "
8106
"the header comments:"
8107
msgstr ""
8108
8109
#: serverguide/C/security.xml:647(programlisting)
8110
#, no-wrap
8111
msgid ""
8112
"\n"
8113
"# nat Table rules\n"
8114
"*nat\n"
8115
":POSTROUTING ACCEPT [0:0]\n"
8116
"\n"
8117
"# Forward traffic from eth1 through eth0.\n"
8118
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8119
"\n"
8120
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8121
"processed\n"
8122
"COMMIT\n"
8123
msgstr ""
8124
8125
#: serverguide/C/security.xml:658(para)
8126
msgid ""
8127
"The comments are not strictly necessary, but it is considered good practice "
8128
"to document your configuration. Also, when modifying any of the "
8129
"<emphasis>rules</emphasis> files in <filename "
8130
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8131
"line for each table modified:"
8132
msgstr ""
8133
8134
#: serverguide/C/security.xml:664(programlisting)
8135
#, no-wrap
8136
msgid ""
8137
"\n"
8138
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8139
"COMMIT\n"
8140
msgstr ""
8141
8142
#: serverguide/C/security.xml:669(para)
8143
msgid ""
8144
"For each <emphasis>Table</emphasis> a corresponding "
8145
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8146
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8147
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8148
"<emphasis>mangle</emphasis> tables."
8149
msgstr ""
8150
8151
#: serverguide/C/security.xml:676(para)
8152
msgid ""
8153
"In the above example replace <emphasis>eth0</emphasis>, "
8154
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8155
"appropriate interfaces and IP range for your network."
8156
msgstr ""
8157
8158
#: serverguide/C/security.xml:684(para)
8159
msgid ""
8160
"Finally, disable and re-enable <application>ufw</application> to apply the "
8161
"changes:"
8162
msgstr ""
8163
8164
#: serverguide/C/security.xml:688(command)
8165
msgid "sudo ufw disable && sudo ufw enable"
8166
msgstr ""
8167
8168
#: serverguide/C/security.xml:692(para)
8169
msgid ""
8170
"IP Masquerading should now be enabled. You can also add any additional "
8171
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8172
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8173
"forward</emphasis> chain."
8174
msgstr ""
8175
8176
#: serverguide/C/security.xml:699(title)
8177
msgid "iptables Masquerading"
8178
msgstr ""
8179
8180
#: serverguide/C/security.xml:700(para)
8181
msgid ""
8182
"<application>iptables</application> can also be used to enable masquerading."
8183
msgstr ""
8184
8185
#: serverguide/C/security.xml:705(para)
8186
msgid ""
8187
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8188
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8189
"uncomment the following line"
8190
msgstr ""
8191
8192
#: serverguide/C/security.xml:709(programlisting)
8193
#, no-wrap
8194
msgid ""
8195
"\n"
8196
"net.ipv4.ip_forward=1\n"
8197
msgstr ""
8198
8199
#: serverguide/C/security.xml:712(para)
8200
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8201
msgstr ""
8202
8203
#: serverguide/C/security.xml:715(programlisting)
8204
#, no-wrap
8205
msgid ""
8206
"\n"
8207
"net.ipv6.conf.default.forwarding=1\n"
8208
msgstr ""
8209
8210
#: serverguide/C/security.xml:720(para)
8211
msgid ""
8212
"Next, execute the <application>sysctl</application> command to enable the "
8213
"new settings in the configuration file:"
8214
msgstr ""
8215
8216
#: serverguide/C/security.xml:724(command)
8217
msgid "sudo sysctl -p"
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:728(para)
8221
msgid ""
8222
"IP Masquerading can now be accomplished with a single iptables rule, which "
8223
"may differ slightly based on your network configuration:"
8224
msgstr ""
8225
8226
#: serverguide/C/security.xml:731(screen)
8227
#, no-wrap
8228
msgid ""
8229
"\n"
8230
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8231
msgstr ""
8232
8233
#: serverguide/C/security.xml:734(para)
8234
msgid ""
8235
"The above command assumes that your private address space is 192.168.0.0/16 "
8236
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8237
"follows:"
8238
msgstr ""
8239
8240
#: serverguide/C/security.xml:739(para)
8241
msgid "-t nat -- the rule is to go into the nat table"
8242
msgstr ""
8243
8244
#: serverguide/C/security.xml:740(para)
8245
msgid ""
8246
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8247
msgstr ""
8248
8249
#: serverguide/C/security.xml:741(para)
8250
msgid ""
8251
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8252
"specified address space"
8253
msgstr ""
8254
8255
#: serverguide/C/security.xml:742(para)
8256
msgid ""
8257
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8258
"specified network device"
8259
msgstr ""
8260
8261
#: serverguide/C/security.xml:744(para)
8262
msgid ""
8263
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8264
"MASQUERADE target to be manipulated as described above"
8265
msgstr ""
8266
8267
#: serverguide/C/security.xml:752(para)
8268
msgid ""
8269
"Also, each chain in the filter table (the default table, and where most or "
8270
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8271
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8272
"you may have set the policies to DROP or REJECT, in which case your "
8273
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8274
"above rule to work:"
8275
msgstr ""
8276
8277
#: serverguide/C/security.xml:759(screen)
8278
#, no-wrap
8279
msgid ""
8280
"\n"
8281
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8282
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8283
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8284
msgstr ""
8285
8286
#: serverguide/C/security.xml:763(para)
8287
msgid ""
8288
"The above commands will allow all connections from your local network to the "
8289
"Internet and all traffic related to those connections to return to the "
8290
"machine that initiated them."
8291
msgstr ""
8292
8293
#: serverguide/C/security.xml:770(para)
8294
msgid ""
8295
"If you want masquerading to be enabled on reboot, which you probably do, "
8296
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8297
"example add the first command with no filtering:"
8298
msgstr ""
8299
8300
#: serverguide/C/security.xml:774(screen)
8301
#, no-wrap
8302
msgid ""
8303
"\n"
8304
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8305
msgstr ""
8306
8307
#: serverguide/C/security.xml:782(title)
8308
msgid "Logs"
8309
msgstr ""
8310
8311
#: serverguide/C/security.xml:783(para)
8312
msgid ""
8313
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8314
"firewall rules, and noticing unusual activity on your network. You must "
8315
"include logging rules in your firewall for them to be generated, though, and "
8316
"logging rules must come before any applicable terminating rule (a rule with "
8317
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8318
"REJECT)."
8319
msgstr ""
8320
8321
#: serverguide/C/security.xml:790(para)
8322
msgid ""
8323
"If you are using <application>ufw</application>, you can turn on logging by "
8324
"entering the following in a terminal:"
8325
msgstr ""
8326
8327
#: serverguide/C/security.xml:794(command)
8328
msgid "sudo ufw logging on"
8329
msgstr ""
8330
8331
#: serverguide/C/security.xml:796(para)
8332
msgid ""
8333
"To turn logging off in <application>ufw</application>, simply replace "
8334
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8335
"role=\"italic\">off</emphasis> in the above command."
8336
msgstr ""
8337
8338
#: serverguide/C/security.xml:799(para)
8339
msgid ""
8340
"If using <application>iptables</application> instead of "
8341
"<application>ufw</application>, enter:"
8342
msgstr ""
8343
8344
#: serverguide/C/security.xml:802(screen)
8345
#, no-wrap
8346
msgid ""
8347
"\n"
8348
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8349
"prefix \"NEW_HTTP_CONN: \"\n"
8350
msgstr ""
8351
8352
#: serverguide/C/security.xml:805(para)
8353
msgid ""
8354
"A request on port 80 from the local machine, then, would generate a log in "
8355
"dmesg that looks like this:"
8356
msgstr ""
8357
8358
#: serverguide/C/security.xml:810(programlisting)
8359
#, no-wrap
8360
msgid ""
8361
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8362
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8363
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8364
"WINDOW=32767 RES=0x00 SYN URGP=0"
8365
msgstr ""
8366
8367
#: serverguide/C/security.xml:812(para)
8368
msgid ""
8369
"The above log will also appear in <filename>/var/log/messages</filename>, "
8370
"<filename>/var/log/syslog</filename>, and "
8371
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8372
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8373
"and configuring <application>ulogd</application> and using the ULOG target "
8374
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8375
"server that listens for logging instructions from the kernel specifically "
8376
"for firewalls, and can log to any file you like, or even to a "
8377
"<application>PostgreSQL</application> or <application>MySQL</application> "
8378
"database. Making sense of your firewall logs can be simplified by using a "
8379
"log analyzing tool such as <application>fwanalog</application>, "
8380
"<application> fwlogwatch</application>, or <application>lire</application>."
8381
msgstr ""
8382
8383
#: serverguide/C/security.xml:827(title)
8384
msgid "Other Tools"
8385
msgstr ""
8386
8387
#: serverguide/C/security.xml:828(para)
8388
msgid ""
8389
"There are many tools available to help you construct a complete firewall "
8390
"without intimate knowledge of iptables. For the GUI-inclined:"
8391
msgstr ""
8392
8393
#: serverguide/C/security.xml:834(para)
8394
msgid ""
8395
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8396
"popular and easy to use."
8397
msgstr ""
8398
8399
#: serverguide/C/security.xml:839(para)
8400
msgid ""
8401
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8402
"and will look familiar to an administrator who has used a commercial "
8403
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8404
msgstr ""
8405
8406
#: serverguide/C/security.xml:845(para)
8407
msgid ""
8408
"If you prefer a command-line tool with plain-text configuration files:"
8409
msgstr ""
8410
8411
#: serverguide/C/security.xml:850(para)
8412
msgid ""
8413
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8414
"powerful solution to help you configure an advanced firewall for any network."
8415
msgstr ""
8416
8417
#: serverguide/C/security.xml:856(para)
8418
msgid ""
8419
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8420
"a working firewall \"out of the box\" with zero configuration, and will "
8421
"allow you to easily set up a more advanced firewall by editing simple, well-"
8422
"documented configuration files."
8423
msgstr ""
8424
8425
#: serverguide/C/security.xml:863(para)
8426
msgid ""
8427
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8428
"designed to be a desktop firewall application. It is made up of a server "
8429
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8430
"like many popular interactive firewall applications for Windows."
8431
msgstr ""
8432
8433
#: serverguide/C/security.xml:875(para)
8434
msgid ""
8435
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8436
"Firewall</ulink> wiki page contains information on the development of "
8437
"<application>ufw</application>."
8438
msgstr ""
8439
8440
#: serverguide/C/security.xml:881(para)
8441
msgid ""
8442
"Also, the <application>ufw</application> manual page contains some very "
8443
"useful information: <command>man ufw</command>."
8444
msgstr ""
8445
8446
#: serverguide/C/security.xml:886(para)
8447
msgid ""
8448
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8449
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8450
"on using <application>iptables</application>."
8451
msgstr ""
8452
8453
#: serverguide/C/security.xml:892(para)
8454
msgid ""
8455
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8456
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8457
msgstr ""
8458
8459
#: serverguide/C/security.xml:898(para)
8460
msgid ""
8461
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8462
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8463
msgstr ""
8464
8465
#: serverguide/C/security.xml:906(title)
8466
msgid "AppArmor"
8467
msgstr ""
8468
8469
#: serverguide/C/security.xml:907(para)
8470
msgid ""
8471
"<application>AppArmor</application> is a Linux Security Module "
8472
"implementation of name-based mandatory access controls. AppArmor confines "
8473
"individual programs to a set of listed files and posix 1003.1e draft "
8474
"capabilities."
8475
msgstr ""
8476
8477
#: serverguide/C/security.xml:911(para)
8478
msgid ""
8479
"<application>AppArmor</application> is installed and loaded by default. It "
8480
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8481
"and permissions the application requires. Some packages will install their "
8482
"own profiles, and additional profiles can be found in the "
8483
"<application>apparmor-profiles</application> package."
8484
msgstr ""
8485
8486
#: serverguide/C/security.xml:916(para)
8487
msgid ""
8488
"To install the <application>apparmor-profiles</application> package from a "
8489
"terminal prompt:"
8490
msgstr ""
8491
8492
#: serverguide/C/security.xml:922(para)
8493
msgid "AppArmor profiles have two modes of execution:"
8494
msgstr ""
8495
8496
#: serverguide/C/security.xml:927(para)
8497
msgid ""
8498
"Complaining/Learning: profile violations are permitted and logged. Useful "
8499
"for testing and developing new profiles."
8500
msgstr ""
8501
8502
#: serverguide/C/security.xml:932(para)
8503
msgid ""
8504
"Enforced/Confined: enforces profile policy as well as logging the violation."
8505
msgstr ""
8506
8507
#: serverguide/C/security.xml:938(title)
8508
msgid "Using AppArmor"
8509
msgstr ""
8510
8511
#: serverguide/C/security.xml:939(para)
8512
msgid ""
8513
"The <application>apparmor-utils</application> package contains command line "
8514
"utilities that you can use to change the <application>AppArmor</application> "
8515
"execution mode, find the status of a profile, create new profiles, etc."
8516
msgstr ""
8517
8518
#: serverguide/C/security.xml:945(para)
8519
msgid ""
8520
"<application>apparmor_status</application> is used to view the current "
8521
"status of AppArmor profiles."
8522
msgstr ""
8523
8524
#: serverguide/C/security.xml:949(command)
8525
msgid "sudo apparmor_status"
8526
msgstr ""
8527
8528
#: serverguide/C/security.xml:953(para)
8529
msgid ""
8530
"<application>aa-complain</application> places a profile into "
8531
"<emphasis>complain</emphasis> mode."
8532
msgstr ""
8533
8534
#: serverguide/C/security.xml:957(command)
8535
msgid "sudo aa-complain /path/to/bin"
8536
msgstr ""
8537
8538
#: serverguide/C/security.xml:961(para)
8539
msgid ""
8540
"<application>aa-enforce</application> places a profile into "
8541
"<emphasis>enforce</emphasis> mode."
8542
msgstr ""
8543
8544
#: serverguide/C/security.xml:965(command)
8545
msgid "sudo aa-enforce /path/to/bin"
8546
msgstr ""
8547
8548
#: serverguide/C/security.xml:969(para)
8549
msgid ""
8550
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8551
"profiles are located. It can be used to manipulate the "
8552
"<emphasis>mode</emphasis> of all profiles."
8553
msgstr ""
8554
8555
#: serverguide/C/security.xml:973(para)
8556
msgid "Enter the following to place all profiles into complain mode:"
8557
msgstr ""
8558
8559
#: serverguide/C/security.xml:977(command)
8560
msgid "sudo aa-complain /etc/apparmor.d/*"
8561
msgstr ""
8562
8563
#: serverguide/C/security.xml:979(para)
8564
msgid "To place all profiles in enforce mode:"
8565
msgstr ""
8566
8567
#: serverguide/C/security.xml:983(command)
8568
msgid "sudo aa-enforce /etc/apparmor.d/*"
8569
msgstr ""
8570
8571
#: serverguide/C/security.xml:987(para)
8572
msgid ""
8573
"<application>apparmor_parser</application> is used to load a profile into "
8574
"the kernel. It can also be used to reload a currently loaded profile using "
8575
"the <emphasis>-r</emphasis> option. To load a profile:"
8576
msgstr ""
8577
8578
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8579
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8580
msgstr ""
8581
8582
#: serverguide/C/security.xml:994(para)
8583
msgid "To reload a profile:"
8584
msgstr ""
8585
8586
#: serverguide/C/security.xml:998(command)
8587
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8588
msgstr ""
8589
8590
#: serverguide/C/security.xml:1002(para)
8591
msgid ""
8592
"<filename>/etc/init.d/apparmor</filename> can be used to "
8593
"<emphasis>reload</emphasis> all profiles:"
8594
msgstr ""
8595
8596
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8597
msgid "sudo /etc/init.d/apparmor reload"
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:1010(para)
8601
msgid ""
8602
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8603
"with the <application>apparmor_parser -R</application> option to "
8604
"<emphasis>disable</emphasis> a profile."
8605
msgstr ""
8606
8607
#: serverguide/C/security.xml:1015(command)
8608
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8609
msgstr ""
8610
8611
#: serverguide/C/security.xml:1016(command)
8612
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8613
msgstr ""
8614
8615
#: serverguide/C/security.xml:1018(para)
8616
msgid ""
8617
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8618
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8619
"load the profile using the <emphasis>-a</emphasis> option."
8620
msgstr ""
8621
8622
#: serverguide/C/security.xml:1023(command)
8623
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8624
msgstr ""
8625
8626
#: serverguide/C/security.xml:1028(para)
8627
msgid ""
8628
"<application>AppArmor</application> can be disabled, and the kernel module "
8629
"unloaded by entering the following:"
8630
msgstr ""
8631
8632
#: serverguide/C/security.xml:1032(command)
8633
msgid "sudo /etc/init.d/apparmor stop"
8634
msgstr ""
8635
8636
#: serverguide/C/security.xml:1033(command)
8637
msgid "sudo update-rc.d -f apparmor remove"
8638
msgstr ""
8639
8640
#: serverguide/C/security.xml:1037(para)
8641
msgid "To re-enable <application>AppArmor</application> enter:"
8642
msgstr ""
8643
8644
#: serverguide/C/security.xml:1041(command)
8645
msgid "sudo /etc/init.d/apparmor start"
8646
msgstr ""
8647
8648
#: serverguide/C/security.xml:1042(command)
8649
msgid "sudo update-rc.d apparmor defaults"
8650
msgstr ""
8651
8652
#: serverguide/C/security.xml:1047(para)
8653
msgid ""
8654
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8655
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8656
"the actual executable file path. For example for the "
8657
"<application>ping</application> command use <filename>/bin/ping</filename>"
8658
msgstr ""
8659
8660
#: serverguide/C/security.xml:1055(title)
8661
msgid "Profiles"
8662
msgstr ""
8663
8664
#: serverguide/C/security.xml:1056(para)
8665
msgid ""
8666
"<application>AppArmor</application> profiles are simple text files located "
8667
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8668
"path to the executable they profile replacing the \"/\" with \".\". For "
8669
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8670
"profile for the <filename>/bin/ping</filename> command."
8671
msgstr ""
8672
8673
#: serverguide/C/security.xml:1062(para)
8674
msgid "There are two main type of rules used in profiles:"
8675
msgstr ""
8676
8677
#: serverguide/C/security.xml:1067(para)
8678
msgid ""
8679
"<emphasis>Path entries:</emphasis> which detail which files an application "
8680
"can access in the file system."
8681
msgstr ""
8682
8683
#: serverguide/C/security.xml:1072(para)
8684
msgid ""
8685
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8686
"confined process is allowed to use."
8687
msgstr ""
8688
8689
#: serverguide/C/security.xml:1077(para)
8690
msgid ""
8691
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8692
msgstr ""
8693
8694
#: serverguide/C/security.xml:1080(programlisting)
8695
#, no-wrap
8696
msgid ""
8697
"\n"
8698
"#include <tunables/global>\n"
8699
"/bin/ping flags=(complain) {\n"
8700
" #include <abstractions/base>\n"
8701
" #include <abstractions/consoles>\n"
8702
" #include <abstractions/nameservice>\n"
8703
"\n"
8704
" capability net_raw,\n"
8705
" capability setuid,\n"
8706
" network inet raw,\n"
8707
" \n"
8708
" /bin/ping mixr,\n"
8709
" /etc/modules.conf r,\n"
8710
"}\n"
8711
msgstr ""
8712
8713
#: serverguide/C/security.xml:1097(para)
8714
msgid ""
8715
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8716
"from other files. This allows statements pertaining to multiple applications "
8717
"to be placed in a common file."
8718
msgstr ""
8719
8720
#: serverguide/C/security.xml:1103(para)
8721
msgid ""
8722
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8723
"program, also setting the mode to <emphasis>complain</emphasis>."
8724
msgstr ""
8725
8726
#: serverguide/C/security.xml:1109(para)
8727
msgid ""
8728
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8729
"the CAP_NET_RAW Posix.1e capability."
8730
msgstr ""
8731
8732
#: serverguide/C/security.xml:1114(para)
8733
msgid ""
8734
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8735
"execute access to the file."
8736
msgstr ""
8737
8738
#: serverguide/C/security.xml:1120(para)
8739
msgid ""
8740
"After editing a profile file the profile must be reloaded. See <xref "
8741
"linkend=\"apparmor-usage\"/> for details."
8742
msgstr ""
8743
8744
#: serverguide/C/security.xml:1125(title)
8745
msgid "Creating a Profile"
8746
msgstr ""
8747
8748
#: serverguide/C/security.xml:1128(para)
8749
msgid ""
8750
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8751
"application should be exercised. The test plan should be divided into small "
8752
"test cases. Each test case should have a small description and list the "
8753
"steps to follow."
8754
msgstr ""
8755
8756
#: serverguide/C/security.xml:1132(para)
8757
msgid "Some standard test cases are:"
8758
msgstr ""
8759
8760
#: serverguide/C/security.xml:1137(para)
8761
msgid "Starting the program."
8762
msgstr ""
8763
8764
#: serverguide/C/security.xml:1142(para)
8765
msgid "Stopping the program."
8766
msgstr ""
8767
8768
#: serverguide/C/security.xml:1147(para)
8769
msgid "Reloading the program."
8770
msgstr ""
8771
8772
#: serverguide/C/security.xml:1152(para)
8773
msgid "Testing all the commands supported by the init script."
8774
msgstr ""
8775
8776
#: serverguide/C/security.xml:1159(para)
8777
msgid ""
8778
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8779
"genprof</application> to generate a new profile. From a terminal:"
8780
msgstr ""
8781
8782
#: serverguide/C/security.xml:1164(command)
8783
msgid "sudo aa-genprof executable"
8784
msgstr ""
8785
8786
#: serverguide/C/security.xml:1166(para)
8787
msgid "For example:"
8788
msgstr ""
8789
8790
#: serverguide/C/security.xml:1170(command)
8791
msgid "sudo aa-genprof slapd"
8792
msgstr ""
8793
8794
#: serverguide/C/security.xml:1174(para)
8795
msgid ""
8796
"To get your new profile included in the <application>apparmor-"
8797
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8798
"against the <ulink "
8799
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8800
"/ulink> package:"
8801
msgstr ""
8802
8803
#: serverguide/C/security.xml:1181(para)
8804
msgid "Include your test plan and test cases."
8805
msgstr ""
8806
8807
#: serverguide/C/security.xml:1186(para)
8808
msgid "Attach your new profile to the bug."
8809
msgstr ""
8810
8811
#: serverguide/C/security.xml:1195(title)
8812
msgid "Updating Profiles"
8813
msgstr ""
8814
8815
#: serverguide/C/security.xml:1196(para)
8816
msgid ""
8817
"When the program is misbehaving, audit messages are sent to the log files. "
8818
"The program <application>aa-logprof</application> can be used to scan log "
8819
"files for <application>AppArmor</application> audit messages, review them "
8820
"and update the profiles. From a terminal:"
8821
msgstr ""
8822
8823
#: serverguide/C/security.xml:1201(command)
8824
msgid "sudo aa-logprof"
8825
msgstr ""
8826
8827
#: serverguide/C/security.xml:1209(para)
8828
msgid ""
8829
"See the <ulink "
8830
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8831
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8832
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8833
"configuration options."
8834
msgstr ""
8835
8836
#: serverguide/C/security.xml:1216(para)
8837
msgid ""
8838
"For details using AppArmor with other Ubuntu releases see the <ulink "
8839
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8840
"Wiki</ulink> page."
8841
msgstr ""
8842
8843
#: serverguide/C/security.xml:1224(para)
8844
msgid ""
8845
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8846
"page is another introduction to AppArmor."
8847
msgstr ""
8848
8849
#: serverguide/C/security.xml:1231(para)
8850
msgid ""
8851
"A great place to ask for <application>AppArmor</application> assistance, and "
8852
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8853
"server</emphasis> IRC channel on <ulink "
8854
"url=\"http://freenode.net\">freenode</ulink>."
8855
msgstr ""
8856
8857
#: serverguide/C/security.xml:1241(title)
8858
msgid "Certificates"
8859
msgstr ""
8860
8861
#: serverguide/C/security.xml:1242(para)
8862
msgid ""
8863
"One of the most common forms of cryptography today is <emphasis>public-"
8864
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8865
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8866
"system works by <emphasis>encrypting</emphasis> information using the public "
8867
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8868
"the private key."
8869
msgstr ""
8870
8871
#: serverguide/C/security.xml:1248(para)
8872
msgid ""
8873
"A common use for public-key cryptography is encrypting application traffic "
8874
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8875
"connection. For example, configuring Apache to provide "
8876
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8877
"encrypt traffic using a protocol that does not itself provide encryption."
8878
msgstr ""
8879
8880
#: serverguide/C/security.xml:1253(para)
8881
msgid ""
8882
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8883
"<emphasis>public key</emphasis> and other information about a server and the "
8884
"organization who is responsible for it. Certificates can be digitally signed "
8885
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8886
"third party that has confirmed that the information contained in the "
8887
"certificate is accurate."
8888
msgstr ""
8889
8890
#: serverguide/C/security.xml:1260(title)
8891
msgid "Types of Certificates"
8892
msgstr ""
8893
8894
#: serverguide/C/security.xml:1261(para)
8895
msgid ""
8896
"To set up a secure server using public-key cryptography, in most cases, you "
8897
"send your certificate request (including your public key), proof of your "
8898
"company's identity, and payment to a CA. The CA verifies the certificate "
8899
"request and your identity, and then sends back a certificate for your secure "
8900
"server. Alternatively, you can create your own <emphasis>self-"
8901
"signed</emphasis> certificate."
8902
msgstr ""
8903
8904
#: serverguide/C/security.xml:1271(para)
8905
msgid ""
8906
"Note, that self-signed certificates should not be used in most production "
8907
"environments."
8908
msgstr ""
8909
8910
#: serverguide/C/security.xml:1275(para)
8911
msgid ""
8912
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8913
"capabilities that a self-signed certificate does not:"
8914
msgstr ""
8915
8916
#: serverguide/C/security.xml:1282(para)
8917
msgid ""
8918
"Browsers (usually) automatically recognize the certificate and allow a "
8919
"secure connection to be made without prompting the user."
8920
msgstr ""
8921
8922
#: serverguide/C/security.xml:1289(para)
8923
msgid ""
8924
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8925
"the organization that is providing the web pages to the browser."
8926
msgstr ""
8927
8928
#: serverguide/C/security.xml:1297(para)
8929
msgid ""
8930
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8931
"certificates they automatically accept. If a browser encounters a "
8932
"certificate whose authorizing CA is not in the list, the browser asks the "
8933
"user to either accept or decline the connection. Also, other applications "
8934
"may generate an error message when using a self-singed certificate."
8935
msgstr ""
8936
8937
#: serverguide/C/security.xml:1305(para)
8938
msgid ""
8939
"The process of getting a certificate from a CA is fairly easy. A quick "
8940
"overview is as follows:"
8941
msgstr ""
8942
8943
#: serverguide/C/security.xml:1312(para)
8944
msgid "Create a private and public encryption key pair."
8945
msgstr ""
8946
8947
#: serverguide/C/security.xml:1315(para)
8948
msgid ""
8949
"Create a certificate request based on the public key. The certificate "
8950
"request contains information about your server and the company hosting it."
8951
msgstr ""
8952
8953
#: serverguide/C/security.xml:1320(para)
8954
msgid ""
8955
"Send the certificate request, along with documents proving your identity, to "
8956
"a CA. We cannot tell you which certificate authority to choose. Your "
8957
"decision may be based on your past experiences, or on the experiences of "
8958
"your friends or colleagues, or purely on monetary factors."
8959
msgstr ""
8960
8961
#: serverguide/C/security.xml:1326(para)
8962
msgid ""
8963
"Once you have decided upon a CA, you need to follow the instructions they "
8964
"provide on how to obtain a certificate from them."
8965
msgstr ""
8966
8967
#: serverguide/C/security.xml:1331(para)
8968
msgid ""
8969
"When the CA is satisfied that you are indeed who you claim to be, they send "
8970
"you a digital certificate."
8971
msgstr ""
8972
8973
#: serverguide/C/security.xml:1335(para)
8974
msgid ""
8975
"Install this certificate on your secure server, and configure the "
8976
"appropriate applications to use the certificate."
8977
msgstr ""
8978
8979
#: serverguide/C/security.xml:1344(title)
8980
msgid "Generating a Certificate Signing Request (CSR)"
8981
msgstr ""
8982
8983
#: serverguide/C/security.xml:1346(para)
8984
msgid ""
8985
"Whether you are getting a certificate from a CA or generating your own self-"
8986
"signed certificate, the first step is to generate a key."
8987
msgstr ""
8988
8989
#: serverguide/C/security.xml:1351(para)
8990
msgid ""
8991
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8992
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8993
"passphrase allows the services to start without manual intervention, usually "
8994
"the preferred way to start a daemon."
8995
msgstr ""
8996
8997
#: serverguide/C/security.xml:1357(para)
8998
msgid ""
8999
"This section will cover generating a key with a passphrase, and one without. "
9000
"The non-passphrase key will then be used to generate a certificate that can "
9001
"be used with various service daemons."
9002
msgstr ""
9003
9004
#: serverguide/C/security.xml:1363(para)
9005
msgid ""
9006
"Running your secure service without a passphrase is convenient because you "
9007
"will not need to enter the passphrase every time you start your secure "
9008
"service. But it is insecure and a compromise of the key means a compromise "
9009
"of the server as well."
9010
msgstr ""
9011
9012
#: serverguide/C/security.xml:1370(para)
9013
msgid ""
9014
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9015
"Request (CSR) run the following command from a terminal prompt:"
9016
msgstr ""
9017
9018
#: serverguide/C/security.xml:1376(command)
9019
msgid "openssl genrsa -des3 -out server.key 1024"
9020
msgstr ""
9021
9022
#: serverguide/C/security.xml:1379(programlisting)
9023
#, no-wrap
9024
msgid ""
9025
"\n"
9026
"Generating RSA private key, 1024 bit long modulus\n"
9027
".....................++++++\n"
9028
".................++++++\n"
9029
"unable to write 'random state'\n"
9030
"e is 65537 (0x10001)\n"
9031
"Enter pass phrase for server.key:\n"
9032
msgstr ""
9033
9034
#: serverguide/C/security.xml:1388(para)
9035
msgid ""
9036
"You can now enter your passphrase. For best security, it should at least "
9037
"contain eight characters. The minimum length when specifying -des3 is four "
9038
"characters. It should include numbers and/or punctuation and not be a word "
9039
"in a dictionary. Also remember that your passphrase is case-sensitive."
9040
msgstr ""
9041
9042
#: serverguide/C/security.xml:1396(para)
9043
msgid ""
9044
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9045
"server key is generated and stored in the <filename>server.key</filename> "
9046
"file."
9047
msgstr ""
9048
9049
#: serverguide/C/security.xml:1402(para)
9050
msgid ""
9051
"Now create the insecure key, the one without a passphrase, and shuffle the "
9052
"key names:"
9053
msgstr ""
9054
9055
#: serverguide/C/security.xml:1408(command)
9056
msgid "openssl rsa -in server.key -out server.key.insecure"
9057
msgstr ""
9058
9059
#: serverguide/C/security.xml:1409(command)
9060
msgid "mv server.key server.key.secure"
9061
msgstr ""
9062
9063
#: serverguide/C/security.xml:1410(command)
9064
msgid "mv server.key.insecure server.key"
9065
msgstr ""
9066
9067
#: serverguide/C/security.xml:1413(para)
9068
msgid ""
9069
"The insecure key is now named <filename>server.key</filename>, and you can "
9070
"use this file to generate the CSR without passphrase."
9071
msgstr ""
9072
9073
#: serverguide/C/security.xml:1418(para)
9074
msgid "To create the CSR, run the following command at a terminal prompt:"
9075
msgstr ""
9076
9077
#: serverguide/C/security.xml:1423(command)
9078
msgid "openssl req -new -key server.key -out server.csr"
9079
msgstr ""
9080
9081
#: serverguide/C/security.xml:1426(para)
9082
msgid ""
9083
"It will prompt you enter the passphrase. If you enter the correct "
9084
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9085
"etc. Once you enter all these details, your CSR will be created and it will "
9086
"be stored in the <filename>server.csr</filename> file."
9087
msgstr ""
9088
9089
#: serverguide/C/security.xml:1434(para)
9090
msgid ""
9091
"You can now submit this CSR file to a CA for processing. The CA will use "
9092
"this CSR file and issue the certificate. On the other hand, you can create "
9093
"self-signed certificate using this CSR."
9094
msgstr ""
9095
9096
#: serverguide/C/security.xml:1442(title)
9097
msgid "Creating a Self-Signed Certificate"
9098
msgstr ""
9099
9100
#: serverguide/C/security.xml:1443(para)
9101
msgid ""
9102
"To create the self-signed certificate, run the following command at a "
9103
"terminal prompt:"
9104
msgstr ""
9105
9106
#: serverguide/C/security.xml:1448(command)
9107
msgid ""
9108
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9109
"server.crt"
9110
msgstr ""
9111
9112
#: serverguide/C/security.xml:1451(para)
9113
msgid ""
9114
"The above command will prompt you to enter the passphrase. Once you enter "
9115
"the correct passphrase, your certificate will be created and it will be "
9116
"stored in the <filename>server.crt</filename> file."
9117
msgstr ""
9118
9119
#: serverguide/C/security.xml:1456(para)
9120
msgid ""
9121
"If your secure server is to be used in a production environment, you "
9122
"probably need a CA-signed certificate. It is not recommended to use self-"
9123
"signed certificate."
9124
msgstr ""
9125
9126
#: serverguide/C/security.xml:1464(title)
9127
msgid "Installing the Certificate"
9128
msgstr ""
9129
9130
#: serverguide/C/security.xml:1466(para)
9131
msgid ""
9132
"You can install the key file <filename>server.key</filename> and certificate "
9133
"file <filename>server.crt</filename>, or the certificate file issued by your "
9134
"CA, by running following commands at a terminal prompt:"
9135
msgstr ""
9136
9137
#: serverguide/C/security.xml:1472(command)
9138
msgid "sudo cp server.crt /etc/ssl/certs"
9139
msgstr ""
9140
9141
#: serverguide/C/security.xml:1473(command)
9142
msgid "sudo cp server.key /etc/ssl/private"
9143
msgstr ""
9144
9145
#: serverguide/C/security.xml:1475(para)
9146
msgid ""
9147
"Now simply configure any applications, with the ability to use public-key "
9148
"cryptography, to use the <emphasis>certificate</emphasis> and "
9149
"<emphasis>key</emphasis> files. For example, "
9150
"<application>Apache</application> can provide HTTPS, "
9151
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9152
msgstr ""
9153
9154
#: serverguide/C/security.xml:1482(title)
9155
msgid "Certification Authority"
9156
msgstr ""
9157
9158
#: serverguide/C/security.xml:1484(para)
9159
msgid ""
9160
"If the services on your network require more than a few self-signed "
9161
"certificates it may be worth the additional effort to setup your own "
9162
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9163
"certificates signed by your own CA, allows the various services using the "
9164
"certificates to easily trust other services using certificates issued from "
9165
"the same CA."
9166
msgstr ""
9167
9168
#: serverguide/C/security.xml:1494(para)
9169
msgid ""
9170
"First, create the directories to hold the CA certificate and related files:"
9171
msgstr ""
9172
9173
#: serverguide/C/security.xml:1499(command)
9174
msgid "sudo mkdir /etc/ssl/CA"
9175
msgstr ""
9176
9177
#: serverguide/C/security.xml:1500(command)
9178
msgid "sudo mkdir /etc/ssl/newcerts"
9179
msgstr ""
9180
9181
#: serverguide/C/security.xml:1506(para)
9182
msgid ""
9183
"The CA needs a few additional files to operate, one to keep track of the "
9184
"last serial number used by the CA, each certificate must have a unique "
9185
"serial number, and another file to record which certificates have been "
9186
"issued:"
9187
msgstr ""
9188
9189
#: serverguide/C/security.xml:1513(command)
9190
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9191
msgstr ""
9192
9193
#: serverguide/C/security.xml:1514(command)
9194
msgid "sudo touch /etc/ssl/CA/index.txt"
9195
msgstr ""
9196
9197
#: serverguide/C/security.xml:1520(para)
9198
msgid ""
9199
"The third file is a CA configuration file. Though not strictly necessary, it "
9200
"is very convenient when issuing multiple certificates. Edit "
9201
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9202
"]</emphasis> change:"
9203
msgstr ""
9204
9205
#: serverguide/C/security.xml:1526(programlisting)
9206
#, no-wrap
9207
msgid ""
9208
"\n"
9209
"dir = /etc/ssl/ # Where everything is kept\n"
9210
"database = $dir/CA/index.txt # database index file.\n"
9211
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9212
"serial = $dir/CA/serial # The current serial number\n"
9213
"private_key = $dir/private/cakey.pem# The private key\n"
9214
msgstr ""
9215
9216
#: serverguide/C/security.xml:1537(para)
9217
msgid "Next, create the self-singed root certificate:"
9218
msgstr ""
9219
9220
#: serverguide/C/security.xml:1542(command)
9221
msgid ""
9222
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9223
"days 3650"
9224
msgstr ""
9225
9226
#: serverguide/C/security.xml:1545(para)
9227
msgid "You will then be asked to enter the details about the certificate."
9228
msgstr ""
9229
9230
#: serverguide/C/security.xml:1552(para)
9231
msgid "Now install the root certificate and key:"
9232
msgstr ""
9233
9234
#: serverguide/C/security.xml:1557(command)
9235
msgid "sudo mv cakey.pem /etc/ssl/private/"
9236
msgstr ""
9237
9238
#: serverguide/C/security.xml:1558(command)
9239
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9240
msgstr ""
9241
9242
#: serverguide/C/security.xml:1564(para)
9243
msgid ""
9244
"You are now ready to start signing certificates. The first item needed is a "
9245
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9246
"for details. Once you have a CSR, enter the following to generate a "
9247
"certificate signed by the CA:"
9248
msgstr ""
9249
9250
#: serverguide/C/security.xml:1571(command)
9251
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9252
msgstr ""
9253
9254
#: serverguide/C/security.xml:1574(para)
9255
msgid ""
9256
"After entering the password for the CA key, you will be prompted to sign the "
9257
"certificate, and again to commit the new certificate. You should then see a "
9258
"somewhat large amount of output related to the certificate creation."
9259
msgstr ""
9260
9261
#: serverguide/C/security.xml:1583(para)
9262
msgid ""
9263
"There should now be a new file, "
9264
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9265
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9266
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9267
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9268
"the server where the certificate will be installed. For example "
9269
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9270
msgstr ""
9271
9272
#: serverguide/C/security.xml:1591(para)
9273
msgid ""
9274
"Subsequent certificates will be named <filename>02.pem</filename>, "
9275
"<filename>03.pem</filename>, etc."
9276
msgstr ""
9277
9278
#: serverguide/C/security.xml:1596(para)
9279
msgid ""
9280
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9281
"name."
9282
msgstr ""
9283
9284
#: serverguide/C/security.xml:1604(para)
9285
msgid ""
9286
"Finally, copy the new certificate to the host that needs it, and configure "
9287
"the appropriate applications to use it. The default location to install "
9288
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9289
"enables multiple services to use the same certificate without overly "
9290
"complicated file permissions."
9291
msgstr ""
9292
9293
#: serverguide/C/security.xml:1610(para)
9294
msgid ""
9295
"For applications that can be configured to use a CA certificate, you should "
9296
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9297
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9298
"server."
9299
msgstr ""
9300
9301
#: serverguide/C/security.xml:1624(para)
9302
msgid ""
9303
"For more detailed instructions on using cryptography see the <ulink "
9304
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9305
"Certificates HOWTO</ulink> by tlpd.org"
9306
msgstr ""
9307
9308
#: serverguide/C/security.xml:1630(para)
9309
msgid ""
9310
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9311
"of Certificate Authorities."
9312
msgstr ""
9313
9314
#: serverguide/C/security.xml:1635(para)
9315
msgid ""
9316
"The Wikipedia <ulink "
9317
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9318
"information regarding HTTPS."
9319
msgstr ""
9320
9321
#: serverguide/C/security.xml:1640(para)
9322
msgid ""
9323
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9324
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9325
msgstr ""
9326
9327
#: serverguide/C/security.xml:1645(para)
9328
msgid ""
9329
"Also, O'Reilly's <ulink "
9330
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9331
"OpenSSL</ulink> is a good in depth reference."
9332
msgstr ""
9333
9334
#: serverguide/C/security.xml:1654(title)
9335
msgid "eCryptfs"
9336
msgstr ""
9337
9338
#: serverguide/C/security.xml:1656(para)
9339
msgid ""
9340
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9341
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9342
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9343
"filesystem, partition type, etc."
9344
msgstr ""
9345
9346
#: serverguide/C/security.xml:1662(para)
9347
msgid ""
9348
"During installation there is an option to encrypt the <filename "
9349
"role=\"directory\">/home</filename> partition. This will automatically "
9350
"configure everything needed to encrypt and mount the partition."
9351
msgstr ""
9352
9353
#: serverguide/C/security.xml:1667(para)
9354
msgid ""
9355
"As an example, this section will cover configuring <filename "
9356
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9357
msgstr ""
9358
9359
#: serverguide/C/security.xml:1672(title)
9360
msgid "Using eCryptfs"
9361
msgstr ""
9362
9363
#: serverguide/C/security.xml:1674(para)
9364
msgid "First, install the necessary packages. From a terminal prompt enter:"
9365
msgstr ""
9366
9367
#: serverguide/C/security.xml:1679(command)
9368
msgid "sudo apt-get install ecryptfs-utils"
9369
msgstr ""
9370
9371
#: serverguide/C/security.xml:1682(para)
9372
msgid "Now mount the partition to be encrypted:"
9373
msgstr ""
9374
9375
#: serverguide/C/security.xml:1687(command)
9376
msgid "sudo mount -t ecryptfs /srv /srv"
9377
msgstr ""
9378
9379
#: serverguide/C/security.xml:1690(para)
9380
msgid ""
9381
"You will then be prompted for some details on how "
9382
"<application>ecryptfs</application> should encrypt the data."
9383
msgstr ""
9384
9385
#: serverguide/C/security.xml:1694(para)
9386
msgid ""
9387
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9388
"copy the <filename>/etc/default</filename> folder to "
9389
"<filename>/srv</filename>:"
9390
msgstr ""
9391
9392
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9393
msgid "sudo cp -r /etc/default /srv"
9394
msgstr ""
9395
9396
#: serverguide/C/security.xml:1703(para)
9397
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9398
msgstr ""
9399
9400
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9401
msgid "sudo umount /srv"
9402
msgstr ""
9403
9404
#: serverguide/C/security.xml:1709(command)
9405
msgid "cat /srv/default/cron"
9406
msgstr ""
9407
9408
#: serverguide/C/security.xml:1712(para)
9409
msgid ""
9410
"Remounting <filename>/srv</filename> using "
9411
"<application>ecryptfs</application> will make the data viewable once again."
9412
msgstr ""
9413
9414
#: serverguide/C/security.xml:1718(title)
9415
msgid "Automatically Mounting Encrypted Partitions"
9416
msgstr ""
9417
9418
#: serverguide/C/security.xml:1720(para)
9419
msgid ""
9420
"There are a couple of ways to automatically mount an "
9421
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9422
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9423
"mount options, along with a passphrase file residing on a USB key."
9424
msgstr ""
9425
9426
#: serverguide/C/security.xml:1726(para)
9427
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9428
msgstr ""
9429
9430
#: serverguide/C/security.xml:1730(programlisting)
9431
#, no-wrap
9432
msgid ""
9433
"\n"
9434
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9435
"ecryptfs_sig=5826dd62cf81c615\n"
9436
"ecryptfs_cipher=aes\n"
9437
"ecryptfs_key_bytes=16\n"
9438
"ecryptfs_passthrough=n\n"
9439
"ecryptfs_enable_filename_crypto=n\n"
9440
msgstr ""
9441
9442
#: serverguide/C/security.xml:1740(para)
9443
msgid ""
9444
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9445
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9446
msgstr ""
9447
9448
#: serverguide/C/security.xml:1745(para)
9449
msgid ""
9450
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9451
"file:"
9452
msgstr ""
9453
9454
#: serverguide/C/security.xml:1749(programlisting)
9455
#, no-wrap
9456
msgid ""
9457
"\n"
9458
"passphrase_passwd=[secrets]\n"
9459
msgstr ""
9460
9461
#: serverguide/C/security.xml:1753(para)
9462
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9463
msgstr ""
9464
9465
#: serverguide/C/security.xml:1757(programlisting)
9466
#, no-wrap
9467
msgid ""
9468
"\n"
9469
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9470
"/srv /srv ecryptfs defaults 0 0\n"
9471
msgstr ""
9472
9473
#: serverguide/C/security.xml:1762(para)
9474
msgid "Make sure the USB drive is mounted before the encrypted partition."
9475
msgstr ""
9476
9477
#: serverguide/C/security.xml:1766(para)
9478
msgid ""
9479
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9480
"ecryptfs."
9481
msgstr ""
9482
9483
#: serverguide/C/security.xml:1774(para)
9484
msgid ""
9485
"The <application>ecryptfs-utils</application> package includes several other "
9486
"useful utilities:"
9487
msgstr ""
9488
9489
#: serverguide/C/security.xml:1780(para)
9490
msgid ""
9491
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9492
"<filename>~/Private</filename> directory to contain encrypted information. "
9493
"This utility can be run by unprivileged users to keep data private from "
9494
"other users on the system."
9495
msgstr ""
9496
9497
#: serverguide/C/security.xml:1787(para)
9498
msgid ""
9499
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9500
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9501
"directory."
9502
msgstr ""
9503
9504
#: serverguide/C/security.xml:1793(para)
9505
msgid ""
9506
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9507
"kernel keyring."
9508
msgstr ""
9509
9510
#: serverguide/C/security.xml:1798(para)
9511
msgid ""
9512
"<emphasis>ecryptfs-manager:</emphasis> manages "
9513
"<application>eCryptfs</application> objects such as keys."
9514
msgstr ""
9515
9516
#: serverguide/C/security.xml:1803(para)
9517
msgid ""
9518
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9519
"<application>ecryptfs</application> meta information for a file."
9520
msgstr ""
9521
9522
#: serverguide/C/security.xml:1816(para)
9523
msgid ""
9524
"For more information on eCryptfs see the <ulink "
9525
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9526
msgstr ""
9527
9528
#: serverguide/C/security.xml:1821(para)
9529
msgid ""
9530
"There is also a <ulink "
9531
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9532
"article covering eCryptfs."
9533
msgstr ""
9534
9535
#: serverguide/C/security.xml:1826(para)
9536
msgid ""
9537
"Also, for more <application>ecryptfs</application> options see the <ulink "
9538
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9539
"ecryptfs man page</ulink>."
9540
msgstr ""
9541
9542
#: serverguide/C/security.xml:1832(para)
9543
msgid ""
9544
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9545
"Ubuntu Wiki</ulink> page also has more details."
9546
msgstr ""
9547
9548
#: serverguide/C/reporting-bugs.xml:13(title)
9549
msgid "Appendix"
9550
msgstr ""
9551
9552
#: serverguide/C/reporting-bugs.xml:16(title)
9553
msgid "Reporting Bugs in Ubuntu Server Edition"
9554
msgstr ""
9555
9556
#: serverguide/C/reporting-bugs.xml:18(para)
9557
msgid ""
9558
"While the Ubuntu Project attempts to release software with as few bugs as "
9559
"possible, they do occur. You can help fix these bugs by reporting ones that "
9560
"you find to the project. The Ubuntu Project uses <ulink "
9561
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9562
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9563
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9564
"account</ulink>."
9565
msgstr ""
9566
9567
#: serverguide/C/reporting-bugs.xml:30(title)
9568
msgid "Reporting Bugs With ubuntu-bug"
9569
msgstr ""
9570
9571
#: serverguide/C/reporting-bugs.xml:32(para)
9572
msgid ""
9573
"The preferred way to report a bug is with the <application>ubuntu-"
9574
"bug</application> command. The ubuntu-bug tool gathers information about the "
9575
"system useful to developers in diagnosing the reported problem that will "
9576
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9577
"need to be filed against a specific software package, thus the name of the "
9578
"package that the bug occurs in needs to be given to ubuntu-bug:"
9579
msgstr ""
9580
9581
#: serverguide/C/reporting-bugs.xml:43(command)
9582
msgid "ubuntu-bug PACKAGENAME"
9583
msgstr ""
9584
9585
#: serverguide/C/reporting-bugs.xml:46(para)
9586
msgid ""
9587
"For example, to file a bug against the openssh-server package, you would do:"
9588
msgstr ""
9589
9590
#: serverguide/C/reporting-bugs.xml:51(command)
9591
msgid "ubuntu-bug openssh-server"
9592
msgstr ""
9593
9594
#: serverguide/C/reporting-bugs.xml:54(para)
9595
msgid ""
9596
"You can specify either a binary package or the source package for ubuntu-"
9597
"bug. Again using openssh-server as an example, you could also generate the "
9598
"report against the source package for openssh-server, openssh:"
9599
msgstr ""
9600
9601
#: serverguide/C/reporting-bugs.xml:62(command)
9602
msgid "ubuntu-bug openssh"
9603
msgstr ""
9604
9605
#: serverguide/C/reporting-bugs.xml:66(para)
9606
msgid ""
9607
"See <xref linkend=\"package-management\"/> for more information about "
9608
"packages in Ubuntu."
9609
msgstr ""
9610
9611
#: serverguide/C/reporting-bugs.xml:72(para)
9612
msgid ""
9613
"The ubuntu-bug command will gather information about the system in question, "
9614
"possibly including information specific to the specified package, and then "
9615
"ask you what you would like to do with collected information:"
9616
msgstr ""
9617
9618
#: serverguide/C/reporting-bugs.xml:80(command)
9619
msgid "ubuntu-bug postgresql"
9620
msgstr ""
9621
9622
#: serverguide/C/reporting-bugs.xml:79(screen)
9623
#, no-wrap
9624
msgid ""
9625
"\n"
9626
"<placeholder-1/>\n"
9627
"\n"
9628
"*** Collecting problem information\n"
9629
"\n"
9630
"The collected information can be sent to the developers to improve the\n"
9631
"application. This might take a few minutes.\n"
9632
"..........\n"
9633
"\n"
9634
"*** Send problem report to the developers?\n"
9635
"\n"
9636
"After the problem report has been sent, please fill out the form in the\n"
9637
"automatically opened web browser.\n"
9638
"\n"
9639
"What would you like to do? Your options are:\n"
9640
" S: Send report (1.7 KiB)\n"
9641
" V: View report\n"
9642
" K: Keep report file for sending later or copying to somewhere else\n"
9643
" C: Cancel\n"
9644
"Please choose (S/V/K/C):\n"
9645
msgstr ""
9646
9647
#: serverguide/C/reporting-bugs.xml:101(para)
9648
msgid "The options available are:"
9649
msgstr ""
9650
9651
#: serverguide/C/reporting-bugs.xml:108(para)
9652
msgid ""
9653
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9654
"the collected information to Launchpad as part of the the process of filing "
9655
"a bug report. You will be given the opportunity to describe the situation "
9656
"that led up to the occurrence of the bug."
9657
msgstr ""
9658
9659
#: serverguide/C/reporting-bugs.xml:115(screen)
9660
#, no-wrap
9661
msgid ""
9662
"\n"
9663
"*** Uploading problem information\n"
9664
"\n"
9665
"The collected information is being sent to the bug tracking system.\n"
9666
"This might take a few minutes.\n"
9667
"91%\n"
9668
"\n"
9669
"*** To continue, you must visit the following URL:\n"
9670
"\n"
9671
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9672
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9673
"\n"
9674
"You can launch a browser now, or copy this URL into a browser on another\n"
9675
"computer.\n"
9676
"\n"
9677
"Choices:\n"
9678
" 1: Launch a browser now\n"
9679
" C: Cancel\n"
9680
"Please choose (1/C):\n"
9681
msgstr ""
9682
9683
#: serverguide/C/reporting-bugs.xml:135(para)
9684
msgid ""
9685
"If you choose to start a browser, by default the text based web browser "
9686
"<application>w3m</application> will be used to finish filing the bug report. "
9687
"Alternately, you can copy the given URL to a currently running web browser."
9688
msgstr ""
9689
9690
#: serverguide/C/reporting-bugs.xml:144(para)
9691
msgid ""
9692
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9693
"the collected information to be displayed to the terminal for review."
9694
msgstr ""
9695
9696
#: serverguide/C/reporting-bugs.xml:150(screen)
9697
#, no-wrap
9698
msgid ""
9699
"\n"
9700
"Package: postgresql 8.4.2-2\n"
9701
"PackageArchitecture: all\n"
9702
"Tags: lucid\n"
9703
"ProblemType: Bug\n"
9704
"ProcEnviron:\n"
9705
" LANG=en_US.UTF-8\n"
9706
" SHELL=/bin/bash\n"
9707
"Uname: Linux 2.6.32-16-server x86_64\n"
9708
"Dependencies:\n"
9709
" adduser 3.112ubuntu1\n"
9710
" base-files 5.0.0ubuntu10\n"
9711
" base-passwd 3.5.22\n"
9712
" coreutils 7.4-2ubuntu2\n"
9713
"...\n"
9714
msgstr ""
9715
9716
#: serverguide/C/reporting-bugs.xml:167(para)
9717
msgid ""
9718
"After viewing the report, you will be brought back to the same menu asking "
9719
"what you would like to do with the report."
9720
msgstr ""
9721
9722
#: serverguide/C/reporting-bugs.xml:174(para)
9723
msgid ""
9724
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9725
"File causes the gathered information to be written to a file. This file can "
9726
"then be used to later file a bug report or transferred to a different Ubuntu "
9727
"system for reporting. To submit the report file, simply give it as an "
9728
"argument to the ubuntu-bug command:"
9729
msgstr ""
9730
9731
#: serverguide/C/reporting-bugs.xml:189(userinput)
9732
#, no-wrap
9733
msgid "k"
9734
msgstr ""
9735
9736
#: serverguide/C/reporting-bugs.xml:192(command)
9737
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9738
msgstr ""
9739
9740
#: serverguide/C/reporting-bugs.xml:183(screen)
9741
#, no-wrap
9742
msgid ""
9743
"\n"
9744
"What would you like to do? Your options are:\n"
9745
" S: Send report (1.7 KiB)\n"
9746
" V: View report\n"
9747
" K: Keep report file for sending later or copying to somewhere else\n"
9748
" C: Cancel\n"
9749
"Please choose (S/V/K/C): <placeholder-1/>\n"
9750
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9751
"\n"
9752
"<placeholder-2/>\n"
9753
"\n"
9754
"*** Send problem report to the developers?\n"
9755
"...\n"
9756
msgstr ""
9757
9758
#: serverguide/C/reporting-bugs.xml:200(para)
9759
msgid ""
9760
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9761
"collected information to be discarded."
9762
msgstr ""
9763
9764
#: serverguide/C/reporting-bugs.xml:210(title)
9765
msgid "Reporting Application Crashes"
9766
msgstr ""
9767
9768
#: serverguide/C/reporting-bugs.xml:212(para)
9769
msgid ""
9770
"The software package that provides the ubuntu-bug utility, "
9771
"<application>apport</application>, can be configured to trigger when "
9772
"applications crash. This is disabled by default, as capturing a crash can be "
9773
"resource intensive depending on how much memory the application that crashed "
9774
"was using as apport captures and processes the core dump."
9775
msgstr ""
9776
9777
#: serverguide/C/reporting-bugs.xml:221(para)
9778
msgid ""
9779
"Configuring apport to capture information about crashing applications "
9780
"requires a couple of steps. First, <application>gdb</application> needs to "
9781
"be installed; it is not installed by default in Ubuntu Server Edition."
9782
msgstr ""
9783
9784
#: serverguide/C/reporting-bugs.xml:229(command)
9785
msgid "sudo apt-get install gdb"
9786
msgstr ""
9787
9788
#: serverguide/C/reporting-bugs.xml:232(para)
9789
msgid ""
9790
"See <xref linkend=\"package-management\"/> for more information about "
9791
"managing packages in Ubuntu."
9792
msgstr ""
9793
9794
#: serverguide/C/reporting-bugs.xml:237(para)
9795
msgid ""
9796
"Once you have ensured that gdb is installed, open the file "
9797
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9798
"<emphasis>enabled</emphasis> setting to be <emphasis "
9799
"role=\"bold\">1</emphasis> like so:"
9800
msgstr ""
9801
9802
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9803
#, no-wrap
9804
msgid ""
9805
"\n"
9806
"# set this to 0 to disable apport, or to 1 to enable it\n"
9807
"# you can temporarily override this with\n"
9808
"# sudo service apport start force_start=1\n"
9809
"enabled=<userinput>1</userinput>\n"
9810
"\n"
9811
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9812
"maxsize=209715200\n"
9813
msgstr ""
9814
9815
#: serverguide/C/reporting-bugs.xml:254(para)
9816
msgid ""
9817
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9818
"start the apport service:"
9819
msgstr ""
9820
9821
#: serverguide/C/reporting-bugs.xml:261(command)
9822
msgid "sudo start apport"
9823
msgstr ""
9824
9825
#: serverguide/C/reporting-bugs.xml:264(para)
9826
msgid ""
9827
"After an application crashes, use the <application>apport-cli</application> "
9828
"command to search for the existing saved crash report information:"
9829
msgstr ""
9830
9831
#: serverguide/C/reporting-bugs.xml:271(command)
9832
msgid "apport-cli"
9833
msgstr ""
9834
9835
#: serverguide/C/reporting-bugs.xml:270(screen)
9836
#, no-wrap
9837
msgid ""
9838
"\n"
9839
"<placeholder-1/>\n"
9840
"\n"
9841
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9842
"\n"
9843
"If you were not doing anything confidential (entering passwords or other\n"
9844
"private information), you can help to improve the application by\n"
9845
"reporting\n"
9846
"the problem.\n"
9847
"\n"
9848
"What would you like to do? Your options are:\n"
9849
" R: Report Problem...\n"
9850
" I: Cancel and ignore future crashes of this program version\n"
9851
" C: Cancel\n"
9852
"Please choose (R/I/C):\n"
9853
msgstr ""
9854
9855
#: serverguide/C/reporting-bugs.xml:287(para)
9856
msgid ""
9857
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9858
"steps as when using ubuntu-bug. One important difference is that a crash "
9859
"report will be marked as private when filed on Launchpad, meaning that it "
9860
"will be visible to only a limited set of bug triagers. These triagers will "
9861
"review the gathered data for private information before making the bug "
9862
"report publicly visible."
9863
msgstr ""
9864
9865
#: serverguide/C/reporting-bugs.xml:307(para)
9866
msgid ""
9867
"See the <ulink "
9868
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9869
"Bugs</ulink> Ubuntu wiki page."
9870
msgstr ""
9871
9872
#: serverguide/C/reporting-bugs.xml:313(para)
9873
msgid ""
9874
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9875
"has some useful information. Though some of it pertains to using a GUI."
9876
msgstr ""
9877
9878
#: serverguide/C/remote-administration.xml:13(title)
9879
msgid "Remote Administration"
9880
msgstr ""
9881
9882
#: serverguide/C/remote-administration.xml:14(para)
9883
msgid ""
9884
"There are many ways to remotely administer a Linux server. This chapter will "
9885
"cover one of the most popular <application>OpenSSH</application>."
9886
msgstr ""
9887
9888
#: serverguide/C/remote-administration.xml:22(para)
9889
msgid ""
9890
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9891
"tools for the remote control of networked computers and transfer of data "
9892
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9893
"also learn about some of the configuration settings possible with the "
9894
"OpenSSH server application and how to change them on your Ubuntu system."
9895
msgstr ""
9896
9897
#: serverguide/C/remote-administration.xml:29(para)
9898
msgid ""
9899
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9900
"family of tools for remotely controlling a computer or transferring files "
9901
"between computers. Traditional tools used to accomplish these functions, "
9902
"such as <application>telnet</application> or <application>rcp</application>, "
9903
"are insecure and transmit the user's password in cleartext when used. "
9904
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9905
"encrypted remote control and file transfer operations, effectively replacing "
9906
"the legacy tools."
9907
msgstr ""
9908
9909
#: serverguide/C/remote-administration.xml:38(para)
9910
msgid ""
9911
"The OpenSSH server component, <application>sshd</application>, listens "
9912
"continuously for client connections from any of the client tools. When a "
9913
"connection request occurs, <application>sshd</application> sets up the "
9914
"correct connection depending on the type of client tool connecting. For "
9915
"example, if the remote computer is connecting with the "
9916
"<application>ssh</application> client application, the OpenSSH server sets "
9917
"up a remote control session after authentication. If a remote user connects "
9918
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9919
"daemon initiates a secure copy of files between the server and client after "
9920
"authentication. OpenSSH can use many authentication methods, including plain "
9921
"password, public key, and <application>Kerberos</application> tickets."
9922
msgstr ""
9923
9924
#: serverguide/C/remote-administration.xml:52(para)
9925
msgid ""
9926
"Installation of the OpenSSH client and server applications is simple. To "
9927
"install the OpenSSH client applications on your Ubuntu system, use this "
9928
"command at a terminal prompt:"
9929
msgstr ""
9930
9931
#: serverguide/C/remote-administration.xml:58(command)
9932
msgid "sudo apt-get install openssh-client"
9933
msgstr ""
9934
9935
#: serverguide/C/remote-administration.xml:60(para)
9936
msgid ""
9937
"To install the OpenSSH server application, and related support files, use "
9938
"this command at a terminal prompt:"
9939
msgstr ""
9940
9941
#: serverguide/C/remote-administration.xml:65(command)
9942
msgid "sudo apt-get install openssh-server"
9943
msgstr ""
9944
9945
#: serverguide/C/remote-administration.xml:67(para)
9946
msgid ""
9947
"The <application>openssh-server</application> package can also be selected "
9948
"to install during the Server Edition installation process."
9949
msgstr ""
9950
9951
#: serverguide/C/remote-administration.xml:74(para)
9952
msgid ""
9953
"You may configure the default behavior of the OpenSSH server application, "
9954
"<application>sshd</application>, by editing the file "
9955
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
9956
"configuration directives used in this file, you may view the appropriate "
9957
"manual page with the following command, issued at a terminal prompt:"
9958
msgstr ""
9959
9960
#: serverguide/C/remote-administration.xml:82(command)
9961
msgid "man sshd_config"
9962
msgstr ""
9963
9964
#: serverguide/C/remote-administration.xml:84(para)
9965
msgid ""
9966
"There are many directives in the <application>sshd</application> "
9967
"configuration file controlling such things as communication settings and "
9968
"authentication modes. The following are examples of configuration directives "
9969
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
9970
"file."
9971
msgstr ""
9972
9973
#: serverguide/C/remote-administration.xml:91(para)
9974
msgid ""
9975
"Prior to editing the configuration file, you should make a copy of the "
9976
"original file and protect it from writing so you will have the original "
9977
"settings as a reference and to reuse as necessary."
9978
msgstr ""
9979
9980
#: serverguide/C/remote-administration.xml:95(para)
9981
msgid ""
9982
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
9983
"writing with the following commands, issued at a terminal prompt:"
9984
msgstr ""
9985
9986
#: serverguide/C/remote-administration.xml:100(command)
9987
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
9988
msgstr ""
9989
9990
#: serverguide/C/remote-administration.xml:101(command)
9991
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
9992
msgstr ""
9993
9994
#: serverguide/C/remote-administration.xml:103(para)
9995
msgid ""
9996
"The following are examples of configuration directives you may change:"
9997
msgstr ""
9998
9999
#: serverguide/C/remote-administration.xml:108(para)
10000
msgid ""
10001
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10002
"port 22, change the Port directive as such:"
10003
msgstr ""
10004
10005
#: serverguide/C/remote-administration.xml:112(para)
10006
msgid "Port 2222"
10007
msgstr ""
10008
10009
#: serverguide/C/remote-administration.xml:117(para)
10010
msgid ""
10011
"To have <application>sshd</application> allow public key-based login "
10012
"credentials, simply add or modify the line:"
10013
msgstr ""
10014
10015
#: serverguide/C/remote-administration.xml:121(para)
10016
msgid "PubkeyAuthentication yes"
10017
msgstr ""
10018
10019
#: serverguide/C/remote-administration.xml:124(para)
10020
msgid ""
10021
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10022
"present, ensure the line is not commented out."
10023
msgstr ""
10024
10025
#: serverguide/C/remote-administration.xml:130(para)
10026
msgid ""
10027
"To make your OpenSSH server display the contents of the "
10028
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10029
"or modify the line:"
10030
msgstr ""
10031
10032
#: serverguide/C/remote-administration.xml:135(para)
10033
msgid "Banner /etc/issue.net"
10034
msgstr ""
10035
10036
#: serverguide/C/remote-administration.xml:138(para)
10037
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10038
msgstr ""
10039
10040
#: serverguide/C/remote-administration.xml:143(para)
10041
msgid ""
10042
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10043
"save the file, and restart the <application>sshd</application> server "
10044
"application to effect the changes using the following command at a terminal "
10045
"prompt:"
10046
msgstr ""
10047
10048
#: serverguide/C/remote-administration.xml:152(para)
10049
msgid ""
10050
"Many other configuration directives for <application>sshd</application> are "
10051
"available for changing the server application's behavior to fit your needs. "
10052
"Be advised, however, if your only method of access to a server is "
10053
"<application>ssh</application>, and you make a mistake in configuring "
10054
"<application>sshd</application> via the "
10055
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10056
"out of the server upon restarting it, or that the "
10057
"<application>sshd</application> server refuses to start due to an incorrect "
10058
"configuration directive, so be extra careful when editing this file on a "
10059
"remote server."
10060
msgstr ""
10061
10062
#: serverguide/C/remote-administration.xml:167(title)
10063
msgid "SSH Keys"
10064
msgstr ""
10065
10066
#: serverguide/C/remote-administration.xml:168(para)
10067
msgid ""
10068
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10069
"the need of a password. SSH key authentication uses two keys a "
10070
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10071
msgstr ""
10072
10073
#: serverguide/C/remote-administration.xml:172(para)
10074
msgid "To generate the keys, from a terminal prompt enter:"
10075
msgstr ""
10076
10077
#: serverguide/C/remote-administration.xml:176(command)
10078
msgid "ssh-keygen -t dsa"
10079
msgstr ""
10080
10081
#: serverguide/C/remote-administration.xml:178(para)
10082
msgid ""
10083
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10084
"identity of the user. During the process you will be prompted for a "
10085
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10086
"key."
10087
msgstr ""
10088
10089
#: serverguide/C/remote-administration.xml:182(para)
10090
msgid ""
10091
"By default the <emphasis>public</emphasis> key is saved in the file "
10092
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10093
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10094
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10095
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10096
msgstr ""
10097
10098
#: serverguide/C/remote-administration.xml:188(command)
10099
msgid "ssh-copy-id username@remotehost"
10100
msgstr ""
10101
10102
#: serverguide/C/remote-administration.xml:190(para)
10103
msgid ""
10104
"Finally, double check the permissions on the "
10105
"<filename>authorized_keys</filename> file, only the authenticated user "
10106
"should have read and write permissions. If the permissions are not correct "
10107
"change them by:"
10108
msgstr ""
10109
10110
#: serverguide/C/remote-administration.xml:195(command)
10111
msgid "chmod 600 .ssh/authorized_keys"
10112
msgstr ""
10113
10114
#: serverguide/C/remote-administration.xml:197(para)
10115
msgid ""
10116
"You should now be able to SSH to the host without being prompted for a "
10117
"password."
10118
msgstr ""
10119
10120
#: serverguide/C/remote-administration.xml:206(para)
10121
msgid ""
10122
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10123
"page."
10124
msgstr ""
10125
10126
#: serverguide/C/remote-administration.xml:212(ulink)
10127
msgid "OpenSSH Website"
10128
msgstr ""
10129
10130
#: serverguide/C/remote-administration.xml:217(ulink)
10131
msgid "Advanced OpenSSH Wiki Page"
10132
msgstr ""
10133
10134
#: serverguide/C/package-management.xml:13(title)
10135
msgid "Package Management"
10136
msgstr ""
10137
10138
#: serverguide/C/package-management.xml:14(para)
10139
msgid ""
10140
"Ubuntu features a comprehensive package management system for the "
10141
"installation, upgrade, configuration, and removal of software. In addition "
10142
"to providing access to an organized base of over 24,000 software packages "
10143
"for your Ubuntu computer, the package management facilities also feature "
10144
"dependency resolution capabilities and software update checking."
10145
msgstr ""
10146
10147
#: serverguide/C/package-management.xml:16(para)
10148
msgid ""
10149
"Several tools are available for interacting with Ubuntu's package management "
10150
"system, from simple command-line utilities which may be easily automated by "
10151
"system administrators, to a simple graphical interface which is easy to use "
10152
"by those new to Ubuntu."
10153
msgstr ""
10154
10155
#: serverguide/C/package-management.xml:21(para)
10156
msgid ""
10157
"Ubuntu's package management system is derived from the same system used by "
10158
"the Debian GNU/Linux distribution. The package files contain all of the "
10159
"necessary files, meta-data, and instructions to implement a particular "
10160
"functionality or software application on your Ubuntu computer."
10161
msgstr ""
10162
10163
#: serverguide/C/package-management.xml:24(para)
10164
msgid ""
10165
"Debian package files typically have the extension '.deb', and typically "
10166
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10167
"collections of packages found on various media, such as CD-ROM discs, or "
10168
"online. Packages are normally of the pre-compiled binary format; thus "
10169
"installation is quick and requires no compiling of software."
10170
msgstr ""
10171
10172
#: serverguide/C/package-management.xml:27(para)
10173
msgid ""
10174
"Many complex packages use the concept of <emphasis "
10175
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10176
"packages required by the principal package in order to function properly. "
10177
"For example, the speech synthesis package "
10178
"<application>Festival</application> depends upon the package "
10179
"<application>libasound2</application>, which is a package supplying the "
10180
"<application>ALSA</application> sound library needed for audio playback. In "
10181
"order for <application>Festival</application> to function, it and all of its "
10182
"dependencies must be installed. The software management tools in Ubuntu will "
10183
"do this automatically."
10184
msgstr ""
10185
10186
#: serverguide/C/package-management.xml:32(title)
10187
msgid "dpkg"
10188
msgstr ""
10189
10190
#: serverguide/C/package-management.xml:34(para)
10191
msgid ""
10192
"<application>dpkg</application> is a package manager for "
10193
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10194
"packages, but unlike other package management system's it can not "
10195
"automatically download and install packages and their dependencies. This "
10196
"section covers using <application>dpkg</application> to manage locally "
10197
"installed packages:"
10198
msgstr ""
10199
10200
#: serverguide/C/package-management.xml:43(para)
10201
msgid ""
10202
"To list all packages installed on the system, from a terminal prompt enter:"
10203
msgstr ""
10204
10205
#: serverguide/C/package-management.xml:48(command)
10206
msgid "dpkg -l"
10207
msgstr ""
10208
10209
#: serverguide/C/package-management.xml:54(para)
10210
msgid ""
10211
"Depending on the amount of packages on your system, this can generate a "
10212
"large amount of output. Pipe the output through "
10213
"<application>grep</application> to see if a specific package is installed:"
10214
msgstr ""
10215
10216
#: serverguide/C/package-management.xml:60(command)
10217
msgid "dpkg -l | grep apache2"
10218
msgstr ""
10219
10220
#: serverguide/C/package-management.xml:63(para)
10221
msgid ""
10222
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10223
"package name, or other regular expression."
10224
msgstr ""
10225
10226
#: serverguide/C/package-management.xml:70(para)
10227
msgid ""
10228
"To list the files installed by a package, in this case the "
10229
"<application>ufw</application> package, enter:"
10230
msgstr ""
10231
10232
#: serverguide/C/package-management.xml:75(command)
10233
msgid "dpkg -L ufw"
10234
msgstr ""
10235
10236
#: serverguide/C/package-management.xml:81(para)
10237
msgid ""
10238
"If you are not sure which package installed a file, <application>dpkg -"
10239
"S</application> may be able to tell you. For example:"
10240
msgstr ""
10241
10242
#: serverguide/C/package-management.xml:87(command)
10243
msgid "dpkg -S /etc/host.conf"
10244
msgstr ""
10245
10246
#: serverguide/C/package-management.xml:88(computeroutput)
10247
#, no-wrap
10248
msgid "base-files: /etc/host.conf"
10249
msgstr ""
10250
10251
#: serverguide/C/package-management.xml:91(para)
10252
msgid ""
10253
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10254
"<application>base-files</application> package."
10255
msgstr ""
10256
10257
#: serverguide/C/package-management.xml:96(para)
10258
msgid ""
10259
"Many files are automatically generated during the package install process, "
10260
"and even though they are on the filesystem <command>dpkg -S</command> may "
10261
"not know which package they belong to."
10262
msgstr ""
10263
10264
#: serverguide/C/package-management.xml:105(para)
10265
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10266
msgstr ""
10267
10268
#: serverguide/C/package-management.xml:110(command)
10269
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10270
msgstr ""
10271
10272
#: serverguide/C/package-management.xml:113(para)
10273
msgid ""
10274
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10275
"the local .deb file."
10276
msgstr ""
10277
10278
#: serverguide/C/package-management.xml:120(para)
10279
msgid "Uninstalling a package can be accomplished by:"
10280
msgstr ""
10281
10282
#: serverguide/C/package-management.xml:125(command)
10283
msgid "sudo dpkg -r zip"
10284
msgstr ""
10285
10286
#: serverguide/C/package-management.xml:129(para)
10287
msgid ""
10288
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10289
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10290
"manager that handles dependencies, to ensure that the system is in a "
10291
"consistent state. For example using <command>dpkg -r</command> you can "
10292
"remove the <application>zip</application> package, but any packages that "
10293
"depend on it will still be installed and may no longer function correctly."
10294
msgstr ""
10295
10296
#: serverguide/C/package-management.xml:140(para)
10297
msgid ""
10298
"For more <application>dpkg</application> options see the man page: "
10299
"<command>man dpkg</command>."
10300
msgstr ""
10301
10302
#: serverguide/C/package-management.xml:146(title)
10303
msgid "Apt-Get"
10304
msgstr ""
10305
10306
#: serverguide/C/package-management.xml:147(para)
10307
msgid ""
10308
"The <application>apt-get</application> command is a powerful command-line "
10309
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10310
"(APT) performing such functions as installation of new software packages, "
10311
"upgrade of existing software packages, updating of the package list index, "
10312
"and even upgrading the entire Ubuntu system."
10313
msgstr ""
10314
10315
#: serverguide/C/package-management.xml:150(para)
10316
msgid ""
10317
"Being a simple command-line tool, <application>apt-get</application> has "
10318
"numerous advantages over other package management tools available in Ubuntu "
10319
"for server administrators. Some of these advantages include ease of use over "
10320
"simple terminal connections (SSH) and the ability to be used in system "
10321
"administration scripts, which can in turn be automated by the "
10322
"<application>cron</application> scheduling utility."
10323
msgstr ""
10324
10325
#: serverguide/C/package-management.xml:157(para)
10326
msgid ""
10327
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10328
"packages using the <application>apt-get</application> tool is quite simple. "
10329
"For example, to install the network scanner <emphasis "
10330
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10331
"<command>sudo apt-get install nmap</command>\n"
10332
"</screen>"
10333
msgstr ""
10334
10335
#: serverguide/C/package-management.xml:165(para)
10336
msgid ""
10337
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10338
"packages is also a straightforward and simple process. To remove the nmap "
10339
"package installed in the previous example, type the following: <screen>\n"
10340
"<command>sudo apt-get remove nmap</command>\n"
10341
"</screen>"
10342
msgstr ""
10343
10344
#: serverguide/C/package-management.xml:172(para)
10345
msgid ""
10346
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10347
"multiple packages to be installed or removed, separated by spaces."
10348
msgstr ""
10349
10350
#: serverguide/C/package-management.xml:175(para)
10351
msgid ""
10352
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10353
"remove</command> will remove the package configuration files as well. This "
10354
"may or may not be the desired effect so use with caution."
10355
msgstr ""
10356
10357
#: serverguide/C/package-management.xml:181(para)
10358
msgid ""
10359
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10360
"index is essentially a database of available packages from the repositories "
10361
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10362
"the local package index with the latest changes made in repositories, type "
10363
"the following: <screen>\n"
10364
"<command>sudo apt-get update</command>\n"
10365
"</screen>"
10366
msgstr ""
10367
10368
#: serverguide/C/package-management.xml:189(para)
10369
msgid ""
10370
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10371
"versions of packages currently installed on your computer may become "
10372
"available from the package repositories (for example security updates). To "
10373
"upgrade your system, first update your package index as outlined above, and "
10374
"then type: <screen>\n"
10375
"<command>sudo apt-get upgrade</command>\n"
10376
"</screen>"
10377
msgstr ""
10378
10379
#: serverguide/C/package-management.xml:195(para)
10380
msgid ""
10381
"For information on upgrading to a new Ubuntu release see <xref "
10382
"linkend=\"installing-upgrading\"/>."
10383
msgstr ""
10384
10385
#: serverguide/C/package-management.xml:153(para)
10386
msgid ""
10387
"Some examples of popular uses for the <application>apt-get</application> "
10388
"utility: <placeholder-1/>"
10389
msgstr ""
10390
10391
#: serverguide/C/package-management.xml:201(para)
10392
msgid ""
10393
"Actions of the <application>apt-get</application> command, such as "
10394
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10395
"log file."
10396
msgstr ""
10397
10398
#: serverguide/C/package-management.xml:204(para)
10399
msgid ""
10400
"For further information about the use of <application>APT</application>, "
10401
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10402
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10403
"help</screen>"
10404
msgstr ""
10405
10406
#: serverguide/C/package-management.xml:208(title)
10407
msgid "Aptitude"
10408
msgstr ""
10409
10410
#: serverguide/C/package-management.xml:209(para)
10411
msgid ""
10412
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10413
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10414
"the common package management functions, such as installation, removal, and "
10415
"upgrade, are performed in <application>Aptitude</application> with single-"
10416
"key commands, which are typically lowercase letters."
10417
msgstr ""
10418
10419
#: serverguide/C/package-management.xml:212(para)
10420
msgid ""
10421
"<application>Aptitude</application> is best suited for use in a non-"
10422
"graphical terminal environment to ensure proper functioning of the command "
10423
"keys. You may start <application>Aptitude</application> as a normal user "
10424
"with the following command at a terminal prompt: <screen>\n"
10425
"<command>sudo aptitude</command>\n"
10426
"</screen>"
10427
msgstr ""
10428
10429
#: serverguide/C/package-management.xml:219(para)
10430
msgid ""
10431
"When <application>Aptitude</application> starts, you will see a menu bar at "
10432
"the top of the screen and two panes below the menu bar. The top pane "
10433
"contains package categories, such as <emphasis role=\"italics\">New "
10434
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10435
"Packages</emphasis>. The bottom pane contains information related to the "
10436
"packages and package categories."
10437
msgstr ""
10438
10439
#: serverguide/C/package-management.xml:222(para)
10440
msgid ""
10441
"Using <application>Aptitude</application> for package management is "
10442
"relatively straightforward, and the user interface makes common tasks simple "
10443
"to perform. The following are examples of common package management "
10444
"functions as performed in <application>Aptitude</application>:"
10445
msgstr ""
10446
10447
#: serverguide/C/package-management.xml:226(para)
10448
msgid ""
10449
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10450
"locate the package via the Not Installed Packages package category, for "
10451
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10452
"key, and highlight the package you wish to install. After highlighting the "
10453
"package you wish to install, press the <keycap>+</keycap> key, and the "
10454
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10455
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10456
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10457
"again, and you will be prompted to become root to complete the installation. "
10458
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10459
"your user password to become root. Finally, press <keycap>g</keycap> once "
10460
"more and you'll be prompted to download the package. Press "
10461
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10462
"prompt, and downloading and installation of the package will commence."
10463
msgstr ""
10464
10465
#: serverguide/C/package-management.xml:230(para)
10466
msgid ""
10467
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10468
"locate the package via the Installed Packages package category, for example, "
10469
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10470
"highlight the package you wish to remove. After highlighting the package you "
10471
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10472
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10473
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10474
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10475
"prompted to become root to complete the installation. Press "
10476
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10477
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10478
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10479
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10480
"the package will commence."
10481
msgstr ""
10482
10483
#: serverguide/C/package-management.xml:234(para)
10484
msgid ""
10485
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10486
"package index, simply press the <keycap>u</keycap> key and you will be "
10487
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10488
"which will result in a Password: prompt. Enter your user password to become "
10489
"root. Updating of the package index will commence. Press "
10490
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10491
"presented to complete the process."
10492
msgstr ""
10493
10494
#: serverguide/C/package-management.xml:238(para)
10495
msgid ""
10496
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10497
"perform the update of the package index as detailed above, and then press "
10498
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10499
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10500
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10501
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10502
"result in a Password: prompt. Enter your user password to become root. "
10503
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10504
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10505
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10506
"will commence."
10507
msgstr ""
10508
10509
#: serverguide/C/package-management.xml:245(para)
10510
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10511
msgstr ""
10512
10513
#: serverguide/C/package-management.xml:250(para)
10514
msgid ""
10515
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10516
"configuration remains on system"
10517
msgstr ""
10518
10519
#: serverguide/C/package-management.xml:254(para)
10520
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10521
msgstr ""
10522
10523
#: serverguide/C/package-management.xml:258(para)
10524
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10525
msgstr ""
10526
10527
#: serverguide/C/package-management.xml:262(para)
10528
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10529
msgstr ""
10530
10531
#: serverguide/C/package-management.xml:266(para)
10532
msgid ""
10533
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10534
"configured"
10535
msgstr ""
10536
10537
#: serverguide/C/package-management.xml:270(para)
10538
msgid ""
10539
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10540
"and requires fix"
10541
msgstr ""
10542
10543
#: serverguide/C/package-management.xml:274(para)
10544
msgid ""
10545
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10546
"requires fix"
10547
msgstr ""
10548
10549
#: serverguide/C/package-management.xml:242(para)
10550
msgid ""
10551
"The first column of information displayed in the package list in the top "
10552
"pane, when actually viewing packages lists the current state of the package, "
10553
"and uses the following key to describe the state of the package: "
10554
"<placeholder-1/>"
10555
msgstr ""
10556
10557
#: serverguide/C/package-management.xml:280(para)
10558
msgid ""
10559
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10560
"wish to exit. Many other functions are available from the Aptitude menu by "
10561
"pressing the <keycap>F10</keycap> key."
10562
msgstr ""
10563
10564
#: serverguide/C/package-management.xml:285(title)
10565
msgid "Automatic Updates"
10566
msgstr ""
10567
10568
#: serverguide/C/package-management.xml:287(para)
10569
msgid ""
10570
"The <application>unattended-upgrades</application> package can be used to "
10571
"automatically install updated packages, and can be configured to update all "
10572
"packages or just install security updates. First, install the package by "
10573
"entering the following in a terminal:"
10574
msgstr ""
10575
10576
#: serverguide/C/package-management.xml:293(command)
10577
msgid "sudo apt-get install unattended-upgrades"
10578
msgstr ""
10579
10580
#: serverguide/C/package-management.xml:296(para)
10581
msgid ""
10582
"To configure <application>unattended-upgrades</application>, edit "
10583
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10584
"the following to fit your needs:"
10585
msgstr ""
10586
10587
#: serverguide/C/package-management.xml:301(programlisting)
10588
#, no-wrap
10589
msgid ""
10590
"\n"
10591
"Unattended-Upgrade::Allowed-Origins {\n"
10592
" \"Ubuntu maverick-security\";\n"
10593
"// \"Ubuntu maverick-updates\";\n"
10594
"};\n"
10595
msgstr ""
10596
10597
#: serverguide/C/package-management.xml:308(para)
10598
msgid ""
10599
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10600
"will not be automatically updated. To blacklist a package, add it to the "
10601
"list:"
10602
msgstr ""
10603
10604
#: serverguide/C/package-management.xml:313(programlisting)
10605
#, no-wrap
10606
msgid ""
10607
"\n"
10608
"Unattended-Upgrade::Package-Blacklist {\n"
10609
"// \"vim\";\n"
10610
"// \"libc6\";\n"
10611
"// \"libc6-dev\";\n"
10612
"// \"libc6-i686\";\n"
10613
"};\n"
10614
msgstr ""
10615
10616
#: serverguide/C/package-management.xml:323(para)
10617
msgid ""
10618
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10619
"whatever follows \"//\" will not be evaluated."
10620
msgstr ""
10621
10622
#: serverguide/C/package-management.xml:328(para)
10623
msgid ""
10624
"To enable automatic updates, edit "
10625
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10626
"<application>apt</application> configuration options:"
10627
msgstr ""
10628
10629
#: serverguide/C/package-management.xml:332(programlisting)
10630
#, no-wrap
10631
msgid ""
10632
"\n"
10633
"APT::Periodic::Update-Package-Lists \"1\";\n"
10634
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10635
"APT::Periodic::AutocleanInterval \"7\";\n"
10636
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10637
msgstr ""
10638
10639
#: serverguide/C/package-management.xml:339(para)
10640
msgid ""
10641
"The above configuration updates the package list, downloads, and installs "
10642
"available upgrades every day. The local download archive is cleaned every "
10643
"week."
10644
msgstr ""
10645
10646
#: serverguide/C/package-management.xml:345(para)
10647
msgid ""
10648
"You can read more about <application>apt</application> Periodic "
10649
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10650
"header."
10651
msgstr ""
10652
10653
#: serverguide/C/package-management.xml:350(para)
10654
msgid ""
10655
"The results of <application>unattended-upgrades</application> will be logged "
10656
"to <filename>/var/log/unattended-upgrades</filename>."
10657
msgstr ""
10658
10659
#: serverguide/C/package-management.xml:355(title)
10660
msgid "Notifications"
10661
msgstr ""
10662
10663
#: serverguide/C/package-management.xml:357(para)
10664
msgid ""
10665
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10666
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10667
"<application>unattended-upgrades</application> to email an administrator "
10668
"detailing any packages that need upgrading or have problems."
10669
msgstr ""
10670
10671
#: serverguide/C/package-management.xml:362(para)
10672
msgid ""
10673
"Another useful package is <application>apticron</application>. "
10674
"<application>apticron</application> will configure a "
10675
"<application>cron</application> job to email an administrator information "
10676
"about any packages on the system that have updates available, as well as a "
10677
"summary of changes in each package."
10678
msgstr ""
10679
10680
#: serverguide/C/package-management.xml:368(para)
10681
msgid ""
10682
"To install the <application>apticron</application> package, in a terminal "
10683
"enter:"
10684
msgstr ""
10685
10686
#: serverguide/C/package-management.xml:373(command)
10687
msgid "sudo apt-get install apticron"
10688
msgstr ""
10689
10690
#: serverguide/C/package-management.xml:376(para)
10691
msgid ""
10692
"Once the package is installed edit "
10693
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10694
"and other options:"
10695
msgstr ""
10696
10697
#: serverguide/C/package-management.xml:380(programlisting)
10698
#, no-wrap
10699
msgid ""
10700
"\n"
10701
"EMAIL=\"root@example.com\"\n"
10702
msgstr ""
10703
10704
#: serverguide/C/package-management.xml:389(para)
10705
msgid ""
10706
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10707
"system repositories is stored in the /etc/apt/sources.list configuration "
10708
"file. An example of this file is referenced here, along with information on "
10709
"adding or removing repository references from the file."
10710
msgstr ""
10711
10712
#: serverguide/C/package-management.xml:395(para)
10713
msgid ""
10714
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10715
"typical <filename>/etc/apt/sources.list</filename> file."
10716
msgstr ""
10717
10718
#: serverguide/C/package-management.xml:399(para)
10719
msgid ""
10720
"You may edit the file to enable repositories or disable them. For example, "
10721
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10722
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10723
"which appears at the top of the file:"
10724
msgstr ""
10725
10726
#: serverguide/C/package-management.xml:404(screen)
10727
#, no-wrap
10728
msgid ""
10729
"\n"
10730
"# no more prompting for CD-ROM please\n"
10731
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10732
"main restricted\n"
10733
msgstr ""
10734
10735
#: serverguide/C/package-management.xml:410(title)
10736
msgid "Extra Repositories"
10737
msgstr ""
10738
10739
#: serverguide/C/package-management.xml:411(para)
10740
msgid ""
10741
"In addition to the officially supported package repositories available for "
10742
"Ubuntu, there exist additional community-maintained repositories which add "
10743
"thousands more potential packages for installation. Two of the most popular "
10744
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10745
"repositories. These repositories are not officially supported by Ubuntu, but "
10746
"because they are maintained by the community they generally provide packages "
10747
"which are safe for use with your Ubuntu computer."
10748
msgstr ""
10749
10750
#: serverguide/C/package-management.xml:414(para)
10751
msgid ""
10752
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10753
"licensing issues that prevent them from being distributed with a free "
10754
"operating system, and they may be illegal in your locality."
10755
msgstr ""
10756
10757
#: serverguide/C/package-management.xml:416(para)
10758
msgid ""
10759
"Be advised that neither the <emphasis>Universe</emphasis> or "
10760
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10761
"packages. In particular, there may not be security updates for these "
10762
"packages."
10763
msgstr ""
10764
10765
#: serverguide/C/package-management.xml:420(para)
10766
msgid ""
10767
"Many other package sources are available, sometimes even offering only one "
10768
"package, as in the case of package sources provided by the developer of a "
10769
"single application. You should always be very careful and cautious when "
10770
"using non-standard package sources, however. Research the source and "
10771
"packages carefully before performing any installation, as some package "
10772
"sources and their packages could render your system unstable or non-"
10773
"functional in some respects."
10774
msgstr ""
10775
10776
#: serverguide/C/package-management.xml:423(para)
10777
msgid ""
10778
"By default, the <emphasis>Universe</emphasis> and "
10779
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10780
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10781
"comment the following lines:"
10782
msgstr ""
10783
10784
#: serverguide/C/package-management.xml:430(programlisting)
10785
#, no-wrap
10786
msgid ""
10787
"\n"
10788
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10789
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10790
"\n"
10791
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10792
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10793
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10794
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10795
"\n"
10796
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10797
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10798
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10799
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10800
"\n"
10801
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10802
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10803
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10804
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10805
msgstr ""
10806
10807
#: serverguide/C/package-management.xml:456(para)
10808
msgid ""
10809
"Most of the material covered in this chapter is available in "
10810
"<application>man</application> pages, many of which are available online."
10811
msgstr ""
10812
10813
#: serverguide/C/package-management.xml:463(para)
10814
msgid ""
10815
"The <ulink "
10816
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10817
"re</ulink> Ubuntu wiki page has more information."
10818
msgstr ""
10819
10820
#: serverguide/C/package-management.xml:468(para)
10821
msgid ""
10822
"For more <application>dpkg</application> details see the <ulink "
10823
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10824
" man page</ulink>."
10825
msgstr ""
10826
10827
#: serverguide/C/package-management.xml:474(para)
10828
msgid ""
10829
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10830
"HOWTO</ulink> and <ulink "
10831
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
10832
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10833
"<application>apt-get</application> usage."
10834
msgstr ""
10835
10836
#: serverguide/C/package-management.xml:481(para)
10837
msgid ""
10838
"See the <ulink "
10839
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10840
"itude man page</ulink> for more <application>aptitude</application> options."
10841
msgstr ""
10842
10843
#: serverguide/C/package-management.xml:487(para)
10844
msgid ""
10845
"The <ulink "
10846
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10847
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
10848
"adding repositories."
10849
msgstr ""
10850
10851
#: serverguide/C/other-apps.xml:13(title)
10852
msgid "Other Useful Applications"
10853
msgstr ""
10854
10855
#: serverguide/C/other-apps.xml:15(para)
10856
msgid ""
10857
"There are many very useful applications developed by the Ubuntu Server Team, "
10858
"and others that are well integrated with Ubuntu Server Edition, that might "
10859
"not be well known. This chapter will showcase some useful applications that "
10860
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
10861
"easier."
10862
msgstr ""
10863
10864
#: serverguide/C/other-apps.xml:23(title)
10865
msgid "pam_motd"
10866
msgstr ""
10867
10868
#: serverguide/C/other-apps.xml:25(para)
10869
msgid ""
10870
"When logging into an Ubuntu server you may have noticed the informative "
10871
"Message Of The Day (MOTD). This information is obtained and displayed using "
10872
"a couple of packages:"
10873
msgstr ""
10874
10875
#: serverguide/C/other-apps.xml:32(para)
10876
msgid ""
10877
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
10878
"<application>landscape-client</application>, which can be used to manage "
10879
"systems using the web based <emphasis>Landscape</emphasis> application. The "
10880
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
10881
"utility which is used to gather the information displayed in the MOTD."
10882
msgstr ""
10883
10884
#: serverguide/C/other-apps.xml:40(para)
10885
msgid ""
10886
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
10887
"the MOTD via <application>pam_motd</application> module."
10888
msgstr ""
10889
10890
#: serverguide/C/other-apps.xml:46(para)
10891
msgid ""
10892
"<application>pam_motd</application> executes the scripts in "
10893
"<filename>/etc/update-motd.d</filename> in order based on the number "
10894
"prepended to the script. The output of the scripts is written to "
10895
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
10896
"concatenated with <filename>/etc/motd.tail</filename>."
10897
msgstr ""
10898
10899
#: serverguide/C/other-apps.xml:52(para)
10900
msgid ""
10901
"You can add your own dynamic information to the MOTD. For example, to add "
10902
"local weather information:"
10903
msgstr ""
10904
10905
#: serverguide/C/other-apps.xml:58(para)
10906
msgid "First, install the <application>weather-util</application> package:"
10907
msgstr ""
10908
10909
#: serverguide/C/other-apps.xml:63(command)
10910
msgid "sudo apt-get install weather-util"
10911
msgstr ""
10912
10913
#: serverguide/C/other-apps.xml:68(para)
10914
msgid ""
10915
"The <application>weather</application> utility uses METAR data from the "
10916
"National Oceanic and Atmospheric Administration and forecasts from the "
10917
"National Weather Service. In order to find local information you will need "
10918
"the 4-character ICAO location indicator. This can be determined by browsing "
10919
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
10920
"Weather Service</ulink> site."
10921
msgstr ""
10922
10923
#: serverguide/C/other-apps.xml:75(para)
10924
msgid ""
10925
"Although the National Weather Service is a United States government agency "
10926
"there are weather stations available world wide. However, local weather "
10927
"information for all locations outside the U.S. may not be available."
10928
msgstr ""
10929
10930
#: serverguide/C/other-apps.xml:81(para)
10931
msgid ""
10932
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
10933
"script to use <application>weather</application> with your local ICAO "
10934
"indicator:"
10935
msgstr ""
10936
10937
#: serverguide/C/other-apps.xml:86(programlisting)
10938
#, no-wrap
10939
msgid ""
10940
"\n"
10941
"#!/bin/sh\n"
10942
"#\n"
10943
"#\n"
10944
"# Prints the local weather information for the MOTD.\n"
10945
"#\n"
10946
"#\n"
10947
"\n"
10948
"# Replace KINT with your local weather station.\n"
10949
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
10950
"\n"
10951
"echo\n"
10952
"weather -i KINT\n"
10953
"echo\n"
10954
"\n"
10955
msgstr ""
10956
10957
#: serverguide/C/other-apps.xml:104(para)
10958
msgid "Make the script executable:"
10959
msgstr ""
10960
10961
#: serverguide/C/other-apps.xml:109(command)
10962
msgid "sudo chmod 755 /usr/local/bin/local-weather"
10963
msgstr ""
10964
10965
#: serverguide/C/other-apps.xml:113(para)
10966
msgid ""
10967
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
10968
"weather</filename>:"
10969
msgstr ""
10970
10971
#: serverguide/C/other-apps.xml:118(command)
10972
msgid ""
10973
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
10974
msgstr ""
10975
10976
#: serverguide/C/other-apps.xml:122(para)
10977
msgid "Finally, exit the server and re-login to view the new MOTD."
10978
msgstr ""
10979
10980
#: serverguide/C/other-apps.xml:128(para)
10981
msgid ""
10982
"You should now be greeted with some useful information, and some information "
10983
"about the local weather that may not be quite so useful. Hopefully the "
10984
"<application>local-weather</application> example demonstrates the "
10985
"flexibility of <application>pam_motd</application>."
10986
msgstr ""
10987
10988
#: serverguide/C/other-apps.xml:136(title)
10989
msgid "etckeeper"
10990
msgstr ""
10991
10992
#: serverguide/C/other-apps.xml:138(para)
10993
msgid ""
10994
"<application>etckeeper</application> allows the contents of <filename "
10995
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10996
"System (VCS) repository. It hooks into <application>apt</application> to "
10997
"automatically commit changes to <filename>/etc</filename> when packages are "
10998
"installed or upgraded. Placing <filename>/etc</filename> under version "
10999
"control is considered an industry best practice, and the goal of "
11000
"<application>etckeeper</application> is to make this process as painless as "
11001
"possible."
11002
msgstr ""
11003
11004
#: serverguide/C/other-apps.xml:146(para)
11005
msgid ""
11006
"Install <application>etckeeper</application> by entering the following in a "
11007
"terminal:"
11008
msgstr ""
11009
11010
#: serverguide/C/other-apps.xml:151(command)
11011
msgid "sudo apt-get install etckeeper"
11012
msgstr ""
11013
11014
#: serverguide/C/other-apps.xml:154(para)
11015
msgid ""
11016
"The main configuration file, "
11017
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11018
"main option is which VCS to use. By default "
11019
"<application>etckeeper</application> is configured to use "
11020
"<application>bzr</application> for version control. The repository is "
11021
"automatically initialized (and committed for the first time) during package "
11022
"installation. It is possible to undo this by entering the following command:"
11023
msgstr ""
11024
11025
#: serverguide/C/other-apps.xml:164(command)
11026
msgid "sudo etckeeper uninit"
11027
msgstr ""
11028
11029
#: serverguide/C/other-apps.xml:167(para)
11030
msgid ""
11031
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11032
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11033
"It will also automatically commit changes before and after package "
11034
"installation. For a more precise tracking of changes, it is recommended to "
11035
"commit your changes manually, together with a commit message, using:"
11036
msgstr ""
11037
11038
#: serverguide/C/other-apps.xml:176(command)
11039
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11040
msgstr ""
11041
11042
#: serverguide/C/other-apps.xml:179(para)
11043
msgid ""
11044
"Using the VCS commands you can view log information about files in "
11045
"<filename>/etc</filename>:"
11046
msgstr ""
11047
11048
#: serverguide/C/other-apps.xml:184(command)
11049
msgid "sudo bzr log /etc/passwd"
11050
msgstr ""
11051
11052
#: serverguide/C/other-apps.xml:187(para)
11053
msgid ""
11054
"To demonstrate the integration with the package management system, install "
11055
"<application>postfix</application>:"
11056
msgstr ""
11057
11058
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11059
msgid "sudo apt-get install postfix"
11060
msgstr ""
11061
11062
#: serverguide/C/other-apps.xml:195(para)
11063
msgid ""
11064
"When the installation is finished, all the "
11065
"<application>postfix</application> configuration files should be committed "
11066
"to the repository:"
11067
msgstr ""
11068
11069
#: serverguide/C/other-apps.xml:201(computeroutput)
11070
#, no-wrap
11071
msgid ""
11072
"Committing to: /etc/\n"
11073
"added aliases.db\n"
11074
"modified group\n"
11075
"modified group-\n"
11076
"modified gshadow\n"
11077
"modified gshadow-\n"
11078
"modified passwd\n"
11079
"modified passwd-\n"
11080
"added postfix\n"
11081
"added resolvconf\n"
11082
"added rsyslog.d\n"
11083
"modified shadow\n"
11084
"modified shadow-\n"
11085
"added init.d/postfix\n"
11086
"added network/if-down.d/postfix\n"
11087
"added network/if-up.d/postfix\n"
11088
"added postfix/dynamicmaps.cf\n"
11089
"added postfix/main.cf\n"
11090
"added postfix/master.cf\n"
11091
"added postfix/post-install\n"
11092
"added postfix/postfix-files\n"
11093
"added postfix/postfix-script\n"
11094
"added postfix/sasl\n"
11095
"added ppp/ip-down.d\n"
11096
"added ppp/ip-down.d/postfix\n"
11097
"added ppp/ip-up.d/postfix\n"
11098
"added rc0.d/K20postfix\n"
11099
"added rc1.d/K20postfix\n"
11100
"added rc2.d/S20postfix\n"
11101
"added rc3.d/S20postfix\n"
11102
"added rc4.d/S20postfix\n"
11103
"added rc5.d/S20postfix\n"
11104
"added rc6.d/K20postfix\n"
11105
"added resolvconf/update-libc.d\n"
11106
"added resolvconf/update-libc.d/postfix\n"
11107
"added rsyslog.d/postfix.conf\n"
11108
"added ufw/applications.d/postfix\n"
11109
"Committed revision 2."
11110
msgstr ""
11111
11112
#: serverguide/C/other-apps.xml:241(para)
11113
msgid ""
11114
"For an example of how <application>etckeeper</application> tracks manual "
11115
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11116
"<application>bzr</application> you can see which files have been modified:"
11117
msgstr ""
11118
11119
#: serverguide/C/other-apps.xml:247(command)
11120
msgid "sudo bzr status /etc/"
11121
msgstr ""
11122
11123
#: serverguide/C/other-apps.xml:248(computeroutput)
11124
#, no-wrap
11125
msgid ""
11126
"modified:\n"
11127
" hosts"
11128
msgstr ""
11129
11130
#: serverguide/C/other-apps.xml:252(para)
11131
msgid "Now commit the changes:"
11132
msgstr ""
11133
11134
#: serverguide/C/other-apps.xml:257(command)
11135
msgid "sudo etckeeper commit \"new host\""
11136
msgstr ""
11137
11138
#: serverguide/C/other-apps.xml:260(para)
11139
msgid ""
11140
"For more information on <application>bzr</application> see <xref "
11141
"linkend=\"bazaar\"/>."
11142
msgstr ""
11143
11144
#: serverguide/C/other-apps.xml:266(title)
11145
msgid "Byobu"
11146
msgstr ""
11147
11148
#: serverguide/C/other-apps.xml:268(para)
11149
msgid ""
11150
"One of the most useful applications for any system administrator is "
11151
"<application>screen</application>. It allows the execution of multiple "
11152
"shells in one terminal. To make some of the advanced "
11153
"<application>screen</application> features more user friendly, and provide "
11154
"some useful information about the system, the "
11155
"<application>byobu</application> package was created."
11156
msgstr ""
11157
11158
#: serverguide/C/other-apps.xml:275(para)
11159
msgid ""
11160
"When executing <application>byobu</application> pressing the "
11161
"<emphasis>F9</emphasis> key will bring up the "
11162
"<application>Configuration</application> menu. This menu will allow you to:"
11163
msgstr ""
11164
11165
#: serverguide/C/other-apps.xml:281(para)
11166
msgid "View the Help menu"
11167
msgstr ""
11168
11169
#: serverguide/C/other-apps.xml:282(para)
11170
msgid "Change Byobu's background color"
11171
msgstr ""
11172
11173
#: serverguide/C/other-apps.xml:283(para)
11174
msgid "Change Byobu's foreground color"
11175
msgstr ""
11176
11177
#: serverguide/C/other-apps.xml:284(para)
11178
msgid "Toggle status notifications"
11179
msgstr ""
11180
11181
#: serverguide/C/other-apps.xml:285(para)
11182
msgid "Change the key binding set"
11183
msgstr ""
11184
11185
#: serverguide/C/other-apps.xml:286(para)
11186
msgid "Change the escape sequence"
11187
msgstr ""
11188
11189
#: serverguide/C/other-apps.xml:287(para)
11190
msgid "Create new windows"
11191
msgstr ""
11192
11193
#: serverguide/C/other-apps.xml:288(para)
11194
msgid "Manage the default windows"
11195
msgstr ""
11196
11197
#: serverguide/C/other-apps.xml:289(para)
11198
msgid "Byobu currently does not launch at login (toggle on)"
11199
msgstr ""
11200
11201
#: serverguide/C/other-apps.xml:292(para)
11202
msgid ""
11203
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11204
"sequence, new window, change window, etc. There are two key binding sets to "
11205
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11206
"keys</emphasis>. If you wish to use the original key bindings choose the "
11207
"<emphasis>none</emphasis> set."
11208
msgstr ""
11209
11210
#: serverguide/C/other-apps.xml:298(para)
11211
msgid ""
11212
"<application>byobu</application> provides a menu which displays the Ubuntu "
11213
"release, processor information, memory information, and the time and date. "
11214
"The effect is similar to a desktop menu."
11215
msgstr ""
11216
11217
#: serverguide/C/other-apps.xml:303(para)
11218
msgid ""
11219
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11220
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11221
"executed any time a terminal is opened. Changes made to "
11222
"<application>byobu</application> are on a per user basis, and will not "
11223
"affect other users on the system."
11224
msgstr ""
11225
11226
#: serverguide/C/other-apps.xml:309(para)
11227
msgid ""
11228
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11229
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11230
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11231
"commands. Here is a quick list of movement commands:"
11232
msgstr ""
11233
11234
#: serverguide/C/other-apps.xml:316(para)
11235
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11236
msgstr ""
11237
11238
#: serverguide/C/other-apps.xml:317(para)
11239
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11240
msgstr ""
11241
11242
#: serverguide/C/other-apps.xml:318(para)
11243
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11244
msgstr ""
11245
11246
#: serverguide/C/other-apps.xml:319(para)
11247
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11248
msgstr ""
11249
11250
#: serverguide/C/other-apps.xml:320(para)
11251
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11252
msgstr ""
11253
11254
#: serverguide/C/other-apps.xml:321(para)
11255
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11256
msgstr ""
11257
11258
#: serverguide/C/other-apps.xml:322(para)
11259
msgid ""
11260
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11261
"the buffer)"
11262
msgstr ""
11263
11264
#: serverguide/C/other-apps.xml:323(para)
11265
msgid "<emphasis>/</emphasis> - Search forward"
11266
msgstr ""
11267
11268
#: serverguide/C/other-apps.xml:324(para)
11269
msgid "<emphasis>?</emphasis> - Search backward"
11270
msgstr ""
11271
11272
#: serverguide/C/other-apps.xml:325(para)
11273
msgid ""
11274
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11275
msgstr ""
11276
11277
#: serverguide/C/other-apps.xml:334(para)
11278
msgid ""
11279
"See the <ulink "
11280
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11281
"motd.1.html\">update-motd man page</ulink> for more options available to "
11282
"<application>update-motd</application>."
11283
msgstr ""
11284
11285
#: serverguide/C/other-apps.xml:340(para)
11286
msgid ""
11287
"The Debian Package of the Day <ulink "
11288
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11289
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11290
"details about using the <application>weather</application>utility."
11291
msgstr ""
11292
11293
#: serverguide/C/other-apps.xml:347(para)
11294
msgid ""
11295
"See the <ulink "
11296
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11297
"more details on using <application>etckeeper</application>."
11298
msgstr ""
11299
11300
#: serverguide/C/other-apps.xml:353(para)
11301
msgid ""
11302
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11303
"Ubuntu Wiki</ulink> page."
11304
msgstr ""
11305
11306
#: serverguide/C/other-apps.xml:358(para)
11307
msgid ""
11308
"For the latest news and information about <application>bzr</application> see "
11309
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11310
msgstr ""
11311
11312
#: serverguide/C/other-apps.xml:363(para)
11313
msgid ""
11314
"For more information on <application>screen</application> see the <ulink "
11315
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11316
msgstr ""
11317
11318
#: serverguide/C/other-apps.xml:368(para)
11319
msgid ""
11320
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11321
"screen</ulink> page."
11322
msgstr ""
11323
11324
#: serverguide/C/other-apps.xml:373(para)
11325
msgid ""
11326
"Also, see the <application>byobu</application><ulink "
11327
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11328
"information."
11329
msgstr ""
11330
11331
#: serverguide/C/network-config.xml:14(para)
11332
msgid ""
11333
"Networks consist of two or more devices, such as computer systems, printers, "
11334
"and related equipment which are connected by either physical cabling or "
11335
"wireless links for the purpose of sharing and distributing information among "
11336
"the connected devices."
11337
msgstr ""
11338
11339
#: serverguide/C/network-config.xml:20(para)
11340
msgid ""
11341
"This section provides general and specific information pertaining to "
11342
"networking, including an overview of network concepts and detailed "
11343
"discussion of popular network protocols."
11344
msgstr ""
11345
11346
#: serverguide/C/network-config.xml:27(title)
11347
msgid "Network Configuration"
11348
msgstr ""
11349
11350
#: serverguide/C/network-config.xml:28(para)
11351
msgid ""
11352
"Ubuntu ships with a number of graphical utilities to configure your network "
11353
"devices. This document is geared toward server administrators and will focus "
11354
"on managing your network on the command line."
11355
msgstr ""
11356
11357
#: serverguide/C/network-config.xml:35(title)
11358
msgid "Ethernet Interfaces"
11359
msgstr ""
11360
11361
#: serverguide/C/network-config.xml:36(para)
11362
msgid ""
11363
"Ethernet interfaces are identified by the system using the naming convention "
11364
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11365
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11366
"interface is typically identified as <emphasis "
11367
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11368
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11369
"order."
11370
msgstr ""
11371
11372
#: serverguide/C/network-config.xml:46(title)
11373
msgid "Identify Ethernet Interfaces"
11374
msgstr ""
11375
11376
#: serverguide/C/network-config.xml:47(para)
11377
msgid ""
11378
"To quickly identify all available Ethernet interfaces, you can use the "
11379
"<application>ifconfig</application> command as shown below."
11380
msgstr ""
11381
11382
#: serverguide/C/network-config.xml:52(userinput)
11383
#, no-wrap
11384
msgid "ifconfig -a | grep eth"
11385
msgstr ""
11386
11387
#: serverguide/C/network-config.xml:51(screen)
11388
#, no-wrap
11389
msgid ""
11390
"\n"
11391
"<placeholder-1/>\n"
11392
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11393
msgstr ""
11394
11395
#: serverguide/C/network-config.xml:55(para)
11396
msgid ""
11397
"Another application that can help identify all network interfaces available "
11398
"to your system is the <application>lshw</application> command. In the "
11399
"example below, <application>lshw</application> shows a single Ethernet "
11400
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11401
"along with bus information, driver details and all supported capabilities."
11402
msgstr ""
11403
11404
#: serverguide/C/network-config.xml:62(userinput)
11405
#, no-wrap
11406
msgid "sudo lshw -class network"
11407
msgstr ""
11408
11409
#: serverguide/C/network-config.xml:61(screen)
11410
#, no-wrap
11411
msgid ""
11412
"\n"
11413
"<placeholder-1/>\n"
11414
" *-network\n"
11415
" description: Ethernet interface\n"
11416
" product: BCM4401-B0 100Base-TX\n"
11417
" vendor: Broadcom Corporation\n"
11418
" physical id: 0\n"
11419
" bus info: pci@0000:03:00.0\n"
11420
" logical name: eth0\n"
11421
" version: 02\n"
11422
" serial: 00:15:c5:4a:16:5a\n"
11423
" size: 10MB/s\n"
11424
" capacity: 100MB/s\n"
11425
" width: 32 bits\n"
11426
" clock: 33MHz\n"
11427
" capabilities: (snipped for brevity)\n"
11428
" configuration: (snipped for brevity)\n"
11429
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11430
msgstr ""
11431
11432
#: serverguide/C/network-config.xml:83(title)
11433
msgid "Ethernet Interface Logical Names"
11434
msgstr ""
11435
11436
#: serverguide/C/network-config.xml:84(para)
11437
msgid ""
11438
"Interface logical names are configured in the file "
11439
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11440
"like control which interface receives a particular logical name, find the "
11441
"line matching the interfaces physical MAC address and modify the value of "
11442
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11443
"Reboot the system to commit your changes."
11444
msgstr ""
11445
11446
#: serverguide/C/network-config.xml:92(programlisting)
11447
#, no-wrap
11448
msgid ""
11449
"\n"
11450
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11451
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11452
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11453
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11454
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11455
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11456
msgstr ""
11457
11458
#: serverguide/C/network-config.xml:99(title)
11459
msgid "Ethernet Interface Settings"
11460
msgstr ""
11461
11462
#: serverguide/C/network-config.xml:100(para)
11463
msgid ""
11464
"<application>ethtool</application> is a program that displays and changes "
11465
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11466
"and Wake-on-LAN. It is not installed by default, but is available for "
11467
"installation in the repositories."
11468
msgstr ""
11469
11470
#: serverguide/C/network-config.xml:106(userinput)
11471
#, no-wrap
11472
msgid "sudo apt-get install ethtool"
11473
msgstr ""
11474
11475
#: serverguide/C/network-config.xml:108(para)
11476
msgid ""
11477
"The following is an example of how to view supported features and configured "
11478
"settings of an Ethernet interface."
11479
msgstr ""
11480
11481
#: serverguide/C/network-config.xml:113(userinput)
11482
#, no-wrap
11483
msgid "sudo ethtool eth0"
11484
msgstr ""
11485
11486
#: serverguide/C/network-config.xml:112(screen)
11487
#, no-wrap
11488
msgid ""
11489
"\n"
11490
"<placeholder-1/>\n"
11491
"Settings for eth0:\n"
11492
" Supported ports: [ TP ]\n"
11493
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11494
" 100baseT/Half 100baseT/Full \n"
11495
" 1000baseT/Half 1000baseT/Full \n"
11496
" Supports auto-negotiation: Yes\n"
11497
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11498
" 100baseT/Half 100baseT/Full \n"
11499
" 1000baseT/Half 1000baseT/Full \n"
11500
" Advertised auto-negotiation: Yes\n"
11501
" Speed: 1000Mb/s\n"
11502
" Duplex: Full\n"
11503
" Port: Twisted Pair\n"
11504
" PHYAD: 1\n"
11505
" Transceiver: internal\n"
11506
" Auto-negotiation: on\n"
11507
" Supports Wake-on: g\n"
11508
" Wake-on: d\n"
11509
" Current message level: 0x000000ff (255)\n"
11510
" Link detected: yes\n"
11511
msgstr ""
11512
11513
#: serverguide/C/network-config.xml:135(para)
11514
msgid ""
11515
"Changes made with the <application>ethtool</application> command are "
11516
"temporary and will be lost after a reboot. If you would like to retain "
11517
"settings, simply add the desired <application>ethtool</application> command "
11518
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11519
"configuration file <filename>/etc/network/interfaces</filename>."
11520
msgstr ""
11521
11522
#: serverguide/C/network-config.xml:141(para)
11523
msgid ""
11524
"The following is an example of how the interface identified as <emphasis "
11525
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11526
"speed of 1000Mb/s running in full duplex mode."
11527
msgstr ""
11528
11529
#: serverguide/C/network-config.xml:145(programlisting)
11530
#, no-wrap
11531
msgid ""
11532
"\n"
11533
"auto eth0\n"
11534
"iface eth0 inet static\n"
11535
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11536
msgstr ""
11537
11538
#: serverguide/C/network-config.xml:151(para)
11539
msgid ""
11540
"Although the example above shows the interface configured to use the "
11541
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11542
"other methods as well, such as DHCP. The example is meant to demonstrate "
11543
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11544
"statement in relation to the rest of the interface configuration."
11545
msgstr ""
11546
11547
#: serverguide/C/network-config.xml:163(title)
11548
msgid "IP Addressing"
11549
msgstr ""
11550
11551
#: serverguide/C/network-config.xml:164(para)
11552
msgid ""
11553
"The following section describes the process of configuring your systems IP "
11554
"address and default gateway needed for communicating on a local area network "
11555
"and the Internet."
11556
msgstr ""
11557
11558
#: serverguide/C/network-config.xml:171(title)
11559
msgid "Temporary IP Address Assignment"
11560
msgstr ""
11561
11562
#: serverguide/C/network-config.xml:172(para)
11563
msgid ""
11564
"For temporary network configurations, you can use standard commands such as "
11565
"<application>ip</application>, <application>ifconfig</application> and "
11566
"<application>route</application>, which are also found on most other "
11567
"GNU/Linux operating systems. These commands allow you to configure settings "
11568
"which take effect immediately, however they are not persistent and will be "
11569
"lost after a reboot."
11570
msgstr ""
11571
11572
#: serverguide/C/network-config.xml:180(para)
11573
msgid ""
11574
"To temporarily configure an IP address, you can use the "
11575
"<application>ifconfig</application> command in the following manner. Just "
11576
"modify the IP address and subnet mask to match your network requirements."
11577
msgstr ""
11578
11579
#: serverguide/C/network-config.xml:186(userinput)
11580
#, no-wrap
11581
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11582
msgstr ""
11583
11584
#: serverguide/C/network-config.xml:188(para)
11585
msgid ""
11586
"To verify the IP address configuration of <application>eth0</application>, "
11587
"you can use the <application>ifconfig</application> command in the following "
11588
"manner."
11589
msgstr ""
11590
11591
#: serverguide/C/network-config.xml:193(userinput)
11592
#, no-wrap
11593
msgid "ifconfig eth0"
11594
msgstr ""
11595
11596
#: serverguide/C/network-config.xml:192(screen)
11597
#, no-wrap
11598
msgid ""
11599
"\n"
11600
"<placeholder-1/>\n"
11601
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11602
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11603
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11604
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11605
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11606
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11607
" collisions:0 txqueuelen:1000 \n"
11608
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11609
" Interrupt:16 \n"
11610
msgstr ""
11611
11612
#: serverguide/C/network-config.xml:204(para)
11613
msgid ""
11614
"To configure a default gateway, you can use the "
11615
"<application>route</application> command in the following manner. Modify the "
11616
"default gateway address to match your network requirements."
11617
msgstr ""
11618
11619
#: serverguide/C/network-config.xml:210(userinput)
11620
#, no-wrap
11621
msgid "sudo route add default gw 10.0.0.1 eth0"
11622
msgstr ""
11623
11624
#: serverguide/C/network-config.xml:212(para)
11625
msgid ""
11626
"To verify your default gateway configuration, you can use the "
11627
"<application>route</application> command in the following manner."
11628
msgstr ""
11629
11630
#: serverguide/C/network-config.xml:217(userinput)
11631
#, no-wrap
11632
msgid "route -n"
11633
msgstr ""
11634
11635
#: serverguide/C/network-config.xml:216(screen)
11636
#, no-wrap
11637
msgid ""
11638
"\n"
11639
"<placeholder-1/>\n"
11640
"Kernel IP routing table\n"
11641
"Destination Gateway Genmask Flags Metric Ref Use "
11642
"Iface\n"
11643
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11644
"eth0\n"
11645
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11646
"eth0\n"
11647
msgstr ""
11648
11649
#: serverguide/C/network-config.xml:223(para)
11650
msgid ""
11651
"If you require DNS for your temporary network configuration, you can add DNS "
11652
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11653
"example below shows how to enter two DNS servers to "
11654
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11655
"appropriate for your network. A more lengthy description of DNS client "
11656
"configuration is in a following section."
11657
msgstr ""
11658
11659
#: serverguide/C/network-config.xml:230(programlisting)
11660
#, no-wrap
11661
msgid ""
11662
"\n"
11663
"nameserver 8.8.8.8\n"
11664
"nameserver 8.8.4.4\n"
11665
msgstr ""
11666
11667
#: serverguide/C/network-config.xml:234(para)
11668
msgid ""
11669
"If you no longer need this configuration and wish to purge all IP "
11670
"configuration from an interface, you can use the "
11671
"<application>ip</application> command with the flush option as shown below."
11672
msgstr ""
11673
11674
#: serverguide/C/network-config.xml:240(userinput)
11675
#, no-wrap
11676
msgid "ip addr flush eth0"
11677
msgstr ""
11678
11679
#: serverguide/C/network-config.xml:243(para)
11680
msgid ""
11681
"Flushing the IP configuration using the <application>ip</application> "
11682
"command does not clear the contents of "
11683
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11684
"entries manually."
11685
msgstr ""
11686
11687
#: serverguide/C/network-config.xml:251(title)
11688
msgid "Dynamic IP Address Assignment (DHCP Client)"
11689
msgstr ""
11690
11691
#: serverguide/C/network-config.xml:252(para)
11692
msgid ""
11693
"To configure your server to use DHCP for dynamic address assignment, add the "
11694
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11695
"statement for the appropriate interface in the file "
11696
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11697
"are configuring your first Ethernet interface identified as <emphasis "
11698
"role=\"italic\">eth0</emphasis>."
11699
msgstr ""
11700
11701
#: serverguide/C/network-config.xml:259(programlisting)
11702
#, no-wrap
11703
msgid ""
11704
"\n"
11705
"auto eth0\n"
11706
"iface eth0 inet dhcp\n"
11707
msgstr ""
11708
11709
#: serverguide/C/network-config.xml:263(para)
11710
msgid ""
11711
"By adding an interface configuration as shown above, you can manually enable "
11712
"the interface through the <application>ifup</application> command which "
11713
"initiates the DHCP process via <application>dhclient</application>."
11714
msgstr ""
11715
11716
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11717
#, no-wrap
11718
msgid "sudo ifup eth0"
11719
msgstr ""
11720
11721
#: serverguide/C/network-config.xml:271(para)
11722
msgid ""
11723
"To manually disable the interface, you can use the "
11724
"<application>ifdown</application> command, which in turn will initiate the "
11725
"DHCP release process and shut down the interface."
11726
msgstr ""
11727
11728
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11729
#, no-wrap
11730
msgid "sudo ifdown eth0"
11731
msgstr ""
11732
11733
#: serverguide/C/network-config.xml:282(title)
11734
msgid "Static IP Address Assignment"
11735
msgstr ""
11736
11737
#: serverguide/C/network-config.xml:283(para)
11738
msgid ""
11739
"To configure your system to use a static IP address assignment, add the "
11740
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11741
"family statement for the appropriate interface in the file "
11742
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11743
"are configuring your first Ethernet interface identified as <emphasis "
11744
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11745
"role=\"italic\">address</emphasis>, <emphasis "
11746
"role=\"italic\">netmask</emphasis>, and <emphasis "
11747
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11748
"network."
11749
msgstr ""
11750
11751
#: serverguide/C/network-config.xml:292(programlisting)
11752
#, no-wrap
11753
msgid ""
11754
"\n"
11755
"auto eth0\n"
11756
"iface eth0 inet static\n"
11757
"address 10.0.0.100\n"
11758
"netmask 255.255.255.0\n"
11759
"gateway 10.0.0.1\n"
11760
msgstr ""
11761
11762
#: serverguide/C/network-config.xml:299(para)
11763
msgid ""
11764
"By adding an interface configuration as shown above, you can manually enable "
11765
"the interface through the <application>ifup</application> command."
11766
msgstr ""
11767
11768
#: serverguide/C/network-config.xml:306(para)
11769
msgid ""
11770
"To manually disable the interface, you can use the "
11771
"<application>ifdown</application> command."
11772
msgstr ""
11773
11774
#: serverguide/C/network-config.xml:316(title)
11775
msgid "Loopback Interface"
11776
msgstr ""
11777
11778
#: serverguide/C/network-config.xml:317(para)
11779
msgid ""
11780
"The loopback interface is identified by the system as <emphasis "
11781
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11782
"can be viewed using the ifconfig command."
11783
msgstr ""
11784
11785
#: serverguide/C/network-config.xml:322(userinput)
11786
#, no-wrap
11787
msgid "ifconfig lo"
11788
msgstr ""
11789
11790
#: serverguide/C/network-config.xml:321(screen)
11791
#, no-wrap
11792
msgid ""
11793
"\n"
11794
"<placeholder-1/>\n"
11795
"lo Link encap:Local Loopback \n"
11796
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11797
" inet6 addr: ::1/128 Scope:Host\n"
11798
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11799
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11800
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11801
" collisions:0 txqueuelen:0 \n"
11802
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11803
msgstr ""
11804
11805
#: serverguide/C/network-config.xml:332(para)
11806
msgid ""
11807
"By default, there should be two lines in "
11808
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11809
"configuring your loopback interface. It is recommended that you keep the "
11810
"default settings unless you have a specific purpose for changing them. An "
11811
"example of the two default lines are shown below."
11812
msgstr ""
11813
11814
#: serverguide/C/network-config.xml:338(programlisting)
11815
#, no-wrap
11816
msgid ""
11817
"\n"
11818
"auto lo\n"
11819
"iface lo inet loopback\n"
11820
msgstr ""
11821
11822
#: serverguide/C/network-config.xml:347(title)
11823
msgid "Name Resolution"
11824
msgstr ""
11825
11826
#: serverguide/C/network-config.xml:348(para)
11827
msgid ""
11828
"Name resolution as it relates to IP networking is the process of mapping IP "
11829
"addresses to hostnames, making it easier to identify resources on a network. "
11830
"The following section will explain how to properly configure your system for "
11831
"name resolution using DNS and static hostname records."
11832
msgstr ""
11833
11834
#: serverguide/C/network-config.xml:356(title)
11835
msgid "DNS Client Configuration"
11836
msgstr ""
11837
11838
#: serverguide/C/network-config.xml:357(para)
11839
msgid ""
11840
"To configure your system to use DNS for name resolution, add the IP "
11841
"addresses of the DNS servers that are appropriate for your network in the "
11842
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11843
"suffix search-lists to match your network domain names."
11844
msgstr ""
11845
11846
#: serverguide/C/network-config.xml:362(para)
11847
msgid ""
11848
"Below is an example of a typical configuration of "
11849
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11850
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11851
msgstr ""
11852
11853
#: serverguide/C/network-config.xml:367(programlisting)
11854
#, no-wrap
11855
msgid ""
11856
"\n"
11857
"search example.com\n"
11858
"nameserver 8.8.8.8\n"
11859
"nameserver 8.8.4.4\n"
11860
msgstr ""
11861
11862
#: serverguide/C/network-config.xml:372(para)
11863
msgid ""
11864
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
11865
"multiple domain names so that DNS queries will be appended in the order in "
11866
"which they are entered. For example, your network may have multiple sub-"
11867
"domains to search; a parent domain of <emphasis "
11868
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
11869
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
11870
"role=\"italic\">dev.example.com</emphasis>."
11871
msgstr ""
11872
11873
#: serverguide/C/network-config.xml:380(para)
11874
msgid ""
11875
"If you have multiple domains you wish to search, your configuration might "
11876
"look like the following."
11877
msgstr ""
11878
11879
#: serverguide/C/network-config.xml:383(programlisting)
11880
#, no-wrap
11881
msgid ""
11882
"\n"
11883
"search example.com sales.example.com dev.example.com\n"
11884
"nameserver 8.8.8.8\n"
11885
"nameserver 8.8.4.4\n"
11886
msgstr ""
11887
11888
#: serverguide/C/network-config.xml:388(para)
11889
msgid ""
11890
"If you try to ping a host with the name of <emphasis "
11891
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
11892
"for its Fully Qualified Domain Name (FQDN) in the following order:"
11893
msgstr ""
11894
11895
#: serverguide/C/network-config.xml:394(para)
11896
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
11897
msgstr ""
11898
11899
#: serverguide/C/network-config.xml:399(para)
11900
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
11901
msgstr ""
11902
11903
#: serverguide/C/network-config.xml:404(para)
11904
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
11905
msgstr ""
11906
11907
#: serverguide/C/network-config.xml:409(para)
11908
msgid ""
11909
"If no matches are found, the DNS server will provide a result of <emphasis "
11910
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
11911
msgstr ""
11912
11913
#: serverguide/C/network-config.xml:416(title)
11914
msgid "Static Hostnames"
11915
msgstr ""
11916
11917
#: serverguide/C/network-config.xml:417(para)
11918
msgid ""
11919
"Static hostnames are locally defined hostname-to-IP mappings located in the "
11920
"file <filename>/etc/hosts</filename>. Entries in the "
11921
"<filename>hosts</filename> file will have precedence over DNS by default. "
11922
"This means that if your system tries to resolve a hostname and it matches an "
11923
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
11924
"some configurations, especially when Internet access is not required, "
11925
"servers that communicate with a limited number of resources can be "
11926
"conveniently set to use static hostnames instead of DNS."
11927
msgstr ""
11928
11929
#: serverguide/C/network-config.xml:424(para)
11930
msgid ""
11931
"The following is an example of a <filename>hosts</filename> file where a "
11932
"number of local servers have been identified by simple hostnames, aliases "
11933
"and their equivalent Fully Qualified Domain Names (FQDN's)."
11934
msgstr ""
11935
11936
#: serverguide/C/network-config.xml:428(programlisting)
11937
#, no-wrap
11938
msgid ""
11939
"\n"
11940
"127.0.0.1\tlocalhost\n"
11941
"127.0.1.1\tubuntu-server\n"
11942
"10.0.0.11\tserver1 vpn server1.example.com\n"
11943
"10.0.0.12\tserver2 mail server2.example.com\n"
11944
"10.0.0.13\tserver3 www server3.example.com\n"
11945
"10.0.0.14\tserver4 file server4.example.com\n"
11946
msgstr ""
11947
11948
#: serverguide/C/network-config.xml:437(para)
11949
msgid ""
11950
"In the above example, notice that each of the servers have been given "
11951
"aliases in addition to their proper names and FQDN's. <emphasis "
11952
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
11953
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
11954
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
11955
"role=\"italic\">server3</emphasis> as <emphasis "
11956
"role=\"italic\">www</emphasis>, and <emphasis "
11957
"role=\"italic\">server4</emphasis> as <emphasis "
11958
"role=\"italic\">file</emphasis>."
11959
msgstr ""
11960
11961
#: serverguide/C/network-config.xml:449(title)
11962
msgid "Name Service Switch Configuration"
11963
msgstr ""
11964
11965
#: serverguide/C/network-config.xml:450(para)
11966
msgid ""
11967
"The order in which your system selects a method of resolving hostnames to IP "
11968
"addresses is controlled by the Name Service Switch (NSS) configuration file "
11969
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
11970
"section, typically static hostnames defined in the systems "
11971
"<filename>/etc/hosts</filename> file have precedence over names resolved "
11972
"from DNS. The following is an example of the line responsible for this order "
11973
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
11974
msgstr ""
11975
11976
#: serverguide/C/network-config.xml:458(programlisting)
11977
#, no-wrap
11978
msgid ""
11979
"\n"
11980
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
11981
msgstr ""
11982
11983
#: serverguide/C/network-config.xml:464(para)
11984
msgid ""
11985
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
11986
"hostnames located in <filename>/etc/hosts</filename>."
11987
msgstr ""
11988
11989
#: serverguide/C/network-config.xml:470(para)
11990
msgid ""
11991
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
11992
"name using Multicast DNS."
11993
msgstr ""
11994
11995
#: serverguide/C/network-config.xml:475(para)
11996
msgid ""
11997
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
11998
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
11999
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12000
"authoritative and that the system should not try to continue hunting for an "
12001
"answer."
12002
msgstr ""
12003
12004
#: serverguide/C/network-config.xml:483(para)
12005
msgid ""
12006
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12007
msgstr ""
12008
12009
#: serverguide/C/network-config.xml:488(para)
12010
msgid ""
12011
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12012
msgstr ""
12013
12014
#: serverguide/C/network-config.xml:494(para)
12015
msgid ""
12016
"To modify the order of the above mentioned name resolution methods, you can "
12017
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12018
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12019
"versus Multicast DNS, you can change the string in "
12020
"<filename>/etc/nsswitch.conf</filename> as shown below."
12021
msgstr ""
12022
12023
#: serverguide/C/network-config.xml:501(programlisting)
12024
#, no-wrap
12025
msgid ""
12026
"\n"
12027
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12028
msgstr ""
12029
12030
#: serverguide/C/network-config.xml:508(title)
12031
msgid "Bridging"
12032
msgstr ""
12033
12034
#: serverguide/C/network-config.xml:510(para)
12035
msgid ""
12036
"Bridging multiple interfaces is a more advanced configuration, but is very "
12037
"useful in multiple scenarios. One scenario is setting up a bridge with "
12038
"multiple network interfaces, then using a firewall to filter traffic between "
12039
"two network segments. Another scenario is using bridge on a system with one "
12040
"interface to allow virtual machines direct access to the outside network. "
12041
"The following example covers the latter scenario."
12042
msgstr ""
12043
12044
#: serverguide/C/network-config.xml:517(para)
12045
msgid ""
12046
"Before configuring a bridge you will need to install the <application>bridge-"
12047
"utils</application> package. To install the package, in a terminal enter:"
12048
msgstr ""
12049
12050
#: serverguide/C/network-config.xml:523(command)
12051
msgid "sudo apt-get install bridge-utils"
12052
msgstr ""
12053
12054
#: serverguide/C/network-config.xml:526(para)
12055
msgid ""
12056
"Next, configure the bridge by editing "
12057
"<filename>/etc/network/interfaces</filename>:"
12058
msgstr ""
12059
12060
#: serverguide/C/network-config.xml:530(programlisting)
12061
#, no-wrap
12062
msgid ""
12063
"\n"
12064
"auto lo\n"
12065
"iface lo inet loopback\n"
12066
"\n"
12067
"auto br0\n"
12068
"iface br0 inet static\n"
12069
" address 192.168.0.10\n"
12070
" network 192.168.0.0\n"
12071
" netmask 255.255.255.0\n"
12072
" broadcast 192.168.0.255\n"
12073
" gateway 192.168.0.1\n"
12074
" bridge_ports eth0\n"
12075
" bridge_fd 9\n"
12076
" bridge_hello 2\n"
12077
" bridge_maxage 12\n"
12078
" bridge_stp off\n"
12079
msgstr ""
12080
12081
#: serverguide/C/network-config.xml:549(para)
12082
msgid "Enter the appropriate values for your physical interface and network."
12083
msgstr ""
12084
12085
#: serverguide/C/network-config.xml:554(para)
12086
msgid "Now restart networking to enable the bridge interface:"
12087
msgstr ""
12088
12089
#: serverguide/C/network-config.xml:561(para)
12090
msgid ""
12091
"The new bridge interface should now be up and running. The "
12092
"<application>brctl</application> provides useful information about the state "
12093
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12094
"<command>man brctl</command> for more information."
12095
msgstr ""
12096
12097
#: serverguide/C/network-config.xml:577(para)
12098
msgid ""
12099
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12100
"Network page</ulink> has links to articles covering more advanced network "
12101
"configuration."
12102
msgstr ""
12103
12104
#: serverguide/C/network-config.xml:583(para)
12105
msgid ""
12106
"The <ulink "
12107
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12108
"\">interfaces man page</ulink> has details on more options for "
12109
"<filename>/etc/network/interfaces</filename>."
12110
msgstr ""
12111
12112
#: serverguide/C/network-config.xml:589(para)
12113
msgid ""
12114
"The <ulink "
12115
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12116
"dhclient man page</ulink> has details on more options for configuring DHCP "
12117
"client settings."
12118
msgstr ""
12119
12120
#: serverguide/C/network-config.xml:595(para)
12121
msgid ""
12122
"For more information on DNS client configuration see the <ulink "
12123
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12124
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12125
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12126
"Administrator's Guide</ulink> is a good source of resolver and name service "
12127
"configuration information."
12128
msgstr ""
12129
12130
#: serverguide/C/network-config.xml:603(para)
12131
msgid ""
12132
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12133
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12134
"tl man page</ulink> and the Linux Foundation's <ulink "
12135
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12136
msgstr ""
12137
12138
#: serverguide/C/network-config.xml:614(title)
12139
msgid "TCP/IP"
12140
msgstr ""
12141
12142
#: serverguide/C/network-config.xml:615(para)
12143
msgid ""
12144
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12145
"standard set of protocols developed in the late 1970s by the Defense "
12146
"Advanced Research Projects Agency (DARPA) as a means of communication "
12147
"between different types of computers and computer networks. TCP/IP is the "
12148
"driving force of the Internet, and thus it is the most popular set of "
12149
"network protocols on Earth."
12150
msgstr ""
12151
12152
#: serverguide/C/network-config.xml:623(title)
12153
msgid "TCP/IP Introduction"
12154
msgstr ""
12155
12156
#: serverguide/C/network-config.xml:624(para)
12157
msgid ""
12158
"The two protocol components of TCP/IP deal with different aspects of "
12159
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12160
"TCP/IP is a connectionless protocol which deals only with network packet "
12161
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12162
"basic unit of networking information. The IP Datagram consists of a header "
12163
"followed by a message. The <emphasis> Transmission Control "
12164
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12165
"establish connections which may be used to exchange data streams. TCP also "
12166
"guarantees that the data between connections is delivered and that it "
12167
"arrives at one network host in the same order as sent from another network "
12168
"host."
12169
msgstr ""
12170
12171
#: serverguide/C/network-config.xml:637(title)
12172
msgid "TCP/IP Configuration"
12173
msgstr ""
12174
12175
#: serverguide/C/network-config.xml:638(para)
12176
msgid ""
12177
"The TCP/IP protocol configuration consists of several elements which must be "
12178
"set by editing the appropriate configuration files, or deploying solutions "
12179
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12180
"can be configured to provide the proper TCP/IP configuration settings to "
12181
"network clients automatically. These configuration values must be set "
12182
"correctly in order to facilitate the proper network operation of your Ubuntu "
12183
"system."
12184
msgstr ""
12185
12186
#: serverguide/C/network-config.xml:650(para)
12187
msgid ""
12188
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12189
"identifying string expressed as four decimal numbers ranging from zero (0) "
12190
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12191
"four numbers representing eight (8) bits of the address for a total length "
12192
"of thirty-two (32) bits for the whole address. This format is called "
12193
"<emphasis>dotted quad notation</emphasis>."
12194
msgstr ""
12195
12196
#: serverguide/C/network-config.xml:660(para)
12197
msgid ""
12198
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12199
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12200
"separate the portions of an IP address significant to the network from the "
12201
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12202
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12203
"three bytes of the IP address and allows the last byte of the IP address to "
12204
"remain available for specifying hosts on the subnetwork."
12205
msgstr ""
12206
12207
#: serverguide/C/network-config.xml:671(para)
12208
msgid ""
12209
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12210
"represents the bytes comprising the network portion of an IP address. For "
12211
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12212
"network address, where twelve (12) represents the first byte of the IP "
12213
"address, (the network part) and zeroes (0) in all of the remaining three "
12214
"bytes to represent the potential host values. A network host using the "
12215
"private IP address 192.168.1.100 would in turn use a Network Address of "
12216
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12217
"network and a zero (0) for all the possible hosts on the network."
12218
msgstr ""
12219
12220
#: serverguide/C/network-config.xml:684(para)
12221
msgid ""
12222
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12223
"is an IP address which allows network data to be sent simultaneously to all "
12224
"hosts on a given subnetwork rather than specifying a particular host. The "
12225
"standard general broadcast address for IP networks is 255.255.255.255, but "
12226
"this broadcast address cannot be used to send a broadcast message to every "
12227
"host on the Internet because routers block it. A more appropriate broadcast "
12228
"address is set to match a specific subnetwork. For example, on the private "
12229
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12230
"Broadcast messages are typically produced by network protocols such as the "
12231
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12232
msgstr ""
12233
12234
#: serverguide/C/network-config.xml:697(para)
12235
msgid ""
12236
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12237
"IP address through which a particular network, or host on a network, may be "
12238
"reached. If one network host wishes to communicate with another network "
12239
"host, and that host is not located on the same network, then a "
12240
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12241
"Address will be that of a router on the same network, which will in turn "
12242
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12243
"value of the Gateway Address setting must be correct, or your system will "
12244
"not be able to reach any hosts beyond those on the same network."
12245
msgstr ""
12246
12247
#: serverguide/C/network-config.xml:708(para)
12248
msgid ""
12249
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12250
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12251
"resolve network hostnames into IP addresses. There are three levels of "
12252
"Nameserver Addresses, which may be specified in order of precedence: The "
12253
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12254
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12255
"your system to be able to resolve network hostnames into their corresponding "
12256
"IP addresses, you must specify valid Nameserver Addresses which you are "
12257
"authorized to use in your system's TCP/IP configuration. In many cases these "
12258
"addresses can and will be provided by your network service provider, but "
12259
"many free and publicly accessible nameservers are available for use, such as "
12260
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12261
msgstr ""
12262
12263
#: serverguide/C/network-config.xml:722(para)
12264
msgid ""
12265
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12266
"Address are typically specified via the appropriate directives in the file "
12267
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12268
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12269
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12270
"system manual page for <filename>interfaces</filename> or "
12271
"<filename>resolv.conf</filename> respectively, with the following commands "
12272
"typed at a terminal prompt:"
12273
msgstr ""
12274
12275
#: serverguide/C/network-config.xml:729(para)
12276
msgid ""
12277
"Access the system manual page for <filename>interfaces</filename> with the "
12278
"following command:"
12279
msgstr ""
12280
12281
#: serverguide/C/network-config.xml:734(command)
12282
msgid "man interfaces"
12283
msgstr ""
12284
12285
#: serverguide/C/network-config.xml:737(para)
12286
msgid ""
12287
"Access the system manual page for <filename>resolv.conf</filename> with the "
12288
"following command:"
12289
msgstr ""
12290
12291
#: serverguide/C/network-config.xml:741(command)
12292
msgid "man resolv.conf"
12293
msgstr ""
12294
12295
#: serverguide/C/network-config.xml:646(para)
12296
msgid ""
12297
"The common configuration elements of TCP/IP and their purposes are as "
12298
"follows: <placeholder-1/>"
12299
msgstr ""
12300
12301
#: serverguide/C/network-config.xml:748(title)
12302
msgid "IP Routing"
12303
msgstr ""
12304
12305
#: serverguide/C/network-config.xml:749(para)
12306
msgid ""
12307
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12308
"network along which network data may be sent. Routing uses a set of "
12309
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12310
"packets from their source to the destination, often via many intermediary "
12311
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12312
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12313
"<emphasis>Dynamic Routing.</emphasis>"
12314
msgstr ""
12315
12316
#: serverguide/C/network-config.xml:758(para)
12317
msgid ""
12318
"Static routing involves manually adding IP routes to the system's routing "
12319
"table, and this is usually done by manipulating the routing table with the "
12320
"<application>route</application> command. Static routing enjoys many "
12321
"advantages over dynamic routing, such as simplicity of implementation on "
12322
"smaller networks, predictability (the routing table is always computed in "
12323
"advance, and thus the route is precisely the same each time it is used), and "
12324
"low overhead on other routers and network links due to the lack of a dynamic "
12325
"routing protocol. However, static routing does present some disadvantages as "
12326
"well. For example, static routing is limited to small networks and does not "
12327
"scale well. Static routing also fails completely to adapt to network outages "
12328
"and failures along the route due to the fixed nature of the route."
12329
msgstr ""
12330
12331
#: serverguide/C/network-config.xml:768(para)
12332
msgid ""
12333
"Dynamic routing depends on large networks with multiple possible IP routes "
12334
"from a source to a destination and makes use of special routing protocols, "
12335
"such as the Router Information Protocol (RIP), which handle the automatic "
12336
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12337
"routing has several advantages over static routing, such as superior "
12338
"scalability and the ability to adapt to failures and outages along network "
12339
"routes. Additionally, there is less manual configuration of the routing "
12340
"tables, since routers learn from one another about their existence and "
12341
"available routes. This trait also eliminates the possibility of introducing "
12342
"mistakes in the routing tables via human error. Dynamic routing is not "
12343
"perfect, however, and presents disadvantages such as heightened complexity "
12344
"and additional network overhead from router communications, which does not "
12345
"immediately benefit the end users, but still consumes network bandwidth."
12346
msgstr ""
12347
12348
#: serverguide/C/network-config.xml:782(title)
12349
msgid "TCP and UDP"
12350
msgstr ""
12351
12352
#: serverguide/C/network-config.xml:783(para)
12353
msgid ""
12354
"TCP is a connection-based protocol, offering error correction and guaranteed "
12355
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12356
"Flow control determines when the flow of a data stream needs to be stopped, "
12357
"and previously sent data packets should to be re-sent due to problems such "
12358
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12359
"accurate delivery of the data. TCP is typically used in the exchange of "
12360
"important information such as database transactions."
12361
msgstr ""
12362
12363
#: serverguide/C/network-config.xml:791(para)
12364
msgid ""
12365
"The User Datagram Protocol (UDP), on the other hand, is a "
12366
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12367
"transmission of important data because it lacks flow control or any other "
12368
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12369
"applications as audio and video streaming, where it is considerably faster "
12370
"than TCP due to the lack of error correction and flow control, and where the "
12371
"loss of a few packets is not generally catastrophic."
12372
msgstr ""
12373
12374
#: serverguide/C/network-config.xml:801(title)
12375
msgid "ICMP"
12376
msgstr ""
12377
12378
#: serverguide/C/network-config.xml:802(para)
12379
msgid ""
12380
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12381
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12382
"supports network packets containing control, error, and informational "
12383
"messages. ICMP is used by such network applications as the "
12384
"<application>ping</application> utility, which can determine the "
12385
"availability of a network host or device. Examples of some error messages "
12386
"returned by ICMP which are useful to both network hosts and devices such as "
12387
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12388
"<emphasis>Time Exceeded</emphasis>."
12389
msgstr ""
12390
12391
#: serverguide/C/network-config.xml:812(title)
12392
msgid "Daemons"
12393
msgstr ""
12394
12395
#: serverguide/C/network-config.xml:813(para)
12396
msgid ""
12397
"Daemons are special system applications which typically execute continuously "
12398
"in the background and await requests for the functions they provide from "
12399
"other applications. Many daemons are network-centric; that is, a large "
12400
"number of daemons executing in the background on an Ubuntu system may "
12401
"provide network-related functionality. Some examples of such network daemons "
12402
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12403
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12404
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12405
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12406
"Daemon</emphasis> (imapd), which provides E-Mail services."
12407
msgstr ""
12408
12409
#: serverguide/C/network-config.xml:828(para)
12410
msgid ""
12411
"There are man pages for <ulink "
12412
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12413
"ulink> and <ulink "
12414
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12415
"> that contain more useful information."
12416
msgstr ""
12417
12418
#: serverguide/C/network-config.xml:834(para)
12419
msgid ""
12420
"Also, see the <ulink "
12421
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12422
"and Technical Overview</ulink> IBM Redbook."
12423
msgstr ""
12424
12425
#: serverguide/C/network-config.xml:840(para)
12426
msgid ""
12427
"Another resource is O'Reilly's <ulink "
12428
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12429
"Administration</ulink>."
12430
msgstr ""
12431
12432
#: serverguide/C/network-config.xml:849(title)
12433
msgid "Dynamic Host Configuration Protocol (DHCP)"
12434
msgstr ""
12435
12436
#: serverguide/C/network-config.xml:850(para)
12437
msgid ""
12438
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12439
"enables host computers to be automatically assigned settings from a server "
12440
"as opposed to manually configuring each network host. Computers configured "
12441
"to be DHCP clients have no control over the settings they receive from the "
12442
"DHCP server, and the configuration is transparent to the computer's user."
12443
msgstr ""
12444
12445
#: serverguide/C/network-config.xml:857(para)
12446
msgid ""
12447
"The most common settings provided by a DHCP server to DHCP clients include:"
12448
msgstr ""
12449
12450
#: serverguide/C/network-config.xml:862(para)
12451
msgid "IP-Address and Netmask"
12452
msgstr ""
12453
12454
#: serverguide/C/network-config.xml:865(para)
12455
msgid "DNS"
12456
msgstr ""
12457
12458
#: serverguide/C/network-config.xml:868(para)
12459
msgid "WINS"
12460
msgstr ""
12461
12462
#: serverguide/C/network-config.xml:871(para)
12463
msgid ""
12464
"However, a DHCP server can also supply configuration properties such as:"
12465
msgstr ""
12466
12467
#: serverguide/C/network-config.xml:876(para)
12468
msgid "Host Name"
12469
msgstr ""
12470
12471
#: serverguide/C/network-config.xml:879(para)
12472
msgid "Domain Name"
12473
msgstr ""
12474
12475
#: serverguide/C/network-config.xml:882(para)
12476
msgid "Default Gateway"
12477
msgstr ""
12478
12479
#: serverguide/C/network-config.xml:885(para)
12480
msgid "Time Server"
12481
msgstr ""
12482
12483
#: serverguide/C/network-config.xml:888(para)
12484
msgid "Print Server"
12485
msgstr ""
12486
12487
#: serverguide/C/network-config.xml:891(para)
12488
msgid ""
12489
"The advantage of using DHCP is that changes to the network, for example a "
12490
"change in the address of the DNS server, need only be changed at the DHCP "
12491
"server, and all network hosts will be reconfigured the next time their DHCP "
12492
"clients poll the DHCP server. As an added advantage, it is also easier to "
12493
"integrate new computers into the network, as there is no need to check for "
12494
"the availability of an IP address. Conflicts in IP address allocation are "
12495
"also reduced."
12496
msgstr ""
12497
12498
#: serverguide/C/network-config.xml:899(para)
12499
msgid "A DHCP server can provide configuration settings using two methods:"
12500
msgstr ""
12501
12502
#: serverguide/C/network-config.xml:904(term)
12503
msgid "MAC Address"
12504
msgstr ""
12505
12506
#: serverguide/C/network-config.xml:906(para)
12507
msgid ""
12508
"This method entails using DHCP to identify the unique hardware address of "
12509
"each network card connected to the network and then continually supplying a "
12510
"constant configuration each time the DHCP client makes a request to the DHCP "
12511
"server using that network device."
12512
msgstr ""
12513
12514
#: serverguide/C/network-config.xml:915(term)
12515
msgid "Address Pool"
12516
msgstr ""
12517
12518
#: serverguide/C/network-config.xml:917(para)
12519
msgid ""
12520
"This method entails defining a pool (sometimes also called a range or scope) "
12521
"of IP addresses from which DHCP clients are supplied their configuration "
12522
"properties dynamically and on a \"first come, first served\" basis. When a "
12523
"DHCP client is no longer on the network for a specified period, the "
12524
"configuration is expired and released back to the address pool for use by "
12525
"other DHCP Clients."
12526
msgstr ""
12527
12528
#: serverguide/C/network-config.xml:928(para)
12529
msgid ""
12530
"Ubuntu is shipped with both DHCP server and client. The server is "
12531
"<application>dhcpd</application> (dynamic host configuration protocol "
12532
"daemon). The client provided with Ubuntu is "
12533
"<application>dhclient</application> and should be installed on all computers "
12534
"required to be automatically configured. Both programs are easy to install "
12535
"and configure and will be automatically started at system boot."
12536
msgstr ""
12537
12538
#: serverguide/C/network-config.xml:938(para)
12539
msgid ""
12540
"At a terminal prompt, enter the following command to install "
12541
"<application>dhcpd</application>:"
12542
msgstr ""
12543
12544
#: serverguide/C/network-config.xml:943(command)
12545
msgid "sudo apt-get install dhcp3-server"
12546
msgstr ""
12547
12548
#: serverguide/C/network-config.xml:945(para)
12549
msgid ""
12550
"You will probably need to change the default configuration by editing "
12551
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12552
msgstr ""
12553
12554
#: serverguide/C/network-config.xml:949(para)
12555
msgid ""
12556
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12557
"dhcpd should listen to. By default it listens to eth0."
12558
msgstr ""
12559
12560
#: serverguide/C/network-config.xml:953(para)
12561
msgid ""
12562
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12563
"messages."
12564
msgstr ""
12565
12566
#: serverguide/C/network-config.xml:960(para)
12567
msgid ""
12568
"The error message the installation ends with might be a little confusing, "
12569
"but the following steps will help you configure the service:"
12570
msgstr ""
12571
12572
#: serverguide/C/network-config.xml:964(para)
12573
msgid ""
12574
"Most commonly, what you want to do is assign an IP address randomly. This "
12575
"can be done with settings as follows:"
12576
msgstr ""
12577
12578
#: serverguide/C/network-config.xml:968(programlisting)
12579
#, no-wrap
12580
msgid ""
12581
"\n"
12582
"# Sample /etc/dhcpd.conf\n"
12583
"# (add your comments here) \n"
12584
"default-lease-time 600;\n"
12585
"max-lease-time 7200;\n"
12586
"option subnet-mask 255.255.255.0;\n"
12587
"option broadcast-address 192.168.1.255;\n"
12588
"option routers 192.168.1.254;\n"
12589
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12590
"option domain-name \"mydomain.example\";\n"
12591
"\n"
12592
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12593
"range 192.168.1.10 192.168.1.100;\n"
12594
"range 192.168.1.150 192.168.1.200;\n"
12595
"} \n"
12596
msgstr ""
12597
12598
#: serverguide/C/network-config.xml:984(para)
12599
msgid ""
12600
"This will result in the DHCP server giving a client an IP address from the "
12601
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12602
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12603
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12604
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12605
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12606
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12607
msgstr ""
12608
12609
#: serverguide/C/network-config.xml:993(para)
12610
msgid ""
12611
"If you need to specify a WINS server for your Windows clients, you will need "
12612
"to include the netbios-name-servers option, e.g."
12613
msgstr ""
12614
12615
#: serverguide/C/network-config.xml:997(programlisting)
12616
#, no-wrap
12617
msgid ""
12618
"\n"
12619
"option netbios-name-servers 192.168.1.1; \n"
12620
msgstr ""
12621
12622
#: serverguide/C/network-config.xml:1000(para)
12623
msgid ""
12624
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12625
"be found <ulink "
12626
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12627
msgstr ""
12628
12629
#: serverguide/C/network-config.xml:1010(para)
12630
msgid ""
12631
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12632
"server Ubuntu Wiki</ulink> page has more information."
12633
msgstr ""
12634
12635
#: serverguide/C/network-config.xml:1015(para)
12636
msgid ""
12637
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12638
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12639
"\">dhcpd.conf man page</ulink>."
12640
msgstr ""
12641
12642
#: serverguide/C/network-config.xml:1021(para)
12643
msgid ""
12644
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12645
"FAQ</ulink>"
12646
msgstr ""
12647
12648
#: serverguide/C/network-config.xml:1031(title)
12649
msgid "Time Synchronisation with NTP"
12650
msgstr ""
12651
12652
#: serverguide/C/network-config.xml:1032(para)
12653
msgid ""
12654
"This page describes methods for keeping your computer's time accurate. This "
12655
"is useful for servers, but is not necessary (or desirable) for desktop "
12656
"machines."
12657
msgstr ""
12658
12659
#: serverguide/C/network-config.xml:1035(para)
12660
msgid ""
12661
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12662
"client requests the current time from a server, and uses it to set its own "
12663
"clock."
12664
msgstr ""
12665
12666
#: serverguide/C/network-config.xml:1038(para)
12667
msgid ""
12668
"Behind this simple description, there is a lot of complexity - there are "
12669
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12670
"clocks (often via GPS), and tier two and three servers spreading the load of "
12671
"actually handling requests across the Internet. Also the client software is "
12672
"a lot more complex than you might think - it has to factor out communication "
12673
"delays, and adjust the time in a way that does not upset all the other "
12674
"processes that run on the server. But luckily all that complexity is hidden "
12675
"from you!"
12676
msgstr ""
12677
12678
#: serverguide/C/network-config.xml:1041(para)
12679
msgid ""
12680
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12681
msgstr ""
12682
12683
#: serverguide/C/network-config.xml:1046(title)
12684
msgid "ntpdate"
12685
msgstr ""
12686
12687
#: serverguide/C/network-config.xml:1047(para)
12688
msgid ""
12689
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12690
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12691
"is likely to drift considerably between reboots, so it makes sense to "
12692
"correct the time occasionally. The easiest way to do this is to get cron to "
12693
"run ntpdate every day. With your favorite editor, as root, create a file "
12694
"<code>/etc/cron.daily/ntpdate</code> containing:"
12695
msgstr ""
12696
12697
#: serverguide/C/network-config.xml:1052(screen)
12698
#, no-wrap
12699
msgid "ntpdate ntp.ubuntu.com\n"
12700
msgstr ""
12701
12702
#: serverguide/C/network-config.xml:1054(para)
12703
msgid ""
12704
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12705
msgstr ""
12706
12707
#: serverguide/C/network-config.xml:1057(screen)
12708
#, no-wrap
12709
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12710
msgstr ""
12711
12712
#: serverguide/C/network-config.xml:1061(title)
12713
msgid "ntpd"
12714
msgstr ""
12715
12716
#: serverguide/C/network-config.xml:1062(para)
12717
msgid ""
12718
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12719
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12720
"calculates the drift of your system clock and continuously adjusts it, so "
12721
"there are no large corrections that could lead to inconsistent logs for "
12722
"instance. The cost is a little processing power and memory, but for a modern "
12723
"server this is negligible."
12724
msgstr ""
12725
12726
#: serverguide/C/network-config.xml:1065(para)
12727
msgid "To set up ntpd:"
12728
msgstr ""
12729
12730
#: serverguide/C/network-config.xml:1066(screen)
12731
#, no-wrap
12732
msgid "sudo apt-get install ntp\n"
12733
msgstr ""
12734
12735
#: serverguide/C/network-config.xml:1071(title)
12736
msgid "Changing Time Servers"
12737
msgstr ""
12738
12739
#: serverguide/C/network-config.xml:1072(para)
12740
msgid ""
12741
"In both cases above, your system will use Ubuntu's NTP server at "
12742
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12743
"use several servers to increase accuracy and resilience, and you may want to "
12744
"use time servers that are geographically closer to you. to do this for "
12745
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12746
msgstr ""
12747
12748
#: serverguide/C/network-config.xml:1079(screen)
12749
#, no-wrap
12750
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12751
msgstr ""
12752
12753
#: serverguide/C/network-config.xml:1081(para)
12754
msgid ""
12755
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12756
"lines:"
12757
msgstr ""
12758
12759
#: serverguide/C/network-config.xml:1086(screen)
12760
#, no-wrap
12761
msgid ""
12762
"server ntp.ubuntu.com\n"
12763
"server pool.ntp.org\n"
12764
msgstr ""
12765
12766
#: serverguide/C/network-config.xml:1089(para)
12767
msgid ""
12768
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12769
"really good idea which uses round-robin DNS to return an NTP server from a "
12770
"pool, spreading the load between several different servers. Even better, "
12771
"they have pools for different regions - for instance, if you are in New "
12772
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12773
"<code>pool.ntp.org</code> . Look at <ulink "
12774
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12775
"details."
12776
msgstr ""
12777
12778
#: serverguide/C/network-config.xml:1100(para)
12779
msgid ""
12780
"You can also Google for NTP servers in your region, and add these to your "
12781
"configuration. To test that a server works, just type <code>sudo ntpdate "
12782
"ntp.server.name</code> and see what happens."
12783
msgstr ""
12784
12785
#: serverguide/C/network-config.xml:1111(para)
12786
msgid ""
12787
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12788
"Time</ulink> wiki page for more information."
12789
msgstr ""
12790
12791
#: serverguide/C/network-config.xml:1117(ulink)
12792
msgid "NTP Support"
12793
msgstr ""
12794
12795
#: serverguide/C/network-config.xml:1122(ulink)
12796
msgid "The NTP FAQ and HOWTO"
12797
msgstr ""
12798
12799
#: serverguide/C/network-auth.xml:13(title)
12800
msgid "Network Authentication"
12801
msgstr ""
12802
12803
#: serverguide/C/network-auth.xml:15(para)
12804
msgid "This section explains various Network Authentication protocols."
12805
msgstr ""
12806
12807
#: serverguide/C/network-auth.xml:19(title)
12808
msgid "OpenLDAP Server"
12809
msgstr ""
12810
12811
#: serverguide/C/network-auth.xml:20(para)
12812
msgid ""
12813
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12814
"simplified version of the X.500 protocol. The directory setup in this "
12815
"section will be used for authentication. Nevertheless, LDAP can be used in "
12816
"numerous ways: authentication, shared directory (for mail clients), address "
12817
"book, etc."
12818
msgstr ""
12819
12820
#: serverguide/C/network-auth.xml:28(para)
12821
msgid ""
12822
"To describe LDAP quickly, all information is stored in a tree structure. "
12823
"With <application>OpenLDAP</application> you have freedom to determine the "
12824
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12825
"We will begin with a basic tree containing two nodes below the root:"
12826
msgstr ""
12827
12828
#: serverguide/C/network-auth.xml:37(para)
12829
msgid "\"People\" node where your users will be stored"
12830
msgstr ""
12831
12832
#: serverguide/C/network-auth.xml:40(para)
12833
msgid "\"Groups\" node where your groups will be stored"
12834
msgstr ""
12835
12836
#: serverguide/C/network-auth.xml:44(para)
12837
msgid ""
12838
"Before beginning, you should determine what the root of your LDAP directory "
12839
"will be. By default, your tree will be determined by your Fully Qualified "
12840
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12841
"example), your root node will be dc=example,dc=com."
12842
msgstr ""
12843
12844
#: serverguide/C/network-auth.xml:54(para)
12845
msgid ""
12846
"First, install the <application>OpenLDAP</application> server daemon "
12847
"<application>slapd</application> and <application>ldap-utils</application>, "
12848
"a package containing LDAP management utilities:"
12849
msgstr ""
12850
12851
#: serverguide/C/network-auth.xml:60(command)
12852
msgid "sudo apt-get install slapd ldap-utils"
12853
msgstr ""
12854
12855
#: serverguide/C/network-auth.xml:63(para)
12856
msgid ""
12857
"By default <application>slapd</application> is configured with minimal "
12858
"options needed to run the <application>slapd</application> daemon."
12859
msgstr ""
12860
12861
#: serverguide/C/network-auth.xml:68(para)
12862
msgid ""
12863
"The configuration example in the following sections will match the domain "
12864
"name of the server. For example, if the machine's Fully Qualified Domain "
12865
"Name (FQDN) is ldap.example.com, the default suffix will be "
12866
"<emphasis>dc=example,dc=com</emphasis>."
12867
msgstr ""
12868
12869
#: serverguide/C/network-auth.xml:76(title)
12870
msgid "Populating LDAP"
12871
msgstr ""
12872
12873
#: serverguide/C/network-auth.xml:78(para)
12874
msgid ""
12875
"<application>OpenLDAP</application> uses a separate directory which contains "
12876
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
12877
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
12878
"<application>slapd</application> daemon, allowing the modification of schema "
12879
"definitions, indexes, ACLs, etc without stopping the service."
12880
msgstr ""
12881
12882
#: serverguide/C/network-auth.xml:86(para)
12883
msgid ""
12884
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
12885
"configuration and will need additional configuration options in order to "
12886
"populate the frontend directory. The frontend will be populated with a "
12887
"\"classical\" scheme that will be compatible with address book applications "
12888
"and with Unix Posix accounts. Posix accounts will allow authentication to "
12889
"various applications, such as web applications, email Mail Transfer Agent "
12890
"(MTA) applications, etc."
12891
msgstr ""
12892
12893
#: serverguide/C/network-auth.xml:95(para)
12894
msgid ""
12895
"For external applications to authenticate using LDAP they will each need to "
12896
"be specifically configured to do so. Refer to the individual application "
12897
"documentation for details."
12898
msgstr ""
12899
12900
#: serverguide/C/network-auth.xml:103(para)
12901
msgid ""
12902
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
12903
"examples to match your LDAP configuration."
12904
msgstr ""
12905
12906
#: serverguide/C/network-auth.xml:108(para)
12907
msgid ""
12908
"First, some additional schema files need to be loaded. In a terminal enter:"
12909
msgstr ""
12910
12911
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
12912
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12913
msgstr ""
12914
12915
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
12916
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
12917
msgstr ""
12918
12919
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
12920
msgid ""
12921
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
12922
msgstr ""
12923
12924
#: serverguide/C/network-auth.xml:118(para)
12925
msgid ""
12926
"Next, copy the following example LDIF file, naming it "
12927
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
12928
msgstr ""
12929
12930
#: serverguide/C/network-auth.xml:123(programlisting)
12931
#, no-wrap
12932
msgid ""
12933
"\n"
12934
"# Load dynamic backend modules\n"
12935
"dn: cn=module,cn=config\n"
12936
"objectClass: olcModuleList\n"
12937
"cn: module\n"
12938
"olcModulepath: /usr/lib/ldap\n"
12939
"olcModuleload: back_hdb\n"
12940
"\n"
12941
"# Database settings\n"
12942
"dn: olcDatabase=hdb,cn=config\n"
12943
"objectClass: olcDatabaseConfig\n"
12944
"objectClass: olcHdbConfig\n"
12945
"olcDatabase: {1}hdb\n"
12946
"olcSuffix: dc=example,dc=com\n"
12947
"olcDbDirectory: /var/lib/ldap\n"
12948
"olcRootDN: cn=admin,dc=example,dc=com\n"
12949
"olcRootPW: secret\n"
12950
"olcDbConfig: set_cachesize 0 2097152 0\n"
12951
"olcDbConfig: set_lk_max_objects 1500\n"
12952
"olcDbConfig: set_lk_max_locks 1500\n"
12953
"olcDbConfig: set_lk_max_lockers 1500\n"
12954
"olcDbIndex: objectClass eq\n"
12955
"olcLastMod: TRUE\n"
12956
"olcDbCheckpoint: 512 30\n"
12957
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
12958
"by anonymous auth by self write by * none\n"
12959
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
12960
"olcAccess: to dn.base=\"\" by * read\n"
12961
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12962
"\n"
12963
msgstr ""
12964
12965
#: serverguide/C/network-auth.xml:155(para)
12966
msgid ""
12967
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
12968
msgstr ""
12969
12970
#: serverguide/C/network-auth.xml:160(para)
12971
msgid "Now add the LDIF to the directory:"
12972
msgstr ""
12973
12974
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
12975
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
12976
msgstr ""
12977
12978
#: serverguide/C/network-auth.xml:168(para)
12979
msgid ""
12980
"The frontend directory is now ready to be populated. Create a "
12981
"<filename>frontend.example.com.ldif</filename> with the following contents:"
12982
msgstr ""
12983
12984
#: serverguide/C/network-auth.xml:173(programlisting)
12985
#, no-wrap
12986
msgid ""
12987
"\n"
12988
"# Create top-level object in domain\n"
12989
"dn: dc=example,dc=com\n"
12990
"objectClass: top\n"
12991
"objectClass: dcObject\n"
12992
"objectclass: organization\n"
12993
"o: Example Organization\n"
12994
"dc: Example\n"
12995
"description: LDAP Example \n"
12996
"\n"
12997
"# Admin user.\n"
12998
"dn: cn=admin,dc=example,dc=com\n"
12999
"objectClass: simpleSecurityObject\n"
13000
"objectClass: organizationalRole\n"
13001
"cn: admin\n"
13002
"description: LDAP administrator\n"
13003
"userPassword: secret\n"
13004
"\n"
13005
"dn: ou=people,dc=example,dc=com\n"
13006
"objectClass: organizationalUnit\n"
13007
"ou: people\n"
13008
"\n"
13009
"dn: ou=groups,dc=example,dc=com\n"
13010
"objectClass: organizationalUnit\n"
13011
"ou: groups\n"
13012
"\n"
13013
"dn: uid=john,ou=people,dc=example,dc=com\n"
13014
"objectClass: inetOrgPerson\n"
13015
"objectClass: posixAccount\n"
13016
"objectClass: shadowAccount\n"
13017
"uid: john\n"
13018
"sn: Doe\n"
13019
"givenName: John\n"
13020
"cn: John Doe\n"
13021
"displayName: John Doe\n"
13022
"uidNumber: 1000\n"
13023
"gidNumber: 10000\n"
13024
"userPassword: password\n"
13025
"gecos: John Doe\n"
13026
"loginShell: /bin/bash\n"
13027
"homeDirectory: /home/john\n"
13028
"shadowExpire: -1\n"
13029
"shadowFlag: 0\n"
13030
"shadowWarning: 7\n"
13031
"shadowMin: 8\n"
13032
"shadowMax: 999999\n"
13033
"shadowLastChange: 10877\n"
13034
"mail: john.doe@example.com\n"
13035
"postalCode: 31000\n"
13036
"l: Toulouse\n"
13037
"o: Example\n"
13038
"mobile: +33 (0)6 xx xx xx xx\n"
13039
"homePhone: +33 (0)5 xx xx xx xx\n"
13040
"title: System Administrator\n"
13041
"postalAddress: \n"
13042
"initials: JD\n"
13043
"\n"
13044
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13045
"objectClass: posixGroup\n"
13046
"cn: example\n"
13047
"gidNumber: 10000\n"
13048
msgstr ""
13049
13050
#: serverguide/C/network-auth.xml:236(para)
13051
msgid ""
13052
"In this example the directory structure, a user, and a group have been "
13053
"setup. In other examples you might see the <emphasis>objectClass: "
13054
"top</emphasis> added in every entry, but that is the default behaviour so "
13055
"you do not have to add it explicitly."
13056
msgstr ""
13057
13058
#: serverguide/C/network-auth.xml:243(para)
13059
msgid "Add the entries to the LDAP directory:"
13060
msgstr ""
13061
13062
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13063
msgid ""
13064
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13065
msgstr ""
13066
13067
#: serverguide/C/network-auth.xml:252(para)
13068
msgid ""
13069
"We can check that the content has been correctly added with the "
13070
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13071
"directory:"
13072
msgstr ""
13073
13074
#: serverguide/C/network-auth.xml:258(command)
13075
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13076
msgstr ""
13077
13078
#: serverguide/C/network-auth.xml:259(computeroutput)
13079
#, no-wrap
13080
msgid ""
13081
"\n"
13082
"dn: uid=john,ou=people,dc=example,dc=com\n"
13083
"cn: John Doe\n"
13084
"sn: Doe\n"
13085
"givenName: John\n"
13086
msgstr ""
13087
13088
#: serverguide/C/network-auth.xml:267(para)
13089
msgid "Just a quick explanation:"
13090
msgstr ""
13091
13092
#: serverguide/C/network-auth.xml:273(para)
13093
msgid ""
13094
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13095
"the default."
13096
msgstr ""
13097
13098
#: serverguide/C/network-auth.xml:279(para)
13099
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13100
msgstr ""
13101
13102
#: serverguide/C/network-auth.xml:287(title)
13103
msgid "Further Configuration"
13104
msgstr ""
13105
13106
#: serverguide/C/network-auth.xml:290(para)
13107
msgid ""
13108
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13109
"utilities in the <application>ldap-utils</application> package. For example:"
13110
msgstr ""
13111
13112
#: serverguide/C/network-auth.xml:298(para)
13113
msgid ""
13114
"Use <application>ldapsearch</application> to view the tree, entering the "
13115
"admin password set during installation or reconfiguration:"
13116
msgstr ""
13117
13118
#: serverguide/C/network-auth.xml:304(command)
13119
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13120
msgstr ""
13121
13122
#: serverguide/C/network-auth.xml:308(computeroutput)
13123
#, no-wrap
13124
msgid ""
13125
"\n"
13126
"SASL/EXTERNAL authentication started\n"
13127
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13128
"SASL SSF: 0\n"
13129
"dn: cn=config\n"
13130
"\n"
13131
"dn: cn=module{0},cn=config\n"
13132
"\n"
13133
"dn: cn=schema,cn=config\n"
13134
"\n"
13135
"dn: cn={0}core,cn=schema,cn=config\n"
13136
"\n"
13137
"dn: cn={1}cosine,cn=schema,cn=config\n"
13138
"\n"
13139
"dn: cn={2}nis,cn=schema,cn=config\n"
13140
"\n"
13141
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13142
"\n"
13143
"dn: olcDatabase={-1}frontend,cn=config\n"
13144
"\n"
13145
"dn: olcDatabase={0}config,cn=config\n"
13146
"\n"
13147
"dn: olcDatabase={1}hdb,cn=config\n"
13148
msgstr ""
13149
13150
#: serverguide/C/network-auth.xml:334(para)
13151
msgid ""
13152
"The output above is the current configuration options for the "
13153
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13154
msgstr ""
13155
13156
#: serverguide/C/network-auth.xml:342(para)
13157
msgid ""
13158
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13159
"another attribute to the index list using "
13160
"<application>ldapmodify</application>:"
13161
msgstr ""
13162
13163
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13164
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13165
msgstr ""
13166
13167
#: serverguide/C/network-auth.xml:356(userinput)
13168
#, no-wrap
13169
msgid ""
13170
"dn: olcDatabase={1}hdb,cn=config\n"
13171
"add: olcDbIndex\n"
13172
"olcDbIndex: uidNumber eq"
13173
msgstr ""
13174
13175
#: serverguide/C/network-auth.xml:352(computeroutput)
13176
#, no-wrap
13177
msgid ""
13178
"\n"
13179
"SASL/EXTERNAL authentication started\n"
13180
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13181
"SASL SSF: 0\n"
13182
"<placeholder-1/>\n"
13183
"\n"
13184
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13185
msgstr ""
13186
13187
#: serverguide/C/network-auth.xml:364(para)
13188
msgid ""
13189
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13190
"exit the utility."
13191
msgstr ""
13192
13193
#: serverguide/C/network-auth.xml:371(para)
13194
msgid ""
13195
"<application>ldapmodify</application> can also read the changes from a file. "
13196
"Copy and paste the following into a file named "
13197
"<filename>uid_index.ldif</filename>:"
13198
msgstr ""
13199
13200
#: serverguide/C/network-auth.xml:376(programlisting)
13201
#, no-wrap
13202
msgid ""
13203
"\n"
13204
"dn: olcDatabase={1}hdb,cn=config\n"
13205
"add: olcDbIndex\n"
13206
"olcDbIndex: uid eq,pres,sub\n"
13207
msgstr ""
13208
13209
#: serverguide/C/network-auth.xml:382(para)
13210
msgid "Then execute <application>ldapmodify</application>:"
13211
msgstr ""
13212
13213
#: serverguide/C/network-auth.xml:387(command)
13214
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13215
msgstr ""
13216
13217
#: serverguide/C/network-auth.xml:391(computeroutput)
13218
#, no-wrap
13219
msgid ""
13220
"\n"
13221
"SASL/EXTERNAL authentication started\n"
13222
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13223
"SASL SSF: 0\n"
13224
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13225
msgstr ""
13226
13227
#: serverguide/C/network-auth.xml:399(para)
13228
msgid "The file method is very useful for large changes."
13229
msgstr ""
13230
13231
#: serverguide/C/network-auth.xml:406(para)
13232
msgid ""
13233
"Adding additional <emphasis>schemas</emphasis> to "
13234
"<application>slapd</application> requires the schema to be converted to LDIF "
13235
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13236
"directory contains some schema files already converted to LDIF format as "
13237
"demonstrated in the previous section. Fortunately, the "
13238
"<application>slapd</application> program can be used to automate the "
13239
"conversion. The following example will add the "
13240
"<emphasis>dyngroup.schema</emphasis>:"
13241
msgstr ""
13242
13243
#: serverguide/C/network-auth.xml:416(para)
13244
msgid ""
13245
"First, create a conversion <filename>schema_convert.conf</filename> file "
13246
"containing the following lines:"
13247
msgstr ""
13248
13249
#: serverguide/C/network-auth.xml:421(programlisting)
13250
#, no-wrap
13251
msgid ""
13252
"\n"
13253
"include /etc/ldap/schema/core.schema\n"
13254
"include /etc/ldap/schema/collective.schema\n"
13255
"include /etc/ldap/schema/corba.schema\n"
13256
"include /etc/ldap/schema/cosine.schema\n"
13257
"include /etc/ldap/schema/duaconf.schema\n"
13258
"include /etc/ldap/schema/dyngroup.schema\n"
13259
"include /etc/ldap/schema/inetorgperson.schema\n"
13260
"include /etc/ldap/schema/java.schema\n"
13261
"include /etc/ldap/schema/misc.schema\n"
13262
"include /etc/ldap/schema/nis.schema\n"
13263
"include /etc/ldap/schema/openldap.schema\n"
13264
"include /etc/ldap/schema/ppolicy.schema\n"
13265
msgstr ""
13266
13267
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13268
msgid "Next, create a temporary directory to hold the output:"
13269
msgstr ""
13270
13271
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13272
msgid "mkdir /tmp/ldif_output"
13273
msgstr ""
13274
13275
#: serverguide/C/network-auth.xml:450(para)
13276
msgid ""
13277
"Now using <application>slapcat</application> convert the schema files to "
13278
"LDIF:"
13279
msgstr ""
13280
13281
#: serverguide/C/network-auth.xml:455(command)
13282
msgid ""
13283
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13284
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13285
msgstr ""
13286
13287
#: serverguide/C/network-auth.xml:458(para)
13288
msgid ""
13289
"Adjust the configuration file name and temporary directory names if yours "
13290
"are different. Also, it may be worthwhile to keep the "
13291
"<filename>ldif_output</filename> directory around in case you want to add "
13292
"additional schemas in the future."
13293
msgstr ""
13294
13295
#: serverguide/C/network-auth.xml:467(para)
13296
msgid ""
13297
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13298
"following attributes:"
13299
msgstr ""
13300
13301
#: serverguide/C/network-auth.xml:471(programlisting)
13302
#, no-wrap
13303
msgid ""
13304
"\n"
13305
"dn: cn=dyngroup,cn=schema,cn=config\n"
13306
"...\n"
13307
"cn: dyngroup\n"
13308
msgstr ""
13309
13310
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13311
msgid "And remove the following lines from the bottom of the file:"
13312
msgstr ""
13313
13314
#: serverguide/C/network-auth.xml:481(programlisting)
13315
#, no-wrap
13316
msgid ""
13317
"\n"
13318
"structuralObjectClass: olcSchemaConfig\n"
13319
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13320
"creatorsName: cn=config\n"
13321
"createTimestamp: 20080826021140Z\n"
13322
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13323
"modifiersName: cn=config\n"
13324
"modifyTimestamp: 20080826021140Z\n"
13325
msgstr ""
13326
13327
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13328
msgid ""
13329
"The attribute values will vary, just be sure the attributes are removed."
13330
msgstr ""
13331
13332
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13333
msgid ""
13334
"Finally, using the <application>ldapadd</application> utility, add the new "
13335
"schema to the directory:"
13336
msgstr ""
13337
13338
#: serverguide/C/network-auth.xml:506(command)
13339
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13340
msgstr ""
13341
13342
#: serverguide/C/network-auth.xml:512(para)
13343
msgid ""
13344
"There should now be a <emphasis>dn: "
13345
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13346
msgstr ""
13347
13348
#: serverguide/C/network-auth.xml:522(title)
13349
msgid "LDAP Replication"
13350
msgstr ""
13351
13352
#: serverguide/C/network-auth.xml:524(para)
13353
msgid ""
13354
"LDAP often quickly becomes a highly critical service to the network. "
13355
"Multiple systems will come to depend on LDAP for authentication, "
13356
"authorization, configuration, etc. It is a good idea to setup a redundant "
13357
"system through replication."
13358
msgstr ""
13359
13360
#: serverguide/C/network-auth.xml:530(para)
13361
msgid ""
13362
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13363
"Syncrepl allows the changes to be synced using a "
13364
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13365
"provider sends directory changes to consumers."
13366
msgstr ""
13367
13368
#: serverguide/C/network-auth.xml:537(title)
13369
msgid "Provider Configuration"
13370
msgstr ""
13371
13372
#: serverguide/C/network-auth.xml:539(para)
13373
msgid ""
13374
"The following is an example of a <emphasis>Single-Master</emphasis> "
13375
"configuration. In this configuration one OpenLDAP server is configured as a "
13376
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13377
msgstr ""
13378
13379
#: serverguide/C/network-auth.xml:547(para)
13380
msgid ""
13381
"First, configure the provider server. Copy the following to a file named "
13382
"<filename>provider_sync.ldif</filename>:"
13383
msgstr ""
13384
13385
#: serverguide/C/network-auth.xml:552(programlisting)
13386
#, no-wrap
13387
msgid ""
13388
"\n"
13389
"# Add indexes to the frontend db.\n"
13390
"dn: olcDatabase={1}hdb,cn=config\n"
13391
"changetype: modify\n"
13392
"add: olcDbIndex\n"
13393
"olcDbIndex: entryCSN eq\n"
13394
"-\n"
13395
"add: olcDbIndex\n"
13396
"olcDbIndex: entryUUID eq\n"
13397
"\n"
13398
"#Load the syncprov and accesslog modules.\n"
13399
"dn: cn=module{0},cn=config\n"
13400
"changetype: modify\n"
13401
"add: olcModuleLoad\n"
13402
"olcModuleLoad: syncprov\n"
13403
"-\n"
13404
"add: olcModuleLoad\n"
13405
"olcModuleLoad: accesslog\n"
13406
"\n"
13407
"# Accesslog database definitions\n"
13408
"dn: olcDatabase={2}hdb,cn=config\n"
13409
"objectClass: olcDatabaseConfig\n"
13410
"objectClass: olcHdbConfig\n"
13411
"olcDatabase: {2}hdb\n"
13412
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13413
"olcSuffix: cn=accesslog\n"
13414
"olcRootDN: cn=admin,dc=example,dc=com\n"
13415
"olcDbIndex: default eq\n"
13416
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13417
"\n"
13418
"# Accesslog db syncprov.\n"
13419
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13420
"changetype: add\n"
13421
"objectClass: olcOverlayConfig\n"
13422
"objectClass: olcSyncProvConfig\n"
13423
"olcOverlay: syncprov\n"
13424
"olcSpNoPresent: TRUE\n"
13425
"olcSpReloadHint: TRUE\n"
13426
"\n"
13427
"# syncrepl Provider for primary db\n"
13428
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13429
"changetype: add\n"
13430
"objectClass: olcOverlayConfig\n"
13431
"objectClass: olcSyncProvConfig\n"
13432
"olcOverlay: syncprov\n"
13433
"olcSpNoPresent: TRUE\n"
13434
"\n"
13435
"# accesslog overlay definitions for primary db\n"
13436
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13437
"objectClass: olcOverlayConfig\n"
13438
"objectClass: olcAccessLogConfig\n"
13439
"olcOverlay: accesslog\n"
13440
"olcAccessLogDB: cn=accesslog\n"
13441
"olcAccessLogOps: writes\n"
13442
"olcAccessLogSuccess: TRUE\n"
13443
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13444
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13445
msgstr ""
13446
13447
#: serverguide/C/network-auth.xml:614(para)
13448
msgid ""
13449
"The <application>AppArmor</application> profile for "
13450
"<application>slapd</application> will need to be adjusted for the accesslog "
13451
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13452
"adding:"
13453
msgstr ""
13454
13455
#: serverguide/C/network-auth.xml:619(programlisting)
13456
#, no-wrap
13457
msgid ""
13458
"\n"
13459
" /var/lib/ldap/accesslog/ r,\n"
13460
" /var/lib/ldap/accesslog/** rwk,\n"
13461
msgstr ""
13462
13463
#: serverguide/C/network-auth.xml:624(para)
13464
msgid ""
13465
"Then create the directory, reload the <application>apparmor</application> "
13466
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13467
msgstr ""
13468
13469
#: serverguide/C/network-auth.xml:630(command)
13470
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13471
msgstr ""
13472
13473
#: serverguide/C/network-auth.xml:631(command)
13474
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13475
msgstr ""
13476
13477
#: serverguide/C/network-auth.xml:636(para)
13478
msgid ""
13479
"Using the <emphasis>-u openldap</emphasis> option with the "
13480
"<application>sudo</application> commands above removes the need to adjust "
13481
"permissions for the new directory later."
13482
msgstr ""
13483
13484
#: serverguide/C/network-auth.xml:645(para)
13485
msgid ""
13486
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13487
"directory:"
13488
msgstr ""
13489
13490
#: serverguide/C/network-auth.xml:649(programlisting)
13491
#, no-wrap
13492
msgid ""
13493
"\n"
13494
"olcRootDN: cn=admin,dc=example,dc=com\n"
13495
msgstr ""
13496
13497
#: serverguide/C/network-auth.xml:657(para)
13498
msgid ""
13499
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13500
msgstr ""
13501
13502
#: serverguide/C/network-auth.xml:662(command)
13503
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13504
msgstr ""
13505
13506
#: serverguide/C/network-auth.xml:669(para)
13507
msgid "Restart <application>slapd</application>:"
13508
msgstr ""
13509
13510
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13511
msgid "sudo /etc/init.d/slapd restart"
13512
msgstr ""
13513
13514
#: serverguide/C/network-auth.xml:680(para)
13515
msgid ""
13516
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13517
"to configure a <emphasis>Consumer</emphasis> server."
13518
msgstr ""
13519
13520
#: serverguide/C/network-auth.xml:687(title)
13521
msgid "Consumer Configuration"
13522
msgstr ""
13523
13524
#: serverguide/C/network-auth.xml:692(para)
13525
msgid ""
13526
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13527
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13528
"configuration steps."
13529
msgstr ""
13530
13531
#: serverguide/C/network-auth.xml:697(para)
13532
msgid "Add the additional schema files:"
13533
msgstr ""
13534
13535
#: serverguide/C/network-auth.xml:707(para)
13536
msgid ""
13537
"Also, create, or copy from the provider server, the "
13538
"<filename>backend.example.com.ldif</filename>"
13539
msgstr ""
13540
13541
#: serverguide/C/network-auth.xml:711(programlisting)
13542
#, no-wrap
13543
msgid ""
13544
"\n"
13545
"# Load dynamic backend modules\n"
13546
"dn: cn=module,cn=config\n"
13547
"objectClass: olcModuleList\n"
13548
"cn: module\n"
13549
"olcModulepath: /usr/lib/ldap\n"
13550
"olcModuleload: back_hdb\n"
13551
"\n"
13552
"# Database settings\n"
13553
"dn: olcDatabase=hdb,cn=config\n"
13554
"objectClass: olcDatabaseConfig\n"
13555
"objectClass: olcHdbConfig\n"
13556
"olcDatabase: {1}hdb\n"
13557
"olcSuffix: dc=example,dc=com\n"
13558
"olcDbDirectory: /var/lib/ldap\n"
13559
"olcRootDN: cn=admin,dc=example,dc=com\n"
13560
"olcRootPW: secret\n"
13561
"olcDbConfig: set_cachesize 0 2097152 0\n"
13562
"olcDbConfig: set_lk_max_objects 1500\n"
13563
"olcDbConfig: set_lk_max_locks 1500\n"
13564
"olcDbConfig: set_lk_max_lockers 1500\n"
13565
"olcDbIndex: objectClass eq\n"
13566
"olcLastMod: TRUE\n"
13567
"olcDbCheckpoint: 512 30\n"
13568
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13569
"by anonymous auth by self write by * none\n"
13570
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13571
"olcAccess: to dn.base=\"\" by * read\n"
13572
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13573
msgstr ""
13574
13575
#: serverguide/C/network-auth.xml:741(para)
13576
msgid "And add the LDIF by entering:"
13577
msgstr ""
13578
13579
#: serverguide/C/network-auth.xml:752(para)
13580
msgid ""
13581
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13582
"listed above, and add it:"
13583
msgstr ""
13584
13585
#: serverguide/C/network-auth.xml:760(para)
13586
msgid ""
13587
"The two severs should now have the same configuration except for the "
13588
"<emphasis>Syncrepl</emphasis> options."
13589
msgstr ""
13590
13591
#: serverguide/C/network-auth.xml:768(para)
13592
msgid ""
13593
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13594
msgstr ""
13595
13596
#: serverguide/C/network-auth.xml:772(programlisting)
13597
#, no-wrap
13598
msgid ""
13599
"\n"
13600
"#Load the syncprov module.\n"
13601
"dn: cn=module{0},cn=config\n"
13602
"changetype: modify\n"
13603
"add: olcModuleLoad\n"
13604
"olcModuleLoad: syncprov\n"
13605
"\n"
13606
"# syncrepl specific indices\n"
13607
"dn: olcDatabase={1}hdb,cn=config\n"
13608
"changetype: modify\n"
13609
"add: olcDbIndex\n"
13610
"olcDbIndex: entryUUID eq\n"
13611
"-\n"
13612
"add: olcSyncRepl\n"
13613
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13614
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13615
" credentials=secret searchbase=\"dc=example,dc=com\" "
13616
"logbase=\"cn=accesslog\" \n"
13617
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13618
"schemachecking=on \n"
13619
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13620
"-\n"
13621
"add: olcUpdateRef\n"
13622
"olcUpdateRef: ldap://ldap01.example.com\n"
13623
msgstr ""
13624
13625
#: serverguide/C/network-auth.xml:795(para)
13626
msgid "You will probably want to change the following attributes:"
13627
msgstr ""
13628
13629
#: serverguide/C/network-auth.xml:800(para)
13630
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13631
msgstr ""
13632
13633
#: serverguide/C/network-auth.xml:801(emphasis)
13634
msgid "binddn"
13635
msgstr ""
13636
13637
#: serverguide/C/network-auth.xml:802(emphasis)
13638
msgid "credentials"
13639
msgstr ""
13640
13641
#: serverguide/C/network-auth.xml:803(emphasis)
13642
msgid "searchbase"
13643
msgstr ""
13644
13645
#: serverguide/C/network-auth.xml:804(emphasis)
13646
msgid "olcUpdateRef:"
13647
msgstr ""
13648
13649
#: serverguide/C/network-auth.xml:810(para)
13650
msgid "Add the LDIF file to the configuration tree:"
13651
msgstr ""
13652
13653
#: serverguide/C/network-auth.xml:815(command)
13654
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13655
msgstr ""
13656
13657
#: serverguide/C/network-auth.xml:821(para)
13658
msgid ""
13659
"The frontend database should now sync between servers. You can add "
13660
"additional servers using the steps above as the need arises."
13661
msgstr ""
13662
13663
#: serverguide/C/network-auth.xml:831(programlisting)
13664
#, no-wrap
13665
msgid "127.0.0.1\tldap01.example.com ldap01"
13666
msgstr ""
13667
13668
#: serverguide/C/network-auth.xml:827(para)
13669
msgid ""
13670
"The <application>slapd</application> daemon will send log information to "
13671
"<filename>/var/log/syslog</filename> by default. So if all does "
13672
"<emphasis>not</emphasis> go well check there for errors and other "
13673
"troubleshooting information. Also, be sure that each server knows it's Fully "
13674
"Qualified Domain Name (FQDN). This is configured in "
13675
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13676
msgstr ""
13677
13678
#: serverguide/C/network-auth.xml:839(title)
13679
msgid "Setting up ACL"
13680
msgstr ""
13681
13682
#: serverguide/C/network-auth.xml:841(para)
13683
msgid ""
13684
"Authentication requires access to the password field, that should be not "
13685
"accessible by default. Also, in order for users to change their own "
13686
"password, using <command>passwd</command> or other utilities, "
13687
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13688
"authenticated."
13689
msgstr ""
13690
13691
#: serverguide/C/network-auth.xml:848(para)
13692
msgid ""
13693
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13694
"tree, use the <application>ldapsearch</application> utility:"
13695
msgstr ""
13696
13697
#: serverguide/C/network-auth.xml:854(command)
13698
msgid ""
13699
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13700
"olcDatabase=config olcAccess"
13701
msgstr ""
13702
13703
#: serverguide/C/network-auth.xml:858(computeroutput)
13704
#, no-wrap
13705
msgid ""
13706
"SASL/EXTERNAL authentication started\n"
13707
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13708
"SASL SSF: 0\n"
13709
"dn: olcDatabase={0}config,cn=config\n"
13710
"olcAccess: {0}to * by "
13711
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13712
" ,cn=auth manage by * break\n"
13713
msgstr ""
13714
13715
#: serverguide/C/network-auth.xml:867(para)
13716
msgid "To see the ACL for the frontend tree enter:"
13717
msgstr ""
13718
13719
#: serverguide/C/network-auth.xml:872(command)
13720
msgid ""
13721
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13722
"olcDatabase={1}hdb olcAccess"
13723
msgstr ""
13724
13725
#: serverguide/C/network-auth.xml:878(title)
13726
msgid "TLS and SSL"
13727
msgstr ""
13728
13729
#: serverguide/C/network-auth.xml:880(para)
13730
msgid ""
13731
"When authenticating to an OpenLDAP server it is best to do so using an "
13732
"encrypted session. This can be accomplished using Transport Layer Security "
13733
"(TLS) and/or Secure Sockets Layer (SSL)."
13734
msgstr ""
13735
13736
#: serverguide/C/network-auth.xml:885(para)
13737
msgid ""
13738
"The first step in the process is to obtain or create a "
13739
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13740
"is compiled using the <application>gnutls</application> library, the "
13741
"<application>certtool</application> utility will be used to create "
13742
"certificates."
13743
msgstr ""
13744
13745
#: serverguide/C/network-auth.xml:894(para)
13746
msgid ""
13747
"First, install <application>gnutls-bin</application> by entering the "
13748
"following in a terminal:"
13749
msgstr ""
13750
13751
#: serverguide/C/network-auth.xml:899(command)
13752
msgid "sudo apt-get install gnutls-bin"
13753
msgstr ""
13754
13755
#: serverguide/C/network-auth.xml:905(para)
13756
msgid ""
13757
"Next, create a private key for the <emphasis>Certificate "
13758
"Authority</emphasis> (CA):"
13759
msgstr ""
13760
13761
#: serverguide/C/network-auth.xml:910(command)
13762
msgid ""
13763
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13764
msgstr ""
13765
13766
#: serverguide/C/network-auth.xml:916(para)
13767
msgid ""
13768
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13769
"CA certificate containing:"
13770
msgstr ""
13771
13772
#: serverguide/C/network-auth.xml:920(programlisting)
13773
#, no-wrap
13774
msgid ""
13775
"\n"
13776
"cn = Example Company\n"
13777
"ca\n"
13778
"cert_signing_key\n"
13779
msgstr ""
13780
13781
#: serverguide/C/network-auth.xml:929(para)
13782
msgid "Now create the self-signed CA certificate:"
13783
msgstr ""
13784
13785
#: serverguide/C/network-auth.xml:934(command)
13786
msgid ""
13787
"sudo certtool --generate-self-signed --load-privkey "
13788
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13789
"/etc/ssl/certs/cacert.pem"
13790
msgstr ""
13791
13792
#: serverguide/C/network-auth.xml:941(para)
13793
msgid "Make a private key for the server:"
13794
msgstr ""
13795
13796
#: serverguide/C/network-auth.xml:946(command)
13797
msgid ""
13798
"sudo sh -c \"certtool --generate-privkey > "
13799
"/etc/ssl/private/ldap01_slapd_key.pem\""
13800
msgstr ""
13801
13802
#: serverguide/C/network-auth.xml:950(para)
13803
msgid ""
13804
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13805
"hostname. Naming the certificate and key for the host and service that will "
13806
"be using them will help keep filenames and paths straight."
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:959(para)
13810
msgid ""
13811
"To sign the server's certificate with the CA, create the "
13812
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13813
msgstr ""
13814
13815
#: serverguide/C/network-auth.xml:963(programlisting)
13816
#, no-wrap
13817
msgid ""
13818
"\n"
13819
"organization = Example Company\n"
13820
"cn = ldap01.example.com\n"
13821
"tls_www_server\n"
13822
"encryption_key\n"
13823
"signing_key\n"
13824
msgstr ""
13825
13826
#: serverguide/C/network-auth.xml:974(para)
13827
msgid "Create the server's certificate:"
13828
msgstr ""
13829
13830
#: serverguide/C/network-auth.xml:979(command)
13831
msgid ""
13832
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13833
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13834
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13835
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13836
msgstr ""
13837
13838
#: serverguide/C/network-auth.xml:987(para)
13839
msgid ""
13840
"Once you have a certificate, key, and CA cert installed, use "
13841
"<application>ldapmodify</application> to add the new configuration options:"
13842
msgstr ""
13843
13844
#: serverguide/C/network-auth.xml:998(userinput)
13845
#, no-wrap
13846
msgid ""
13847
"dn: cn=config\n"
13848
"add: olcTLSCACertificateFile\n"
13849
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13850
"-\n"
13851
"add: olcTLSCertificateFile\n"
13852
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13853
"-\n"
13854
"add: olcTLSCertificateKeyFile\n"
13855
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13856
msgstr ""
13857
13858
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
13859
#, no-wrap
13860
msgid ""
13861
"Enter LDAP Password:\n"
13862
"<placeholder-1/>\n"
13863
"\n"
13864
"modifying entry \"cn=config\"\n"
13865
msgstr ""
13866
13867
#: serverguide/C/network-auth.xml:1013(para)
13868
msgid ""
13869
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
13870
"<filename>ldap01_slapd_key.pem</filename>, and "
13871
"<filename>cacert.pem</filename> names if yours are different."
13872
msgstr ""
13873
13874
#: serverguide/C/network-auth.xml:1019(para)
13875
msgid ""
13876
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
13877
"<emphasis>SLAPD_SERVICES</emphasis> option:"
13878
msgstr ""
13879
13880
#: serverguide/C/network-auth.xml:1023(programlisting)
13881
#, no-wrap
13882
msgid ""
13883
"\n"
13884
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13885
msgstr ""
13886
13887
#: serverguide/C/network-auth.xml:1027(para)
13888
msgid ""
13889
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
13890
msgstr ""
13891
13892
#: serverguide/C/network-auth.xml:1032(command)
13893
msgid "sudo adduser openldap ssl-cert"
13894
msgstr ""
13895
13896
#: serverguide/C/network-auth.xml:1033(command)
13897
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
13898
msgstr ""
13899
13900
#: serverguide/C/network-auth.xml:1034(command)
13901
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
13902
msgstr ""
13903
13904
#: serverguide/C/network-auth.xml:1038(para)
13905
msgid ""
13906
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
13907
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
13908
"adjust the commands appropriately."
13909
msgstr ""
13910
13911
#: serverguide/C/network-auth.xml:1044(para)
13912
msgid "Finally, restart <application>slapd</application>:"
13913
msgstr ""
13914
13915
#: serverguide/C/network-auth.xml:1052(para)
13916
msgid ""
13917
"The <application>slapd</application> daemon should now be listening for "
13918
"LDAPS connections and be able to use STARTTLS during authentication."
13919
msgstr ""
13920
13921
#: serverguide/C/network-auth.xml:1058(para)
13922
msgid ""
13923
"If you run into troubles with the server not starting, check the "
13924
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
13925
"it is likely there is a configuration problem. Check that the certificate is "
13926
"signed by the authority from in the files configured, and that the ssl-cert "
13927
"group has read permissions on the private key."
13928
msgstr ""
13929
13930
#: serverguide/C/network-auth.xml:1070(title)
13931
msgid "TLS Replication"
13932
msgstr ""
13933
13934
#: serverguide/C/network-auth.xml:1072(para)
13935
msgid ""
13936
"If you have setup <application>Syncrepl</application> between servers, it is "
13937
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
13938
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
13939
"linkend=\"openldap-server-replication\"/>."
13940
msgstr ""
13941
13942
#: serverguide/C/network-auth.xml:1078(para)
13943
msgid ""
13944
"Assuming you have followed the above instructions and created a CA "
13945
"certificate and server certificate on the <emphasis>Provider</emphasis> "
13946
"server. Follow the following instructions to create a certificate and key "
13947
"for the <emphasis>Consumer</emphasis> server."
13948
msgstr ""
13949
13950
#: serverguide/C/network-auth.xml:1087(para)
13951
msgid "Create a new key for the Consumer server:"
13952
msgstr ""
13953
13954
#: serverguide/C/network-auth.xml:1092(command)
13955
msgid "mkdir ldap02-ssl"
13956
msgstr ""
13957
13958
#: serverguide/C/network-auth.xml:1093(command)
13959
msgid "cd ldap02-ssl"
13960
msgstr ""
13961
13962
#: serverguide/C/network-auth.xml:1094(command)
13963
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
13964
msgstr ""
13965
13966
#: serverguide/C/network-auth.xml:1098(para)
13967
msgid ""
13968
"Creating a new directory is not strictly necessary, but it will help keep "
13969
"things organized and make it easier to copy the files to the Consumer server."
13970
msgstr ""
13971
13972
#: serverguide/C/network-auth.xml:1107(para)
13973
msgid ""
13974
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
13975
"server, changing the attributes to match your locality and server:"
13976
msgstr ""
13977
13978
#: serverguide/C/network-auth.xml:1112(programlisting)
13979
#, no-wrap
13980
msgid ""
13981
"\n"
13982
"country = US\n"
13983
"state = North Carolina\n"
13984
"locality = Winston-Salem\n"
13985
"organization = Example Company\n"
13986
"cn = ldap02.salem.edu\n"
13987
"tls_www_client\n"
13988
"encryption_key\n"
13989
"signing_key\n"
13990
msgstr ""
13991
13992
#: serverguide/C/network-auth.xml:1126(para)
13993
msgid "Create the certificate:"
13994
msgstr ""
13995
13996
#: serverguide/C/network-auth.xml:1131(command)
13997
msgid ""
13998
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
13999
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14000
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14001
"ldap02_slapd_cert.pem"
14002
msgstr ""
14003
14004
#: serverguide/C/network-auth.xml:1139(para)
14005
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14006
msgstr ""
14007
14008
#: serverguide/C/network-auth.xml:1144(command)
14009
msgid "cp /etc/ssl/certs/cacert.pem ."
14010
msgstr ""
14011
14012
#: serverguide/C/network-auth.xml:1150(para)
14013
msgid ""
14014
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14015
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14016
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14017
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14018
"<filename>/etc/ssl/private</filename>."
14019
msgstr ""
14020
14021
#: serverguide/C/network-auth.xml:1159(para)
14022
msgid ""
14023
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14024
"by entering:"
14025
msgstr ""
14026
14027
#: serverguide/C/network-auth.xml:1169(userinput)
14028
#, no-wrap
14029
msgid ""
14030
"dn: cn=config\n"
14031
"add: olcTLSCACertificateFile\n"
14032
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14033
"-\n"
14034
"add: olcTLSCertificateFile\n"
14035
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14036
"-\n"
14037
"add: olcTLSCertificateKeyFile\n"
14038
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14039
msgstr ""
14040
14041
#: serverguide/C/network-auth.xml:1186(para)
14042
msgid ""
14043
"As with the Provider you can now edit "
14044
"<filename>/etc/default/slapd</filename> and add the "
14045
"<emphasis>ldaps:///</emphasis> parameter to the "
14046
"<emphasis>SLAPD_SERVICES</emphasis> option."
14047
msgstr ""
14048
14049
#: serverguide/C/network-auth.xml:1194(para)
14050
msgid ""
14051
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14052
"modify the <emphasis>Consumer</emphasis> server's "
14053
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14054
msgstr ""
14055
14056
#: serverguide/C/network-auth.xml:1207(userinput)
14057
#, no-wrap
14058
msgid ""
14059
"\n"
14060
"dn: olcDatabase={1}hdb,cn=config\n"
14061
"replace: olcSyncrepl\n"
14062
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14063
"binddn=\"cn=ad\n"
14064
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14065
"logbas\n"
14066
" e=\"cn=accesslog\" "
14067
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14068
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14069
"starttls=yes"
14070
msgstr ""
14071
14072
#: serverguide/C/network-auth.xml:1204(computeroutput)
14073
#, no-wrap
14074
msgid ""
14075
"SASL/EXTERNAL authentication started\n"
14076
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14077
"SASL SSF: 0\n"
14078
"<placeholder-1/>\n"
14079
"\n"
14080
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14081
msgstr ""
14082
14083
#: serverguide/C/network-auth.xml:1219(para)
14084
msgid ""
14085
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14086
"(FQDN) in the certificate, you may have to edit "
14087
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14088
msgstr ""
14089
14090
#: serverguide/C/network-auth.xml:1224(programlisting)
14091
#, no-wrap
14092
msgid ""
14093
"\n"
14094
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14095
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14096
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14097
msgstr ""
14098
14099
#: serverguide/C/network-auth.xml:1231(para)
14100
msgid ""
14101
"Finally, restart <application>slapd</application> on each of the servers:"
14102
msgstr ""
14103
14104
#: serverguide/C/network-auth.xml:1244(title)
14105
msgid "LDAP Authentication"
14106
msgstr ""
14107
14108
#: serverguide/C/network-auth.xml:1246(para)
14109
msgid ""
14110
"Once you have a working LDAP server, the <application>auth-client-"
14111
"config</application> and <application>libnss-ldap</application> packages "
14112
"take the pain out of configuring an Ubuntu client to authenticate using "
14113
"LDAP. To install the packages from, a terminal prompt enter:"
14114
msgstr ""
14115
14116
#: serverguide/C/network-auth.xml:1253(command)
14117
msgid "sudo apt-get install libnss-ldap"
14118
msgstr ""
14119
14120
#: serverguide/C/network-auth.xml:1256(para)
14121
msgid ""
14122
"During the install a menu dialog will ask you connection details about your "
14123
"LDAP server."
14124
msgstr ""
14125
14126
#: serverguide/C/network-auth.xml:1260(para)
14127
msgid ""
14128
"If you make a mistake when entering your information you can execute the "
14129
"dialog again using:"
14130
msgstr ""
14131
14132
#: serverguide/C/network-auth.xml:1265(command)
14133
msgid "sudo dpkg-reconfigure ldap-auth-config"
14134
msgstr ""
14135
14136
#: serverguide/C/network-auth.xml:1268(para)
14137
msgid ""
14138
"The results of the dialog can be seen in "
14139
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14140
"covered in the menu edit this file accordingly."
14141
msgstr ""
14142
14143
#: serverguide/C/network-auth.xml:1273(para)
14144
msgid ""
14145
"Now that <application>libnss-ldap</application> is configured enable the "
14146
"<application>auth-client-config</application> LDAP profile by entering:"
14147
msgstr ""
14148
14149
#: serverguide/C/network-auth.xml:1279(command)
14150
msgid "sudo auth-client-config -t nss -p lac_ldap"
14151
msgstr ""
14152
14153
#: serverguide/C/network-auth.xml:1284(para)
14154
msgid ""
14155
"<emphasis>-t:</emphasis> only modifies "
14156
"<filename>/etc/nsswitch.conf</filename>."
14157
msgstr ""
14158
14159
#: serverguide/C/network-auth.xml:1289(para)
14160
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14161
msgstr ""
14162
14163
#: serverguide/C/network-auth.xml:1294(para)
14164
msgid ""
14165
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14166
"config</application> profile that is part of the <application>ldap-auth-"
14167
"config</application> package."
14168
msgstr ""
14169
14170
#: serverguide/C/network-auth.xml:1301(para)
14171
msgid ""
14172
"Using the <application>pam-auth-update</application> utility, configure the "
14173
"system to use LDAP for authentication:"
14174
msgstr ""
14175
14176
#: serverguide/C/network-auth.xml:1306(command)
14177
msgid "sudo pam-auth-update"
14178
msgstr ""
14179
14180
#: serverguide/C/network-auth.xml:1309(para)
14181
msgid ""
14182
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14183
"any other authentication mechanisms you need."
14184
msgstr ""
14185
14186
#: serverguide/C/network-auth.xml:1313(para)
14187
msgid ""
14188
"You should now be able to login using user credentials stored in the LDAP "
14189
"directory."
14190
msgstr ""
14191
14192
#: serverguide/C/network-auth.xml:1318(para)
14193
msgid ""
14194
"If you are going to use LDAP to store Samba users you will need to configure "
14195
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14196
"for details."
14197
msgstr ""
14198
14199
#: serverguide/C/network-auth.xml:1326(title)
14200
msgid "User and Group Management"
14201
msgstr ""
14202
14203
#: serverguide/C/network-auth.xml:1328(para)
14204
msgid ""
14205
"The <application>ldap-utils</application> package comes with multiple "
14206
"utilities to manage the directory, but the long string of options needed, "
14207
"can make them a burden to use. The <application>ldapscripts</application> "
14208
"package contains configurable scripts to easily manage LDAP users and groups."
14209
msgstr ""
14210
14211
#: serverguide/C/network-auth.xml:1334(para)
14212
msgid "To install the package, from a terminal enter:"
14213
msgstr ""
14214
14215
#: serverguide/C/network-auth.xml:1339(command)
14216
msgid "sudo apt-get install ldapscripts"
14217
msgstr ""
14218
14219
#: serverguide/C/network-auth.xml:1342(para)
14220
msgid ""
14221
"Next, edit the config file "
14222
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14223
"changing the following to match your environment:"
14224
msgstr ""
14225
14226
#: serverguide/C/network-auth.xml:1347(programlisting)
14227
#, no-wrap
14228
msgid ""
14229
"\n"
14230
"SERVER=localhost\n"
14231
"BINDDN='cn=admin,dc=example,dc=com'\n"
14232
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14233
"SUFFIX='dc=example,dc=com'\n"
14234
"GSUFFIX='ou=Groups'\n"
14235
"USUFFIX='ou=People'\n"
14236
"MSUFFIX='ou=Computers'\n"
14237
"GIDSTART=10000\n"
14238
"UIDSTART=10000\n"
14239
"MIDSTART=10000\n"
14240
msgstr ""
14241
14242
#: serverguide/C/network-auth.xml:1360(para)
14243
msgid ""
14244
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14245
"authenticated access to the directory:"
14246
msgstr ""
14247
14248
#: serverguide/C/network-auth.xml:1365(command)
14249
msgid ""
14250
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14251
msgstr ""
14252
14253
#: serverguide/C/network-auth.xml:1366(command)
14254
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14255
msgstr ""
14256
14257
#: serverguide/C/network-auth.xml:1370(para)
14258
msgid ""
14259
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14260
"user."
14261
msgstr ""
14262
14263
#: serverguide/C/network-auth.xml:1375(para)
14264
msgid ""
14265
"The <application>ldapscripts</application> are now ready to help manage your "
14266
"directory. The following are some examples of how to use the scripts:"
14267
msgstr ""
14268
14269
#: serverguide/C/network-auth.xml:1382(para)
14270
msgid "Create a new user:"
14271
msgstr ""
14272
14273
#: serverguide/C/network-auth.xml:1386(command)
14274
msgid "sudo ldapadduser george example"
14275
msgstr ""
14276
14277
#: serverguide/C/network-auth.xml:1388(para)
14278
msgid ""
14279
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14280
"and set the user's primary group (gid) to <emphasis "
14281
"role=\"italic\">example</emphasis>"
14282
msgstr ""
14283
14284
#: serverguide/C/network-auth.xml:1394(para)
14285
msgid "Change a user's password:"
14286
msgstr ""
14287
14288
#: serverguide/C/network-auth.xml:1398(command)
14289
msgid "sudo ldapsetpasswd george"
14290
msgstr ""
14291
14292
#: serverguide/C/network-auth.xml:1399(computeroutput)
14293
#, no-wrap
14294
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14295
msgstr ""
14296
14297
#: serverguide/C/network-auth.xml:1400(userinput)
14298
#, no-wrap
14299
msgid "New Password: "
14300
msgstr ""
14301
14302
#: serverguide/C/network-auth.xml:1401(userinput)
14303
#, no-wrap
14304
msgid "New Password (verify): "
14305
msgstr ""
14306
14307
#: serverguide/C/network-auth.xml:1405(para)
14308
msgid "Delete a user:"
14309
msgstr ""
14310
14311
#: serverguide/C/network-auth.xml:1409(command)
14312
msgid "sudo ldapdeleteuser george"
14313
msgstr ""
14314
14315
#: serverguide/C/network-auth.xml:1414(para)
14316
msgid "Add a group:"
14317
msgstr ""
14318
14319
#: serverguide/C/network-auth.xml:1418(command)
14320
msgid "sudo ldapaddgroup qa"
14321
msgstr ""
14322
14323
#: serverguide/C/network-auth.xml:1422(para)
14324
msgid "Delete a group:"
14325
msgstr ""
14326
14327
#: serverguide/C/network-auth.xml:1426(command)
14328
msgid "sudo ldapdeletegroup qa"
14329
msgstr ""
14330
14331
#: serverguide/C/network-auth.xml:1430(para)
14332
msgid "Add a user to a group:"
14333
msgstr ""
14334
14335
#: serverguide/C/network-auth.xml:1434(command)
14336
msgid "sudo ldapaddusertogroup george qa"
14337
msgstr ""
14338
14339
#: serverguide/C/network-auth.xml:1436(para)
14340
msgid ""
14341
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14342
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14343
"role=\"italic\">george</emphasis>."
14344
msgstr ""
14345
14346
#: serverguide/C/network-auth.xml:1442(para)
14347
msgid "Remove a user from a group:"
14348
msgstr ""
14349
14350
#: serverguide/C/network-auth.xml:1446(command)
14351
msgid "sudo ldapdeleteuserfromgroup george qa"
14352
msgstr ""
14353
14354
#: serverguide/C/network-auth.xml:1448(para)
14355
msgid ""
14356
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14357
"<emphasis role=\"italic\">qa</emphasis> group."
14358
msgstr ""
14359
14360
#: serverguide/C/network-auth.xml:1454(para)
14361
msgid ""
14362
"The <application>ldapmodifyuser</application> script allows you to add, "
14363
"remove, or replace a user's attributes. The script uses the same syntax as "
14364
"the <application>ldapmodify</application> utility. For example:"
14365
msgstr ""
14366
14367
#: serverguide/C/network-auth.xml:1459(command)
14368
msgid "sudo ldapmodifyuser george"
14369
msgstr ""
14370
14371
#: serverguide/C/network-auth.xml:1460(computeroutput)
14372
#, no-wrap
14373
msgid ""
14374
"# About to modify the following entry :\n"
14375
"dn: uid=george,ou=People,dc=example,dc=com\n"
14376
"objectClass: account\n"
14377
"objectClass: posixAccount\n"
14378
"cn: george\n"
14379
"uid: george\n"
14380
"uidNumber: 1001\n"
14381
"gidNumber: 1001\n"
14382
"homeDirectory: /home/george\n"
14383
"loginShell: /bin/bash\n"
14384
"gecos: george\n"
14385
"description: User account\n"
14386
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14387
"\n"
14388
"# Enter your modifications here, end with CTRL-D.\n"
14389
"dn: uid=george,ou=People,dc=example,dc=com"
14390
msgstr ""
14391
14392
#: serverguide/C/network-auth.xml:1476(userinput)
14393
#, no-wrap
14394
msgid ""
14395
"replace: gecos\n"
14396
"gecos: George Carlin"
14397
msgstr ""
14398
14399
#: serverguide/C/network-auth.xml:1479(para)
14400
msgid ""
14401
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14402
"Carlin</quote>."
14403
msgstr ""
14404
14405
#: serverguide/C/network-auth.xml:1484(para)
14406
msgid ""
14407
"Another great feature of <application>ldapscripts</application>, is the "
14408
"template system. Templates allow you to customize the attributes of user, "
14409
"group, and machine objectes. For example, to enable the "
14410
"<emphasis>user</emphasis> template edit "
14411
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14412
msgstr ""
14413
14414
#: serverguide/C/network-auth.xml:1491(programlisting)
14415
#, no-wrap
14416
msgid ""
14417
"\n"
14418
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14419
msgstr ""
14420
14421
#: serverguide/C/network-auth.xml:1495(para)
14422
msgid ""
14423
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14424
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14425
"<filename>ldapadduser.template.sample</filename> file to "
14426
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14427
msgstr ""
14428
14429
#: serverguide/C/network-auth.xml:1502(command)
14430
msgid ""
14431
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14432
"/etc/ldapscripts/ldapadduser.template"
14433
msgstr ""
14434
14435
#: serverguide/C/network-auth.xml:1505(para)
14436
msgid ""
14437
"Edit the new template to add the desired attributes. The following will "
14438
"create new user's as with an <emphasis>objectClass</emphasis> of "
14439
"<emphasis>inetOrgPerson</emphasis>:"
14440
msgstr ""
14441
14442
#: serverguide/C/network-auth.xml:1510(programlisting)
14443
#, no-wrap
14444
msgid ""
14445
"\n"
14446
"dn: uid=<user>,<usuffix>,<suffix>\n"
14447
"objectClass: inetOrgPerson\n"
14448
"objectClass: posixAccount\n"
14449
"cn: <user>\n"
14450
"sn: <ask>\n"
14451
"uid: <user>\n"
14452
"uidNumber: <uid>\n"
14453
"gidNumber: <gid>\n"
14454
"homeDirectory: <home>\n"
14455
"loginShell: <shell>\n"
14456
"gecos: <user>\n"
14457
"description: User account\n"
14458
"title: Employee\n"
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:1526(para)
14462
msgid ""
14463
"Notice the <emphasis><ask></emphasis> option used for the "
14464
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14465
"<application>ldapadduser</application> to prompt you for the attribute value "
14466
"during user creation."
14467
msgstr ""
14468
14469
#: serverguide/C/network-auth.xml:1534(para)
14470
msgid ""
14471
"There are more useful scripts in the package, to see a full list enter: "
14472
"<command>dpkg -L ldapscripts | grep bin</command>"
14473
msgstr ""
14474
14475
#: serverguide/C/network-auth.xml:1543(para)
14476
msgid ""
14477
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14478
"Ubuntu Wiki</ulink> page has more details."
14479
msgstr ""
14480
14481
#: serverguide/C/network-auth.xml:1548(para)
14482
msgid ""
14483
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14484
"Home Page</ulink>"
14485
msgstr ""
14486
14487
#: serverguide/C/network-auth.xml:1553(para)
14488
msgid ""
14489
"Though starting to show it's age, a great source for in depth LDAP "
14490
"information is O'Reilly's <ulink "
14491
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14492
"Administration</ulink>"
14493
msgstr ""
14494
14495
#: serverguide/C/network-auth.xml:1559(para)
14496
msgid ""
14497
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14498
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14499
"newer versions of OpenLDAP."
14500
msgstr ""
14501
14502
#: serverguide/C/network-auth.xml:1565(para)
14503
msgid ""
14504
"For more information on <application>auth-client-config</application> see "
14505
"the man page: <command>man auth-client-config</command>."
14506
msgstr ""
14507
14508
#: serverguide/C/network-auth.xml:1570(para)
14509
msgid ""
14510
"For more details regarding the <application>ldapscripts</application> "
14511
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14512
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14513
msgstr ""
14514
14515
#: serverguide/C/network-auth.xml:1580(title)
14516
msgid "Samba and LDAP"
14517
msgstr ""
14518
14519
#: serverguide/C/network-auth.xml:1582(para)
14520
msgid ""
14521
"This section covers configuring Samba to use LDAP for user, group, and "
14522
"machine account information and authentication. The assumption is, you "
14523
"already have a working OpenLDAP directory installed and the server is "
14524
"configured to use it for authentication. See <xref linkend=\"openldap-"
14525
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14526
"setting up OpenLDAP. For more information on installing and configuring "
14527
"Samba see <xref linkend=\"windows-networking\"/>."
14528
msgstr ""
14529
14530
#: serverguide/C/network-auth.xml:1592(para)
14531
msgid ""
14532
"There are three packages needed when integrating Samba with LDAP. "
14533
"<application>samba</application>, <application>samba-doc</application>, and "
14534
"<application>smbldap-tools</application> packages . To install the packages, "
14535
"from a terminal enter:"
14536
msgstr ""
14537
14538
#: serverguide/C/network-auth.xml:1598(command)
14539
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14540
msgstr ""
14541
14542
#: serverguide/C/network-auth.xml:1601(para)
14543
msgid ""
14544
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14545
"needed, but unless you have another package or custom scripts, a method of "
14546
"managing users, groups, and computer accounts is needed."
14547
msgstr ""
14548
14549
#: serverguide/C/network-auth.xml:1608(title)
14550
msgid "OpenLDAP Configuration"
14551
msgstr ""
14552
14553
#: serverguide/C/network-auth.xml:1610(para)
14554
msgid ""
14555
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14556
"the user objects in the directory will need additional attributes. This "
14557
"section assumes you want Samba to be configured as a Windows NT domain "
14558
"controller, and will add the necessary LDAP objects and attributes."
14559
msgstr ""
14560
14561
#: serverguide/C/network-auth.xml:1618(para)
14562
msgid ""
14563
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14564
"file which is part of the <application>samba-doc</application> package. The "
14565
"schema file needs to be unzipped and copied to "
14566
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14567
msgstr ""
14568
14569
#: serverguide/C/network-auth.xml:1625(command)
14570
msgid ""
14571
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14572
"/etc/ldap/schema/"
14573
msgstr ""
14574
14575
#: serverguide/C/network-auth.xml:1626(command)
14576
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14577
msgstr ""
14578
14579
#: serverguide/C/network-auth.xml:1632(para)
14580
msgid ""
14581
"The <emphasis>samba</emphasis> schema needs to be added to the "
14582
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14583
"<application>slapd</application> is also detailed in <xref "
14584
"linkend=\"openldap-configuration\"/>."
14585
msgstr ""
14586
14587
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14588
msgid ""
14589
"First, create a configuration file named "
14590
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14591
"containing the following lines:"
14592
msgstr ""
14593
14594
#: serverguide/C/network-auth.xml:1645(programlisting)
14595
#, no-wrap
14596
msgid ""
14597
"\n"
14598
"include /etc/ldap/schema/core.schema\n"
14599
"include /etc/ldap/schema/collective.schema\n"
14600
"include /etc/ldap/schema/corba.schema\n"
14601
"include /etc/ldap/schema/cosine.schema\n"
14602
"include /etc/ldap/schema/duaconf.schema\n"
14603
"include /etc/ldap/schema/dyngroup.schema\n"
14604
"include /etc/ldap/schema/inetorgperson.schema\n"
14605
"include /etc/ldap/schema/java.schema\n"
14606
"include /etc/ldap/schema/misc.schema\n"
14607
"include /etc/ldap/schema/nis.schema\n"
14608
"include /etc/ldap/schema/openldap.schema\n"
14609
"include /etc/ldap/schema/ppolicy.schema\n"
14610
"include /etc/ldap/schema/samba.schema\n"
14611
msgstr ""
14612
14613
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14614
msgid ""
14615
"Now use <application>slapcat</application> to convert the schema files:"
14616
msgstr ""
14617
14618
#: serverguide/C/network-auth.xml:1680(command)
14619
msgid ""
14620
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14621
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14622
msgstr ""
14623
14624
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14625
msgid ""
14626
"Change the above file and path names to match your own if they are different."
14627
msgstr ""
14628
14629
#: serverguide/C/network-auth.xml:1690(para)
14630
msgid ""
14631
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14632
"the following attributes:"
14633
msgstr ""
14634
14635
#: serverguide/C/network-auth.xml:1694(programlisting)
14636
#, no-wrap
14637
msgid ""
14638
"\n"
14639
"dn: cn=samba,cn=schema,cn=config\n"
14640
"...\n"
14641
"cn: samba\n"
14642
msgstr ""
14643
14644
#: serverguide/C/network-auth.xml:1704(programlisting)
14645
#, no-wrap
14646
msgid ""
14647
"\n"
14648
"structuralObjectClass: olcSchemaConfig\n"
14649
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14650
"creatorsName: cn=config\n"
14651
"createTimestamp: 20080827045234Z\n"
14652
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14653
"modifiersName: cn=config\n"
14654
"modifyTimestamp: 20080827045234Z\n"
14655
msgstr ""
14656
14657
#: serverguide/C/network-auth.xml:1729(command)
14658
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14659
msgstr ""
14660
14661
#: serverguide/C/network-auth.xml:1735(para)
14662
msgid ""
14663
"There should now be a <emphasis>dn: "
14664
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14665
"sequential schema, entry in the cn=config tree."
14666
msgstr ""
14667
14668
#: serverguide/C/network-auth.xml:1743(para)
14669
msgid ""
14670
"Copy and paste the following into a file named "
14671
"<filename>samba_indexes.ldif</filename>:"
14672
msgstr ""
14673
14674
#: serverguide/C/network-auth.xml:1747(programlisting)
14675
#, no-wrap
14676
msgid ""
14677
"\n"
14678
"dn: olcDatabase={1}hdb,cn=config\n"
14679
"changetype: modify\n"
14680
"add: olcDbIndex\n"
14681
"olcDbIndex: uidNumber eq\n"
14682
"olcDbIndex: gidNumber eq\n"
14683
"olcDbIndex: loginShell eq\n"
14684
"olcDbIndex: uid eq,pres,sub\n"
14685
"olcDbIndex: memberUid eq,pres,sub\n"
14686
"olcDbIndex: uniqueMember eq,pres\n"
14687
"olcDbIndex: sambaSID eq\n"
14688
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14689
"olcDbIndex: sambaGroupType eq\n"
14690
"olcDbIndex: sambaSIDList eq\n"
14691
"olcDbIndex: sambaDomainName eq\n"
14692
"olcDbIndex: default sub\n"
14693
msgstr ""
14694
14695
#: serverguide/C/network-auth.xml:1765(para)
14696
msgid ""
14697
"Using the <application>ldapmodify</application> utility load the new indexes:"
14698
msgstr ""
14699
14700
#: serverguide/C/network-auth.xml:1770(command)
14701
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14702
msgstr ""
14703
14704
#: serverguide/C/network-auth.xml:1772(para)
14705
msgid ""
14706
"If all went well you should see the new indexes using "
14707
"<application>ldapsearch</application>:"
14708
msgstr ""
14709
14710
#: serverguide/C/network-auth.xml:1777(command)
14711
msgid ""
14712
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14713
msgstr ""
14714
14715
#: serverguide/C/network-auth.xml:1783(para)
14716
msgid ""
14717
"Next, configure the <application>smbldap-tools</application> package to "
14718
"match your environment. The package comes with a configuration script that "
14719
"will ask questions about the needed options. To run the script enter:"
14720
msgstr ""
14721
14722
#: serverguide/C/network-auth.xml:1789(command)
14723
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14724
msgstr ""
14725
14726
#: serverguide/C/network-auth.xml:1790(command)
14727
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14728
msgstr ""
14729
14730
#: serverguide/C/network-auth.xml:1793(para)
14731
msgid ""
14732
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14733
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14734
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14735
"configure script, so if you made any mistakes while executing the script it "
14736
"may be simpler to edit the file appropriately."
14737
msgstr ""
14738
14739
#: serverguide/C/network-auth.xml:1803(para)
14740
msgid ""
14741
"The <application>smbldap-populate</application> script will add the "
14742
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14743
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14744
"<application>slapcat</application> before executing the command:"
14745
msgstr ""
14746
14747
#: serverguide/C/network-auth.xml:1810(command)
14748
msgid "sudo slapcat -l backup.ldif"
14749
msgstr ""
14750
14751
#: serverguide/C/network-auth.xml:1816(para)
14752
msgid ""
14753
"Once you have a current backup execute <application>smbldap-"
14754
"populate</application> by entering:"
14755
msgstr ""
14756
14757
#: serverguide/C/network-auth.xml:1821(command)
14758
msgid "sudo smbldap-populate"
14759
msgstr ""
14760
14761
#: serverguide/C/network-auth.xml:1825(para)
14762
msgid ""
14763
"You can create an LDIF file containing the new Samba objects by executing "
14764
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14765
"look over the changes making sure everything is correct."
14766
msgstr ""
14767
14768
#: serverguide/C/network-auth.xml:1833(para)
14769
msgid ""
14770
"Your LDAP directory now has the necessary domain information to authenticate "
14771
"Samba users."
14772
msgstr ""
14773
14774
#: serverguide/C/network-auth.xml:1839(title)
14775
msgid "Samba Configuration"
14776
msgstr ""
14777
14778
#: serverguide/C/network-auth.xml:1841(para)
14779
msgid ""
14780
"There a multiple ways to configure Samba for details on some common "
14781
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14782
"Samba to use LDAP, edit the main Samba configuration file "
14783
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14784
"backend</emphasis> option and adding the following:"
14785
msgstr ""
14786
14787
#: serverguide/C/network-auth.xml:1847(programlisting)
14788
#, no-wrap
14789
msgid ""
14790
"\n"
14791
"# passdb backend = tdbsam\n"
14792
"\n"
14793
"# LDAP Settings\n"
14794
" passdb backend = ldapsam:ldap://hostname\n"
14795
" ldap suffix = dc=example,dc=com\n"
14796
" ldap user suffix = ou=People\n"
14797
" ldap group suffix = ou=Groups\n"
14798
" ldap machine suffix = ou=Computers\n"
14799
" ldap idmap suffix = ou=Idmap\n"
14800
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14801
" ldap ssl = start tls\n"
14802
" ldap passwd sync = yes\n"
14803
"...\n"
14804
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14805
msgstr ""
14806
14807
#: serverguide/C/network-auth.xml:1864(para)
14808
msgid "Restart <application>samba</application> to enable the new settings:"
14809
msgstr ""
14810
14811
#: serverguide/C/network-auth.xml:1873(para)
14812
msgid ""
14813
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14814
"enter:"
14815
msgstr ""
14816
14817
#: serverguide/C/network-auth.xml:1878(command)
14818
msgid "sudo smbpasswd -w secret"
14819
msgstr ""
14820
14821
#: serverguide/C/network-auth.xml:1882(para)
14822
msgid ""
14823
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14824
"password."
14825
msgstr ""
14826
14827
#: serverguide/C/network-auth.xml:1887(para)
14828
msgid ""
14829
"If you currently have users in LDAP, and you want them to authenticate using "
14830
"Samba, they will need some Samba attributes defined in the "
14831
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14832
"users using the <application>smbpasswd</application> utility, replacing "
14833
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14834
msgstr ""
14835
14836
#: serverguide/C/network-auth.xml:1895(command)
14837
msgid "sudo smbpasswd -a username"
14838
msgstr ""
14839
14840
#: serverguide/C/network-auth.xml:1898(para)
14841
msgid "You will then be asked to enter the user's password."
14842
msgstr ""
14843
14844
#: serverguide/C/network-auth.xml:1902(para)
14845
msgid ""
14846
"To add new user, group, and machine accounts use the utilities from the "
14847
"<application>smbldap-tools</application> package. Here are some examples:"
14848
msgstr ""
14849
14850
#: serverguide/C/network-auth.xml:1909(para)
14851
msgid ""
14852
"To add a new user to LDAP with Samba attributes enter the following, "
14853
"replacing username with an actual username:"
14854
msgstr ""
14855
14856
#: serverguide/C/network-auth.xml:1913(command)
14857
msgid "sudo smbldap-useradd -a -P username"
14858
msgstr ""
14859
14860
#: serverguide/C/network-auth.xml:1915(para)
14861
msgid ""
14862
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
14863
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
14864
"passwd</application> utility after the user is created allowing you to enter "
14865
"a password for the user."
14866
msgstr ""
14867
14868
#: serverguide/C/network-auth.xml:1921(para)
14869
msgid "To remove a user from the directory enter:"
14870
msgstr ""
14871
14872
#: serverguide/C/network-auth.xml:1925(command)
14873
msgid "sudo smbldap-userdel username"
14874
msgstr ""
14875
14876
#: serverguide/C/network-auth.xml:1927(para)
14877
msgid ""
14878
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
14879
"r</emphasis> option to remove the user's home directory."
14880
msgstr ""
14881
14882
#: serverguide/C/network-auth.xml:1932(para)
14883
msgid ""
14884
"Use <application>smbldap-groupadd</application> to add a group, replacing "
14885
"groupname with an appropriate group:"
14886
msgstr ""
14887
14888
#: serverguide/C/network-auth.xml:1936(command)
14889
msgid "sudo smbldap-groupadd -a groupname"
14890
msgstr ""
14891
14892
#: serverguide/C/network-auth.xml:1938(para)
14893
msgid ""
14894
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
14895
"a</emphasis> adds the Samba attributes."
14896
msgstr ""
14897
14898
#: serverguide/C/network-auth.xml:1943(para)
14899
msgid ""
14900
"To add a user to a group use <application>smbldap-groupmod</application>:"
14901
msgstr ""
14902
14903
#: serverguide/C/network-auth.xml:1947(command)
14904
msgid "sudo smbldap-groupmod -m username groupname"
14905
msgstr ""
14906
14907
#: serverguide/C/network-auth.xml:1949(para)
14908
msgid ""
14909
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
14910
"<emphasis>-m</emphasis> option can add more than one user at a time by "
14911
"listing them in <emphasis>comma separated</emphasis> format."
14912
msgstr ""
14913
14914
#: serverguide/C/network-auth.xml:1955(para)
14915
msgid ""
14916
"<application>smbldap-groupmod</application> can also be used to remove a "
14917
"user from a group:"
14918
msgstr ""
14919
14920
#: serverguide/C/network-auth.xml:1959(command)
14921
msgid "sudo smbldap-groupmod -x username groupname"
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:1963(para)
14925
msgid ""
14926
"Additionally, the <application>smbldap-useradd</application> utility can add "
14927
"Samba machine accounts:"
14928
msgstr ""
14929
14930
#: serverguide/C/network-auth.xml:1967(command)
14931
msgid "sudo smbldap-useradd -t 0 -w username"
14932
msgstr ""
14933
14934
#: serverguide/C/network-auth.xml:1969(para)
14935
msgid ""
14936
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
14937
"<emphasis>-t 0</emphasis> option creates the machine account without a "
14938
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
14939
"machine account. Also, note the <emphasis>add machine script</emphasis> "
14940
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
14941
"<application>smbldap-useradd</application>."
14942
msgstr ""
14943
14944
#: serverguide/C/network-auth.xml:1978(para)
14945
msgid ""
14946
"There are more useful utilities and options in the <application>smbldap-"
14947
"tools</application> package. The man page for each utility provides more "
14948
"details."
14949
msgstr ""
14950
14951
#: serverguide/C/network-auth.xml:1989(para)
14952
msgid ""
14953
"There are multiple places where LDAP and Samba is documented in the <ulink "
14954
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
14955
"Collection</ulink>."
14956
msgstr ""
14957
14958
#: serverguide/C/network-auth.xml:1995(para)
14959
msgid ""
14960
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
14961
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
14962
msgstr ""
14963
14964
#: serverguide/C/network-auth.xml:2001(para)
14965
msgid ""
14966
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
14967
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
14968
msgstr ""
14969
14970
#: serverguide/C/network-auth.xml:2007(para)
14971
msgid ""
14972
"Again, for more information on <application>smbldap-tools</application> see "
14973
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
14974
"groupadd</command>, <command>man smbldap-populate</command>, etc."
14975
msgstr ""
14976
14977
#: serverguide/C/network-auth.xml:2014(para)
14978
msgid ""
14979
"Also, there is a list of <ulink "
14980
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
14981
"wiki</ulink> articles with more information."
14982
msgstr ""
14983
14984
#: serverguide/C/network-auth.xml:2023(title)
14985
msgid "Kerberos"
14986
msgstr ""
14987
14988
#: serverguide/C/network-auth.xml:2025(para)
14989
msgid ""
14990
"<application>Kerberos</application> is a network authentication system based "
14991
"on the principal of a trusted third party. The other two parties being the "
14992
"user and the service the user wishes to authenticate to. Not all services "
14993
"and applications can use Kerberos, but for those that can, it brings the "
14994
"network environment one step closer to being Single Sign On (SSO)."
14995
msgstr ""
14996
14997
#: serverguide/C/network-auth.xml:2031(para)
14998
msgid ""
14999
"This section covers installation and configuration of a Kerberos server, and "
15000
"some example client configurations."
15001
msgstr ""
15002
15003
#: serverguide/C/network-auth.xml:2038(para)
15004
msgid ""
15005
"If you are new to Kerberos there are a few terms that are good to understand "
15006
"before setting up a Kerberos server. Most of the terms will relate to things "
15007
"you may be familiar with in other environments:"
15008
msgstr ""
15009
15010
#: serverguide/C/network-auth.xml:2045(para)
15011
msgid ""
15012
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15013
"by servers need to be defined as Kerberos Principals."
15014
msgstr ""
15015
15016
#: serverguide/C/network-auth.xml:2050(para)
15017
msgid ""
15018
"<emphasis>Instances:</emphasis> are used for service principals and special "
15019
"administrative principals."
15020
msgstr ""
15021
15022
#: serverguide/C/network-auth.xml:2055(para)
15023
msgid ""
15024
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15025
"Kerberos installation. Usually the DNS domain converted to uppercase "
15026
"(EXAMPLE.COM)."
15027
msgstr ""
15028
15029
#: serverguide/C/network-auth.xml:2061(para)
15030
msgid ""
15031
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15032
"a database of all principals, the authentication server, and the ticket "
15033
"granting server. For each realm there must be at least one KDC."
15034
msgstr ""
15035
15036
#: serverguide/C/network-auth.xml:2067(para)
15037
msgid ""
15038
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15039
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15040
"password which is known only to the user and the KDC."
15041
msgstr ""
15042
15043
#: serverguide/C/network-auth.xml:2073(para)
15044
msgid ""
15045
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15046
"clients upon request."
15047
msgstr ""
15048
15049
#: serverguide/C/network-auth.xml:2078(para)
15050
msgid ""
15051
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15052
"One principal being a user and the other a service requested by the user. "
15053
"Tickets establish an encryption key used for secure communication during the "
15054
"authenticated session."
15055
msgstr ""
15056
15057
#: serverguide/C/network-auth.xml:2084(para)
15058
msgid ""
15059
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15060
"principal database and contain the encryption key for a service or host."
15061
msgstr ""
15062
15063
#: serverguide/C/network-auth.xml:2091(para)
15064
msgid ""
15065
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15066
"redundancy, which contains a database of Principals. When a user principal "
15067
"logs into a workstation, configured for Kerberos authentication, the KDC "
15068
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15069
"match, the user is authenticated and can then request tickets for Kerberized "
15070
"services from the Ticket Granting Server (TGS). The service tickets allow "
15071
"the user to authenticate to the service without entering another username "
15072
"and password."
15073
msgstr ""
15074
15075
#: serverguide/C/network-auth.xml:2100(title)
15076
msgid "Kerberos Server"
15077
msgstr ""
15078
15079
#: serverguide/C/network-auth.xml:2104(para)
15080
msgid ""
15081
"Before installing the Kerberos server a properly configured DNS server is "
15082
"needed for your domain. Since the Kerberos Realm by convention matches the "
15083
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15084
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15085
msgstr ""
15086
15087
#: serverguide/C/network-auth.xml:2110(para)
15088
msgid ""
15089
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15090
"between a client machine and the server differs by more than five minutes "
15091
"(by default), the workstation will not be able to authenticate. To correct "
15092
"the problem all hosts should have their time synchronized using the "
15093
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15094
"NTP see <xref linkend=\"NTP\"/>."
15095
msgstr ""
15096
15097
#: serverguide/C/network-auth.xml:2117(para)
15098
msgid ""
15099
"The first step in installing a Kerberos Realm is to install the "
15100
"<application>krb5-kdc</application> and <application>krb5-admin-"
15101
"server</application> packages. From a terminal enter:"
15102
msgstr ""
15103
15104
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15105
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15106
msgstr ""
15107
15108
#: serverguide/C/network-auth.xml:2126(para)
15109
msgid ""
15110
"You will be asked at the end of the install to supply a name for the "
15111
"Kerberos and Admin servers, which may or may not be the same server, for the "
15112
"realm."
15113
msgstr ""
15114
15115
#: serverguide/C/network-auth.xml:2131(para)
15116
msgid ""
15117
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15118
"utility:"
15119
msgstr ""
15120
15121
#: serverguide/C/network-auth.xml:2136(command)
15122
msgid "sudo krb5_newrealm"
15123
msgstr ""
15124
15125
#: serverguide/C/network-auth.xml:2143(para)
15126
msgid ""
15127
"The questions asked during installation are used to configure the "
15128
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15129
"Distribution Center (KDC) settings simply edit the file and restart the "
15130
"<application>krb5-kdc</application> daemon."
15131
msgstr ""
15132
15133
#: serverguide/C/network-auth.xml:2151(para)
15134
msgid ""
15135
"Now that the KDC running an admin user is needed. It is recommended to use a "
15136
"different username from your everyday username. Using the "
15137
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15138
msgstr ""
15139
15140
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15141
msgid "sudo kadmin.local"
15142
msgstr ""
15143
15144
#: serverguide/C/network-auth.xml:2158(computeroutput)
15145
#, no-wrap
15146
msgid ""
15147
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15148
"kadmin.local:"
15149
msgstr ""
15150
15151
#: serverguide/C/network-auth.xml:2159(userinput)
15152
#, no-wrap
15153
msgid " addprinc steve/admin"
15154
msgstr ""
15155
15156
#: serverguide/C/network-auth.xml:2160(computeroutput)
15157
#, no-wrap
15158
msgid ""
15159
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15160
"policy\n"
15161
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15162
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15163
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15164
"kadmin.local:"
15165
msgstr ""
15166
15167
#: serverguide/C/network-auth.xml:2164(userinput)
15168
#, no-wrap
15169
msgid " quit"
15170
msgstr ""
15171
15172
#: serverguide/C/network-auth.xml:2167(para)
15173
msgid ""
15174
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15175
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15176
"is an <emphasis>Instance</emphasis>, and <emphasis "
15177
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15178
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15179
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15180
"rights."
15181
msgstr ""
15182
15183
#: serverguide/C/network-auth.xml:2175(para)
15184
msgid ""
15185
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15186
"your Realm and admin username."
15187
msgstr ""
15188
15189
#: serverguide/C/network-auth.xml:2183(para)
15190
msgid ""
15191
"Next, the new admin user needs to have the appropriate Access Control List "
15192
"(ACL) permissions. The permissions are configured in the "
15193
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15194
msgstr ""
15195
15196
#: serverguide/C/network-auth.xml:2188(programlisting)
15197
#, no-wrap
15198
msgid ""
15199
"\n"
15200
"steve/admin@EXAMPLE.COM *\n"
15201
msgstr ""
15202
15203
#: serverguide/C/network-auth.xml:2192(para)
15204
msgid ""
15205
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15206
"any operation on all principals in the realm."
15207
msgstr ""
15208
15209
#: serverguide/C/network-auth.xml:2199(para)
15210
msgid ""
15211
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15212
"to take affect:"
15213
msgstr ""
15214
15215
#: serverguide/C/network-auth.xml:2204(command)
15216
msgid "sudo /etc/init.d/krb5-admin-server restart"
15217
msgstr ""
15218
15219
#: serverguide/C/network-auth.xml:2210(para)
15220
msgid ""
15221
"The new user principal can be tested using the <application>kinit "
15222
"utility</application>:"
15223
msgstr ""
15224
15225
#: serverguide/C/network-auth.xml:2215(command)
15226
msgid "kinit steve/admin"
15227
msgstr ""
15228
15229
#: serverguide/C/network-auth.xml:2216(computeroutput)
15230
#, no-wrap
15231
msgid "steve/admin@EXAMPLE.COM's Password:"
15232
msgstr ""
15233
15234
#: serverguide/C/network-auth.xml:2219(para)
15235
msgid ""
15236
"After entering the password, use the <application>klist</application> "
15237
"utility to view information about the Ticket Granting Ticket (TGT):"
15238
msgstr ""
15239
15240
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15241
msgid "klist"
15242
msgstr ""
15243
15244
#: serverguide/C/network-auth.xml:2226(computeroutput)
15245
#, no-wrap
15246
msgid ""
15247
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15248
" Principal: steve/admin@EXAMPLE.COM\n"
15249
"\n"
15250
" Issued Expires Principal\n"
15251
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15252
msgstr ""
15253
15254
#: serverguide/C/network-auth.xml:2233(para)
15255
msgid ""
15256
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15257
"the KDC. For example:"
15258
msgstr ""
15259
15260
#: serverguide/C/network-auth.xml:2237(programlisting)
15261
#, no-wrap
15262
msgid ""
15263
"\n"
15264
"192.168.0.1 kdc01.example.com kdc01\n"
15265
msgstr ""
15266
15267
#: serverguide/C/network-auth.xml:2241(para)
15268
msgid ""
15269
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15270
msgstr ""
15271
15272
#: serverguide/C/network-auth.xml:2248(para)
15273
msgid ""
15274
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15275
"are needed. Add the following to "
15276
"<filename>/etc/named/db.example.com</filename>:"
15277
msgstr ""
15278
15279
#: serverguide/C/network-auth.xml:2253(programlisting)
15280
#, no-wrap
15281
msgid ""
15282
"\n"
15283
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15284
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15285
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15286
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15287
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15288
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15289
msgstr ""
15290
15291
#: serverguide/C/network-auth.xml:2263(para)
15292
msgid ""
15293
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15294
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15295
"KDC."
15296
msgstr ""
15297
15298
#: serverguide/C/network-auth.xml:2269(para)
15299
msgid ""
15300
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15301
msgstr ""
15302
15303
#: serverguide/C/network-auth.xml:2276(para)
15304
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15305
msgstr ""
15306
15307
#: serverguide/C/network-auth.xml:2283(title)
15308
msgid "Secondary KDC"
15309
msgstr ""
15310
15311
#: serverguide/C/network-auth.xml:2285(para)
15312
msgid ""
15313
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15314
"practice to have a Secondary KDC in case the primary becomes unavailable."
15315
msgstr ""
15316
15317
#: serverguide/C/network-auth.xml:2293(para)
15318
msgid ""
15319
"First, install the packages, and when asked for the Kerberos and Admin "
15320
"server names enter the name of the Primary KDC:"
15321
msgstr ""
15322
15323
#: serverguide/C/network-auth.xml:2304(para)
15324
msgid ""
15325
"Once you have the packages installed, create the Secondary KDC's host "
15326
"principal. From a terminal prompt, enter:"
15327
msgstr ""
15328
15329
#: serverguide/C/network-auth.xml:2309(command)
15330
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15331
msgstr ""
15332
15333
#: serverguide/C/network-auth.xml:2313(para)
15334
msgid ""
15335
"After, issuing any <application>kadmin</application> commands you will be "
15336
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15337
"password."
15338
msgstr ""
15339
15340
#: serverguide/C/network-auth.xml:2322(para)
15341
msgid "Extract the <emphasis>keytab</emphasis> file:"
15342
msgstr ""
15343
15344
#: serverguide/C/network-auth.xml:2327(command)
15345
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15346
msgstr ""
15347
15348
#: serverguide/C/network-auth.xml:2333(para)
15349
msgid ""
15350
"There should now be a <filename>keytab.kdc02</filename> in the current "
15351
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15352
msgstr ""
15353
15354
#: serverguide/C/network-auth.xml:2339(command)
15355
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15356
msgstr ""
15357
15358
#: serverguide/C/network-auth.xml:2343(para)
15359
msgid ""
15360
"If the path to the <filename>keytab.kdc02</filename> file is different "
15361
"adjust accordingly."
15362
msgstr ""
15363
15364
#: serverguide/C/network-auth.xml:2348(para)
15365
msgid ""
15366
"Also, you can list the principals in a Keytab file, which can be useful when "
15367
"troubleshooting, using the <application>klist</application> utility:"
15368
msgstr ""
15369
15370
#: serverguide/C/network-auth.xml:2354(command)
15371
msgid "sudo klist -k /etc/krb5.keytab"
15372
msgstr ""
15373
15374
#: serverguide/C/network-auth.xml:2360(para)
15375
msgid ""
15376
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15377
"that lists all KDCs for the Realm. For example, on both primary and "
15378
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15379
msgstr ""
15380
15381
#: serverguide/C/network-auth.xml:2365(programlisting)
15382
#, no-wrap
15383
msgid ""
15384
"\n"
15385
"host/kdc01.example.com@EXAMPLE.COM\n"
15386
"host/kdc02.example.com@EXAMPLE.COM\n"
15387
msgstr ""
15388
15389
#: serverguide/C/network-auth.xml:2373(para)
15390
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15391
msgstr ""
15392
15393
#: serverguide/C/network-auth.xml:2378(command)
15394
msgid "sudo kdb5_util -s create"
15395
msgstr ""
15396
15397
#: serverguide/C/network-auth.xml:2384(para)
15398
msgid ""
15399
"Now start the <application>kpropd</application> daemon, which listens for "
15400
"connections from the <application>kprop</application> utility. "
15401
"<application>kprop</application> is used to transfer dump files:"
15402
msgstr ""
15403
15404
#: serverguide/C/network-auth.xml:2391(command)
15405
msgid "sudo kpropd -S"
15406
msgstr ""
15407
15408
#: serverguide/C/network-auth.xml:2397(para)
15409
msgid ""
15410
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15411
"of the principal database:"
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:2402(command)
15415
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15416
msgstr ""
15417
15418
#: serverguide/C/network-auth.xml:2408(para)
15419
msgid ""
15420
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15421
"<filename>/etc/krb5.keytab</filename>:"
15422
msgstr ""
15423
15424
#: serverguide/C/network-auth.xml:2413(command)
15425
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15426
msgstr ""
15427
15428
#: serverguide/C/network-auth.xml:2414(command)
15429
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15430
msgstr ""
15431
15432
#: serverguide/C/network-auth.xml:2418(para)
15433
msgid ""
15434
"Make sure there is a <emphasis>host</emphasis> for "
15435
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15436
msgstr ""
15437
15438
#: serverguide/C/network-auth.xml:2426(para)
15439
msgid ""
15440
"Using the <application>kprop</application> utility push the database to the "
15441
"Secondary KDC:"
15442
msgstr ""
15443
15444
#: serverguide/C/network-auth.xml:2431(command)
15445
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15446
msgstr ""
15447
15448
#: serverguide/C/network-auth.xml:2435(para)
15449
msgid ""
15450
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15451
"worked. If there is an error message check "
15452
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15453
"information."
15454
msgstr ""
15455
15456
#: serverguide/C/network-auth.xml:2441(para)
15457
msgid ""
15458
"You may also want to create a <application>cron</application> job to "
15459
"periodically update the database on the Secondary KDC. For example, the "
15460
"following will push the database every hour:"
15461
msgstr ""
15462
15463
#: serverguide/C/network-auth.xml:2446(programlisting)
15464
#, no-wrap
15465
msgid ""
15466
"\n"
15467
"# m h dom mon dow command\n"
15468
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15469
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15470
msgstr ""
15471
15472
#: serverguide/C/network-auth.xml:2454(para)
15473
msgid ""
15474
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15475
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15476
msgstr ""
15477
15478
#: serverguide/C/network-auth.xml:2460(command)
15479
msgid "sudo kdb5_util stash"
15480
msgstr ""
15481
15482
#: serverguide/C/network-auth.xml:2466(para)
15483
msgid ""
15484
"Finally, start the <application>krb5-kdc</application> daemon on the "
15485
"Secondary KDC:"
15486
msgstr ""
15487
15488
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15489
msgid "sudo /etc/init.d/krb5-kdc start"
15490
msgstr ""
15491
15492
#: serverguide/C/network-auth.xml:2477(para)
15493
msgid ""
15494
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15495
"for the Realm. You can test this by stopping the <application>krb5-"
15496
"kdc</application> daemon on the Primary KDC, then use "
15497
"<application>kinit</application> to request a ticket. If all goes well you "
15498
"should receive a ticket from the Secondary KDC."
15499
msgstr ""
15500
15501
#: serverguide/C/network-auth.xml:2485(title)
15502
msgid "Kerberos Linux Client"
15503
msgstr ""
15504
15505
#: serverguide/C/network-auth.xml:2487(para)
15506
msgid ""
15507
"This section covers configuring a Linux system as a "
15508
"<application>Kerberos</application> client. This will allow access to any "
15509
"kerberized services once a user has successfully logged into the system."
15510
msgstr ""
15511
15512
#: serverguide/C/network-auth.xml:2495(para)
15513
msgid ""
15514
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15515
"user</application> and <application>libpam-krb5</application> packages are "
15516
"needed, along with a few others that are not strictly necessary but make "
15517
"life easier. To install the packages enter the following in a terminal "
15518
"prompt:"
15519
msgstr ""
15520
15521
#: serverguide/C/network-auth.xml:2502(command)
15522
msgid ""
15523
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15524
msgstr ""
15525
15526
#: serverguide/C/network-auth.xml:2505(para)
15527
msgid ""
15528
"The <application>auth-client-config</application> package allows simple "
15529
"configuration of PAM for authentication from multiple sources, and the "
15530
"<application>libpam-ccreds</application> will cache authentication "
15531
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15532
"is unavailable. This package is also useful for laptops that may "
15533
"authenticate using Kerberos while on the corporate network, but will need to "
15534
"be accessed off the network as well."
15535
msgstr ""
15536
15537
#: serverguide/C/network-auth.xml:2516(para)
15538
msgid "To configure the client in a terminal enter:"
15539
msgstr ""
15540
15541
#: serverguide/C/network-auth.xml:2521(command)
15542
msgid "sudo dpkg-reconfigure krb5-config"
15543
msgstr ""
15544
15545
#: serverguide/C/network-auth.xml:2524(para)
15546
msgid ""
15547
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15548
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15549
"records, the menu will prompt you for the hostname of the Key Distribution "
15550
"Center (KDC) and Realm Administration server."
15551
msgstr ""
15552
15553
#: serverguide/C/network-auth.xml:2530(para)
15554
msgid ""
15555
"The <application>dpkg-reconfigure</application> adds entries to the "
15556
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15557
"entries similar to the following:"
15558
msgstr ""
15559
15560
#: serverguide/C/network-auth.xml:2535(programlisting)
15561
#, no-wrap
15562
msgid ""
15563
"\n"
15564
"[libdefaults]\n"
15565
" default_realm = EXAMPLE.COM\n"
15566
"...\n"
15567
"[realms]\n"
15568
" EXAMPLE.COM = } \n"
15569
" kdc = 192.168.0.1 \n"
15570
" admin_server = 192.168.0.1\n"
15571
" }\n"
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:2546(para)
15575
msgid ""
15576
"You can test the configuration by requesting a ticket using the "
15577
"<application>kinit</application> utility. For example:"
15578
msgstr ""
15579
15580
#: serverguide/C/network-auth.xml:2551(command)
15581
msgid "kinit steve@EXAMPLE.COM"
15582
msgstr ""
15583
15584
#: serverguide/C/network-auth.xml:2552(computeroutput)
15585
#, no-wrap
15586
msgid "Password for steve@EXAMPLE.COM:"
15587
msgstr ""
15588
15589
#: serverguide/C/network-auth.xml:2555(para)
15590
msgid ""
15591
"When a ticket has been granted, the details can be viewed using "
15592
"<application>klist</application>:"
15593
msgstr ""
15594
15595
#: serverguide/C/network-auth.xml:2561(computeroutput)
15596
#, no-wrap
15597
msgid ""
15598
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15599
"Default principal: steve@EXAMPLE.COM\n"
15600
"\n"
15601
"Valid starting Expires Service principal\n"
15602
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15603
" renew until 07/25/08 05:18:57\n"
15604
"\n"
15605
"\n"
15606
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15607
"klist: You have no tickets cached"
15608
msgstr ""
15609
15610
#: serverguide/C/network-auth.xml:2573(para)
15611
msgid ""
15612
"Next, use the <application>auth-client-config</application> to configure the "
15613
"<application>libpam-krb5</application> module to request a ticket during "
15614
"login:"
15615
msgstr ""
15616
15617
#: serverguide/C/network-auth.xml:2579(command)
15618
msgid "sudo auth-client-config -a -p kerberos_example"
15619
msgstr ""
15620
15621
#: serverguide/C/network-auth.xml:2582(para)
15622
msgid ""
15623
"You will should now receive a ticket upon successful login authentication."
15624
msgstr ""
15625
15626
#: serverguide/C/network-auth.xml:2593(para)
15627
msgid ""
15628
"For more information on Kerberos see the <ulink "
15629
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15630
msgstr ""
15631
15632
#: serverguide/C/network-auth.xml:2598(para)
15633
msgid ""
15634
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15635
"Kerberos</ulink> page has more details."
15636
msgstr ""
15637
15638
#: serverguide/C/network-auth.xml:2603(para)
15639
msgid ""
15640
"O'Reilly's <ulink "
15641
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15642
"Guide</ulink> is a great reference when setting up Kerberos."
15643
msgstr ""
15644
15645
#: serverguide/C/network-auth.xml:2609(para)
15646
msgid ""
15647
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15648
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15649
"Kerberos questions."
15650
msgstr ""
15651
15652
#: serverguide/C/network-auth.xml:2619(title)
15653
msgid "Kerberos and LDAP"
15654
msgstr ""
15655
15656
#: serverguide/C/network-auth.xml:2621(para)
15657
msgid ""
15658
"Replicating a Kerberos principal database between two servers can be "
15659
"complicated, and adds an additional user database to your network. "
15660
"Fortunately, MIT Kerberos can be configured to use an "
15661
"<application>LDAP</application> directory as a principal database. This "
15662
"section covers configuring a primary and secondary kerberos server to use "
15663
"<application>OpenLDAP</application> for the principal database."
15664
msgstr ""
15665
15666
#: serverguide/C/network-auth.xml:2629(title)
15667
msgid "Configuring OpenLDAP"
15668
msgstr ""
15669
15670
#: serverguide/C/network-auth.xml:2631(para)
15671
msgid ""
15672
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15673
"<application>OpenLDAP</application> server that has network connectivity to "
15674
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15675
"also have LDAP replication configured between at least two servers. For "
15676
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15677
msgstr ""
15678
15679
#: serverguide/C/network-auth.xml:2638(para)
15680
msgid ""
15681
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15682
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15683
"linkend=\"openldap-tls\"/> for details."
15684
msgstr ""
15685
15686
#: serverguide/C/network-auth.xml:2645(para)
15687
msgid ""
15688
"To load the schema into LDAP, on the LDAP server install the "
15689
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15690
msgstr ""
15691
15692
#: serverguide/C/network-auth.xml:2651(command)
15693
msgid "sudo apt-get install krb5-kdc-ldap"
15694
msgstr ""
15695
15696
#: serverguide/C/network-auth.xml:2656(para)
15697
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15698
msgstr ""
15699
15700
#: serverguide/C/network-auth.xml:2661(command)
15701
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15702
msgstr ""
15703
15704
#: serverguide/C/network-auth.xml:2662(command)
15705
msgid ""
15706
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15707
msgstr ""
15708
15709
#: serverguide/C/network-auth.xml:2668(para)
15710
msgid ""
15711
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15712
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15713
"<application>slapd</application> is also detailed in <xref "
15714
"linkend=\"openldap-configuration\"/>."
15715
msgstr ""
15716
15717
#: serverguide/C/network-auth.xml:2681(programlisting)
15718
#, no-wrap
15719
msgid ""
15720
"\n"
15721
"include /etc/ldap/schema/core.schema\n"
15722
"include /etc/ldap/schema/collective.schema\n"
15723
"include /etc/ldap/schema/corba.schema\n"
15724
"include /etc/ldap/schema/cosine.schema\n"
15725
"include /etc/ldap/schema/duaconf.schema\n"
15726
"include /etc/ldap/schema/dyngroup.schema\n"
15727
"include /etc/ldap/schema/inetorgperson.schema\n"
15728
"include /etc/ldap/schema/java.schema\n"
15729
"include /etc/ldap/schema/misc.schema\n"
15730
"include /etc/ldap/schema/nis.schema\n"
15731
"include /etc/ldap/schema/openldap.schema\n"
15732
"include /etc/ldap/schema/ppolicy.schema\n"
15733
"include /etc/ldap/schema/kerberos.schema\n"
15734
msgstr ""
15735
15736
#: serverguide/C/network-auth.xml:2701(para)
15737
msgid "Create a temporary directory to hold the LDIF files:"
15738
msgstr ""
15739
15740
#: serverguide/C/network-auth.xml:2716(command)
15741
msgid ""
15742
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15743
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15744
msgstr ""
15745
15746
#: serverguide/C/network-auth.xml:2726(para)
15747
msgid ""
15748
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15749
"changing the following attributes:"
15750
msgstr ""
15751
15752
#: serverguide/C/network-auth.xml:2730(programlisting)
15753
#, no-wrap
15754
msgid ""
15755
"\n"
15756
"dn: cn=kerberos,cn=schema,cn=config\n"
15757
"...\n"
15758
"cn: kerberos\n"
15759
msgstr ""
15760
15761
#: serverguide/C/network-auth.xml:2736(para)
15762
msgid "And remove the following lines from the end of the file:"
15763
msgstr ""
15764
15765
#: serverguide/C/network-auth.xml:2740(programlisting)
15766
#, no-wrap
15767
msgid ""
15768
"\n"
15769
"structuralObjectClass: olcSchemaConfig\n"
15770
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15771
"creatorsName: cn=config\n"
15772
"createTimestamp: 20090111203515Z\n"
15773
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15774
"modifiersName: cn=config\n"
15775
"modifyTimestamp: 20090111203515Z\n"
15776
msgstr ""
15777
15778
#: serverguide/C/network-auth.xml:2759(para)
15779
msgid "Load the new schema with <application>ldapadd</application>:"
15780
msgstr ""
15781
15782
#: serverguide/C/network-auth.xml:2764(command)
15783
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15784
msgstr ""
15785
15786
#: serverguide/C/network-auth.xml:2770(para)
15787
msgid ""
15788
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15789
msgstr ""
15790
15791
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
15792
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15793
msgstr ""
15794
15795
#: serverguide/C/network-auth.xml:2777(userinput)
15796
#, no-wrap
15797
msgid ""
15798
"dn: olcDatabase={1}hdb,cn=config\n"
15799
"add: olcDbIndex\n"
15800
"olcDbIndex: krbPrincipalName eq,pres,sub"
15801
msgstr ""
15802
15803
#: serverguide/C/network-auth.xml:2776(computeroutput)
15804
#, no-wrap
15805
msgid ""
15806
"Enter LDAP Password:\n"
15807
"<placeholder-1/>\n"
15808
"\n"
15809
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15810
msgstr ""
15811
15812
#: serverguide/C/network-auth.xml:2787(para)
15813
msgid "Finally, update the Access Control Lists (ACL):"
15814
msgstr ""
15815
15816
#: serverguide/C/network-auth.xml:2794(userinput)
15817
#, no-wrap
15818
msgid ""
15819
"dn: olcDatabase={1}hdb,cn=config\n"
15820
"replace: olcAccess\n"
15821
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15822
"dn=\"cn=admin,dc=exampl\n"
15823
" e,dc=com\" write by anonymous auth by self write by * none\n"
15824
"-\n"
15825
"add: olcAccess\n"
15826
"olcAccess: to dn.base=\"\" by * read\n"
15827
"-\n"
15828
"add: olcAccess\n"
15829
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15830
msgstr ""
15831
15832
#: serverguide/C/network-auth.xml:2793(computeroutput)
15833
#, no-wrap
15834
msgid ""
15835
"Enter LDAP Password: \n"
15836
"<placeholder-1/>\n"
15837
"\n"
15838
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15839
msgstr ""
15840
15841
#: serverguide/C/network-auth.xml:2814(para)
15842
msgid ""
15843
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15844
"database."
15845
msgstr ""
15846
15847
#: serverguide/C/network-auth.xml:2820(title)
15848
msgid "Primary KDC Configuration"
15849
msgstr ""
15850
15851
#: serverguide/C/network-auth.xml:2822(para)
15852
msgid ""
15853
"With <application>OpenLDAP</application> configured it is time to configure "
15854
"the KDC."
15855
msgstr ""
15856
15857
#: serverguide/C/network-auth.xml:2828(para)
15858
msgid "First, install the necessary packages, from a terminal enter:"
15859
msgstr ""
15860
15861
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
15862
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15863
msgstr ""
15864
15865
#: serverguide/C/network-auth.xml:2839(para)
15866
msgid ""
15867
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
15868
"under the appropriate sections:"
15869
msgstr ""
15870
15871
#: serverguide/C/network-auth.xml:2843(programlisting)
15872
#, no-wrap
15873
msgid ""
15874
"\n"
15875
"[libdefaults]\n"
15876
" default_realm = EXAMPLE.COM\n"
15877
"\n"
15878
"...\n"
15879
"\n"
15880
"[realms]\n"
15881
" EXAMPLE.COM = {\n"
15882
" kdc = kdc01.example.com\n"
15883
" kdc = kdc02.example.com\n"
15884
" admin_server = kdc01.example.com\n"
15885
" admin_server = kdc02.example.com\n"
15886
" default_domain = example.com\n"
15887
" database_module = openldap_ldapconf\n"
15888
" }\n"
15889
"\n"
15890
"...\n"
15891
"\n"
15892
"[domain_realm]\n"
15893
" .example.com = EXAMPLE.COM\n"
15894
"\n"
15895
"\n"
15896
"...\n"
15897
"\n"
15898
"[dbdefaults]\n"
15899
" ldap_kerberos_container_dn = dc=example,dc=com\n"
15900
"\n"
15901
"[dbmodules]\n"
15902
" openldap_ldapconf = {\n"
15903
" db_library = kldap\n"
15904
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
15905
"\n"
15906
" # this object needs to have read rights on\n"
15907
" # the realm container, principal container and realm sub-"
15908
"trees\n"
15909
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
15910
"\n"
15911
" # this object needs to have read and write rights on\n"
15912
" # the realm container, principal container and realm sub-"
15913
"trees\n"
15914
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
15915
" ldap_servers = ldaps://ldap01.example.com "
15916
"ldaps://ldap02.example.com\n"
15917
" ldap_conns_per_server = 5\n"
15918
" }\n"
15919
msgstr ""
15920
15921
#: serverguide/C/network-auth.xml:2888(para)
15922
msgid ""
15923
"Change <emphasis>example.com</emphasis>, "
15924
"<emphasis>dc=example,dc=com</emphasis>, "
15925
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
15926
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
15927
"object, and LDAP server for your network."
15928
msgstr ""
15929
15930
#: serverguide/C/network-auth.xml:2897(para)
15931
msgid ""
15932
"Next, use the <application>kdb5_ldap_util</application> utility to create "
15933
"the realm:"
15934
msgstr ""
15935
15936
#: serverguide/C/network-auth.xml:2902(command)
15937
msgid ""
15938
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
15939
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
15940
msgstr ""
15941
15942
#: serverguide/C/network-auth.xml:2908(para)
15943
msgid ""
15944
"Create a stash of the password used to bind to the LDAP server. This "
15945
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
15946
"<emphasis>ldap_kadmin_dn</emphasis> options in "
15947
"<filename>/etc/krb5.conf</filename>:"
15948
msgstr ""
15949
15950
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
15951
msgid ""
15952
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
15953
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
15954
msgstr ""
15955
15956
#: serverguide/C/network-auth.xml:2920(para)
15957
msgid "Copy the CA certificate from the LDAP server:"
15958
msgstr ""
15959
15960
#: serverguide/C/network-auth.xml:2925(command)
15961
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
15962
msgstr ""
15963
15964
#: serverguide/C/network-auth.xml:2926(command)
15965
msgid "sudo cp cacert.pem /etc/ssl/certs"
15966
msgstr ""
15967
15968
#: serverguide/C/network-auth.xml:2929(para)
15969
msgid ""
15970
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
15971
msgstr ""
15972
15973
#: serverguide/C/network-auth.xml:2933(programlisting)
15974
#, no-wrap
15975
msgid ""
15976
"\n"
15977
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15978
msgstr ""
15979
15980
#: serverguide/C/network-auth.xml:2938(para)
15981
msgid ""
15982
"The certificate will also need to be copied to the Secondary KDC, to allow "
15983
"the connection to the LDAP servers using LDAPS."
15984
msgstr ""
15985
15986
#: serverguide/C/network-auth.xml:2947(para)
15987
msgid ""
15988
"You can now add Kerberos principals to the LDAP database, and they will be "
15989
"copied to any other LDAP servers configured for replication. To add a "
15990
"principal using the <application>kadmin.local</application> utility enter:"
15991
msgstr ""
15992
15993
#: serverguide/C/network-auth.xml:2955(userinput)
15994
#, no-wrap
15995
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
15996
msgstr ""
15997
15998
#: serverguide/C/network-auth.xml:2954(computeroutput)
15999
#, no-wrap
16000
msgid ""
16001
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16002
"kadmin.local: <placeholder-1/>\n"
16003
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16004
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16005
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16006
"Principal \"steve@EXAMPLE.COM\" created."
16007
msgstr ""
16008
16009
#: serverguide/C/network-auth.xml:2962(para)
16010
msgid ""
16011
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16012
"krbExtraData attributes added to the "
16013
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16014
"the <application>kinit</application> and <application>klist</application> "
16015
"utilities to test that the user is indeed issued a ticket."
16016
msgstr ""
16017
16018
#: serverguide/C/network-auth.xml:2969(para)
16019
msgid ""
16020
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16021
"option is needed to add the Kerberos attributes. Otherwise a new "
16022
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16023
msgstr ""
16024
16025
#: serverguide/C/network-auth.xml:2977(title)
16026
msgid "Secondary KDC Configuration"
16027
msgstr ""
16028
16029
#: serverguide/C/network-auth.xml:2979(para)
16030
msgid ""
16031
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16032
"one using the normal Kerberos database."
16033
msgstr ""
16034
16035
#: serverguide/C/network-auth.xml:2985(para)
16036
msgid "First, install the necessary packages. In a terminal enter:"
16037
msgstr ""
16038
16039
#: serverguide/C/network-auth.xml:2996(para)
16040
msgid ""
16041
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16042
msgstr ""
16043
16044
#: serverguide/C/network-auth.xml:3000(programlisting)
16045
#, no-wrap
16046
msgid ""
16047
"\n"
16048
"[libdefaults]\n"
16049
" default_realm = EXAMPLE.COM\n"
16050
"\n"
16051
"...\n"
16052
"\n"
16053
"[realms]\n"
16054
" EXAMPLE.COM = {\n"
16055
" kdc = kdc01.example.com\n"
16056
" kdc = kdc02.example.com\n"
16057
" admin_server = kdc01.example.com\n"
16058
" admin_server = kdc02.example.com\n"
16059
" default_domain = example.com\n"
16060
" database_module = openldap_ldapconf\n"
16061
" }\n"
16062
"\n"
16063
"...\n"
16064
"\n"
16065
"[domain_realm]\n"
16066
" .example.com = EXAMPLE.COM\n"
16067
"\n"
16068
"...\n"
16069
"\n"
16070
"[dbdefaults]\n"
16071
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16072
"\n"
16073
"[dbmodules]\n"
16074
" openldap_ldapconf = {\n"
16075
" db_library = kldap\n"
16076
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16077
"\n"
16078
" # this object needs to have read rights on\n"
16079
" # the realm container, principal container and realm sub-"
16080
"trees\n"
16081
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16082
"\n"
16083
" # this object needs to have read and write rights on\n"
16084
" # the realm container, principal container and realm sub-"
16085
"trees\n"
16086
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16087
" ldap_servers = ldaps://ldap01.example.com "
16088
"ldaps://ldap02.example.com\n"
16089
" ldap_conns_per_server = 5\n"
16090
" }\n"
16091
msgstr ""
16092
16093
#: serverguide/C/network-auth.xml:3047(para)
16094
msgid "Create the stash for the LDAP bind password:"
16095
msgstr ""
16096
16097
#: serverguide/C/network-auth.xml:3058(para)
16098
msgid ""
16099
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16100
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16101
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16102
"encrypted connection such as <application>scp</application>, or on physical "
16103
"media."
16104
msgstr ""
16105
16106
#: serverguide/C/network-auth.xml:3065(command)
16107
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16108
msgstr ""
16109
16110
#: serverguide/C/network-auth.xml:3066(command)
16111
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16112
msgstr ""
16113
16114
#: serverguide/C/network-auth.xml:3070(para)
16115
msgid ""
16116
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16117
msgstr ""
16118
16119
#: serverguide/C/network-auth.xml:3078(para)
16120
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16121
msgstr ""
16122
16123
#: serverguide/C/network-auth.xml:3089(para)
16124
msgid ""
16125
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16126
"you should be able to continue to authenticate users if one LDAP server, one "
16127
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16128
msgstr ""
16129
16130
#: serverguide/C/network-auth.xml:3101(para)
16131
msgid ""
16132
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16133
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16134
"Guide</ulink> has some additional details."
16135
msgstr ""
16136
16137
#: serverguide/C/network-auth.xml:3107(para)
16138
msgid ""
16139
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16140
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16141
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16142
"5.6</ulink> and the <ulink "
16143
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16144
"tml\">kdb5_ldap_util man page</ulink>."
16145
msgstr ""
16146
16147
#: serverguide/C/network-auth.xml:3115(para)
16148
msgid ""
16149
"Another useful link is the <ulink "
16150
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16151
">krb5.conf man page</ulink>."
16152
msgstr ""
16153
16154
#: serverguide/C/network-auth.xml:3120(para)
16155
msgid ""
16156
"Also, see the <ulink "
16157
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16158
"and LDAP</ulink> Ubuntu wiki page."
16159
msgstr ""
16160
16161
#: serverguide/C/monitoring.xml:13(title)
16162
msgid "Monitoring"
16163
msgstr ""
16164
16165
#: serverguide/C/monitoring.xml:17(para)
16166
msgid ""
16167
"The monitoring of essential servers and services is an important part of "
16168
"system administration. Most network services are monitored for performance, "
16169
"availability, or both. This section will cover installation and "
16170
"configuration of <application>Nagios</application> for availability "
16171
"monitoring, and <application>Munin</application> for performance monitoring."
16172
msgstr ""
16173
16174
#: serverguide/C/monitoring.xml:24(para)
16175
msgid ""
16176
"The examples in this section will use two servers with hostnames "
16177
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16178
"<emphasis>Server01</emphasis> will be configured with "
16179
"<application>Nagios</application> to monitor services on itself and "
16180
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16181
"<application>munin</application> package to gather information from the "
16182
"network. Using the <application>munin-node</application> package, "
16183
"<emphasis>server02</emphasis> will be configured to send information to "
16184
"<emphasis>server01</emphasis>."
16185
msgstr ""
16186
16187
#: serverguide/C/monitoring.xml:33(para)
16188
msgid ""
16189
"Hopefully these simple examples will allow you to monitor additional servers "
16190
"and services on your network."
16191
msgstr ""
16192
16193
#: serverguide/C/monitoring.xml:39(title)
16194
msgid "Nagios"
16195
msgstr ""
16196
16197
#: serverguide/C/monitoring.xml:44(para)
16198
msgid ""
16199
"First, on <emphasis>server01</emphasis> install the "
16200
"<application>nagios</application> package. In a terminal enter:"
16201
msgstr ""
16202
16203
#: serverguide/C/monitoring.xml:50(command)
16204
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16205
msgstr ""
16206
16207
#: serverguide/C/monitoring.xml:53(para)
16208
msgid ""
16209
"You will be asked to enter a password for the "
16210
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16211
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16212
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16213
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16214
"of the <application>apache2-utils</application> package."
16215
msgstr ""
16216
16217
#: serverguide/C/monitoring.xml:60(para)
16218
msgid ""
16219
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16220
"user enter:"
16221
msgstr ""
16222
16223
#: serverguide/C/monitoring.xml:65(command)
16224
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16225
msgstr ""
16226
16227
#: serverguide/C/monitoring.xml:68(para)
16228
msgid "To add a user:"
16229
msgstr ""
16230
16231
#: serverguide/C/monitoring.xml:73(command)
16232
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16233
msgstr ""
16234
16235
#: serverguide/C/monitoring.xml:76(para)
16236
msgid ""
16237
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16238
"server</application> package. From a terminal on server02 enter:"
16239
msgstr ""
16240
16241
#: serverguide/C/monitoring.xml:82(command)
16242
msgid "sudo apt-get install nagios-nrpe-server"
16243
msgstr ""
16244
16245
#: serverguide/C/monitoring.xml:86(para)
16246
msgid ""
16247
"<application>NRPE</application> allows you to execute local checks on remote "
16248
"hosts. There are other ways of accomplishing this through other Nagios "
16249
"plugins as well as other checks."
16250
msgstr ""
16251
16252
#: serverguide/C/monitoring.xml:94(title)
16253
msgid "Configuration Overview"
16254
msgstr ""
16255
16256
#: serverguide/C/monitoring.xml:96(para)
16257
msgid ""
16258
"There are a couple of directories containing "
16259
"<application>Nagios</application> configuration and check files."
16260
msgstr ""
16261
16262
#: serverguide/C/monitoring.xml:102(para)
16263
msgid ""
16264
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16265
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16266
"etc."
16267
msgstr ""
16268
16269
#: serverguide/C/monitoring.xml:108(para)
16270
msgid ""
16271
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16272
"service checks."
16273
msgstr ""
16274
16275
#: serverguide/C/monitoring.xml:113(para)
16276
msgid ""
16277
"<filename>/etc/nagios</filename>: on the remote host contains the "
16278
"<application>nagios-nrpe-server</application> configuration files."
16279
msgstr ""
16280
16281
#: serverguide/C/monitoring.xml:118(para)
16282
msgid ""
16283
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16284
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16285
msgstr ""
16286
16287
#: serverguide/C/monitoring.xml:123(para)
16288
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16289
msgstr ""
16290
16291
#: serverguide/C/monitoring.xml:129(para)
16292
msgid ""
16293
"There are a plethora of checks <application>Nagios</application> can be "
16294
"configured to execute for any given host. For this example Nagios will be "
16295
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16296
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16297
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16298
msgstr ""
16299
16300
#: serverguide/C/monitoring.xml:136(para)
16301
msgid ""
16302
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16303
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16304
msgstr ""
16305
16306
#: serverguide/C/monitoring.xml:141(para)
16307
msgid ""
16308
"Additionally, there are some terms that once explained will hopefully make "
16309
"understanding Nagios configuration easier:"
16310
msgstr ""
16311
16312
#: serverguide/C/monitoring.xml:147(para)
16313
msgid ""
16314
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16315
"is being monitored."
16316
msgstr ""
16317
16318
#: serverguide/C/monitoring.xml:152(para)
16319
msgid ""
16320
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16321
"could group all web servers, file server, etc."
16322
msgstr ""
16323
16324
#: serverguide/C/monitoring.xml:157(para)
16325
msgid ""
16326
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16327
"as HTTP, DNS, NFS, etc."
16328
msgstr ""
16329
16330
#: serverguide/C/monitoring.xml:162(para)
16331
msgid ""
16332
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16333
"together. This is useful for grouping multiple HTTP for example."
16334
msgstr ""
16335
16336
#: serverguide/C/monitoring.xml:168(para)
16337
msgid ""
16338
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16339
"place. Nagios can be configured to send emails, SMS messages, etc."
16340
msgstr ""
16341
16342
#: serverguide/C/monitoring.xml:174(para)
16343
msgid ""
16344
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16345
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16346
"will also <application>ping</application> check the "
16347
"<emphasis>gateway</emphasis>."
16348
msgstr ""
16349
16350
#: serverguide/C/monitoring.xml:179(para)
16351
msgid ""
16352
"Large Nagios installations can be quite complex to configure. It is usually "
16353
"best to start small, one or two hosts, get things configured the way you "
16354
"like then expand."
16355
msgstr ""
16356
16357
#: serverguide/C/monitoring.xml:194(para)
16358
msgid ""
16359
"First, create a <emphasis>host</emphasis> configuration file for "
16360
"<emphasis>server02</emphasis>. In a terminal enter:"
16361
msgstr ""
16362
16363
#: serverguide/C/monitoring.xml:199(command)
16364
msgid ""
16365
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16366
"/etc/nagios3/conf.d/server02.cfg"
16367
msgstr ""
16368
16369
#: serverguide/C/monitoring.xml:203(para)
16370
msgid ""
16371
"In the above and following command examples, replace "
16372
"<emphasis>\"server01\"</emphasis>, "
16373
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16374
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16375
"your servers."
16376
msgstr ""
16377
16378
#: serverguide/C/monitoring.xml:212(para)
16379
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16380
msgstr ""
16381
16382
#: serverguide/C/monitoring.xml:216(programlisting)
16383
#, no-wrap
16384
msgid ""
16385
"\n"
16386
"define host{\n"
16387
" use generic-host ; Name of host "
16388
"template to use\n"
16389
" host_name server02\n"
16390
" alias Server 02\n"
16391
" address 172.18.100.101\n"
16392
"}\n"
16393
"\n"
16394
"# check DNS service.\n"
16395
"define service {\n"
16396
" use generic-service\n"
16397
" host_name server02\n"
16398
" service_description DNS\n"
16399
" check_command check_dns!172.18.100.101\n"
16400
"}\n"
16401
msgstr ""
16402
16403
#: serverguide/C/monitoring.xml:236(para)
16404
msgid ""
16405
"Restart the <application>nagios</application> daemon to enable the new "
16406
"configuration:"
16407
msgstr ""
16408
16409
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16410
msgid "sudo /etc/init.d/nagios3 restart"
16411
msgstr ""
16412
16413
#: serverguide/C/monitoring.xml:251(para)
16414
msgid ""
16415
"Now add a service definition for the MySQL check by adding the following to "
16416
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16417
msgstr ""
16418
16419
#: serverguide/C/monitoring.xml:255(programlisting)
16420
#, no-wrap
16421
msgid ""
16422
"\n"
16423
"# check MySQL servers.\n"
16424
"define service {\n"
16425
" hostgroup_name mysql-servers\n"
16426
" service_description MySQL\n"
16427
" check_command "
16428
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16429
" use generic-service\n"
16430
" notification_interval 0 ; set > 0 if you want to be "
16431
"renotified\n"
16432
"}\n"
16433
msgstr ""
16434
16435
#: serverguide/C/monitoring.xml:269(para)
16436
msgid ""
16437
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16438
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16439
msgstr ""
16440
16441
#: serverguide/C/monitoring.xml:274(programlisting)
16442
#, no-wrap
16443
msgid ""
16444
"\n"
16445
"# MySQL hostgroup.\n"
16446
"define hostgroup {\n"
16447
" hostgroup_name mysql-servers\n"
16448
" alias MySQL servers\n"
16449
" members localhost, server02\n"
16450
" }\n"
16451
msgstr ""
16452
16453
#: serverguide/C/monitoring.xml:286(para)
16454
msgid ""
16455
"The Nagios check needs to authenticate to MySQL. To add a "
16456
"<emphasis>nagios</emphasis> user to MySQL enter:"
16457
msgstr ""
16458
16459
#: serverguide/C/monitoring.xml:291(command)
16460
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16461
msgstr ""
16462
16463
#: serverguide/C/monitoring.xml:295(para)
16464
msgid ""
16465
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16466
"<emphasis>mysql-servers</emphasis> hostgroup."
16467
msgstr ""
16468
16469
#: serverguide/C/monitoring.xml:303(para)
16470
msgid ""
16471
"Restart <application>nagios</application> to start checking the MySQL "
16472
"servers."
16473
msgstr ""
16474
16475
#: serverguide/C/monitoring.xml:318(para)
16476
msgid ""
16477
"Lastly configure NRPE to check the disk space on "
16478
"<emphasis>server02</emphasis>."
16479
msgstr ""
16480
16481
#: serverguide/C/monitoring.xml:322(para)
16482
msgid ""
16483
"On <emphasis>server01</emphasis> add the service check to "
16484
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16485
msgstr ""
16486
16487
#: serverguide/C/monitoring.xml:327(programlisting)
16488
#, no-wrap
16489
msgid ""
16490
"\n"
16491
"# NRPE disk check.\n"
16492
"define service {\n"
16493
" use generic-service\n"
16494
" host_name server02\n"
16495
" service_description nrpe-disk\n"
16496
" check_command "
16497
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16498
"}\n"
16499
msgstr ""
16500
16501
#: serverguide/C/monitoring.xml:340(para)
16502
msgid ""
16503
"Now on <emphasis>server02</emphasis> edit "
16504
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16505
msgstr ""
16506
16507
#: serverguide/C/monitoring.xml:344(programlisting)
16508
#, no-wrap
16509
msgid ""
16510
"\n"
16511
"allowed_hosts=172.18.100.100\n"
16512
msgstr ""
16513
16514
#: serverguide/C/monitoring.xml:348(para)
16515
msgid "And below in the command definition area add:"
16516
msgstr ""
16517
16518
#: serverguide/C/monitoring.xml:352(programlisting)
16519
#, no-wrap
16520
msgid ""
16521
"\n"
16522
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16523
"e\n"
16524
msgstr ""
16525
16526
#: serverguide/C/monitoring.xml:359(para)
16527
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16528
msgstr ""
16529
16530
#: serverguide/C/monitoring.xml:364(command)
16531
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16532
msgstr ""
16533
16534
#: serverguide/C/monitoring.xml:370(para)
16535
msgid ""
16536
"Also, on <emphasis>server01</emphasis> restart "
16537
"<application>nagios</application>:"
16538
msgstr ""
16539
16540
#: serverguide/C/monitoring.xml:383(para)
16541
msgid ""
16542
"You should now be able to see the host and service checks in the Nagios CGI "
16543
"files. To access them point a browser to http://server01/nagios3. You will "
16544
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16545
"password."
16546
msgstr ""
16547
16548
#: serverguide/C/monitoring.xml:393(para)
16549
msgid ""
16550
"This section has just scratched the surface of Nagios' features. The "
16551
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16552
"plugins</application> contain many more service checks."
16553
msgstr ""
16554
16555
#: serverguide/C/monitoring.xml:400(para)
16556
msgid ""
16557
"For more information see <ulink "
16558
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16559
msgstr ""
16560
16561
#: serverguide/C/monitoring.xml:405(para)
16562
msgid ""
16563
"Specifically the <ulink "
16564
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16565
"site."
16566
msgstr ""
16567
16568
#: serverguide/C/monitoring.xml:410(para)
16569
msgid ""
16570
"There is also a list of <ulink "
16571
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16572
"Nagios and network monitoring:"
16573
msgstr ""
16574
16575
#: serverguide/C/monitoring.xml:416(para)
16576
msgid ""
16577
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16578
"Wiki</ulink> page also has more details."
16579
msgstr ""
16580
16581
#: serverguide/C/monitoring.xml:425(title)
16582
msgid "Munin"
16583
msgstr ""
16584
16585
#: serverguide/C/monitoring.xml:430(para)
16586
msgid ""
16587
"Before installing <application>Munin</application> on "
16588
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16589
"be installed. The default configuration is fine for running a "
16590
"<application>munin</application> server. For more information see <xref "
16591
"linkend=\"httpd\"/>."
16592
msgstr ""
16593
16594
#: serverguide/C/monitoring.xml:436(para)
16595
msgid ""
16596
"First, on <emphasis>server01</emphasis> install "
16597
"<application>munin</application>. In a terminal enter:"
16598
msgstr ""
16599
16600
#: serverguide/C/monitoring.xml:441(command)
16601
msgid "sudo apt-get install munin"
16602
msgstr ""
16603
16604
#: serverguide/C/monitoring.xml:444(para)
16605
msgid ""
16606
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16607
"node</application> package:"
16608
msgstr ""
16609
16610
#: serverguide/C/monitoring.xml:449(command)
16611
msgid "sudo apt-get install munin-node"
16612
msgstr ""
16613
16614
#: serverguide/C/monitoring.xml:456(para)
16615
msgid ""
16616
"On <emphasis>server01</emphasis> edit the "
16617
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16618
"<emphasis>server02</emphasis>:"
16619
msgstr ""
16620
16621
#: serverguide/C/monitoring.xml:461(programlisting)
16622
#, no-wrap
16623
msgid ""
16624
"\n"
16625
"## First our \"normal\" host.\n"
16626
"[server02]\n"
16627
" address 172.18.100.101\n"
16628
msgstr ""
16629
16630
#: serverguide/C/monitoring.xml:468(para)
16631
msgid ""
16632
"Replace <emphasis>server02</emphasis> and "
16633
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16634
"for your server."
16635
msgstr ""
16636
16637
#: serverguide/C/monitoring.xml:474(para)
16638
msgid ""
16639
"Next, configure <application>munin-node</application> on "
16640
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16641
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16642
msgstr ""
16643
16644
#: serverguide/C/monitoring.xml:479(programlisting)
16645
#, no-wrap
16646
msgid ""
16647
"\n"
16648
"allow ^172\\.18\\.100\\.100$\n"
16649
msgstr ""
16650
16651
#: serverguide/C/monitoring.xml:484(para)
16652
msgid ""
16653
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16654
"<application>munin</application> server."
16655
msgstr ""
16656
16657
#: serverguide/C/monitoring.xml:489(para)
16658
msgid ""
16659
"Now restart <application>munin-node</application> on "
16660
"<emphasis>server02</emphasis> for the changes to take effect:"
16661
msgstr ""
16662
"ឥឡូវ ផ្តើមឡើងវិញ <application>munin-node</application> on "
16663
"<emphasis>server02</emphasis> សំរាប់បំលាស់ប្តូរ ទទួលផល ៖"
16664
16665
#: serverguide/C/monitoring.xml:494(command)
16666
msgid "sudo /etc/init.d/munin-node restart"
16667
msgstr ""
16668
16669
#: serverguide/C/monitoring.xml:497(para)
16670
msgid ""
16671
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16672
"you should see links to nice graphs displaying information from the standard "
16673
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16674
msgstr ""
16675
16676
#: serverguide/C/monitoring.xml:503(para)
16677
msgid ""
16678
"Since this is a new install it may take some time for the graphs to display "
16679
"anything useful."
16680
msgstr ""
16681
16682
#: serverguide/C/monitoring.xml:510(title)
16683
msgid "Additional Plugins"
16684
msgstr ""
16685
16686
#: serverguide/C/monitoring.xml:512(para)
16687
msgid ""
16688
"The <application>munin-plugins-extra</application> package contains "
16689
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16690
"install the package, from a terminal enter:"
16691
msgstr ""
16692
16693
#: serverguide/C/monitoring.xml:518(command)
16694
msgid "sudo apt-get install munin-plugins-extra"
16695
msgstr ""
16696
16697
#: serverguide/C/monitoring.xml:521(para)
16698
msgid "Be sure to install the package on both the server and node machines."
16699
msgstr ""
16700
16701
#: serverguide/C/monitoring.xml:531(para)
16702
msgid ""
16703
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16704
"website for more details."
16705
msgstr ""
16706
16707
#: serverguide/C/monitoring.xml:536(para)
16708
msgid ""
16709
"Specifically the <ulink "
16710
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16711
"Documentation</ulink> page includes information on additional plugins, "
16712
"writing plugins, etc."
16713
msgstr ""
16714
16715
#: serverguide/C/monitoring.xml:542(para)
16716
msgid ""
16717
"Also, there is a book in German by Open Source Press: <ulink "
16718
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16719
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16720
msgstr ""
16721
16722
#: serverguide/C/monitoring.xml:548(para)
16723
msgid ""
16724
"Another resource is the <ulink "
16725
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16726
"page."
16727
msgstr ""
16728
16729
#: serverguide/C/mail.xml:13(title)
16730
msgid "Email Services"
16731
msgstr ""
16732
16733
#: serverguide/C/mail.xml:14(para)
16734
msgid ""
16735
"The process of getting an email from one person to another over a network or "
16736
"the Internet involves many systems working together. Each of these systems "
16737
"must be correctly configured for the process to work. The sender uses a "
16738
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16739
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16740
"the last of which will hand it off to a <emphasis>Mail Delivery "
16741
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16742
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16743
"IMAP server."
16744
msgstr ""
16745
16746
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16747
msgid "Postfix"
16748
msgstr ""
16749
16750
#: serverguide/C/mail.xml:25(para)
16751
msgid ""
16752
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16753
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16754
"compatible with the MTA <application>sendmail</application>. This section "
16755
"explains how to install and configure <application>postfix</application>. It "
16756
"also explains how to set it up as an SMTP server using a secure connection "
16757
"(for sending emails securely)."
16758
msgstr ""
16759
16760
#: serverguide/C/mail.xml:34(para)
16761
msgid ""
16762
"This guide does not cover setting up Postfix <emphasis>Virtual "
16763
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16764
"configurations see <xref linkend=\"postfix-references\"/>."
16765
msgstr ""
16766
16767
#: serverguide/C/mail.xml:41(para)
16768
msgid ""
16769
"To install <application>postfix</application> run the following command:"
16770
msgstr ""
16771
16772
#: serverguide/C/mail.xml:47(para)
16773
msgid ""
16774
"Simply press return when the installation process asks questions, the "
16775
"configuration will be done in greater detail in the next stage."
16776
msgstr ""
16777
16778
#: serverguide/C/mail.xml:52(title)
16779
msgid "Basic Configuration"
16780
msgstr ""
16781
16782
#: serverguide/C/mail.xml:53(para)
16783
msgid ""
16784
"To configure <application>postfix</application>, run the following command:"
16785
msgstr ""
16786
16787
#: serverguide/C/mail.xml:57(command)
16788
msgid "sudo dpkg-reconfigure postfix"
16789
msgstr ""
16790
16791
#: serverguide/C/mail.xml:63(para)
16792
msgid "Internet Site"
16793
msgstr ""
16794
16795
#: serverguide/C/mail.xml:64(para)
16796
msgid "mail.example.com"
16797
msgstr ""
16798
16799
#: serverguide/C/mail.xml:65(para)
16800
msgid "steve"
16801
msgstr ""
16802
16803
#: serverguide/C/mail.xml:66(para)
16804
msgid "mail.example.com, localhost.localdomain, localhost"
16805
msgstr ""
16806
16807
#: serverguide/C/mail.xml:67(para)
16808
msgid "No"
16809
msgstr ""
16810
16811
#: serverguide/C/mail.xml:68(para)
16812
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16813
msgstr ""
16814
16815
#: serverguide/C/mail.xml:69(para)
16816
msgid "0"
16817
msgstr ""
16818
16819
#: serverguide/C/mail.xml:70(para)
16820
msgid "+"
16821
msgstr ""
16822
16823
#: serverguide/C/mail.xml:71(para)
16824
msgid "all"
16825
msgstr ""
16826
16827
#: serverguide/C/mail.xml:59(para)
16828
msgid ""
16829
"The user interface will be displayed. On each screen, select the following "
16830
"values: <placeholder-1/>"
16831
msgstr ""
16832
16833
#: serverguide/C/mail.xml:75(para)
16834
msgid ""
16835
"Replace mail.example.com with the domain for which you'll accept email, "
16836
"192.168.0.0/24 with the actual network and class range of your mail server, "
16837
"and steve with the appropriate username."
16838
msgstr ""
16839
16840
#: serverguide/C/mail.xml:81(para)
16841
msgid ""
16842
"Now is a good time to decide which mailbox format you want to use. By "
16843
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16844
"mailbox format. Rather than editing the configuration file directly, you can "
16845
"use the <command>postconf</command> command to configure all "
16846
"<application>postfix</application> parameters. The configuration parameters "
16847
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16848
"you wish to re-configure a particular parameter, you can either run the "
16849
"command or change it manually in the file."
16850
msgstr ""
16851
16852
#: serverguide/C/mail.xml:92(para)
16853
msgid ""
16854
"To configure the mailbox format for <emphasis "
16855
"role=\"strong\">Maildir:</emphasis>"
16856
msgstr ""
16857
16858
#: serverguide/C/mail.xml:97(command)
16859
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
16860
msgstr ""
16861
16862
#: serverguide/C/mail.xml:100(para)
16863
msgid ""
16864
"This will place new mail in /home/<emphasis "
16865
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
16866
"your Mail Delivery Agent (MDA) to use the same path."
16867
msgstr ""
16868
16869
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
16870
msgid "SMTP Authentication"
16871
msgstr ""
16872
16873
#: serverguide/C/mail.xml:110(para)
16874
msgid ""
16875
"SMTP-AUTH allows a client to identify itself through an authentication "
16876
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
16877
"the authentication process. Once authenticated the SMTP server will allow "
16878
"the client to relay mail."
16879
msgstr ""
16880
16881
#: serverguide/C/mail.xml:117(para)
16882
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
16883
msgstr ""
16884
16885
#: serverguide/C/mail.xml:120(screen)
16886
#, no-wrap
16887
msgid ""
16888
"\n"
16889
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16890
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16891
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16892
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16893
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16894
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16895
"sudo postconf -e 'smtpd_recipient_restrictions = "
16896
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16897
"sudo postconf -e 'inet_interfaces = all'\n"
16898
msgstr ""
16899
16900
#: serverguide/C/mail.xml:131(para)
16901
msgid ""
16902
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
16903
"the Postfix queue directory."
16904
msgstr ""
16905
16906
#: serverguide/C/mail.xml:137(para)
16907
msgid ""
16908
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
16909
"and-security\"/> for details. This example also uses a Certificate Authority "
16910
"(CA). For information on generating a CA certificate see <xref "
16911
"linkend=\"certificate-authority\"/>."
16912
msgstr ""
16913
16914
#: serverguide/C/mail.xml:143(para)
16915
msgid ""
16916
"You can get the digital certificate from a certificate authority. But unlike "
16917
"web clients, SMTP clients rarely complain about \"self-signed "
16918
"certificates\", so alternatively, you can create the certificate yourself. "
16919
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
16920
"details."
16921
msgstr ""
16922
16923
#: serverguide/C/mail.xml:155(para)
16924
msgid ""
16925
"Once you have a certificate, configure Postfix to provide TLS encryption for "
16926
"both incoming and outgoing mail:"
16927
msgstr ""
16928
16929
#: serverguide/C/mail.xml:158(screen)
16930
#, no-wrap
16931
msgid ""
16932
"\n"
16933
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
16934
"sudo postconf -e 'smtp_use_tls = yes'\n"
16935
"sudo postconf -e 'smtpd_use_tls = yes'\n"
16936
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
16937
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
16938
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
16939
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
16940
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
16941
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
16942
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
16943
"sudo postconf -e 'myhostname = mail.example.com'\n"
16944
msgstr ""
16945
16946
#: serverguide/C/mail.xml:173(para)
16947
msgid ""
16948
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
16949
"the certificate enter:"
16950
msgstr ""
16951
16952
#: serverguide/C/mail.xml:177(command)
16953
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
16954
msgstr ""
16955
16956
#: serverguide/C/mail.xml:180(para)
16957
msgid ""
16958
"Again, for more details about certificates see <xref linkend=\"certificates-"
16959
"and-security\"/>."
16960
msgstr ""
16961
16962
#: serverguide/C/mail.xml:186(para)
16963
msgid ""
16964
"After running all the commands, <application>Postfix</application> is "
16965
"configured for SMTP-AUTH and a self-signed certificate has been created for "
16966
"TLS encryption."
16967
msgstr ""
16968
16969
#: serverguide/C/mail.xml:191(para)
16970
msgid ""
16971
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
16972
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
16973
msgstr ""
16974
16975
#: serverguide/C/mail.xml:195(para)
16976
msgid ""
16977
"The postfix initial configuration is complete. Run the following command to "
16978
"restart the postfix daemon:"
16979
msgstr ""
16980
16981
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
16982
msgid "sudo /etc/init.d/postfix restart"
16983
msgstr ""
16984
16985
#: serverguide/C/mail.xml:204(para)
16986
msgid ""
16987
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
16988
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
16989
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
16990
"However it is still necessary to set up SASL authentication before you can "
16991
"use SMTP-AUTH."
16992
msgstr ""
16993
16994
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
16995
msgid "Configuring SASL"
16996
msgstr ""
16997
16998
#: serverguide/C/mail.xml:215(para)
16999
msgid ""
17000
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17001
"enable Dovecot SASL the <application>dovecot-common</application> package "
17002
"will need to be installed. From a terminal prompt enter the following:"
17003
msgstr ""
17004
17005
#: serverguide/C/mail.xml:221(command)
17006
msgid "sudo apt-get install dovecot-common"
17007
msgstr ""
17008
17009
#: serverguide/C/mail.xml:223(para)
17010
msgid ""
17011
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17012
"In the <emphasis>auth default</emphasis> section uncomment the "
17013
"<emphasis>socket listen</emphasis> option and change the following:"
17014
msgstr ""
17015
17016
#: serverguide/C/mail.xml:227(programlisting)
17017
#, no-wrap
17018
msgid ""
17019
"\n"
17020
" socket listen {\n"
17021
" #master {\n"
17022
" # Master socket provides access to userdb information. It's typically\n"
17023
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17024
" # can find mailbox locations.\n"
17025
" #path = /var/run/dovecot/auth-master\n"
17026
" #mode = 0600\n"
17027
" # Default user/group is the one who started dovecot-auth (root)\n"
17028
" #user = \n"
17029
" #group = \n"
17030
" #}\n"
17031
" client {\n"
17032
" # The client socket is generally safe to export to everyone. Typical "
17033
"use\n"
17034
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17035
" # using it.\n"
17036
" path = /var/spool/postfix/private/auth-client\n"
17037
" mode = 0660\n"
17038
" user = postfix\n"
17039
" group = postfix\n"
17040
" }\n"
17041
" }\n"
17042
msgstr ""
17043
17044
#: serverguide/C/mail.xml:251(para)
17045
msgid ""
17046
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17047
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17048
"add <emphasis>\"login\"</emphasis>:"
17049
msgstr ""
17050
17051
#: serverguide/C/mail.xml:256(programlisting)
17052
#, no-wrap
17053
msgid ""
17054
"\n"
17055
" mechanisms = plain login\n"
17056
msgstr ""
17057
17058
#: serverguide/C/mail.xml:260(para)
17059
msgid ""
17060
"Once you have <application>Dovecot</application> configured restart it with:"
17061
msgstr ""
17062
17063
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17064
msgid "sudo /etc/init.d/dovecot restart"
17065
msgstr ""
17066
17067
#: serverguide/C/mail.xml:269(title)
17068
msgid "Postfix-Dovecot"
17069
msgstr ""
17070
17071
#: serverguide/C/mail.xml:271(para)
17072
msgid ""
17073
"Another option for configuring <application>Postfix</application> for SMTP-"
17074
"AUTH is using the <application>dovecot-postfix</application> package. This "
17075
"package will install <application>Dovecot</application> and configure "
17076
"<application>Postfix</application> to use it for both SASL authentication "
17077
"and as a Mail Delivery Agent (MDA). The package also configures "
17078
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17079
msgstr ""
17080
17081
#: serverguide/C/mail.xml:280(para)
17082
msgid ""
17083
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17084
"server. For example, if you are configuring your server to be a mail "
17085
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17086
"the above commands to configure Postfix for SMTPAUTH."
17087
msgstr ""
17088
17089
#: serverguide/C/mail.xml:287(para)
17090
msgid "To install the package, from a terminal prompt enter:"
17091
msgstr ""
17092
17093
#: serverguide/C/mail.xml:292(command)
17094
msgid "sudo apt-get install dovecot-postfix"
17095
msgstr ""
17096
17097
#: serverguide/C/mail.xml:295(para)
17098
msgid ""
17099
"You should now have a working mail server, but there are a few options that "
17100
"you may wish to further customize. For example, the package uses the "
17101
"certificate and key from the <application>ssl-cert</application> package, "
17102
"and in a production environment you should use a certificate and key "
17103
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17104
"for more details."
17105
msgstr ""
17106
17107
#: serverguide/C/mail.xml:301(para)
17108
msgid ""
17109
"Once you have a customized certificate and key for the host, change the "
17110
"following options in <filename>/etc/postfix/main.cf</filename>:"
17111
msgstr ""
17112
17113
#: serverguide/C/mail.xml:305(programlisting)
17114
#, no-wrap
17115
msgid ""
17116
"\n"
17117
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17118
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17119
msgstr ""
17120
17121
#: serverguide/C/mail.xml:310(para)
17122
msgid "Then restart Postfix:"
17123
msgstr ""
17124
17125
#: serverguide/C/mail.xml:321(para)
17126
msgid ""
17127
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17128
msgstr ""
17129
17130
#: serverguide/C/mail.xml:324(para)
17131
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17132
msgstr ""
17133
17134
#: serverguide/C/mail.xml:329(command)
17135
msgid "telnet mail.example.com 25"
17136
msgstr ""
17137
17138
#: serverguide/C/mail.xml:331(para)
17139
msgid ""
17140
"After you have established the connection to the postfix mail server, type:"
17141
msgstr ""
17142
17143
#: serverguide/C/mail.xml:335(screen)
17144
#, no-wrap
17145
msgid ""
17146
"\n"
17147
"ehlo mail.example.com\n"
17148
msgstr ""
17149
17150
#: serverguide/C/mail.xml:338(para)
17151
msgid ""
17152
"If you see the following lines among others, then everything is working "
17153
"perfectly. Type <command>quit</command> to exit."
17154
msgstr ""
17155
17156
#: serverguide/C/mail.xml:342(programlisting)
17157
#, no-wrap
17158
msgid ""
17159
"\n"
17160
"250-STARTTLS\n"
17161
"250-AUTH LOGIN PLAIN\n"
17162
"250-AUTH=LOGIN PLAIN\n"
17163
"250 8BITMIME\n"
17164
msgstr ""
17165
17166
#: serverguide/C/mail.xml:352(para)
17167
msgid ""
17168
"This section introduces some common ways to determine the cause if problems "
17169
"arise."
17170
msgstr ""
17171
17172
#: serverguide/C/mail.xml:356(title)
17173
msgid "Escaping chroot"
17174
msgstr ""
17175
17176
#: serverguide/C/mail.xml:357(para)
17177
msgid ""
17178
"The Ubuntu <application>postfix</application> package will by default "
17179
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17180
"This can add greater complexity when troubleshooting problems."
17181
msgstr ""
17182
17183
#: serverguide/C/mail.xml:361(para)
17184
msgid ""
17185
"To turn off the chroot operation locate for the following line in the "
17186
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17187
msgstr ""
17188
17189
#: serverguide/C/mail.xml:365(screen)
17190
#, no-wrap
17191
msgid ""
17192
"\n"
17193
"smtp inet n - - - - smtpd\n"
17194
msgstr ""
17195
17196
#: serverguide/C/mail.xml:368(para)
17197
msgid "and modify it as follows:"
17198
msgstr ""
17199
17200
#: serverguide/C/mail.xml:371(screen)
17201
#, no-wrap
17202
msgid ""
17203
"\n"
17204
"smtp inet n - n - - smtpd\n"
17205
msgstr ""
17206
17207
#: serverguide/C/mail.xml:374(para)
17208
msgid ""
17209
"You will then need to restart Postfix to use the new configuration. From a "
17210
"terminal prompt enter:"
17211
msgstr ""
17212
17213
#: serverguide/C/mail.xml:382(title)
17214
msgid "Log Files"
17215
msgstr ""
17216
17217
#: serverguide/C/mail.xml:383(para)
17218
msgid ""
17219
"<application>Postfix</application> sends all log messages to "
17220
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17221
"can sometimes get lost in the normal log output so they are also logged to "
17222
"<filename>/var/log/mail.err</filename> and "
17223
"<filename>/var/log/mail.warn</filename> respectively."
17224
msgstr ""
17225
17226
#: serverguide/C/mail.xml:388(para)
17227
msgid ""
17228
"To see messages entered into the logs in real time you can use the "
17229
"<application>tail -f</application> command:"
17230
msgstr ""
17231
17232
#: serverguide/C/mail.xml:393(command)
17233
msgid "tail -f /var/log/mail.err"
17234
msgstr ""
17235
17236
#: serverguide/C/mail.xml:395(para)
17237
msgid ""
17238
"The amount of detail that is recorded in the logs can be increased. Below "
17239
"are some configuration options for increasing the log level for some of the "
17240
"areas covered above."
17241
msgstr ""
17242
17243
#: serverguide/C/mail.xml:401(para)
17244
msgid ""
17245
"To increase <emphasis>TLS</emphasis> activity logging set the "
17246
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17247
msgstr ""
17248
17249
#: serverguide/C/mail.xml:405(command)
17250
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17251
msgstr ""
17252
17253
#: serverguide/C/mail.xml:409(para)
17254
msgid ""
17255
"If you are having trouble sending or receiving mail from a specific domain "
17256
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17257
msgstr ""
17258
17259
#: serverguide/C/mail.xml:414(command)
17260
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17261
msgstr ""
17262
17263
#: serverguide/C/mail.xml:418(para)
17264
msgid ""
17265
"You can increase the verbosity of any <application>Postfix</application> "
17266
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17267
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17268
"<emphasis>smtp</emphasis> entry:"
17269
msgstr ""
17270
17271
#: serverguide/C/mail.xml:422(programlisting)
17272
#, no-wrap
17273
msgid ""
17274
"\n"
17275
"smtp unix - - - - - smtp -v\n"
17276
msgstr ""
17277
17278
#: serverguide/C/mail.xml:428(para)
17279
msgid ""
17280
"It is important to note that after making one of the logging changes above "
17281
"the <application>Postfix</application> process will need to be reloaded in "
17282
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17283
"reload</command>"
17284
msgstr ""
17285
17286
#: serverguide/C/mail.xml:435(para)
17287
msgid ""
17288
"To increase the amount of information logged when troubleshooting "
17289
"<emphasis>SASL</emphasis> issues you can set the following options in "
17290
"<filename>/etc/dovecot/dovecot.conf</filename>"
17291
msgstr ""
17292
17293
#: serverguide/C/mail.xml:439(programlisting)
17294
#, no-wrap
17295
msgid ""
17296
"\n"
17297
"auth_debug=yes\n"
17298
"auth_debug_passwords=yes\n"
17299
msgstr ""
17300
17301
#: serverguide/C/mail.xml:446(para)
17302
msgid ""
17303
"Just like <application>Postfix</application> if you change a "
17304
"<application>Dovecot</application> configuration the process will need to be "
17305
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17306
msgstr ""
17307
17308
#: serverguide/C/mail.xml:452(para)
17309
msgid ""
17310
"Some of the options above can drastically increase the amount of information "
17311
"sent to the log files. Remember to return the log level back to normal after "
17312
"you have corrected the problem. Then reload the appropriate daemon for the "
17313
"new configuration to take affect."
17314
msgstr ""
17315
17316
#: serverguide/C/mail.xml:460(para)
17317
msgid ""
17318
"Administering a <application>Postfix</application> server can be a very "
17319
"complicated task. At some point you may need to turn to the Ubuntu community "
17320
"for more experienced help."
17321
msgstr ""
17322
17323
#: serverguide/C/mail.xml:464(para)
17324
msgid ""
17325
"A great place to ask for <application>Postfix</application> assistance, and "
17326
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17327
"server</emphasis> IRC channel on <ulink "
17328
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17329
"one of the <ulink "
17330
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17331
msgstr ""
17332
17333
#: serverguide/C/mail.xml:469(para)
17334
msgid ""
17335
"For in depth <application>Postfix</application> information Ubuntu "
17336
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17337
"Book of Postfix</ulink>."
17338
msgstr ""
17339
17340
#: serverguide/C/mail.xml:473(para)
17341
msgid ""
17342
"Finally, the <ulink "
17343
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17344
"also has great documentation on all the different configuration options "
17345
"available."
17346
msgstr ""
17347
17348
#: serverguide/C/mail.xml:477(para)
17349
msgid ""
17350
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17351
"Wiki Postifx</ulink> page has more information."
17352
msgstr ""
17353
17354
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17355
msgid "Exim4"
17356
msgstr ""
17357
17358
#: serverguide/C/mail.xml:486(para)
17359
msgid ""
17360
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17361
"developed at the University of Cambridge for use on Unix systems connected "
17362
"to the Internet. Exim can be installed in place of "
17363
"<application>sendmail</application>, although the configuration of "
17364
"<application>exim</application> is quite different to that of "
17365
"<application>sendmail</application>."
17366
msgstr ""
17367
17368
#: serverguide/C/mail.xml:497(para)
17369
msgid ""
17370
"To install <application>exim4</application>, run the following command: "
17371
"<screen>\n"
17372
"<command>sudo apt-get install exim4</command>\n"
17373
"</screen>"
17374
msgstr ""
17375
17376
#: serverguide/C/mail.xml:506(para)
17377
msgid ""
17378
"To configure <application>Exim4</application>, run the following command:"
17379
msgstr ""
17380
17381
#: serverguide/C/mail.xml:510(command)
17382
msgid "sudo dpkg-reconfigure exim4-config"
17383
msgstr ""
17384
17385
#: serverguide/C/mail.xml:512(para)
17386
msgid ""
17387
"The user interface will be displayed. The user interface lets you configure "
17388
"many parameters. For example, In <application>Exim4</application> the "
17389
"configuration files are split among multiple files. If you wish to have them "
17390
"in one file you can configure accordingly in this user interface."
17391
msgstr ""
17392
17393
#: serverguide/C/mail.xml:520(para)
17394
msgid ""
17395
"All the parameters you configure in the user interface are stored in "
17396
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17397
"re-configure, either you re-run the configuration wizard or manually edit "
17398
"this file using your favorite editor. Once you configure, you can run the "
17399
"following command to generate the master configuration file:"
17400
msgstr ""
17401
17402
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17403
msgid "sudo update-exim4.conf"
17404
msgstr ""
17405
17406
#: serverguide/C/mail.xml:533(para)
17407
msgid ""
17408
"The master configuration file, is generated and it is stored in "
17409
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17410
msgstr ""
17411
17412
#: serverguide/C/mail.xml:539(para)
17413
msgid ""
17414
"At any time, you should not edit the master configuration file, "
17415
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17416
"updated automatically every time you run <command>update-exim4.conf</command>"
17417
msgstr ""
17418
17419
#: serverguide/C/mail.xml:547(para)
17420
msgid ""
17421
"You can run the following command to start <application>Exim4</application> "
17422
"daemon."
17423
msgstr ""
17424
17425
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17426
msgid "sudo /etc/init.d/exim4 start"
17427
msgstr ""
17428
17429
#: serverguide/C/mail.xml:557(para)
17430
msgid ""
17431
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17432
msgstr ""
17433
17434
#: serverguide/C/mail.xml:560(para)
17435
msgid ""
17436
"The first step is to create a certificate for use with TLS. Enter the "
17437
"following into a terminal prompt:"
17438
msgstr ""
17439
17440
#: serverguide/C/mail.xml:564(command)
17441
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17442
msgstr ""
17443
17444
#: serverguide/C/mail.xml:566(para)
17445
msgid ""
17446
"Now Exim4 needs to be configured for TLS by editing "
17447
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17448
"the following:"
17449
msgstr ""
17450
17451
#: serverguide/C/mail.xml:570(programlisting)
17452
#, no-wrap
17453
msgid ""
17454
"\n"
17455
"MAIN_TLS_ENABLE = yes\n"
17456
msgstr ""
17457
17458
#: serverguide/C/mail.xml:573(para)
17459
msgid ""
17460
"Next you need to configure <application>Exim4</application> to use the "
17461
"<application>saslauthd</application> for authentication. Edit "
17462
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17463
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17464
"<emphasis>login_saslauthd_server</emphasis> sections:"
17465
msgstr ""
17466
17467
#: serverguide/C/mail.xml:578(programlisting)
17468
#, no-wrap
17469
msgid ""
17470
"\n"
17471
" plain_saslauthd_server:\n"
17472
" driver = plaintext\n"
17473
" public_name = PLAIN\n"
17474
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17475
" server_set_id = $auth2\n"
17476
" server_prompts = :\n"
17477
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17478
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17479
" .endif\n"
17480
"#\n"
17481
" login_saslauthd_server:\n"
17482
" driver = plaintext\n"
17483
" public_name = LOGIN\n"
17484
" server_prompts = \"Username:: : Password::\"\n"
17485
" # don't send system passwords over unencrypted connections\n"
17486
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17487
" server_set_id = $auth1\n"
17488
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17489
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17490
" .endif\n"
17491
msgstr ""
17492
17493
#: serverguide/C/mail.xml:600(para)
17494
msgid "Finally, update the Exim4 configuration and restart the service:"
17495
msgstr ""
17496
17497
#: serverguide/C/mail.xml:605(command)
17498
msgid "sudo /etc/init.d/exim4 restart"
17499
msgstr ""
17500
17501
#: serverguide/C/mail.xml:610(para)
17502
msgid ""
17503
"This section provides details on configuring the saslauthd to provide "
17504
"authentication for <application>Exim4</application>."
17505
msgstr ""
17506
17507
#: serverguide/C/mail.xml:613(para)
17508
msgid ""
17509
"The first step is to install the sasl2-bin package. From a terminal prompt "
17510
"enter the following:"
17511
msgstr ""
17512
17513
#: serverguide/C/mail.xml:617(command)
17514
msgid "sudo apt-get install sasl2-bin"
17515
msgstr ""
17516
17517
#: serverguide/C/mail.xml:619(para)
17518
msgid ""
17519
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17520
"and set START=no to:"
17521
msgstr ""
17522
17523
#: serverguide/C/mail.xml:622(programlisting)
17524
#, no-wrap
17525
msgid ""
17526
"\n"
17527
"START=yes\n"
17528
msgstr ""
17529
17530
#: serverguide/C/mail.xml:625(para)
17531
msgid ""
17532
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17533
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17534
"service:"
17535
msgstr ""
17536
17537
#: serverguide/C/mail.xml:630(command)
17538
msgid "sudo adduser Debian-exim sasl"
17539
msgstr ""
17540
17541
#: serverguide/C/mail.xml:632(para)
17542
msgid "Now start the <application>saslauthd</application> service:"
17543
msgstr ""
17544
17545
#: serverguide/C/mail.xml:636(command)
17546
msgid "sudo /etc/init.d/saslauthd start"
17547
msgstr ""
17548
17549
#: serverguide/C/mail.xml:638(para)
17550
msgid ""
17551
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17552
"and SASL authentication."
17553
msgstr ""
17554
17555
#: serverguide/C/mail.xml:647(para)
17556
msgid ""
17557
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17558
"information."
17559
msgstr ""
17560
17561
#: serverguide/C/mail.xml:652(para)
17562
msgid ""
17563
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17564
"server\">Exim4 Book</ulink> available."
17565
msgstr ""
17566
17567
#: serverguide/C/mail.xml:657(para)
17568
msgid ""
17569
"Another resource is the <ulink "
17570
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17571
"page."
17572
msgstr ""
17573
17574
#: serverguide/C/mail.xml:666(title)
17575
msgid "Dovecot Server"
17576
msgstr ""
17577
17578
#: serverguide/C/mail.xml:667(para)
17579
msgid ""
17580
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17581
"security primarily in mind. It supports the major mailbox formats: mbox or "
17582
"Maildir. This section explain how to set it up as an imap or pop3 server."
17583
msgstr ""
17584
17585
#: serverguide/C/mail.xml:675(para)
17586
msgid ""
17587
"To install <application>dovecot</application>, run the following command in "
17588
"the command prompt:"
17589
msgstr ""
17590
17591
#: serverguide/C/mail.xml:680(command)
17592
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17593
msgstr ""
17594
17595
#: serverguide/C/mail.xml:685(para)
17596
msgid ""
17597
"To configure <application>dovecot</application>, you can edit the file "
17598
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17599
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17600
"secure). A description of these protocols is beyond the scope of this guide. "
17601
"For further information, refer to the Wikipedia articles on <ulink "
17602
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17603
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17604
"link>."
17605
msgstr ""
17606
17607
#: serverguide/C/mail.xml:695(para)
17608
msgid ""
17609
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17610
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17611
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17612
msgstr ""
17613
17614
#: serverguide/C/mail.xml:701(programlisting)
17615
#, no-wrap
17616
msgid ""
17617
"\n"
17618
"protocols = pop3 pop3s imap imaps\n"
17619
msgstr ""
17620
17621
#: serverguide/C/mail.xml:704(para)
17622
msgid ""
17623
"Next, choose the mailbox you would like to use. "
17624
"<application>Dovecot</application> supports <emphasis "
17625
"role=\"strong\">maildir</emphasis> and <emphasis "
17626
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17627
"mailbox formats. They both have their own benefits and are discussed on "
17628
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17629
"site</ulink>."
17630
msgstr ""
17631
17632
#: serverguide/C/mail.xml:712(para)
17633
msgid ""
17634
"Once you have chosen your mailbox type, edit the file "
17635
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17636
msgstr ""
17637
17638
#: serverguide/C/mail.xml:717(programlisting)
17639
#, no-wrap
17640
msgid ""
17641
"\n"
17642
"mail_location = maildir:~/Maildir # (for maildir)\n"
17643
"or\n"
17644
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17645
msgstr ""
17646
17647
#: serverguide/C/mail.xml:723(para)
17648
msgid ""
17649
"You should configure your Mail Transport Agent (MTA) to transfer the "
17650
"incoming mail to this type of mailbox if it is different from the one you "
17651
"have configured."
17652
msgstr ""
17653
17654
#: serverguide/C/mail.xml:729(para)
17655
msgid ""
17656
"Once you have configured dovecot, restart the "
17657
"<application>dovecot</application> daemon in order to test your setup:"
17658
msgstr ""
17659
17660
#: serverguide/C/mail.xml:738(para)
17661
msgid ""
17662
"If you have enabled imap, or pop3, you can also try to log in with the "
17663
"commands <command>telnet localhost pop3</command> or <command>telnet "
17664
"localhost imap2</command>. If you see something like the following, the "
17665
"installation has been successful:"
17666
msgstr ""
17667
17668
#: serverguide/C/mail.xml:745(programlisting)
17669
#, no-wrap
17670
msgid ""
17671
"\n"
17672
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17673
"Trying 127.0.0.1...\n"
17674
"Connected to localhost.localdomain.\n"
17675
"Escape character is '^]'.\n"
17676
"+OK Dovecot ready.\n"
17677
msgstr ""
17678
17679
#: serverguide/C/mail.xml:754(title)
17680
msgid "Dovecot SSL Configuration"
17681
msgstr ""
17682
17683
#: serverguide/C/mail.xml:755(para)
17684
msgid ""
17685
"To configure <application>dovecot</application> to use SSL, you can edit the "
17686
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17687
"lines:"
17688
msgstr ""
17689
17690
#: serverguide/C/mail.xml:760(programlisting)
17691
#, no-wrap
17692
msgid ""
17693
"\n"
17694
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17695
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17696
"ssl_disable = no\n"
17697
"disable_plaintext_auth = no\n"
17698
msgstr ""
17699
17700
#: serverguide/C/mail.xml:766(para)
17701
msgid ""
17702
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17703
"can create self signed SSL certificate. The latter is a good option for "
17704
"email, because SMTP clients rarely complain about \"self-signed "
17705
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17706
"security\"/> for details about how to create self signed SSL certificate. "
17707
"Once you create the certificate, you will have a key file and a certificate "
17708
"file. Please copy them to the location pointed in the "
17709
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17710
msgstr ""
17711
17712
#: serverguide/C/mail.xml:781(title)
17713
msgid "Firewall Configuration for an Email Server"
17714
msgstr ""
17715
17716
#: serverguide/C/mail.xml:787(para)
17717
msgid "IMAP - 143"
17718
msgstr ""
17719
17720
#: serverguide/C/mail.xml:788(para)
17721
msgid "IMAPS - 993"
17722
msgstr ""
17723
17724
#: serverguide/C/mail.xml:789(para)
17725
msgid "POP3 - 110"
17726
msgstr ""
17727
17728
#: serverguide/C/mail.xml:790(para)
17729
msgid "POP3S - 995"
17730
msgstr ""
17731
17732
#: serverguide/C/mail.xml:782(para)
17733
msgid ""
17734
"To access your mail server from another computer, you must configure your "
17735
"firewall to allow connections to the server on the necessary ports. "
17736
"<placeholder-1/>"
17737
msgstr ""
17738
17739
#: serverguide/C/mail.xml:799(para)
17740
msgid ""
17741
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17742
"more information."
17743
msgstr ""
17744
17745
#: serverguide/C/mail.xml:804(para)
17746
msgid ""
17747
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17748
"Ubuntu Wiki</ulink> page has more details."
17749
msgstr ""
17750
17751
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17752
msgid "Mailman"
17753
msgstr ""
17754
17755
#: serverguide/C/mail.xml:814(para)
17756
msgid ""
17757
"Mailman is an open source program for managing electronic mail discussions "
17758
"and e-newsletter lists. Many open source mailing lists (including all the "
17759
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17760
"Mailman as their mailing list software. It is powerful and easy to install "
17761
"and maintain."
17762
msgstr ""
17763
17764
#: serverguide/C/mail.xml:824(para)
17765
msgid ""
17766
"Mailman provides a web interface for the administrators and users, using an "
17767
"external mail server to send and receive emails. It works perfectly with the "
17768
"following mail servers:"
17769
msgstr ""
17770
17771
#: serverguide/C/mail.xml:835(application)
17772
msgid "Exim"
17773
msgstr ""
17774
17775
#: serverguide/C/mail.xml:838(application)
17776
msgid "Sendmail"
17777
msgstr ""
17778
17779
#: serverguide/C/mail.xml:841(application)
17780
msgid "Qmail"
17781
msgstr ""
17782
17783
#: serverguide/C/mail.xml:846(para)
17784
msgid ""
17785
"We will see how to install and configure Mailman with, the Apache web "
17786
"server, and either the Postfix or Exim mail server. If you wish to install "
17787
"Mailman with a different mail server, please refer to the references section."
17788
msgstr ""
17789
17790
#: serverguide/C/mail.xml:853(para)
17791
msgid ""
17792
"You only need to install one mail server and "
17793
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17794
msgstr ""
17795
17796
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17797
msgid "Apache2"
17798
msgstr ""
17799
17800
#: serverguide/C/mail.xml:859(para)
17801
msgid ""
17802
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17803
"installation\">HTTPD Installation</ulink> section for details."
17804
msgstr ""
17805
17806
#: serverguide/C/mail.xml:867(para)
17807
msgid ""
17808
"For instructions on installing and configuring Postfix refer to <xref "
17809
"linkend=\"postfix\"/>"
17810
msgstr ""
17811
17812
#: serverguide/C/mail.xml:873(para)
17813
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17814
msgstr ""
17815
17816
#: serverguide/C/mail.xml:884(application)
17817
msgid "dc_use_split_config='true'"
17818
msgstr ""
17819
17820
#: serverguide/C/mail.xml:876(para)
17821
msgid ""
17822
"Once exim4 is installed, the configuration files are stored in the "
17823
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17824
"configuration files are split across different files. You can change this "
17825
"behavior by changing the following variable in the "
17826
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17827
msgstr ""
17828
17829
#: serverguide/C/mail.xml:891(para)
17830
msgid ""
17831
"To install <application>Mailman</application>, run following command at a "
17832
"terminal prompt:"
17833
msgstr ""
17834
17835
#: serverguide/C/mail.xml:895(command)
17836
msgid "sudo apt-get install mailman"
17837
msgstr ""
17838
17839
#: serverguide/C/mail.xml:897(para)
17840
msgid ""
17841
"It copies the installation files in "
17842
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17843
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17844
"creates <emphasis>list</emphasis> linux user. It creates the "
17845
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17846
"this user."
17847
msgstr ""
17848
17849
#: serverguide/C/mail.xml:909(para)
17850
msgid ""
17851
"This section assumes you have successfully installed "
17852
"<application>mailman</application>, <application>apache2</application>, and "
17853
"<application>postfix</application> or <application>exim4</application>. Now "
17854
"you just need to configure them."
17855
msgstr ""
17856
17857
#: serverguide/C/mail.xml:918(para)
17858
msgid ""
17859
"An example Apache configuration file comes with "
17860
"<application>Mailman</application> and is placed in "
17861
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
17862
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
17863
"available</filename>:"
17864
msgstr ""
17865
17866
#: serverguide/C/mail.xml:924(command)
17867
msgid ""
17868
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17869
msgstr ""
17870
17871
#: serverguide/C/mail.xml:926(para)
17872
msgid ""
17873
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
17874
"Mailman administration site. Now enable the new configuration and restart "
17875
"Apache:"
17876
msgstr ""
17877
17878
#: serverguide/C/mail.xml:931(command)
17879
msgid "sudo a2ensite mailman.conf"
17880
msgstr ""
17881
17882
#: serverguide/C/mail.xml:934(para)
17883
msgid ""
17884
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
17885
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
17886
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
17887
"can make changes to the <filename>/etc/apache2/sites-"
17888
"available/mailman.conf</filename> file if you wish to change this behavior."
17889
msgstr ""
17890
17891
#: serverguide/C/mail.xml:945(para)
17892
msgid ""
17893
"For <application>Postfix</application> integration, we will associate the "
17894
"domain lists.example.com with the mailing lists. Please replace "
17895
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
17896
msgstr ""
17897
17898
#: serverguide/C/mail.xml:949(para)
17899
msgid ""
17900
"You can use the postconf command to add the necessary configuration to "
17901
"<filename>/etc/postfix/main.cf</filename>:"
17902
msgstr ""
17903
17904
#: serverguide/C/mail.xml:953(command)
17905
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
17906
msgstr ""
17907
17908
#: serverguide/C/mail.xml:954(command)
17909
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
17910
msgstr ""
17911
17912
#: serverguide/C/mail.xml:955(command)
17913
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
17914
msgstr ""
17915
17916
#: serverguide/C/mail.xml:957(para)
17917
msgid ""
17918
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
17919
"the following transport:"
17920
msgstr ""
17921
17922
#: serverguide/C/mail.xml:960(programlisting)
17923
#, no-wrap
17924
msgid ""
17925
"\n"
17926
"mailman unix - n n - - pipe\n"
17927
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
17928
" ${nexthop} ${user}\n"
17929
msgstr ""
17930
17931
#: serverguide/C/mail.xml:965(para)
17932
msgid ""
17933
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
17934
"is delivered to a list."
17935
msgstr ""
17936
17937
#: serverguide/C/mail.xml:968(para)
17938
msgid ""
17939
"Associate the domain lists.example.com to the Mailman transport with the "
17940
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
17941
msgstr ""
17942
17943
#: serverguide/C/mail.xml:971(programlisting)
17944
#, no-wrap
17945
msgid ""
17946
"\n"
17947
"lists.example.com mailman:\n"
17948
msgstr ""
17949
17950
#: serverguide/C/mail.xml:974(para)
17951
msgid ""
17952
"Now have <application>Postfix</application> build the transport map by "
17953
"entering the following from a terminal prompt:"
17954
msgstr ""
17955
17956
#: serverguide/C/mail.xml:978(command)
17957
msgid "sudo postmap -v /etc/postfix/transport"
17958
msgstr ""
17959
17960
#: serverguide/C/mail.xml:980(para)
17961
msgid "Then restart Postfix to enable the new configurations:"
17962
msgstr ""
17963
17964
#: serverguide/C/mail.xml:989(para)
17965
msgid ""
17966
"Once Exim4 is installed, you can start the Exim server using the following "
17967
"command from a terminal prompt:"
17968
msgstr ""
17969
17970
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
17971
msgid "Main"
17972
msgstr ""
17973
17974
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
17975
msgid "Transport"
17976
msgstr ""
17977
17978
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
17979
msgid "Router"
17980
msgstr ""
17981
17982
#: serverguide/C/mail.xml:996(para)
17983
msgid ""
17984
"In order to make mailman work with Exim4, you need to configure Exim4. As "
17985
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
17986
"different types. For details, please refer to the <ulink "
17987
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
17988
"add new a configuration file to the following configuration types: "
17989
"<placeholder-1/> Exim creates a master configuration file by sorting all "
17990
"these mini configuration files. So, the order of these configuration files "
17991
"is very important."
17992
msgstr ""
17993
17994
#: serverguide/C/mail.xml:1027(programlisting)
17995
#, no-wrap
17996
msgid ""
17997
"\n"
17998
"# start\n"
17999
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18000
"# directory.\n"
18001
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18002
"# This is normally the same as ~mailman\n"
18003
"MM_HOME=/var/lib/mailman\n"
18004
"#\n"
18005
"# User and group for Mailman, should match your --with-mail-gid\n"
18006
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18007
"MM_UID=list\n"
18008
"MM_GID=list\n"
18009
"#\n"
18010
"# Domains that your lists are in - colon separated list\n"
18011
"# you may wish to add these into local_domains as well\n"
18012
"domainlist mm_domains=hostname.com\n"
18013
"#\n"
18014
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18015
"#\n"
18016
"# These values are derived from the ones above and should not need\n"
18017
"# editing unless you have munged your mailman installation\n"
18018
"#\n"
18019
"# The path of the Mailman mail wrapper script\n"
18020
"MM_WRAP=MM_HOME/mail/mailman\n"
18021
"#\n"
18022
"# The path of the list config file (used as a required file when\n"
18023
"# verifying list addresses)\n"
18024
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18025
"# end\n"
18026
msgstr ""
18027
18028
#: serverguide/C/mail.xml:1021(para)
18029
msgid ""
18030
"All the configuration files belonging to the main type are stored in the "
18031
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18032
"following content to a new file, named <filename>04_exim4-"
18033
"config_mailman</filename>: <placeholder-1/>"
18034
msgstr ""
18035
18036
#: serverguide/C/mail.xml:1067(programlisting)
18037
#, no-wrap
18038
msgid ""
18039
"\n"
18040
" mailman_transport:\n"
18041
" driver = pipe\n"
18042
" command = MM_WRAP \\\n"
18043
" '${if def:local_part_suffix \\\n"
18044
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18045
"\\\n"
18046
" {post}}' \\\n"
18047
" $local_part\n"
18048
" current_directory = MM_HOME\n"
18049
" home_directory = MM_HOME\n"
18050
" user = MM_UID\n"
18051
" group = MM_GID\n"
18052
msgstr ""
18053
18054
#: serverguide/C/mail.xml:1061(para)
18055
msgid ""
18056
"All the configuration files belonging to transport type are stored in the "
18057
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18058
"following content to a new file named <filename> 40_exim4-"
18059
"config_mailman</filename>: <placeholder-1/>"
18060
msgstr ""
18061
18062
#: serverguide/C/mail.xml:1088(programlisting)
18063
#, no-wrap
18064
msgid ""
18065
"\n"
18066
" mailman_router:\n"
18067
" driver = accept\n"
18068
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18069
" local_part_suffix_optional\n"
18070
" local_part_suffix = -bounces : -bounces+* : \\\n"
18071
" -confirm+* : -join : -leave : \\\n"
18072
" -owner : -request : -admin\n"
18073
" transport = mailman_transport\n"
18074
msgstr ""
18075
18076
#: serverguide/C/mail.xml:1084(para)
18077
msgid ""
18078
"All the configuration files belonging to router type are stored in the "
18079
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18080
"following content in to a new file named <filename>101_exim4-"
18081
"config_mailman</filename>: <placeholder-1/>"
18082
msgstr ""
18083
18084
#: serverguide/C/mail.xml:1101(para)
18085
msgid ""
18086
"The order of main and transport configuration files can be in any order. "
18087
"But, the order of router configuration files must be the same. This "
18088
"particular file must appear before the <application>200_exim4-"
18089
"config_primary</application> file. These two configuration files contain "
18090
"same type of information. The first file takes the precedence. For more "
18091
"details, please refer to the references section."
18092
msgstr ""
18093
18094
#: serverguide/C/mail.xml:1114(para)
18095
msgid ""
18096
"Once mailman is installed, you can run it using the following command:"
18097
msgstr ""
18098
18099
#: serverguide/C/mail.xml:1118(command)
18100
msgid "sudo /etc/init.d/mailman start"
18101
msgstr ""
18102
18103
#: serverguide/C/mail.xml:1120(para)
18104
msgid ""
18105
"Once mailman is installed, you should create the default mailing list. Run "
18106
"the following command to create the mailing list:"
18107
msgstr ""
18108
18109
#: serverguide/C/mail.xml:1126(command)
18110
msgid "sudo /usr/sbin/newlist mailman"
18111
msgstr ""
18112
18113
#: serverguide/C/mail.xml:1129(programlisting)
18114
#, no-wrap
18115
msgid ""
18116
"\n"
18117
" Enter the email address of the person running the list: bhuvan at "
18118
"ubuntu.com\n"
18119
" Initial mailman password:\n"
18120
" To finish creating your mailing list, you must edit your "
18121
"<filename>/etc/aliases</filename> (or\n"
18122
" equivalent) file by adding the following lines, and possibly running the\n"
18123
" `newaliases' program:\n"
18124
"\n"
18125
" ## mailman mailing list\n"
18126
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18127
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18128
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18129
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18130
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18131
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18132
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18133
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18134
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18135
"mailman\"\n"
18136
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18137
"mailman\"\n"
18138
"\n"
18139
" Hit enter to notify mailman owner...\n"
18140
"\n"
18141
" # \n"
18142
msgstr ""
18143
18144
#: serverguide/C/mail.xml:1152(para)
18145
msgid ""
18146
"We have configured either Postfix or Exim4 to recognize all emails from "
18147
"mailman. So, it is not mandatory to make any new entries in "
18148
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18149
"configuration files, please ensure that you restart those services before "
18150
"continuing to next section."
18151
msgstr ""
18152
18153
#: serverguide/C/mail.xml:1160(para)
18154
msgid ""
18155
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18156
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18157
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18158
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18159
msgstr ""
18160
18161
#: serverguide/C/mail.xml:1171(title)
18162
msgid "Administration"
18163
msgstr ""
18164
18165
#: serverguide/C/mail.xml:1172(para)
18166
msgid ""
18167
"We assume you have a default installation. The mailman cgi scripts are still "
18168
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18169
"Mailman provides a web based administration facility. To access this page, "
18170
"point your browser to the following url:"
18171
msgstr ""
18172
18173
#: serverguide/C/mail.xml:1180(para)
18174
msgid "http://hostname/cgi-bin/mailman/admin"
18175
msgstr ""
18176
18177
#: serverguide/C/mail.xml:1184(para)
18178
msgid ""
18179
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18180
"screen. If you click the mailing list name, it will ask for your "
18181
"authentication password. If you enter the correct password, you will be able "
18182
"to change administrative settings of this mailing list. You can create a new "
18183
"mailing list using the command line utility "
18184
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18185
"mailing list using the web interface."
18186
msgstr ""
18187
18188
#: serverguide/C/mail.xml:1197(title)
18189
msgid "Users"
18190
msgstr ""
18191
18192
#: serverguide/C/mail.xml:1198(para)
18193
msgid ""
18194
"Mailman provides a web based interface for users. To access this page, point "
18195
"your browser to the following url:"
18196
msgstr ""
18197
18198
#: serverguide/C/mail.xml:1203(para)
18199
msgid "http://hostname/cgi-bin/mailman/listinfo"
18200
msgstr ""
18201
18202
#: serverguide/C/mail.xml:1207(para)
18203
msgid ""
18204
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18205
"screen. If you click the mailing list name, it will display the subscription "
18206
"form. You can enter your email address, name (optional), and password to "
18207
"subscribe. An email invitation will be sent to you. You can follow the "
18208
"instructions in the email to subscribe."
18209
msgstr ""
18210
18211
#: serverguide/C/mail.xml:1219(ulink)
18212
msgid "GNU Mailman - Installation Manual"
18213
msgstr ""
18214
18215
#: serverguide/C/mail.xml:1223(ulink)
18216
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18217
msgstr ""
18218
18219
#: serverguide/C/mail.xml:1226(para)
18220
msgid ""
18221
"Also, see the <ulink "
18222
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18223
"Wiki</ulink> page."
18224
msgstr ""
18225
18226
#: serverguide/C/mail.xml:1232(title)
18227
msgid "Mail Filtering"
18228
msgstr ""
18229
18230
#: serverguide/C/mail.xml:1233(para)
18231
msgid ""
18232
"One of the largest issues with email today is the problem of Unsolicited "
18233
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18234
"and other forms of malware. According to some reports these messages make up "
18235
"the bulk of all email traffic on the Internet."
18236
msgstr ""
18237
18238
#: serverguide/C/mail.xml:1238(para)
18239
msgid ""
18240
"This section will cover integrating <application>Amavisd-new</application>, "
18241
"<application>Spamassassin</application>, and "
18242
"<application>ClamAV</application> with the "
18243
"<application>Postfix</application> Mail Transport Agent (MTA). "
18244
"<application>Postfix</application> can also check email validity by passing "
18245
"it through external content filters. These filters can sometimes determine "
18246
"if a message is spam without needing to process it with more resource "
18247
"intensive applications. Two common filters are "
18248
"<application>opendkim</application> and <application>python-policyd-"
18249
"spf</application>."
18250
msgstr ""
18251
18252
#: serverguide/C/mail.xml:1248(para)
18253
msgid ""
18254
"<application>Amavisd-new</application> is a wrapper program that can call "
18255
"any number of content filtering programs for spam detection, antivirus, etc."
18256
msgstr ""
18257
18258
#: serverguide/C/mail.xml:1254(para)
18259
msgid ""
18260
"<application>Spamassassin</application> uses a variety of mechanisms to "
18261
"filter email based on the message content."
18262
msgstr ""
18263
18264
#: serverguide/C/mail.xml:1259(para)
18265
msgid ""
18266
"<application>ClamAV</application> is an open source antivirus application."
18267
msgstr ""
18268
18269
#: serverguide/C/mail.xml:1264(para)
18270
msgid ""
18271
"<application>opendkim</application> implements a Sendmail Mail Filter "
18272
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18273
msgstr ""
18274
18275
#: serverguide/C/mail.xml:1270(para)
18276
msgid ""
18277
"<application>python-policyd-spf</application> enables Sender Policy "
18278
"Framework (SPF) checking with <application>Postfix</application>."
18279
msgstr ""
18280
18281
#: serverguide/C/mail.xml:1275(para)
18282
msgid "This is how the pieces fit together:"
18283
msgstr ""
18284
18285
#: serverguide/C/mail.xml:1280(para)
18286
msgid "An email message is accepted by <application>Postfix</application>."
18287
msgstr ""
18288
18289
#: serverguide/C/mail.xml:1285(para)
18290
msgid ""
18291
"The message is passed through any external filters "
18292
"<application>opendkim</application> and <application>python-policyd-"
18293
"spf</application> in this case."
18294
msgstr ""
18295
18296
#: serverguide/C/mail.xml:1291(para)
18297
msgid "<application>Amavisd-new</application> then processes the message."
18298
msgstr ""
18299
18300
#: serverguide/C/mail.xml:1296(para)
18301
msgid ""
18302
"<application>ClamAV</application> is used to scan the message. If the "
18303
"message contains a virus <application>Postfix</application> will reject the "
18304
"message."
18305
msgstr ""
18306
18307
#: serverguide/C/mail.xml:1302(para)
18308
msgid ""
18309
"Clean messages will then be analyzed by "
18310
"<application>Spamassassin</application> to find out if the message is spam. "
18311
"<application>Spamassassin</application> will then add X-Header lines "
18312
"allowing <application>Amavisd-new</application> to further manipulate the "
18313
"message."
18314
msgstr ""
18315
18316
#: serverguide/C/mail.xml:1309(para)
18317
msgid ""
18318
"For example, if a message has a Spam score of over fifty the message could "
18319
"be automatically dropped from the queue without the recipient ever having to "
18320
"be bothered. Another, way to handle flagged messages is to deliver them to "
18321
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18322
"see fit."
18323
msgstr ""
18324
18325
#: serverguide/C/mail.xml:1316(para)
18326
msgid ""
18327
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18328
"configuring Postfix."
18329
msgstr ""
18330
18331
#: serverguide/C/mail.xml:1319(para)
18332
msgid ""
18333
"To install the rest of the applications enter the following from a terminal "
18334
"prompt:"
18335
msgstr ""
18336
18337
#: serverguide/C/mail.xml:1323(command)
18338
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18339
msgstr ""
18340
18341
#: serverguide/C/mail.xml:1324(command)
18342
msgid "sudo apt-get install opendkim python-policyd-spf"
18343
msgstr ""
18344
18345
#: serverguide/C/mail.xml:1326(para)
18346
msgid ""
18347
"There are some optional packages that integrate with "
18348
"<application>Spamassassin</application> for better spam detection:"
18349
msgstr ""
18350
18351
#: serverguide/C/mail.xml:1330(command)
18352
msgid "sudo apt-get install pyzor razor"
18353
msgstr ""
18354
18355
#: serverguide/C/mail.xml:1332(para)
18356
msgid ""
18357
"Along with the main filtering applications compression utilities are needed "
18358
"to process some email attachments:"
18359
msgstr ""
18360
18361
#: serverguide/C/mail.xml:1336(command)
18362
msgid ""
18363
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18364
msgstr ""
18365
18366
#: serverguide/C/mail.xml:1339(para)
18367
msgid ""
18368
"If some packages are not found, check that the "
18369
"<emphasis>multiverse</emphasis> repository is enabled in "
18370
"<filename>/etc/apt/sources.list</filename>"
18371
msgstr ""
18372
18373
#: serverguide/C/mail.xml:1340(para)
18374
msgid ""
18375
"If you make changes to the file, be sure to run <command>sudo apt-get "
18376
"update</command> before trying to install again."
18377
msgstr ""
18378
18379
#: serverguide/C/mail.xml:1345(para)
18380
msgid "Now configure everything to work together and filter email."
18381
msgstr ""
18382
18383
#: serverguide/C/mail.xml:1349(title)
18384
msgid "ClamAV"
18385
msgstr ""
18386
18387
#: serverguide/C/mail.xml:1350(para)
18388
msgid ""
18389
"The default behaviour of <application>ClamAV</application> will fit our "
18390
"needs. For more ClamAV configuration options, check the configuration files "
18391
"in <filename>/etc/clamav</filename>."
18392
msgstr ""
18393
18394
#: serverguide/C/mail.xml:1355(para)
18395
msgid ""
18396
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18397
"group in order for <application>Amavisd-new</application> to have the "
18398
"appropriate access to scan files:"
18399
msgstr ""
18400
18401
#: serverguide/C/mail.xml:1360(command)
18402
msgid "sudo adduser clamav amavis"
18403
msgstr ""
18404
18405
#: serverguide/C/mail.xml:1364(title)
18406
msgid "Spamassassin"
18407
msgstr ""
18408
18409
#: serverguide/C/mail.xml:1365(para)
18410
msgid ""
18411
"Spamassassin automatically detects optional components and will use them if "
18412
"they are present. This means that there is no need to configure "
18413
"<application>pyzor</application> and <application>razor</application>."
18414
msgstr ""
18415
18416
#: serverguide/C/mail.xml:1369(para)
18417
msgid ""
18418
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18419
"<application>Spamassassin</application> daemon. Change "
18420
"<emphasis>ENABLED=0</emphasis> to:"
18421
msgstr ""
18422
18423
#: serverguide/C/mail.xml:1373(programlisting)
18424
#, no-wrap
18425
msgid ""
18426
"\n"
18427
"ENABLED=1\n"
18428
msgstr ""
18429
18430
#: serverguide/C/mail.xml:1376(para)
18431
msgid "Now start the daemon:"
18432
msgstr ""
18433
18434
#: serverguide/C/mail.xml:1380(command)
18435
msgid "sudo /etc/init.d/spamassassin start"
18436
msgstr ""
18437
18438
#: serverguide/C/mail.xml:1384(title)
18439
msgid "Amavisd-new"
18440
msgstr ""
18441
18442
#: serverguide/C/mail.xml:1385(para)
18443
msgid ""
18444
"First activate spam and antivirus detection in <application>Amavisd-"
18445
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18446
"content_filter_mode</filename>:"
18447
msgstr ""
18448
18449
#: serverguide/C/mail.xml:1389(programlisting)
18450
#, no-wrap
18451
msgid ""
18452
"\n"
18453
"use strict;\n"
18454
"\n"
18455
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18456
"# and to re-enable antivirus checking.\n"
18457
"\n"
18458
"#\n"
18459
"# Default antivirus checking mode\n"
18460
"# Uncomment the two lines below to enable it\n"
18461
"#\n"
18462
"\n"
18463
"@bypass_virus_checks_maps = (\n"
18464
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18465
"$bypass_virus_checks_re);\n"
18466
"\n"
18467
"\n"
18468
"#\n"
18469
"# Default SPAM checking mode\n"
18470
"# Uncomment the two lines below to enable it\n"
18471
"#\n"
18472
"\n"
18473
"@bypass_spam_checks_maps = (\n"
18474
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18475
"$bypass_spam_checks_re);\n"
18476
"\n"
18477
"1; # insure a defined return\n"
18478
msgstr ""
18479
18480
#: serverguide/C/mail.xml:1414(para)
18481
msgid ""
18482
"Bouncing spam can be a bad idea as the return address is often faked. "
18483
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18484
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18485
"D_BOUNCE, as follows:"
18486
msgstr ""
18487
18488
#: serverguide/C/mail.xml:1420(programlisting)
18489
#, no-wrap
18490
msgid ""
18491
"\n"
18492
"$final_spam_destiny = D_DISCARD;\n"
18493
msgstr ""
18494
18495
#: serverguide/C/mail.xml:1424(para)
18496
msgid ""
18497
"Additionally, you may want to adjust the following options to flag more "
18498
"messages as spam:"
18499
msgstr ""
18500
18501
#: serverguide/C/mail.xml:1428(programlisting)
18502
#, no-wrap
18503
msgid ""
18504
"\n"
18505
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18506
"level\n"
18507
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18508
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18509
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18510
msgstr ""
18511
18512
#: serverguide/C/mail.xml:1435(para)
18513
msgid ""
18514
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18515
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18516
"option. Also, if the server receives mail for multiple domains the "
18517
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18518
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18519
msgstr ""
18520
18521
#: serverguide/C/mail.xml:1442(programlisting)
18522
#, no-wrap
18523
msgid ""
18524
"\n"
18525
"$myhostname = 'mail.example.com';\n"
18526
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18527
msgstr ""
18528
18529
#: serverguide/C/mail.xml:1447(para)
18530
msgid ""
18531
"After configuration <application>Amavisd-new</application> needs to be "
18532
"restarted:"
18533
msgstr ""
18534
18535
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18536
msgid "sudo /etc/init.d/amavis restart"
18537
msgstr ""
18538
18539
#: serverguide/C/mail.xml:1454(title)
18540
msgid "DKIM Whitelist"
18541
msgstr ""
18542
18543
#: serverguide/C/mail.xml:1456(para)
18544
msgid ""
18545
"<application>Amavisd-new</application> can be configured to automatically "
18546
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18547
"Keys. There are some pre-configured domains in the "
18548
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18549
msgstr ""
18550
18551
#: serverguide/C/mail.xml:1462(para)
18552
msgid "There are multiple ways to configure the Whitelist for a domain:"
18553
msgstr ""
18554
18555
#: serverguide/C/mail.xml:1468(para)
18556
msgid ""
18557
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18558
"address from the \"example.com\" domain."
18559
msgstr ""
18560
18561
#: serverguide/C/mail.xml:1473(para)
18562
msgid ""
18563
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18564
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18565
"have a valid signature."
18566
msgstr ""
18567
18568
#: serverguide/C/mail.xml:1479(para)
18569
msgid ""
18570
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18571
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18572
"role=\"italic\">example.com</emphasis> the parent domain."
18573
msgstr ""
18574
18575
#: serverguide/C/mail.xml:1485(para)
18576
msgid ""
18577
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18578
"that have a valid signature from \"example.com\". This is usually used for "
18579
"discussion groups that sign their messages."
18580
msgstr ""
18581
18582
#: serverguide/C/mail.xml:1492(para)
18583
msgid ""
18584
"A domain can also have multiple Whitelist configurations. After, editing the "
18585
"file restart <application>amaisd-new</application>:"
18586
msgstr ""
18587
18588
#: serverguide/C/mail.xml:1501(para)
18589
msgid ""
18590
"In this context, once a domain has been added to the Whitelist the message "
18591
"will not receive any anti-virus or spam filtering. This may or may not be "
18592
"the intended behavior you wish for a domain."
18593
msgstr ""
18594
18595
#: serverguide/C/mail.xml:1511(para)
18596
msgid ""
18597
"For <application>Postfix</application> integration, enter the following from "
18598
"a terminal prompt:"
18599
msgstr ""
18600
18601
#: serverguide/C/mail.xml:1515(command)
18602
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18603
msgstr ""
18604
18605
#: serverguide/C/mail.xml:1517(para)
18606
msgid ""
18607
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18608
"to the end of the file:"
18609
msgstr ""
18610
18611
#: serverguide/C/mail.xml:1520(programlisting)
18612
#, no-wrap
18613
msgid ""
18614
"\n"
18615
"smtp-amavis unix - - - - 2 smtp\n"
18616
" -o smtp_data_done_timeout=1200\n"
18617
" -o smtp_send_xforward_command=yes\n"
18618
" -o disable_dns_lookups=yes\n"
18619
" -o max_use=20\n"
18620
"\n"
18621
"127.0.0.1:10025 inet n - - - - smtpd\n"
18622
" -o content_filter=\n"
18623
" -o local_recipient_maps=\n"
18624
" -o relay_recipient_maps=\n"
18625
" -o smtpd_restriction_classes=\n"
18626
" -o smtpd_delay_reject=no\n"
18627
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18628
" -o smtpd_helo_restrictions=\n"
18629
" -o smtpd_sender_restrictions=\n"
18630
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18631
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18632
" -o smtpd_end_of_data_restrictions=\n"
18633
" -o mynetworks=127.0.0.0/8\n"
18634
" -o smtpd_error_sleep_time=0\n"
18635
" -o smtpd_soft_error_limit=1001\n"
18636
" -o smtpd_hard_error_limit=1000\n"
18637
" -o smtpd_client_connection_count_limit=0\n"
18638
" -o smtpd_client_connection_rate_limit=0\n"
18639
" -o "
18640
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18641
msgstr ""
18642
18643
#: serverguide/C/mail.xml:1547(para)
18644
msgid ""
18645
"Also add the following two lines immediately below the "
18646
"<emphasis>\"pickup\"</emphasis> transport service:"
18647
msgstr ""
18648
18649
#: serverguide/C/mail.xml:1550(programlisting)
18650
#, no-wrap
18651
msgid ""
18652
"\n"
18653
" -o content_filter=\n"
18654
" -o receive_override_options=no_header_body_checks\n"
18655
msgstr ""
18656
18657
#: serverguide/C/mail.xml:1554(para)
18658
msgid ""
18659
"This will prevent messages that are generated to report on spam from being "
18660
"classified as spam."
18661
msgstr ""
18662
18663
#: serverguide/C/mail.xml:1557(para)
18664
msgid "Now restart <application>Postfix</application>:"
18665
msgstr ""
18666
18667
#: serverguide/C/mail.xml:1563(para)
18668
msgid "Content filtering with spam and virus detection is now enabled."
18669
msgstr ""
18670
18671
#: serverguide/C/mail.xml:1569(title)
18672
msgid "Amavisd-new and Spamassassin"
18673
msgstr ""
18674
18675
#: serverguide/C/mail.xml:1571(para)
18676
msgid ""
18677
"When integrating <application>Amavisd-new</application> with "
18678
"<application>Spamassassin</application>, if you choose to disable the bayes "
18679
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
18680
"<application>cron</application> to update the nightly rules, the result can "
18681
"cause a situation where a large amount of error messages are sent to the "
18682
"<emphasis>amavis</emphasis> user via the amavisd-new "
18683
"<application>cron</application> job."
18684
msgstr ""
18685
18686
#: serverguide/C/mail.xml:1578(para)
18687
msgid "There are several ways to handle this situation:"
18688
msgstr ""
18689
18690
#: serverguide/C/mail.xml:1584(para)
18691
msgid "Configure your MDA to filter messages you do not wish to see."
18692
msgstr ""
18693
18694
#: serverguide/C/mail.xml:1589(para)
18695
msgid ""
18696
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18697
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18698
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
18699
"the top before the <emphasis>test</emphasis> statements:"
18700
msgstr ""
18701
18702
#: serverguide/C/mail.xml:1593(programlisting)
18703
#, no-wrap
18704
msgid ""
18705
"\n"
18706
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
18707
"exit 0\n"
18708
msgstr ""
18709
18710
#: serverguide/C/mail.xml:1603(para)
18711
msgid ""
18712
"First, test that the <application>Amavisd-new</application> SMTP is "
18713
"listening:"
18714
msgstr ""
18715
18716
#: serverguide/C/mail.xml:1606(programlisting)
18717
#, no-wrap
18718
msgid ""
18719
"\n"
18720
"telnet localhost 10024\n"
18721
"Trying 127.0.0.1...\n"
18722
"Connected to localhost.\n"
18723
"Escape character is '^]'.\n"
18724
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18725
"^]\n"
18726
msgstr ""
18727
18728
#: serverguide/C/mail.xml:1614(para)
18729
msgid ""
18730
"In the Header of messages that go through the content filter you should see:"
18731
msgstr ""
18732
18733
#: serverguide/C/mail.xml:1617(programlisting)
18734
#, no-wrap
18735
msgid ""
18736
"\n"
18737
"X-Spam-Level: \n"
18738
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18739
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18740
"BAYES_00\n"
18741
"X-Spam-Level: \n"
18742
msgstr ""
18743
18744
#: serverguide/C/mail.xml:1624(para)
18745
msgid ""
18746
"Your output will vary, but the important thing is that there are <emphasis>X-"
18747
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18748
msgstr ""
18749
18750
#: serverguide/C/mail.xml:1632(para)
18751
msgid ""
18752
"The best way to figure out why something is going wrong is to check the log "
18753
"files."
18754
msgstr ""
18755
18756
#: serverguide/C/mail.xml:1637(para)
18757
msgid ""
18758
"For instructions on <application>Postfix</application> logging see the <xref "
18759
"linkend=\"postfix-troubleshooting\"/> section."
18760
msgstr ""
18761
18762
#: serverguide/C/mail.xml:1643(para)
18763
msgid ""
18764
"<application>Amavisd-new</application> uses "
18765
"<application>Syslog</application> to send messages to "
18766
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18767
"increased by adding the <emphasis>$log_level</emphasis> option to "
18768
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18769
"1 to 5."
18770
msgstr ""
18771
18772
#: serverguide/C/mail.xml:1648(programlisting)
18773
#, no-wrap
18774
msgid ""
18775
"\n"
18776
"$log_level = 2;\n"
18777
msgstr ""
18778
18779
#: serverguide/C/mail.xml:1652(para)
18780
msgid ""
18781
"When the <application>Amavisd-new</application> log output is increased "
18782
"<application>Spamassassin</application> log output is also increased."
18783
msgstr ""
18784
18785
#: serverguide/C/mail.xml:1659(para)
18786
msgid ""
18787
"The <application>ClamAV</application> log level can be increased by editing "
18788
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18789
msgstr ""
18790
18791
#: serverguide/C/mail.xml:1663(programlisting)
18792
#, no-wrap
18793
msgid ""
18794
"\n"
18795
"LogVerbose true\n"
18796
msgstr ""
18797
18798
#: serverguide/C/mail.xml:1666(para)
18799
msgid ""
18800
"By default <application>ClamAV</application> will send log messages to "
18801
"<filename>/var/log/clamav/clamav.log</filename>."
18802
msgstr ""
18803
18804
#: serverguide/C/mail.xml:1672(para)
18805
msgid ""
18806
"After changing an applications log settings remember to restart the service "
18807
"for the new settings to take affect. Also, once the issue you are "
18808
"troubleshooting is resolved it is a good idea to change the log settings "
18809
"back to normal."
18810
msgstr ""
18811
18812
#: serverguide/C/mail.xml:1680(para)
18813
msgid "For more information on filtering mail see the following links:"
18814
msgstr ""
18815
18816
#: serverguide/C/mail.xml:1686(ulink)
18817
msgid "Amavisd-new Documentation"
18818
msgstr ""
18819
18820
#: serverguide/C/mail.xml:1690(para)
18821
msgid ""
18822
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18823
"Documentation</ulink> and <ulink "
18824
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18825
msgstr ""
18826
18827
#: serverguide/C/mail.xml:1697(ulink)
18828
msgid "Spamassassin Wiki"
18829
msgstr ""
18830
18831
#: serverguide/C/mail.xml:1702(ulink)
18832
msgid "Pyzor Homepage"
18833
msgstr ""
18834
18835
#: serverguide/C/mail.xml:1707(ulink)
18836
msgid "Razor Homepage"
18837
msgstr ""
18838
18839
#: serverguide/C/mail.xml:1712(ulink)
18840
msgid "DKIM.org"
18841
msgstr ""
18842
18843
#: serverguide/C/mail.xml:1717(ulink)
18844
msgid "Postfix Amavis New"
18845
msgstr ""
18846
18847
#: serverguide/C/mail.xml:1721(para)
18848
msgid ""
18849
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18850
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18851
msgstr ""
18852
18853
#: serverguide/C/lamp-applications.xml:13(title)
18854
msgid "LAMP Applications"
18855
msgstr ""
18856
18857
#: serverguide/C/lamp-applications.xml:19(para)
18858
msgid ""
18859
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18860
"Ubuntu servers. There is a plethora of Open Source applications written "
18861
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18862
"Content Management Systems, and Management Software such as phpMyAdmin."
18863
msgstr ""
18864
18865
#: serverguide/C/lamp-applications.xml:26(para)
18866
msgid ""
18867
"One advantage of LAMP is the substantial flexibility for different database, "
18868
"web server, and scripting languages. Popular substitutes for MySQL include "
18869
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18870
"instead of PHP."
18871
msgstr ""
18872
18873
#: serverguide/C/lamp-applications.xml:32(para)
18874
msgid ""
18875
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18876
"is:"
18877
msgstr ""
18878
18879
#: serverguide/C/lamp-applications.xml:38(para)
18880
msgid "Download an archive containing the application source files."
18881
msgstr ""
18882
18883
#: serverguide/C/lamp-applications.xml:43(para)
18884
msgid ""
18885
"Unpack the archive, usually in a directory accessible to a web server."
18886
msgstr ""
18887
18888
#: serverguide/C/lamp-applications.xml:48(para)
18889
msgid ""
18890
"Depending on where the source was extracted, configure a web server to serve "
18891
"the files."
18892
msgstr ""
18893
18894
#: serverguide/C/lamp-applications.xml:53(para)
18895
msgid "Configure the application to connect to the database."
18896
msgstr ""
18897
18898
#: serverguide/C/lamp-applications.xml:58(para)
18899
msgid ""
18900
"Run a script, or browse to a page of the application, to install the "
18901
"database needed by the application."
18902
msgstr ""
18903
18904
#: serverguide/C/lamp-applications.xml:63(para)
18905
msgid ""
18906
"Once the steps above, or similar steps, are completed you are ready to begin "
18907
"using the application."
18908
msgstr ""
18909
18910
#: serverguide/C/lamp-applications.xml:69(para)
18911
msgid ""
18912
"A disadvantage of using this approach is that the application files are not "
18913
"placed in the file system in a standard way, which can cause confusion as to "
18914
"where the application is installed. Another larger disadvantage is updating "
18915
"the application. When a new version is released, the same process used to "
18916
"install the application is needed to apply updates."
18917
msgstr ""
18918
18919
#: serverguide/C/lamp-applications.xml:76(para)
18920
msgid ""
18921
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
18922
"packaged for Ubuntu, and are available for installation in the same way as "
18923
"non-LAMP applications. Depending on the application some extra configuration "
18924
"and setup steps may be needed, however."
18925
msgstr ""
18926
18927
#: serverguide/C/lamp-applications.xml:82(para)
18928
msgid ""
18929
"This section covers howto install and configure the Wiki applications "
18930
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
18931
"and the MySQL management application <application>phpMyAdmin</application>."
18932
msgstr ""
18933
18934
#: serverguide/C/lamp-applications.xml:88(para)
18935
msgid ""
18936
"A Wiki is a website that allows the visitors to easily add, remove and "
18937
"modify available content easily. The ease of interaction and operation makes "
18938
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
18939
"also referred to the collaborative software."
18940
msgstr ""
18941
18942
#: serverguide/C/lamp-applications.xml:100(title)
18943
msgid "Moin Moin"
18944
msgstr ""
18945
18946
#: serverguide/C/lamp-applications.xml:102(para)
18947
msgid ""
18948
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
18949
"engine, and licensed under the GNU GPL."
18950
msgstr ""
18951
18952
#: serverguide/C/lamp-applications.xml:110(para)
18953
msgid ""
18954
"To install <application>MoinMoin</application>, run the following command in "
18955
"the command prompt:"
18956
msgstr ""
18957
18958
#: serverguide/C/lamp-applications.xml:116(command)
18959
msgid "sudo apt-get install python-moinmoin"
18960
msgstr ""
18961
18962
#: serverguide/C/lamp-applications.xml:119(para)
18963
msgid ""
18964
"You should also install <application>apache2</application> web server. For "
18965
"installing <application>apache2</application> web server, please refer to "
18966
"<xref linkend=\"http-installation\"/> sub-section in <xref "
18967
"linkend=\"httpd\"/> section."
18968
msgstr ""
18969
18970
#: serverguide/C/lamp-applications.xml:130(para)
18971
msgid ""
18972
"For configuring your first Wiki application, please run the following set of "
18973
"commands. Let us assume that you are creating a Wiki named "
18974
"<emphasis>mywiki</emphasis>:"
18975
msgstr ""
18976
18977
#: serverguide/C/lamp-applications.xml:137(command)
18978
msgid "cd /usr/share/moin"
18979
msgstr ""
18980
18981
#: serverguide/C/lamp-applications.xml:138(command)
18982
msgid "sudo mkdir mywiki"
18983
msgstr ""
18984
18985
#: serverguide/C/lamp-applications.xml:139(command)
18986
msgid "sudo cp -R data mywiki"
18987
msgstr ""
18988
18989
#: serverguide/C/lamp-applications.xml:140(command)
18990
msgid "sudo cp -R underlay mywiki"
18991
msgstr ""
18992
18993
#: serverguide/C/lamp-applications.xml:141(command)
18994
msgid "sudo cp server/moin.cgi mywiki"
18995
msgstr ""
18996
18997
#: serverguide/C/lamp-applications.xml:142(command)
18998
msgid "sudo chown -R www-data.www-data mywiki"
18999
msgstr ""
19000
19001
#: serverguide/C/lamp-applications.xml:143(command)
19002
msgid "sudo chmod -R ug+rwX mywiki"
19003
msgstr ""
19004
19005
#: serverguide/C/lamp-applications.xml:144(command)
19006
msgid "sudo chmod -R o-rwx mywiki"
19007
msgstr ""
19008
19009
#: serverguide/C/lamp-applications.xml:147(para)
19010
msgid ""
19011
"Now you should configure <application>MoinMoin</application> to find your "
19012
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19013
"<application>MoinMoin</application>, open "
19014
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19015
msgstr ""
19016
19017
#: serverguide/C/lamp-applications.xml:155(programlisting)
19018
#, no-wrap
19019
msgid "data_dir = '/org/mywiki/data'"
19020
msgstr ""
19021
19022
#: serverguide/C/lamp-applications.xml:157(para)
19023
msgid "to"
19024
msgstr ""
19025
19026
#: serverguide/C/lamp-applications.xml:161(programlisting)
19027
#, no-wrap
19028
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19029
msgstr ""
19030
19031
#: serverguide/C/lamp-applications.xml:163(para)
19032
msgid ""
19033
"Also, below the <emphasis>data_dir</emphasis> option add the "
19034
"<emphasis>data_underlay_dir</emphasis>:"
19035
msgstr ""
19036
19037
#: serverguide/C/lamp-applications.xml:167(programlisting)
19038
#, no-wrap
19039
msgid ""
19040
"\n"
19041
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19042
msgstr ""
19043
19044
#: serverguide/C/lamp-applications.xml:172(para)
19045
msgid ""
19046
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19047
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19048
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19049
"change."
19050
msgstr ""
19051
19052
#: serverguide/C/lamp-applications.xml:181(para)
19053
msgid ""
19054
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19055
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19056
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19057
"<quote>(\"mywiki\", r\".*\")</quote>."
19058
msgstr ""
19059
19060
#: serverguide/C/lamp-applications.xml:189(para)
19061
msgid ""
19062
"Once you have configured <application>MoinMoin</application> to find your "
19063
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19064
"<application>apache2</application> and make it ready for your Wiki "
19065
"application."
19066
msgstr ""
19067
19068
#: serverguide/C/lamp-applications.xml:196(para)
19069
msgid ""
19070
"You should add the following lines in <filename>/etc/apache2/sites-"
19071
"available/default</filename> file inside the <quote><VirtualHost "
19072
"*></quote> tag:"
19073
msgstr ""
19074
19075
#: serverguide/C/lamp-applications.xml:202(programlisting)
19076
#, no-wrap
19077
msgid ""
19078
"\n"
19079
"### moin\n"
19080
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19081
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19082
" <Directory /usr/share/moin/htdocs>\n"
19083
" Order allow,deny\n"
19084
" allow from all\n"
19085
" </Directory>\n"
19086
"### end moin\n"
19087
msgstr ""
19088
19089
#: serverguide/C/lamp-applications.xml:214(para)
19090
msgid ""
19091
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19092
"<emphasis>alias</emphasis> line above, to the "
19093
"<application>moinmoin</application> version installed."
19094
msgstr ""
19095
19096
#: serverguide/C/lamp-applications.xml:220(para)
19097
msgid ""
19098
"Once you configure the <application>apache2</application> web server and "
19099
"make it ready for your Wiki application, you should restart it. You can run "
19100
"the following command to restart the <application>apache2</application> web "
19101
"server:"
19102
msgstr ""
19103
19104
#: serverguide/C/lamp-applications.xml:233(title)
19105
msgid "Verification"
19106
msgstr ""
19107
19108
#: serverguide/C/lamp-applications.xml:235(para)
19109
msgid ""
19110
"You can verify the Wiki application and see if it works by pointing your web "
19111
"browser to the following URL:"
19112
msgstr ""
19113
19114
#: serverguide/C/lamp-applications.xml:239(programlisting)
19115
#, no-wrap
19116
msgid ""
19117
"\n"
19118
"http://localhost/mywiki\n"
19119
msgstr ""
19120
19121
#: serverguide/C/lamp-applications.xml:243(para)
19122
msgid ""
19123
"You can also run the test command by pointing your web browser to the "
19124
"following URL:"
19125
msgstr ""
19126
19127
#: serverguide/C/lamp-applications.xml:248(programlisting)
19128
#, no-wrap
19129
msgid ""
19130
"\n"
19131
"http://localhost/mywiki?action=test\n"
19132
msgstr ""
19133
19134
#: serverguide/C/lamp-applications.xml:252(para)
19135
msgid ""
19136
"For more details, please refer to the <ulink "
19137
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19138
msgstr ""
19139
19140
#: serverguide/C/lamp-applications.xml:263(para)
19141
msgid ""
19142
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19143
"Wiki</ulink>."
19144
msgstr ""
19145
19146
#: serverguide/C/lamp-applications.xml:268(para)
19147
msgid ""
19148
"Also, see the <ulink "
19149
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19150
"MoinMoin</ulink> page."
19151
msgstr ""
19152
19153
#: serverguide/C/lamp-applications.xml:277(title)
19154
msgid "MediaWiki"
19155
msgstr ""
19156
19157
#: serverguide/C/lamp-applications.xml:279(para)
19158
msgid ""
19159
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19160
"either use <application>MySQL</application> or "
19161
"<application>PostgreSQL</application> Database Management System."
19162
msgstr ""
19163
19164
#: serverguide/C/lamp-applications.xml:289(para)
19165
msgid ""
19166
"Before installing <application>MediaWiki</application> you should also "
19167
"install <application>Apache2</application>, the "
19168
"<application>PHP5</application> scripting language and Database a Management "
19169
"System. <application>MySQL</application> or "
19170
"<application>PostgreSQL</application> are the most common, choose one "
19171
"depending on your need. Please refer to those sections in this manual for "
19172
"installation instructions."
19173
msgstr ""
19174
19175
#: serverguide/C/lamp-applications.xml:297(para)
19176
msgid ""
19177
"To install <application>MediaWiki</application>, run the following command "
19178
"in the command prompt:"
19179
msgstr ""
19180
19181
#: serverguide/C/lamp-applications.xml:303(command)
19182
msgid "sudo apt-get install mediawiki php5-gd"
19183
msgstr ""
19184
19185
#: serverguide/C/lamp-applications.xml:306(para)
19186
msgid ""
19187
"For additional <application>MediaWiki</application> functionality see the "
19188
"<application>mediawiki-extensions</application> package."
19189
msgstr ""
19190
19191
#: serverguide/C/lamp-applications.xml:316(para)
19192
msgid ""
19193
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19194
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19195
"directory. You should uncomment the following line in this file to access "
19196
"MediaWiki application."
19197
msgstr ""
19198
19199
#: serverguide/C/lamp-applications.xml:324(screen)
19200
#, no-wrap
19201
msgid ""
19202
"\n"
19203
"# Alias /mediawiki /var/lib/mediawiki\n"
19204
msgstr ""
19205
19206
#: serverguide/C/lamp-applications.xml:328(para)
19207
msgid ""
19208
"After you uncomment the above line, restart Apache server and access "
19209
"MediaWiki using the following url:"
19210
msgstr ""
19211
19212
#: serverguide/C/lamp-applications.xml:333(programlisting)
19213
#, no-wrap
19214
msgid ""
19215
"\n"
19216
"http://localhost/mediawiki/config/index.php\n"
19217
msgstr ""
19218
19219
#: serverguide/C/lamp-applications.xml:338(para)
19220
msgid ""
19221
"Please read the <quote>Checking environment...</quote> section in this page. "
19222
"You should be able to fix many issues by carefully reading this section."
19223
msgstr ""
19224
19225
#: serverguide/C/lamp-applications.xml:345(para)
19226
msgid ""
19227
"Once the configuration is complete, you should copy the "
19228
"<filename>LocalSettings.php</filename> file to "
19229
"<filename>/etc/mediawiki</filename> directory:"
19230
msgstr ""
19231
19232
#: serverguide/C/lamp-applications.xml:352(command)
19233
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19234
msgstr ""
19235
19236
#: serverguide/C/lamp-applications.xml:355(para)
19237
msgid ""
19238
"You may also want to edit "
19239
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19240
msgstr ""
19241
19242
#: serverguide/C/lamp-applications.xml:360(programlisting)
19243
#, no-wrap
19244
msgid ""
19245
"\n"
19246
"ini_set( 'memory_limit', '64M' );\n"
19247
msgstr ""
19248
19249
#: serverguide/C/lamp-applications.xml:367(title)
19250
msgid "Extensions"
19251
msgstr ""
19252
19253
#: serverguide/C/lamp-applications.xml:368(para)
19254
msgid ""
19255
"The extensions add new features and enhancements for the MediaWiki "
19256
"application. The extensions give wiki administrators and end users the "
19257
"ability to customize MediaWiki to their requirements."
19258
msgstr ""
19259
19260
#: serverguide/C/lamp-applications.xml:374(para)
19261
msgid ""
19262
"You can download MediaWiki extensions as an archive file or checkout from "
19263
"the Subversion repository. You should copy it to "
19264
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19265
"also add the following line at the end of file: "
19266
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19267
msgstr ""
19268
19269
#: serverguide/C/lamp-applications.xml:382(programlisting)
19270
#, no-wrap
19271
msgid ""
19272
"\n"
19273
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19274
msgstr ""
19275
19276
#: serverguide/C/lamp-applications.xml:392(para)
19277
msgid ""
19278
"For more details, please refer to the <ulink "
19279
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19280
msgstr ""
19281
19282
#: serverguide/C/lamp-applications.xml:398(para)
19283
msgid ""
19284
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19285
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19286
"new MediaWiki administrators."
19287
msgstr ""
19288
19289
#: serverguide/C/lamp-applications.xml:404(para)
19290
msgid ""
19291
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19292
"Wiki MediaWiki</ulink> page is a good resource."
19293
msgstr ""
19294
19295
#: serverguide/C/lamp-applications.xml:414(title)
19296
msgid "phpMyAdmin"
19297
msgstr ""
19298
19299
#: serverguide/C/lamp-applications.xml:416(para)
19300
msgid ""
19301
"<application>phpMyAdmin</application> is a LAMP application specifically "
19302
"written for administering <application>MySQL</application> servers. Written "
19303
"in <application>PHP</application>, and accessed through a web browser, "
19304
"phpMyAdmin provides a graphical interface for database administration tasks."
19305
msgstr ""
19306
19307
#: serverguide/C/lamp-applications.xml:425(para)
19308
msgid ""
19309
"Before installing <application>phpMyAdmin</application> you will need access "
19310
"to a <application>MySQL</application> database either on the same host as "
19311
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19312
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19313
"enter:"
19314
msgstr ""
19315
19316
#: serverguide/C/lamp-applications.xml:432(command)
19317
msgid "sudo apt-get install phpmyadmin"
19318
msgstr ""
19319
19320
#: serverguide/C/lamp-applications.xml:435(para)
19321
msgid ""
19322
"At the prompt choose which web server to be configured for "
19323
"<application>phpMyAdmin</application>. The rest of this section will use "
19324
"<application>Apache2</application> for the web server."
19325
msgstr ""
19326
19327
#: serverguide/C/lamp-applications.xml:440(para)
19328
msgid ""
19329
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19330
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19331
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19332
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19333
"user if you any setup, and enter the <application>MySQL</application> user's "
19334
"password."
19335
msgstr ""
19336
19337
#: serverguide/C/lamp-applications.xml:447(para)
19338
msgid ""
19339
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19340
"needed, create users, create/destroy databases and tables, etc."
19341
msgstr ""
19342
19343
#: serverguide/C/lamp-applications.xml:455(para)
19344
msgid ""
19345
"The configuration files for <application>phpMyAdmin</application> are "
19346
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19347
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19348
"configuration options that apply globally to "
19349
"<application>phpMyAdmin</application>."
19350
msgstr ""
19351
19352
#: serverguide/C/lamp-applications.xml:461(para)
19353
msgid ""
19354
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19355
"hosted on another server, adjust the following in "
19356
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19357
msgstr ""
19358
19359
#: serverguide/C/lamp-applications.xml:466(programlisting)
19360
#, no-wrap
19361
msgid ""
19362
"\n"
19363
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19364
msgstr ""
19365
19366
#: serverguide/C/lamp-applications.xml:471(para)
19367
msgid ""
19368
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19369
"remote database server name or IP address. Also, be sure that the "
19370
"<application>phpMyAdmin</application> host has permissions to access the "
19371
"remote database."
19372
msgstr ""
19373
19374
#: serverguide/C/lamp-applications.xml:477(para)
19375
msgid ""
19376
"Once configured, log out of <application>phpMyAdmin</application> and back "
19377
"in, and you should be accessing the new server."
19378
msgstr ""
19379
19380
#: serverguide/C/lamp-applications.xml:481(para)
19381
msgid ""
19382
"The <filename>config.header.inc.php</filename> and "
19383
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19384
"header and footer to <application>phpMyAdmin</application>."
19385
msgstr ""
19386
19387
#: serverguide/C/lamp-applications.xml:486(para)
19388
msgid ""
19389
"Another important configuration file is "
19390
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19391
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19392
"configure <application>Apache2</application> to serve the "
19393
"<application>phpMyAdmin</application> site. The file contains directives for "
19394
"loading <application>PHP</application>, directory permissions, etc. For more "
19395
"information on configuring <application>Apache2</application> see <xref "
19396
"linkend=\"httpd\"/>."
19397
msgstr ""
19398
19399
#: serverguide/C/lamp-applications.xml:500(para)
19400
msgid ""
19401
"The <application>phpMyAdmin</application> documentation comes installed with "
19402
"the package and can be accessed from the <emphasis>phpMyAdmin "
19403
"Documentation</emphasis> link (a question mark with a box around it) under "
19404
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19405
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19406
msgstr ""
19407
19408
#: serverguide/C/lamp-applications.xml:507(para)
19409
msgid ""
19410
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19411
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19412
msgstr ""
19413
19414
#: serverguide/C/lamp-applications.xml:512(para)
19415
msgid ""
19416
"A third resource is the <ulink "
19417
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19418
"Wiki</ulink> page."
19419
msgstr ""
19420
19421
#: serverguide/C/introduction.xml:14(para)
19422
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19423
msgstr ""
19424
19425
#: serverguide/C/introduction.xml:15(para)
19426
msgid ""
19427
"Here you can find information on how to install and configure various server "
19428
"applications. It is a step-by-step, task-oriented guide for configuring and "
19429
"customizing your system."
19430
msgstr ""
19431
19432
#: serverguide/C/introduction.xml:19(para)
19433
msgid ""
19434
"This guide assumes you have a basic understanding of your Ubuntu system. "
19435
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19436
"but if you need detailed instructions installing Ubuntu please refer to the "
19437
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19438
"Installation Guide</ulink>."
19439
msgstr ""
19440
19441
#: serverguide/C/introduction.xml:25(para)
19442
msgid ""
19443
"A HTML version of the manual is available online at <ulink "
19444
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19445
"HTML files are also available in the <application>ubuntu-"
19446
"serverguide</application> package. See <xref linkend=\"package-"
19447
"management\"/> for details on installing packages."
19448
msgstr ""
19449
19450
#: serverguide/C/introduction.xml:32(para)
19451
msgid ""
19452
"If you choose to install the <application>ubuntu-serverguide</application> "
19453
"you can view this document from a console by:"
19454
msgstr ""
19455
19456
#: serverguide/C/introduction.xml:36(command)
19457
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19458
msgstr ""
19459
19460
#: serverguide/C/introduction.xml:39(para)
19461
msgid ""
19462
"If you are using a localized version of Ubuntu, replace "
19463
"<emphasis>C</emphasis> with your language localization (e.g. "
19464
"<emphasis>en_GB</emphasis>)."
19465
msgstr ""
19466
19467
#: serverguide/C/introduction.xml:53(title)
19468
msgid "Support"
19469
msgstr ""
19470
19471
#: serverguide/C/introduction.xml:55(para)
19472
msgid ""
19473
"There are a couple of different ways that Ubuntu Server Edition is "
19474
"supported, commercial support and community support. The main commercial "
19475
"support (and development funding) is available from Canonical Ltd. They "
19476
"supply reasonably priced support contracts on a per desktop or per server "
19477
"basis. For more information see the <ulink "
19478
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19479
"page."
19480
msgstr ""
19481
19482
#: serverguide/C/introduction.xml:62(para)
19483
msgid ""
19484
"Community support is also provided by dedicated individuals, and companies, "
19485
"that wish to make Ubuntu the best distribution possible. Support is provided "
19486
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19487
"large amount of information available can be overwhelming, but a good search "
19488
"engine query can usually provide an answer to your questions. See the <ulink "
19489
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19490
"information."
19491
msgstr ""
19492
19493
#: serverguide/C/installation.xml:14(para)
19494
msgid ""
19495
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19496
"Edition. For more detailed instructions, please refer to the <ulink "
19497
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19498
"Installation Guide</ulink>."
19499
msgstr ""
19500
19501
#: serverguide/C/installation.xml:19(title)
19502
msgid "Preparing to Install"
19503
msgstr ""
19504
19505
#: serverguide/C/installation.xml:20(para)
19506
msgid ""
19507
"This section explains various aspects to consider before starting the "
19508
"installation."
19509
msgstr ""
19510
19511
#: serverguide/C/installation.xml:24(title)
19512
msgid "System Requirements"
19513
msgstr ""
19514
19515
#: serverguide/C/installation.xml:25(para)
19516
msgid ""
19517
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19518
"and AMD64. The table below lists recommended hardware specifications. "
19519
"Depending on your needs, you might manage with less than this. However, most "
19520
"users risk being frustrated if they ignore these suggestions."
19521
msgstr ""
19522
19523
#: serverguide/C/installation.xml:27(title)
19524
msgid "Recommended Minimum Requirements"
19525
msgstr ""
19526
19527
#: serverguide/C/installation.xml:35(para)
19528
msgid "Install Type"
19529
msgstr ""
19530
19531
#: serverguide/C/installation.xml:36(para)
19532
msgid "RAM"
19533
msgstr ""
19534
19535
#: serverguide/C/installation.xml:37(para)
19536
msgid "Hard Drive Space"
19537
msgstr ""
19538
19539
#: serverguide/C/installation.xml:40(para)
19540
msgid "Base System"
19541
msgstr ""
19542
19543
#: serverguide/C/installation.xml:41(para)
19544
msgid "All Tasks Installed"
19545
msgstr ""
19546
19547
#: serverguide/C/installation.xml:46(para)
19548
msgid "Server"
19549
msgstr ""
19550
19551
#: serverguide/C/installation.xml:47(para)
19552
msgid "128 megabytes"
19553
msgstr ""
19554
19555
#: serverguide/C/installation.xml:48(para)
19556
msgid "500 megabytes"
19557
msgstr ""
19558
19559
#: serverguide/C/installation.xml:49(para)
19560
msgid "1 gigabyte"
19561
msgstr ""
19562
19563
#: serverguide/C/installation.xml:54(para)
19564
msgid ""
19565
"The Server Edition provides a common base for all sorts of server "
19566
"applications. It is a minimalist design providing a platform for the desired "
19567
"services, such as file/print services, web hosting, email hosting, etc."
19568
msgstr ""
19569
19570
#: serverguide/C/installation.xml:60(para)
19571
msgid ""
19572
"The requirements for UEC are slightly different for Front End requirements "
19573
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19574
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19575
msgstr ""
19576
19577
#: serverguide/C/installation.xml:68(title)
19578
msgid "Server and Desktop Differences"
19579
msgstr ""
19580
19581
#: serverguide/C/installation.xml:69(para)
19582
msgid ""
19583
"There are a few differences between the <emphasis>Ubuntu Server "
19584
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19585
"should be noted that both editions use the same "
19586
"<application>apt</application> repositories. Making it just as easy to "
19587
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19588
"Desktop Edition as it is on the Server Edition."
19589
msgstr ""
19590
19591
#: serverguide/C/installation.xml:75(para)
19592
msgid ""
19593
"The differences between the two editions are the lack of an X window "
19594
"environment in the Server Edition, the installation process, and different "
19595
"Kernel options."
19596
msgstr ""
19597
19598
#: serverguide/C/installation.xml:82(title)
19599
msgid "Kernel Differences:"
19600
msgstr ""
19601
19602
#: serverguide/C/installation.xml:85(para)
19603
msgid ""
19604
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19605
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19606
"Edition."
19607
msgstr ""
19608
19609
#: serverguide/C/installation.xml:91(para)
19610
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19611
msgstr ""
19612
19613
#: serverguide/C/installation.xml:96(para)
19614
msgid ""
19615
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19616
"Desktop Edition."
19617
msgstr ""
19618
19619
#: serverguide/C/installation.xml:102(para)
19620
msgid ""
19621
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19622
"limited by memory addressing space."
19623
msgstr ""
19624
19625
#: serverguide/C/installation.xml:107(para)
19626
msgid ""
19627
"To see all kernel configuration options you can look through "
19628
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19629
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19630
"is a great resource on the options available."
19631
msgstr ""
19632
19633
#: serverguide/C/installation.xml:116(title)
19634
msgid "Backing Up"
19635
msgstr ""
19636
19637
#: serverguide/C/installation.xml:119(para)
19638
msgid ""
19639
"Before installing <application>Ubuntu Server Edition</application> you "
19640
"should make sure all data on the system is backed up. See <xref "
19641
"linkend=\"backups\"/> for backup options."
19642
msgstr ""
19643
19644
#: serverguide/C/installation.xml:123(para)
19645
msgid ""
19646
"If this is not the first time an operating system has been installed on your "
19647
"computer, it is likely you will need to re-partition your disk to make room "
19648
"for Ubuntu."
19649
msgstr ""
19650
19651
#: serverguide/C/installation.xml:127(para)
19652
msgid ""
19653
"Any time you partition your disk, you should be prepared to lose everything "
19654
"on the disk should you make a mistake or something goes wrong during "
19655
"partitioning. The programs used in installation are quite reliable, most "
19656
"have seen years of use, but they also perform destructive actions."
19657
msgstr ""
19658
19659
#: serverguide/C/installation.xml:139(title)
19660
msgid "Installing from CD"
19661
msgstr ""
19662
19663
#: serverguide/C/installation.xml:140(para)
19664
msgid ""
19665
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19666
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19667
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19668
"a graphical installation program. Instead the Server Edition uses a console "
19669
"menu based process."
19670
msgstr ""
19671
19672
#: serverguide/C/installation.xml:147(para)
19673
msgid ""
19674
"First, download and burn the appropriate ISO file from the <ulink "
19675
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19676
msgstr ""
19677
19678
#: serverguide/C/installation.xml:153(para)
19679
msgid "Boot the system from the CD-ROM drive."
19680
msgstr ""
19681
19682
#: serverguide/C/installation.xml:158(para)
19683
msgid ""
19684
"At the boot prompt you will be asked to select the language. Afterwards the "
19685
"installation process begins by asking for your keyboard layout."
19686
msgstr ""
19687
19688
#: serverguide/C/installation.xml:164(para)
19689
msgid ""
19690
"From the main boot menu there are some additional options to install Ubuntu "
19691
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19692
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19693
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19694
"will cover the basic Ubuntu Server install."
19695
msgstr ""
19696
19697
#: serverguide/C/installation.xml:172(para)
19698
msgid ""
19699
"The installer then discovers your hardware configuration, and configures the "
19700
"network settings using DHCP. If you do not wish to use DHCP at the next "
19701
"screen choose \"Go Back\", and you have the option to \"Configure the "
19702
"network manually\"."
19703
msgstr ""
19704
19705
#: serverguide/C/installation.xml:179(para)
19706
msgid "Next, the installer asks for the system's hostname and Time Zone."
19707
msgstr ""
19708
19709
#: serverguide/C/installation.xml:184(para)
19710
msgid ""
19711
"You can then choose from several options to configure the hard drive layout. "
19712
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19713
msgstr ""
19714
19715
#: serverguide/C/installation.xml:190(para)
19716
msgid "The Ubuntu base system is then installed."
19717
msgstr ""
19718
19719
#: serverguide/C/installation.xml:195(para)
19720
msgid ""
19721
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19722
"through the <application>sudo</application> utility."
19723
msgstr ""
19724
19725
#: serverguide/C/installation.xml:201(para)
19726
msgid ""
19727
"After the user is setup, you will be asked to encrypt your <filename "
19728
"role=\"directory\">home</filename> directory."
19729
msgstr ""
19730
19731
#: serverguide/C/installation.xml:207(para)
19732
msgid ""
19733
"The next step in the installation process is to decide how you want to "
19734
"update the system. There are three options:"
19735
msgstr ""
19736
19737
#: serverguide/C/installation.xml:213(para)
19738
msgid ""
19739
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19740
"log into the machine and manually install updates."
19741
msgstr ""
19742
19743
#: serverguide/C/installation.xml:219(para)
19744
msgid ""
19745
"<emphasis>Install security updates Automatically</emphasis>: will install "
19746
"the <application>unattended-upgrades</application> package, which will "
19747
"install security updates without the intervention of an administrator. For "
19748
"more details see <xref linkend=\"automatic-updates\"/>."
19749
msgstr ""
19750
19751
#: serverguide/C/installation.xml:226(para)
19752
msgid ""
19753
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19754
"service provided by Canonical to help manage your Ubuntu machines. See the "
19755
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19756
"site for details."
19757
msgstr ""
19758
19759
#: serverguide/C/installation.xml:235(para)
19760
msgid ""
19761
"You now have the option to install, or not install, several package tasks. "
19762
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19763
"to launch <application>aptitude</application> to choose specific packages to "
19764
"install. For more information see <xref linkend=\"aptitude\"/>."
19765
msgstr ""
19766
19767
#: serverguide/C/installation.xml:243(para)
19768
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19769
msgstr ""
19770
19771
#: serverguide/C/installation.xml:249(para)
19772
msgid ""
19773
"If at any point during installation you are not satisfied by the default "
19774
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19775
"detailed installation menu that will allow you to modify the default "
19776
"settings."
19777
msgstr ""
19778
19779
#: serverguide/C/installation.xml:254(para)
19780
msgid ""
19781
"At some point during the installation process you may want to read the help "
19782
"screen provided by the installation system. To do this, press F1."
19783
msgstr ""
19784
19785
#: serverguide/C/installation.xml:259(para)
19786
msgid ""
19787
"Once again, for detailed instructions see the <ulink "
19788
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
19789
"Installation Guide</ulink>."
19790
msgstr ""
19791
19792
#: serverguide/C/installation.xml:265(title)
19793
msgid "Package Tasks"
19794
msgstr ""
19795
19796
#: serverguide/C/installation.xml:266(para)
19797
msgid ""
19798
"During the Server Edition installation you have the option of installing "
19799
"additional packages from the CD. The packages are grouped by the type of "
19800
"service they provide."
19801
msgstr ""
19802
19803
#: serverguide/C/installation.xml:272(para)
19804
msgid "Cloud computing: Walrus storage service"
19805
msgstr ""
19806
19807
#: serverguide/C/installation.xml:277(para)
19808
msgid "Cloud computing: all-in-one cluster"
19809
msgstr ""
19810
19811
#: serverguide/C/installation.xml:282(para)
19812
msgid "Cloud computing: Cluster controller"
19813
msgstr ""
19814
19815
#: serverguide/C/installation.xml:287(para)
19816
msgid "Cloud computing: Node controller"
19817
msgstr ""
19818
19819
#: serverguide/C/installation.xml:292(para)
19820
msgid "Cloud computing: Storage controller"
19821
msgstr ""
19822
19823
#: serverguide/C/installation.xml:297(para)
19824
msgid "Cloud computing: top-level cloud controller"
19825
msgstr ""
19826
19827
#: serverguide/C/installation.xml:302(para)
19828
msgid "DNS server: Selects the BIND DNS server and its documentation."
19829
msgstr ""
19830
19831
#: serverguide/C/installation.xml:307(para)
19832
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19833
msgstr ""
19834
19835
#: serverguide/C/installation.xml:312(para)
19836
msgid ""
19837
"Mail server: This task selects a variety of package useful for a general "
19838
"purpose mail server system."
19839
msgstr ""
19840
19841
#: serverguide/C/installation.xml:317(para)
19842
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19843
msgstr ""
19844
19845
#: serverguide/C/installation.xml:322(para)
19846
msgid ""
19847
"PostgreSQL database: This task selects client and server packages for the "
19848
"PostgreSQL database."
19849
msgstr ""
19850
19851
#: serverguide/C/installation.xml:327(para)
19852
msgid "Print server: This task sets up your system to be a print server."
19853
msgstr ""
19854
19855
#: serverguide/C/installation.xml:332(para)
19856
msgid ""
19857
"Samba File server: This task sets up your system to be a Samba file server, "
19858
"which is especially suitable in networks with both Windows and Linux systems."
19859
msgstr ""
19860
19861
#: serverguide/C/installation.xml:338(para)
19862
msgid ""
19863
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19864
"etc."
19865
msgstr ""
19866
19867
#: serverguide/C/installation.xml:343(para)
19868
msgid ""
19869
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19870
msgstr ""
19871
19872
#: serverguide/C/installation.xml:348(para)
19873
msgid ""
19874
"Manually select packages: Executes <application>apptitude</application> "
19875
"allowing you to individually select packages."
19876
msgstr ""
19877
19878
#: serverguide/C/installation.xml:353(para)
19879
msgid ""
19880
"Installing the package groups is accomplished using the "
19881
"<application>tasksel</application> utility. One of the important difference "
19882
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19883
"installed, a package is also configured to reasonable defaults, eventually "
19884
"prompting you for additional required information. Likewise, when installing "
19885
"a task, the packages are not only installed, but also configured to provided "
19886
"a fully integrated service."
19887
msgstr ""
19888
19889
#: serverguide/C/installation.xml:360(para)
19890
msgid ""
19891
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19892
"<xref linkend=\"uec\"/>."
19893
msgstr ""
19894
19895
#: serverguide/C/installation.xml:363(para)
19896
msgid ""
19897
"Once the installation process has finished you can view a list of available "
19898
"tasks by entering the following from a terminal prompt:"
19899
msgstr ""
19900
19901
#: serverguide/C/installation.xml:368(command)
19902
msgid "tasksel --list-tasks"
19903
msgstr ""
19904
19905
#: serverguide/C/installation.xml:371(para)
19906
msgid ""
19907
"The output will list tasks from other Ubuntu based distributions such as "
19908
"Kubuntu and Edubuntu. Note that you can also invoke the "
19909
"<command>tasksel</command> command by itself, which will bring up a menu of "
19910
"the different tasks available."
19911
msgstr ""
19912
19913
#: serverguide/C/installation.xml:377(para)
19914
msgid ""
19915
"You can view a list of which packages are installed with each task using the "
19916
"<emphasis>--task-packages</emphasis> option. For example, to list the "
19917
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
19918
"following:"
19919
msgstr ""
19920
19921
#: serverguide/C/installation.xml:382(command)
19922
msgid "tasksel --task-packages dns-server"
19923
msgstr ""
19924
19925
#: serverguide/C/installation.xml:384(para)
19926
msgid "The output of the command should list:"
19927
msgstr ""
19928
19929
#: serverguide/C/installation.xml:387(programlisting)
19930
#, no-wrap
19931
msgid ""
19932
"\n"
19933
"bind9-doc \n"
19934
"bind9utils \n"
19935
"bind9\n"
19936
msgstr ""
19937
19938
#: serverguide/C/installation.xml:392(para)
19939
msgid ""
19940
"Also, if you did not install one of the tasks during the installation "
19941
"process, but for example you decide to make your new LAMP server a DNS "
19942
"server as well. Simply insert the installation CD and from a terminal:"
19943
msgstr ""
19944
19945
#: serverguide/C/installation.xml:397(command)
19946
msgid "sudo tasksel install dns-server"
19947
msgstr ""
19948
19949
#: serverguide/C/installation.xml:402(title)
19950
msgid "Upgrading"
19951
msgstr ""
19952
19953
#: serverguide/C/installation.xml:403(para)
19954
msgid ""
19955
"There are several ways to upgrade from one Ubuntu release to another. This "
19956
"section gives an overview of the recommended upgrade method."
19957
msgstr ""
19958
19959
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
19960
msgid "do-release-upgrade"
19961
msgstr ""
19962
19963
#: serverguide/C/installation.xml:408(para)
19964
msgid ""
19965
"The recommended way to upgrade a Server Edition installation is to use the "
19966
"<application>do-release-upgrade</application> utility. Part of the "
19967
"<emphasis>update-manager-core</emphasis> package, it does not have any "
19968
"graphical dependencies and is installed by default."
19969
msgstr ""
19970
19971
#: serverguide/C/installation.xml:413(para)
19972
msgid ""
19973
"Debian based systems can also be upgraded by using <command>apt-get dist-"
19974
"upgrade</command>. However, using <application>do-release-"
19975
"upgrade</application> is recommended because it has the ability to handle "
19976
"system configuration changes sometimes needed between releases."
19977
msgstr ""
19978
19979
#: serverguide/C/installation.xml:418(para)
19980
msgid "To upgrade to a newer release, from a terminal prompt enter:"
19981
msgstr ""
19982
19983
#: serverguide/C/installation.xml:424(para)
19984
msgid ""
19985
"It is also possible to use <application>do-release-upgrade</application> to "
19986
"upgrade to a development version of Ubuntu. To accomplish this use the "
19987
"<emphasis>-d</emphasis> switch:"
19988
msgstr ""
19989
19990
#: serverguide/C/installation.xml:429(command)
19991
msgid "do-release-upgrade -d"
19992
msgstr ""
19993
19994
#: serverguide/C/installation.xml:432(para)
19995
msgid ""
19996
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
19997
"for production environments."
19998
msgstr ""
19999
20000
#: serverguide/C/installation.xml:439(title)
20001
msgid "Advanced Installation"
20002
msgstr ""
20003
20004
#: serverguide/C/installation.xml:442(title)
20005
msgid "Software RAID"
20006
msgstr ""
20007
20008
#: serverguide/C/installation.xml:444(para)
20009
msgid ""
20010
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20011
"the probability of catastrophic data loss in case of drive failure. RAID is "
20012
"implemented in either software (where the operating system knows about both "
20013
"drives and actively maintains both of them) or hardware (where a special "
20014
"controller makes the OS think there's only one drive and maintains the "
20015
"drives 'invisibly')."
20016
msgstr ""
20017
20018
#: serverguide/C/installation.xml:451(para)
20019
msgid ""
20020
"The RAID software included with current versions of Linux (and Ubuntu) is "
20021
"based on the <application>'mdadm'</application> driver and works very well, "
20022
"better even than many so-called 'hardware' RAID controllers. This section "
20023
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20024
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20025
"another for <emphasis>swap</emphasis>."
20026
msgstr ""
20027
20028
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20029
msgid ""
20030
"Follow the installation steps until you get to the <emphasis>Partition "
20031
"disks</emphasis> step, then:"
20032
msgstr ""
20033
20034
#: serverguide/C/installation.xml:468(para)
20035
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20036
msgstr ""
20037
20038
#: serverguide/C/installation.xml:475(para)
20039
msgid ""
20040
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20041
"partition table on this device?\"</emphasis>."
20042
msgstr ""
20043
20044
#: serverguide/C/installation.xml:479(para)
20045
msgid ""
20046
"Repeat this step for each drive you wish to be part of the RAID array."
20047
msgstr ""
20048
20049
#: serverguide/C/installation.xml:486(para)
20050
msgid ""
20051
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20052
"select <emphasis>\"Create a new partition\"</emphasis>."
20053
msgstr ""
20054
20055
#: serverguide/C/installation.xml:493(para)
20056
msgid ""
20057
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20058
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20059
"size is twice that of RAM. Enter the partition size, then choose "
20060
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20061
msgstr ""
20062
20063
#: serverguide/C/installation.xml:502(para)
20064
msgid ""
20065
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20066
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20067
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20068
"<emphasis>\"Done setting up partition\"</emphasis>."
20069
msgstr ""
20070
20071
#: serverguide/C/installation.xml:511(para)
20072
msgid ""
20073
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20074
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20075
"partition\"</emphasis>."
20076
msgstr ""
20077
20078
#: serverguide/C/installation.xml:519(para)
20079
msgid ""
20080
"Use the rest of the free space on the drive and choose "
20081
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20082
msgstr ""
20083
20084
#: serverguide/C/installation.xml:526(para)
20085
msgid ""
20086
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20087
"at the top, changing it to <emphasis>\"physical volume for "
20088
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20089
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20090
"<emphasis>\"Done setting up partition\"</emphasis>."
20091
msgstr ""
20092
20093
#: serverguide/C/installation.xml:536(para)
20094
msgid "Repeat steps three through eight for the other disk and partitions."
20095
msgstr ""
20096
20097
#: serverguide/C/installation.xml:545(title)
20098
msgid "RAID Configuration"
20099
msgstr ""
20100
20101
#: serverguide/C/installation.xml:547(para)
20102
msgid "With the partitions setup the arrays are ready to be configured:"
20103
msgstr ""
20104
20105
#: serverguide/C/installation.xml:554(para)
20106
msgid ""
20107
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20108
"Software RAID\"</emphasis> at the top."
20109
msgstr ""
20110
20111
#: serverguide/C/installation.xml:561(para)
20112
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20113
msgstr ""
20114
20115
#: serverguide/C/installation.xml:568(para)
20116
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20117
msgstr ""
20118
20119
#: serverguide/C/installation.xml:575(para)
20120
msgid ""
20121
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20122
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20123
msgstr ""
20124
20125
#: serverguide/C/installation.xml:581(para)
20126
msgid ""
20127
"In order to use <emphasis>RAID5</emphasis> you need at least "
20128
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20129
"<emphasis>two</emphasis> drives are required."
20130
msgstr ""
20131
20132
#: serverguide/C/installation.xml:590(para)
20133
msgid ""
20134
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20135
"of hard drives you have, for the array. Then select "
20136
"<emphasis>\"Continue\"</emphasis>."
20137
msgstr ""
20138
20139
#: serverguide/C/installation.xml:598(para)
20140
msgid ""
20141
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20142
"default, then choose <emphasis>\"Continue\"</emphasis>."
20143
msgstr ""
20144
20145
#: serverguide/C/installation.xml:605(para)
20146
msgid ""
20147
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20148
"etc. The numbers will usually match and the different letters correspond to "
20149
"different hard drives."
20150
msgstr ""
20151
20152
#: serverguide/C/installation.xml:610(para)
20153
msgid ""
20154
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20155
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20156
"go to the next step."
20157
msgstr ""
20158
20159
#: serverguide/C/installation.xml:618(para)
20160
msgid ""
20161
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20162
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20163
"and <emphasis>sdb2</emphasis>."
20164
msgstr ""
20165
20166
#: serverguide/C/installation.xml:626(para)
20167
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20168
msgstr ""
20169
20170
#: serverguide/C/installation.xml:636(title)
20171
msgid "Formatting"
20172
msgstr ""
20173
20174
#: serverguide/C/installation.xml:638(para)
20175
msgid ""
20176
"There should now be a list of hard drives and RAID devices. The next step is "
20177
"to format and set the mount point for the RAID devices. Treat the RAID "
20178
"device as a local hard drive, format and mount accordingly."
20179
msgstr ""
20180
20181
#: serverguide/C/installation.xml:646(para)
20182
msgid ""
20183
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20184
"#0\"</emphasis> partition."
20185
msgstr ""
20186
20187
#: serverguide/C/installation.xml:653(para)
20188
msgid ""
20189
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20190
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20191
msgstr ""
20192
20193
#: serverguide/C/installation.xml:661(para)
20194
msgid ""
20195
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20196
"#1\"</emphasis> partition."
20197
msgstr ""
20198
20199
#: serverguide/C/installation.xml:668(para)
20200
msgid ""
20201
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20202
"journaling file system\"</emphasis>."
20203
msgstr ""
20204
20205
#: serverguide/C/installation.xml:675(para)
20206
msgid ""
20207
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20208
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20209
"options as appropriate, then select <emphasis>\"Done setting up "
20210
"partition\"</emphasis>."
20211
msgstr ""
20212
20213
#: serverguide/C/installation.xml:683(para)
20214
msgid ""
20215
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20216
"disk\"</emphasis>."
20217
msgstr ""
20218
20219
#: serverguide/C/installation.xml:690(para)
20220
msgid ""
20221
"If you choose to place the root partition on a RAID array, the installer "
20222
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20223
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20224
msgstr ""
20225
20226
#: serverguide/C/installation.xml:695(para)
20227
msgid "The installation process will then continue normally."
20228
msgstr ""
20229
20230
#: serverguide/C/installation.xml:701(title)
20231
msgid "Degraded RAID"
20232
msgstr ""
20233
20234
#: serverguide/C/installation.xml:703(para)
20235
msgid ""
20236
"At some point in the life of the computer a disk failure event may occur. "
20237
"When this happens, using Software RAID, the operating system will place the "
20238
"array into what is known as a <emphasis>degraded</emphasis> state."
20239
msgstr ""
20240
20241
#: serverguide/C/installation.xml:708(para)
20242
msgid ""
20243
"If the array has become degraded, due to the chance of data corruption, by "
20244
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20245
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20246
"second prompt giving you the option to go ahead and boot the system, or "
20247
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20248
"the desired behavior, especially if the machine is in a remote location. "
20249
"Booting to a degraded array can be configured several ways:"
20250
msgstr ""
20251
20252
#: serverguide/C/installation.xml:719(para)
20253
msgid ""
20254
"The <application>dpkg-reconfigure</application> utility can be used to "
20255
"configure the default behavior, and during the process you will be queried "
20256
"about additional settings related to the array. Such as monitoring, email "
20257
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20258
"following:"
20259
msgstr ""
20260
20261
#: serverguide/C/installation.xml:726(command)
20262
msgid "sudo dpkg-reconfigure mdadm"
20263
msgstr ""
20264
20265
#: serverguide/C/installation.xml:732(para)
20266
msgid ""
20267
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20268
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20269
"The file has the advantage of being able to pre-configure the system's "
20270
"behavior, and can also be manually edited:"
20271
msgstr ""
20272
20273
#: serverguide/C/installation.xml:738(programlisting)
20274
#, no-wrap
20275
msgid ""
20276
"\n"
20277
"BOOT_DEGRADED=true\n"
20278
msgstr ""
20279
20280
#: serverguide/C/installation.xml:743(para)
20281
msgid "The configuration file can be overridden by using a Kernel argument."
20282
msgstr ""
20283
20284
#: serverguide/C/installation.xml:751(para)
20285
msgid ""
20286
"Using a Kernel argument will allow the system to boot to a degraded array as "
20287
"well:"
20288
msgstr ""
20289
20290
#: serverguide/C/installation.xml:757(para)
20291
msgid ""
20292
"When the server is booting press <keycap>Shift</keycap> to open the "
20293
"<application>Grub</application> menu."
20294
msgstr ""
20295
20296
#: serverguide/C/installation.xml:762(para)
20297
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20298
msgstr ""
20299
20300
#: serverguide/C/installation.xml:767(para)
20301
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20302
msgstr ""
20303
20304
#: serverguide/C/installation.xml:772(para)
20305
msgid ""
20306
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20307
"end of the line."
20308
msgstr ""
20309
20310
#: serverguide/C/installation.xml:777(para)
20311
msgid ""
20312
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20313
"the system."
20314
msgstr ""
20315
20316
#: serverguide/C/installation.xml:786(para)
20317
msgid ""
20318
"Once the system has booted you can either repair the array see <xref "
20319
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20320
"another machine due to major hardware failure."
20321
msgstr ""
20322
20323
#: serverguide/C/installation.xml:793(title)
20324
msgid "RAID Maintenance"
20325
msgstr ""
20326
20327
#: serverguide/C/installation.xml:795(para)
20328
msgid ""
20329
"The <application>mdadm</application> utility can be used to view the status "
20330
"of an array, add disks to an array, remove disks, etc:"
20331
msgstr ""
20332
20333
#: serverguide/C/installation.xml:802(para)
20334
msgid "To view the status of an array, from a terminal prompt enter:"
20335
msgstr ""
20336
20337
#: serverguide/C/installation.xml:806(command)
20338
msgid "sudo mdadm -D /dev/md0"
20339
msgstr ""
20340
20341
#: serverguide/C/installation.xml:809(para)
20342
msgid ""
20343
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20344
"display <emphasis>detailed</emphasis> information about the "
20345
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20346
"with the appropriate RAID device."
20347
msgstr ""
20348
20349
#: serverguide/C/installation.xml:815(para)
20350
msgid "To view the status of a disk in an array:"
20351
msgstr ""
20352
20353
#: serverguide/C/installation.xml:819(command)
20354
msgid "sudo mdadm -E /dev/sda1"
20355
msgstr ""
20356
20357
#: serverguide/C/installation.xml:821(para)
20358
msgid ""
20359
"The output if very similar to the <command>mdadm -D</command> command, "
20360
"adjust <filename>/dev/sda1</filename> for each disk."
20361
msgstr ""
20362
20363
#: serverguide/C/installation.xml:826(para)
20364
msgid "If a disk fails and needs to be removed from an array enter:"
20365
msgstr ""
20366
20367
#: serverguide/C/installation.xml:830(command)
20368
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20369
msgstr ""
20370
20371
#: serverguide/C/installation.xml:832(para)
20372
msgid ""
20373
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20374
"the appropriate RAID device and disk."
20375
msgstr ""
20376
20377
#: serverguide/C/installation.xml:837(para)
20378
msgid "Similarly, to add a new disk:"
20379
msgstr ""
20380
20381
#: serverguide/C/installation.xml:841(command)
20382
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20383
msgstr ""
20384
20385
#: serverguide/C/installation.xml:846(para)
20386
msgid ""
20387
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20388
"though there is nothing physically wrong with the drive. It is usually "
20389
"worthwhile to remove the drive from the array then re-add it. This will "
20390
"cause the drive to re-sync with the array. If the drive will not sync with "
20391
"the array, it is a good indication of hardware failure."
20392
msgstr ""
20393
20394
#: serverguide/C/installation.xml:852(para)
20395
msgid ""
20396
"The <filename>/proc/mdstat</filename> file also contains useful information "
20397
"about the system's RAID devices:"
20398
msgstr ""
20399
20400
#: serverguide/C/installation.xml:857(command)
20401
msgid "cat /proc/mdstat"
20402
msgstr ""
20403
20404
#: serverguide/C/installation.xml:858(computeroutput)
20405
#, no-wrap
20406
msgid ""
20407
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20408
"[raid10] \n"
20409
"md0 : active raid1 sda1[0] sdb1[1]\n"
20410
" 10016384 blocks [2/2] [UU]\n"
20411
" \n"
20412
"unused devices: <none>"
20413
msgstr ""
20414
20415
#: serverguide/C/installation.xml:865(para)
20416
msgid ""
20417
"The following command is great for watching the status of a syncing drive:"
20418
msgstr ""
20419
20420
#: serverguide/C/installation.xml:870(command)
20421
msgid "watch -n1 cat /proc/mdstat"
20422
msgstr ""
20423
20424
#: serverguide/C/installation.xml:873(para)
20425
msgid ""
20426
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20427
"<application>watch</application> command."
20428
msgstr ""
20429
20430
#: serverguide/C/installation.xml:877(para)
20431
msgid ""
20432
"If you do need to replace a faulty drive, after the drive has been replaced "
20433
"and synced, <application>grub</application> will need to be installed. To "
20434
"install <application>grub</application> on the new drive, enter the "
20435
"following:"
20436
msgstr ""
20437
20438
#: serverguide/C/installation.xml:883(command)
20439
msgid "sudo grub-install /dev/md0"
20440
msgstr ""
20441
20442
#: serverguide/C/installation.xml:886(para)
20443
msgid ""
20444
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20445
msgstr ""
20446
20447
#: serverguide/C/installation.xml:894(para)
20448
msgid ""
20449
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20450
"can be configured. Please see the following links for more information:"
20451
msgstr ""
20452
20453
#: serverguide/C/installation.xml:901(para)
20454
msgid ""
20455
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20456
"Wiki Articles on RAID</ulink>."
20457
msgstr ""
20458
20459
#: serverguide/C/installation.xml:907(ulink)
20460
msgid "Software RAID HOWTO"
20461
msgstr ""
20462
20463
#: serverguide/C/installation.xml:912(ulink)
20464
msgid "Managing RAID on Linux"
20465
msgstr ""
20466
20467
#: serverguide/C/installation.xml:919(title)
20468
msgid "Logical Volume Manager (LVM)"
20469
msgstr ""
20470
20471
#: serverguide/C/installation.xml:921(para)
20472
msgid ""
20473
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20474
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20475
"hard disks. LVM volumes can be created on both software RAID partitions and "
20476
"standard partitions residing on a single disk. Volumes can also be extended, "
20477
"giving greater flexibility to systems as requirements change."
20478
msgstr ""
20479
20480
#: serverguide/C/installation.xml:930(para)
20481
msgid ""
20482
"A side effect of LVM's power and flexibility is a greater degree of "
20483
"complication. Before diving into the LVM installation process, it is best to "
20484
"get familiar with some terms."
20485
msgstr ""
20486
20487
#: serverguide/C/installation.xml:937(para)
20488
msgid ""
20489
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20490
"Volumes (LV)."
20491
msgstr ""
20492
20493
#: serverguide/C/installation.xml:942(para)
20494
msgid ""
20495
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20496
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20497
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20498
msgstr ""
20499
20500
#: serverguide/C/installation.xml:948(para)
20501
msgid ""
20502
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20503
"RAID partition. The Volume Group can be extended by adding more PVs."
20504
msgstr ""
20505
20506
#: serverguide/C/installation.xml:959(para)
20507
msgid ""
20508
"As an example this section covers installing Ubuntu Server Edition with "
20509
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20510
"the initial install only one Physical Volume (PV) will be part of the Volume "
20511
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20512
"can be extended."
20513
msgstr ""
20514
20515
#: serverguide/C/installation.xml:965(para)
20516
msgid ""
20517
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20518
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20519
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20520
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20521
"partitions and configure LVM. At this time the only way to configure a "
20522
"system with both LVM and standard partitions, during installation, is to use "
20523
"the Manual approach."
20524
msgstr ""
20525
20526
#: serverguide/C/installation.xml:982(para)
20527
msgid ""
20528
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20529
"<emphasis>\"Manual\"</emphasis>."
20530
msgstr ""
20531
20532
#: serverguide/C/installation.xml:989(para)
20533
msgid ""
20534
"Select the hard disk and on the next screen choose \"yes\" to "
20535
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20536
msgstr ""
20537
20538
#: serverguide/C/installation.xml:996(para)
20539
msgid ""
20540
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20541
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20542
msgstr ""
20543
20544
#: serverguide/C/installation.xml:1004(para)
20545
msgid ""
20546
"For the LVM <emphasis>/srv</emphasis>, create a new "
20547
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20548
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20549
"<emphasis>\"Done setting up the partition\"</emphasis>."
20550
msgstr ""
20551
20552
#: serverguide/C/installation.xml:1012(para)
20553
msgid ""
20554
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20555
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20556
"disk."
20557
msgstr ""
20558
20559
#: serverguide/C/installation.xml:1020(para)
20560
msgid ""
20561
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20562
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20563
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20564
"After entering a name, select the partition configured for LVM, and choose "
20565
"<emphasis>\"Continue\"</emphasis>."
20566
msgstr ""
20567
20568
#: serverguide/C/installation.xml:1029(para)
20569
msgid ""
20570
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20571
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20572
"volume group, and enter a name for the new LV, for example "
20573
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20574
"a size, which may be the full partition because it can always be extended "
20575
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20576
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20577
msgstr ""
20578
20579
#: serverguide/C/installation.xml:1039(para)
20580
msgid ""
20581
"Now add a filesystem to the new LVM. Select the partition under "
20582
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20583
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20584
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20585
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20586
msgstr ""
20587
20588
#: serverguide/C/installation.xml:1048(para)
20589
msgid ""
20590
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20591
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20592
"the installation."
20593
msgstr ""
20594
20595
#: serverguide/C/installation.xml:1056(para)
20596
msgid "There are some useful utilities to view information about LVM:"
20597
msgstr ""
20598
20599
#: serverguide/C/installation.xml:1061(para)
20600
msgid ""
20601
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20602
msgstr ""
20603
20604
#: serverguide/C/installation.xml:1062(para)
20605
msgid ""
20606
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20607
msgstr ""
20608
20609
#: serverguide/C/installation.xml:1063(para)
20610
msgid ""
20611
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20612
"Physical Volumes."
20613
msgstr ""
20614
20615
#: serverguide/C/installation.xml:1068(title)
20616
msgid "Extending Volume Groups"
20617
msgstr ""
20618
20619
#: serverguide/C/installation.xml:1070(para)
20620
msgid ""
20621
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20622
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20623
"adding it to the volume group (VG), extending the logical volume <filename "
20624
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20625
"example assumes a second hard disk has been added to the system. This hard "
20626
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20627
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20628
"before issuing the commands below. You could lose some data if you issue "
20629
"those commands on a non-empty disk. In our example we will use the entire "
20630
"disk as a physical volume (you could choose to create partitions and use "
20631
"them as different physical volumes)"
20632
msgstr ""
20633
20634
#: serverguide/C/installation.xml:1082(para)
20635
msgid "First, create the physical volume, in a terminal execute:"
20636
msgstr ""
20637
20638
#: serverguide/C/installation.xml:1087(command)
20639
msgid "sudo pvcreate /dev/sdb"
20640
msgstr ""
20641
20642
#: serverguide/C/installation.xml:1093(para)
20643
msgid "Now extend the Volume Group (VG):"
20644
msgstr ""
20645
20646
#: serverguide/C/installation.xml:1098(command)
20647
msgid "sudo vgextend vg01 /dev/sdb"
20648
msgstr ""
20649
20650
#: serverguide/C/installation.xml:1104(para)
20651
msgid ""
20652
"Use <application>vgdisplay</application> to find out the free physical "
20653
"extents - Free PE / size (the size you can allocate). We will assume a free "
20654
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20655
"whole free space available. Use your own PE and/or free space."
20656
msgstr ""
20657
20658
#: serverguide/C/installation.xml:1110(para)
20659
msgid ""
20660
"The Logical Volume (LV) can now be extended by different methods, we will "
20661
"only see how to use the PE to extend the LV:"
20662
msgstr ""
20663
20664
#: serverguide/C/installation.xml:1115(command)
20665
msgid "sudo lvextend /dev/vg01/srv -l +511"
20666
msgstr ""
20667
20668
#: serverguide/C/installation.xml:1118(para)
20669
msgid ""
20670
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20671
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20672
"Gig, Tera, etc bytes."
20673
msgstr ""
20674
20675
#: serverguide/C/installation.xml:1126(para)
20676
msgid ""
20677
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20678
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20679
"practice to unmount it anyway and check the filesystem, so that you don't "
20680
"mess up the day you want to reduce a logical volume (in that case unmounting "
20681
"first is compulsory)."
20682
msgstr ""
20683
20684
#: serverguide/C/installation.xml:1132(para)
20685
msgid ""
20686
"The following commands are for an <emphasis>EXT3</emphasis> or "
20687
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20688
"there may be other utilities available."
20689
msgstr ""
20690
20691
#: serverguide/C/installation.xml:1139(command)
20692
msgid "sudo e2fsck -f /dev/vg01/srv"
20693
msgstr ""
20694
20695
#: serverguide/C/installation.xml:1142(para)
20696
msgid ""
20697
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20698
"forces checking even if the system seems clean."
20699
msgstr ""
20700
20701
#: serverguide/C/installation.xml:1149(para)
20702
msgid "Finally, resize the filesystem:"
20703
msgstr ""
20704
20705
#: serverguide/C/installation.xml:1154(command)
20706
msgid "sudo resize2fs /dev/vg01/srv"
20707
msgstr ""
20708
20709
#: serverguide/C/installation.xml:1160(para)
20710
msgid "Now mount the partition and check its size."
20711
msgstr ""
20712
20713
#: serverguide/C/installation.xml:1165(command)
20714
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20715
msgstr ""
20716
20717
#: serverguide/C/installation.xml:1177(para)
20718
msgid ""
20719
"See the <ulink "
20720
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20721
"Articles</ulink>."
20722
msgstr ""
20723
20724
#: serverguide/C/installation.xml:1182(para)
20725
msgid ""
20726
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20727
"HOWTO</ulink> for more information."
20728
msgstr ""
20729
20730
#: serverguide/C/installation.xml:1187(para)
20731
msgid ""
20732
"Another good article is <ulink "
20733
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20734
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20735
"linuxdevcenter.com site."
20736
msgstr ""
20737
20738
#: serverguide/C/installation.xml:1194(para)
20739
msgid ""
20740
"For more information on <application>fdisk</application> see the <ulink "
20741
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20742
"sk man page</ulink>."
20743
msgstr ""
20744
20745
#: serverguide/C/file-server.xml:13(title)
20746
msgid "File Servers"
20747
msgstr ""
20748
20749
#: serverguide/C/file-server.xml:15(para)
20750
msgid ""
20751
"If you have more than one computer on a single network. At some point you "
20752
"will probably need to share files between them. In this section we cover "
20753
"installing and configuring FTP, NFS, and CUPS."
20754
msgstr ""
20755
20756
#: serverguide/C/file-server.xml:22(title)
20757
msgid "FTP Server"
20758
msgstr ""
20759
20760
#: serverguide/C/file-server.xml:24(para)
20761
msgid ""
20762
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20763
"files between computers. FTP works on a client/server model. The server "
20764
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20765
"listens for FTP requests from remote clients. When a request is received, it "
20766
"manages the login and sets up the connection. For the duration of the "
20767
"session it executes any of commands sent by the FTP client."
20768
msgstr ""
20769
20770
#: serverguide/C/file-server.xml:33(para)
20771
msgid "Access to an FTP server can be managed in two ways:"
20772
msgstr ""
20773
20774
#: serverguide/C/file-server.xml:37(para)
20775
msgid "Anonymous"
20776
msgstr ""
20777
20778
#: serverguide/C/file-server.xml:40(para)
20779
msgid "Authenticated"
20780
msgstr ""
20781
20782
#: serverguide/C/file-server.xml:43(para)
20783
msgid ""
20784
"In the Anonymous mode, remote clients can access the FTP server by using the "
20785
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20786
"address as the password. In the Authenticated mode a user must have an "
20787
"account and a password. User access to the FTP server directories and files "
20788
"is dependent on the permissions defined for the account used at login. As a "
20789
"general rule, the FTP daemon will hide the root directory of the FTP server "
20790
"and change it to the FTP Home directory. This hides the rest of the file "
20791
"system from remote sessions."
20792
msgstr ""
20793
20794
#: serverguide/C/file-server.xml:55(title)
20795
msgid "vsftpd - FTP Server Installation"
20796
msgstr ""
20797
20798
#: serverguide/C/file-server.xml:57(para)
20799
msgid ""
20800
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20801
"and maintain. To install <application>vsftpd</application> you can run the "
20802
"following command:"
20803
msgstr ""
20804
20805
#: serverguide/C/file-server.xml:65(command)
20806
msgid "sudo apt-get install vsftpd"
20807
msgstr ""
20808
20809
#: serverguide/C/file-server.xml:71(title)
20810
msgid "Anonymous FTP Configuration"
20811
msgstr ""
20812
20813
#: serverguide/C/file-server.xml:73(para)
20814
msgid ""
20815
"By default <application>vsftpd</application> is configured to only allow "
20816
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20817
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20818
"default FTP directory."
20819
msgstr ""
20820
20821
#: serverguide/C/file-server.xml:80(para)
20822
msgid ""
20823
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20824
"example, simply create a directory in another location and change the "
20825
"<emphasis>ftp</emphasis> user's home directory:"
20826
msgstr ""
20827
20828
#: serverguide/C/file-server.xml:87(command)
20829
msgid "sudo mkdir /srv/ftp"
20830
msgstr ""
20831
20832
#: serverguide/C/file-server.xml:88(command)
20833
msgid "sudo usermod -d /srv/ftp ftp"
20834
msgstr ""
20835
20836
#: serverguide/C/file-server.xml:91(para)
20837
msgid "After making the change restart <application>vsftpd</application>:"
20838
msgstr ""
20839
20840
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20841
msgid "sudo /etc/init.d/vsftpd restart"
20842
msgstr ""
20843
20844
#: serverguide/C/file-server.xml:99(para)
20845
msgid ""
20846
"Finally, copy any files and directories you would like to make available "
20847
"through anonymous FTP to <filename>/srv/ftp</filename>."
20848
msgstr ""
20849
20850
#: serverguide/C/file-server.xml:106(title)
20851
msgid "User Authenticated FTP Configuration"
20852
msgstr ""
20853
20854
#: serverguide/C/file-server.xml:108(para)
20855
msgid ""
20856
"To configure <application>vsftpd</application> to authenticate system users "
20857
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20858
msgstr ""
20859
20860
#: serverguide/C/file-server.xml:114(programlisting)
20861
#, no-wrap
20862
msgid ""
20863
"\n"
20864
"local_enable=YES\n"
20865
"write_enable=YES\n"
20866
msgstr ""
20867
20868
#: serverguide/C/file-server.xml:119(para)
20869
msgid "Now restart <application>vsftpd</application>:"
20870
msgstr ""
20871
20872
#: serverguide/C/file-server.xml:127(para)
20873
msgid ""
20874
"Now when system users login to FTP they will start in their "
20875
"<emphasis>home</emphasis> directories where they can download, upload, "
20876
"create directories, etc."
20877
msgstr ""
20878
20879
#: serverguide/C/file-server.xml:133(para)
20880
msgid ""
20881
"Similarly, by default, the anonymous users are not allowed to upload files "
20882
"to FTP server. To change this setting, you should uncomment the following "
20883
"line, and restart <application>vsftpd</application>:"
20884
msgstr ""
20885
20886
#: serverguide/C/file-server.xml:140(programlisting)
20887
#, no-wrap
20888
msgid ""
20889
"\n"
20890
"anon_upload_enable=YES\n"
20891
msgstr ""
20892
20893
#: serverguide/C/file-server.xml:145(para)
20894
msgid ""
20895
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
20896
"not enable anonymous upload on servers accessed directly from the Internet."
20897
msgstr ""
20898
20899
#: serverguide/C/file-server.xml:151(para)
20900
msgid ""
20901
"The configuration file consists of many configuration parameters. The "
20902
"information about each parameter is available in the configuration file. "
20903
"Alternatively, you can refer to the man page, <command>man 5 "
20904
"vsftpd.conf</command> for details of each parameter."
20905
msgstr ""
20906
20907
#: serverguide/C/file-server.xml:162(title)
20908
msgid "Securing FTP"
20909
msgstr ""
20910
20911
#: serverguide/C/file-server.xml:164(para)
20912
msgid ""
20913
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
20914
"<application>vsftpd</application> more secure. For example users can be "
20915
"limited to their home directories by uncommenting:"
20916
msgstr ""
20917
20918
#: serverguide/C/file-server.xml:170(programlisting)
20919
#, no-wrap
20920
msgid ""
20921
"\n"
20922
"chroot_local_user=YES\n"
20923
msgstr ""
20924
20925
#: serverguide/C/file-server.xml:174(para)
20926
msgid ""
20927
"You can also limit a specific list of users to just their home directories:"
20928
msgstr ""
20929
20930
#: serverguide/C/file-server.xml:178(programlisting)
20931
#, no-wrap
20932
msgid ""
20933
"\n"
20934
"chroot_list_enable=YES\n"
20935
"chroot_list_file=/etc/vsftpd.chroot_list\n"
20936
msgstr ""
20937
20938
#: serverguide/C/file-server.xml:183(para)
20939
msgid ""
20940
"After uncommenting the above options, create a "
20941
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
20942
"per line. Then restart <application>vsftpd</application>:"
20943
msgstr ""
20944
20945
#: serverguide/C/file-server.xml:192(para)
20946
msgid ""
20947
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
20948
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
20949
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
20950
"add them to the list."
20951
msgstr ""
20952
20953
#: serverguide/C/file-server.xml:199(para)
20954
msgid ""
20955
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
20956
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
20957
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
20958
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
20959
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
20960
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
20961
"with a shell may not be ideal for some environments, such as a shared web "
20962
"host."
20963
msgstr ""
20964
20965
#: serverguide/C/file-server.xml:208(para)
20966
msgid ""
20967
"To configure <emphasis>FTPS</emphasis>, edit "
20968
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
20969
msgstr ""
20970
20971
#: serverguide/C/file-server.xml:212(programlisting)
20972
#, no-wrap
20973
msgid ""
20974
"\n"
20975
"ssl_enable=Yes\n"
20976
msgstr ""
20977
20978
#: serverguide/C/file-server.xml:216(para)
20979
msgid "Also, notice the certificate and key related options:"
20980
msgstr ""
20981
20982
#: serverguide/C/file-server.xml:220(programlisting)
20983
#, no-wrap
20984
msgid ""
20985
"\n"
20986
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
20987
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
20988
msgstr ""
20989
20990
#: serverguide/C/file-server.xml:225(para)
20991
msgid ""
20992
"By default these options are set the certificate and key provided by the "
20993
"<application>ssl-cert</application> package. In a production environment "
20994
"these should be replaced with a certificate and key generated for the "
20995
"specific host. For more information on certificates see <xref "
20996
"linkend=\"certificates-and-security\"/>."
20997
msgstr ""
20998
20999
#: serverguide/C/file-server.xml:231(para)
21000
msgid ""
21001
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21002
"be forced to use <emphasis>FTPS</emphasis>:"
21003
msgstr ""
21004
21005
#: serverguide/C/file-server.xml:240(para)
21006
msgid ""
21007
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21008
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21009
"adding the <emphasis>nologin</emphasis> shell:"
21010
msgstr ""
21011
21012
#: serverguide/C/file-server.xml:245(programlisting)
21013
#, no-wrap
21014
msgid ""
21015
"\n"
21016
"# /etc/shells: valid login shells\n"
21017
"/bin/csh\n"
21018
"/bin/sh\n"
21019
"/usr/bin/es\n"
21020
"/usr/bin/ksh\n"
21021
"/bin/ksh\n"
21022
"/usr/bin/rc\n"
21023
"/usr/bin/tcsh\n"
21024
"/bin/tcsh\n"
21025
"/usr/bin/esh\n"
21026
"/bin/dash\n"
21027
"/bin/bash\n"
21028
"/bin/rbash\n"
21029
"/usr/bin/screen\n"
21030
"/usr/sbin/nologin\n"
21031
msgstr ""
21032
21033
#: serverguide/C/file-server.xml:263(para)
21034
msgid ""
21035
"This is necessary because, by default <application>vsftpd</application> uses "
21036
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21037
"configuration file contains:"
21038
msgstr ""
21039
21040
#: serverguide/C/file-server.xml:268(programlisting)
21041
#, no-wrap
21042
msgid ""
21043
"\n"
21044
"auth required pam_shells.so\n"
21045
msgstr ""
21046
21047
#: serverguide/C/file-server.xml:272(para)
21048
msgid ""
21049
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21050
"in the <filename>/etc/shells</filename> file."
21051
msgstr ""
21052
21053
#: serverguide/C/file-server.xml:277(para)
21054
msgid ""
21055
"Most popular FTP clients can be configured connect using FTPS. The "
21056
"<application>lftp</application> command line FTP client has the ability to "
21057
"use FTPS as well."
21058
msgstr ""
21059
21060
#: serverguide/C/file-server.xml:288(para)
21061
msgid ""
21062
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21063
"website</ulink> for more information."
21064
msgstr ""
21065
21066
#: serverguide/C/file-server.xml:293(para)
21067
msgid ""
21068
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21069
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21070
"\">vsftpd.conf man page</ulink>."
21071
msgstr ""
21072
21073
#: serverguide/C/file-server.xml:299(para)
21074
msgid ""
21075
"The CodeGurus article <ulink "
21076
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21077
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21078
"contrasting FTPS and SFTP."
21079
msgstr ""
21080
21081
#: serverguide/C/file-server.xml:305(para)
21082
msgid ""
21083
"Also, for more information see the <ulink "
21084
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21085
"page."
21086
msgstr ""
21087
21088
#: serverguide/C/file-server.xml:315(title)
21089
msgid "Network File System (NFS)"
21090
msgstr ""
21091
21092
#: serverguide/C/file-server.xml:316(para)
21093
msgid ""
21094
"NFS allows a system to share directories and files with others over a "
21095
"network. By using NFS, users and programs can access files on remote systems "
21096
"almost as if they were local files."
21097
msgstr ""
21098
21099
#: serverguide/C/file-server.xml:322(para)
21100
msgid "Some of the most notable benefits that NFS can provide are:"
21101
msgstr ""
21102
21103
#: serverguide/C/file-server.xml:328(para)
21104
msgid ""
21105
"Local workstations use less disk space because commonly used data can be "
21106
"stored on a single machine and still remain accessible to others over the "
21107
"network."
21108
msgstr ""
21109
21110
#: serverguide/C/file-server.xml:333(para)
21111
msgid ""
21112
"There is no need for users to have separate home directories on every "
21113
"network machine. Home directories could be set up on the NFS server and made "
21114
"available throughout the network."
21115
msgstr ""
21116
21117
#: serverguide/C/file-server.xml:339(para)
21118
msgid ""
21119
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21120
"be used by other machines on the network. This may reduce the number of "
21121
"removable media drives throughout the network."
21122
msgstr ""
21123
21124
#: serverguide/C/file-server.xml:349(para)
21125
msgid ""
21126
"At a terminal prompt enter the following command to install the NFS Server:"
21127
msgstr ""
21128
21129
#: serverguide/C/file-server.xml:355(command)
21130
msgid "sudo apt-get install nfs-kernel-server"
21131
msgstr ""
21132
21133
#: serverguide/C/file-server.xml:361(para)
21134
msgid ""
21135
"You can configure the directories to be exported by adding them to the "
21136
"<filename>/etc/exports</filename> file. For example:"
21137
msgstr ""
21138
21139
#: serverguide/C/file-server.xml:366(screen)
21140
#, no-wrap
21141
msgid ""
21142
"\n"
21143
"/ubuntu *(ro,sync,no_root_squash)\n"
21144
"/home *(rw,sync,no_root_squash)\n"
21145
msgstr ""
21146
21147
#: serverguide/C/file-server.xml:372(para)
21148
msgid ""
21149
"You can replace * with one of the hostname formats. Make the hostname "
21150
"declaration as specific as possible so unwanted systems cannot access the "
21151
"NFS mount."
21152
msgstr ""
21153
21154
#: serverguide/C/file-server.xml:378(para)
21155
msgid ""
21156
"To start the NFS server, you can run the following command at a terminal "
21157
"prompt:"
21158
msgstr ""
21159
21160
#: serverguide/C/file-server.xml:383(command)
21161
msgid "sudo /etc/init.d/nfs-kernel-server start"
21162
msgstr ""
21163
21164
#: serverguide/C/file-server.xml:388(title)
21165
msgid "NFS Client Configuration"
21166
msgstr ""
21167
21168
#: serverguide/C/file-server.xml:389(para)
21169
msgid ""
21170
"Use the <application>mount</application> command to mount a shared NFS "
21171
"directory from another machine, by typing a command line similar to the "
21172
"following at a terminal prompt:"
21173
msgstr ""
21174
21175
#: serverguide/C/file-server.xml:395(command)
21176
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21177
msgstr ""
21178
21179
#: serverguide/C/file-server.xml:399(para)
21180
msgid ""
21181
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21182
"There should be no files or subdirectories in the "
21183
"<filename>/local/ubuntu</filename> directory."
21184
msgstr ""
21185
21186
#: serverguide/C/file-server.xml:406(para)
21187
msgid ""
21188
"An alternate way to mount an NFS share from another machine is to add a line "
21189
"to the <filename>/etc/fstab</filename> file. The line must state the "
21190
"hostname of the NFS server, the directory on the server being exported, and "
21191
"the directory on the local machine where the NFS share is to be mounted."
21192
msgstr ""
21193
21194
#: serverguide/C/file-server.xml:414(para)
21195
msgid ""
21196
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21197
"as follows:"
21198
msgstr ""
21199
21200
#: serverguide/C/file-server.xml:420(programlisting)
21201
#, no-wrap
21202
msgid ""
21203
"\n"
21204
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21205
"rsize=8192,wsize=8192,timeo=14,intr\n"
21206
msgstr ""
21207
21208
#: serverguide/C/file-server.xml:424(para)
21209
msgid ""
21210
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21211
"common</application> package is installed on your client. To install "
21212
"<application>nfs-common</application> enter the following command at the "
21213
"terminal prompt: <screen>\n"
21214
"<command>sudo apt-get install nfs-common</command>\n"
21215
"</screen>"
21216
msgstr ""
21217
21218
#: serverguide/C/file-server.xml:437(ulink)
21219
msgid "Linux NFS faq"
21220
msgstr ""
21221
21222
#: serverguide/C/file-server.xml:439(ulink)
21223
msgid "Ubuntu Wiki NFS Howto"
21224
msgstr ""
21225
21226
#: serverguide/C/file-server.xml:445(title)
21227
msgid "CUPS - Print Server"
21228
msgstr ""
21229
21230
#: serverguide/C/file-server.xml:446(para)
21231
msgid ""
21232
"The primary mechanism for Ubuntu printing and print services is the "
21233
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21234
"printing system is a freely available, portable printing layer which has "
21235
"become the new standard for printing in most Linux distributions."
21236
msgstr ""
21237
21238
#: serverguide/C/file-server.xml:453(para)
21239
msgid ""
21240
"CUPS manages print jobs and queues and provides network printing using the "
21241
"standard Internet Printing Protocol (IPP), while offering support for a very "
21242
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21243
"also supports PostScript Printer Description (PPD) and auto-detection of "
21244
"network printers, and features a simple web-based configuration and "
21245
"administration tool."
21246
msgstr ""
21247
21248
#: serverguide/C/file-server.xml:463(para)
21249
msgid ""
21250
"To install CUPS on your Ubuntu computer, simply use "
21251
"<application>sudo</application> with the <application>apt-get</application> "
21252
"command and give the packages to install as the first parameter. A complete "
21253
"CUPS install has many package dependencies, but they may all be specified on "
21254
"the same command line. Enter the following at a terminal prompt to install "
21255
"CUPS:"
21256
msgstr ""
21257
21258
#: serverguide/C/file-server.xml:468(command)
21259
msgid "sudo apt-get install cups"
21260
msgstr ""
21261
21262
#: serverguide/C/file-server.xml:471(para)
21263
msgid ""
21264
"Upon authenticating with your user password, the packages should be "
21265
"downloaded and installed without error. Upon the conclusion of installation, "
21266
"the CUPS server will be started automatically."
21267
msgstr ""
21268
21269
#: serverguide/C/file-server.xml:476(para)
21270
msgid ""
21271
"For troubleshooting purposes, you can access CUPS server errors via the "
21272
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21273
"error log does not show enough information to troubleshoot any problems you "
21274
"encounter, the verbosity of the CUPS log can be increased by changing the "
21275
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21276
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21277
"everything, from the default of \"info\". If you make this change, remember "
21278
"to change it back once you've solved your problem, to prevent the log file "
21279
"from becoming overly large."
21280
msgstr ""
21281
21282
#: serverguide/C/file-server.xml:489(para)
21283
msgid ""
21284
"The Common UNIX Printing System server's behavior is configured through the "
21285
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21286
"The CUPS configuration file follows the same syntax as the primary "
21287
"configuration file for the Apache HTTP server, so users familiar with "
21288
"editing Apache's configuration file should feel at ease when editing the "
21289
"CUPS configuration file. Some examples of settings you may wish to change "
21290
"initially will be presented here."
21291
msgstr ""
21292
21293
#: serverguide/C/file-server.xml:499(para)
21294
msgid ""
21295
"Prior to editing the configuration file, you should make a copy of the "
21296
"original file and protect it from writing, so you will have the original "
21297
"settings as a reference, and to reuse as necessary."
21298
msgstr ""
21299
21300
#: serverguide/C/file-server.xml:503(para)
21301
msgid ""
21302
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21303
"writing with the following commands, issued at a terminal prompt:"
21304
msgstr ""
21305
21306
#: serverguide/C/file-server.xml:509(command)
21307
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21308
msgstr ""
21309
21310
#: serverguide/C/file-server.xml:510(command)
21311
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21312
msgstr ""
21313
21314
#: serverguide/C/file-server.xml:515(para)
21315
msgid ""
21316
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21317
"address of the designated administrator of the CUPS server, simply edit the "
21318
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21319
"preferred text editor, and add or modify the <emphasis "
21320
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21321
"you are the Administrator for the CUPS server, and your e-mail address is "
21322
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21323
"as such:"
21324
msgstr ""
21325
21326
#: serverguide/C/file-server.xml:526(screen)
21327
#, no-wrap
21328
msgid ""
21329
"\n"
21330
"ServerAdmin bjoy@somebigco.com\n"
21331
msgstr ""
21332
21333
#: serverguide/C/file-server.xml:532(para)
21334
msgid ""
21335
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21336
"server installation listens only on the loopback interface at IP address "
21337
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21338
"listen on an actual network adapter's IP address, you must specify either a "
21339
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21340
"addition of a Listen directive. For example, if your CUPS server resides on "
21341
"a local network at the IP address <emphasis "
21342
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21343
"accessible to the other systems on this subnetwork, you would edit the "
21344
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21345
"such:"
21346
msgstr ""
21347
21348
#: serverguide/C/file-server.xml:546(screen)
21349
#, no-wrap
21350
msgid ""
21351
"\n"
21352
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21353
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21354
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21355
"(IPP)\n"
21356
msgstr ""
21357
21358
#: serverguide/C/file-server.xml:552(para)
21359
msgid ""
21360
"In the example above, you may comment out or remove the reference to the "
21361
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21362
"</application> to listen on that interface, but would rather have it only "
21363
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21364
"listening for all network interfaces for which a certain hostname is bound, "
21365
"including the Loopback, you could create a Listen entry for the hostname "
21366
"<emphasis>socrates</emphasis> as such:"
21367
msgstr ""
21368
21369
#: serverguide/C/file-server.xml:562(screen)
21370
#, no-wrap
21371
msgid ""
21372
"\n"
21373
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21374
msgstr ""
21375
21376
#: serverguide/C/file-server.xml:566(para)
21377
msgid ""
21378
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21379
"instead, as in:"
21380
msgstr ""
21381
21382
#: serverguide/C/file-server.xml:568(screen)
21383
#, no-wrap
21384
msgid ""
21385
"\n"
21386
"Port 631 # Listen on port 631 on all interfaces\n"
21387
msgstr ""
21388
21389
#: serverguide/C/file-server.xml:575(para)
21390
msgid ""
21391
"For more examples of configuration directives in the CUPS server "
21392
"configuration file, view the associated system manual page by entering the "
21393
"following command at a terminal prompt:"
21394
msgstr ""
21395
21396
#: serverguide/C/file-server.xml:582(command)
21397
msgid "man cupsd.conf"
21398
msgstr ""
21399
21400
#: serverguide/C/file-server.xml:586(para)
21401
msgid ""
21402
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21403
"configuration file, you'll need to restart the CUPS server by typing the "
21404
"following command at a terminal prompt:"
21405
msgstr ""
21406
21407
#: serverguide/C/file-server.xml:592(command)
21408
msgid "sudo /etc/init.d/cups restart"
21409
msgstr ""
21410
21411
#: serverguide/C/file-server.xml:598(title)
21412
msgid "Web Interface"
21413
msgstr ""
21414
21415
#: serverguide/C/file-server.xml:600(para)
21416
msgid ""
21417
"CUPS can be configured and monitored using a web interface, which by default "
21418
"is available at <ulink "
21419
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21420
"web interface can be used to perform all printer management tasks."
21421
msgstr ""
21422
21423
#: serverguide/C/file-server.xml:604(para)
21424
msgid ""
21425
"In order to perform administrative tasks via the web interface, you must "
21426
"either have the root account enabled on your server, or authenticate as a "
21427
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21428
"reasons, CUPS won't authenticate a user that doesn't have a password."
21429
msgstr ""
21430
21431
#: serverguide/C/file-server.xml:607(para)
21432
msgid ""
21433
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21434
"at the terminal prompt: <screen>\n"
21435
"<command>sudo usermod -aG lpadmin username</command>\n"
21436
"</screen>"
21437
msgstr ""
21438
21439
#: serverguide/C/file-server.xml:613(para)
21440
msgid ""
21441
"Further documentation is available in the <emphasis "
21442
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21443
msgstr ""
21444
21445
#: serverguide/C/file-server.xml:621(ulink)
21446
msgid "CUPS Website"
21447
msgstr ""
21448
21449
#: serverguide/C/file-server.xml:624(ulink)
21450
msgid "Ubuntu Wiki CUPS page"
21451
msgstr ""
21452
21453
#: serverguide/C/dns.xml:13(title)
21454
msgid "Domain Name Service (DNS)"
21455
msgstr ""
21456
21457
#: serverguide/C/dns.xml:14(para)
21458
msgid ""
21459
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21460
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21461
"alleviates the need to remember IP addresses. Computers that run DNS are "
21462
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21463
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21464
"common program used for maintaining a name server on Linux."
21465
msgstr ""
21466
21467
#: serverguide/C/dns.xml:24(para)
21468
msgid ""
21469
"At a terminal prompt, enter the following command to install "
21470
"<application>dns</application>:"
21471
msgstr ""
21472
21473
#: serverguide/C/dns.xml:28(command)
21474
msgid "sudo apt-get install bind9"
21475
msgstr ""
21476
21477
#: serverguide/C/dns.xml:30(para)
21478
msgid ""
21479
"A very useful package for testing and troubleshooting DNS issues is the "
21480
"dnsutils package. To install <application>dnsutils</application> enter the "
21481
"following:"
21482
msgstr ""
21483
21484
#: serverguide/C/dns.xml:35(command)
21485
msgid "sudo apt-get install dnsutils"
21486
msgstr ""
21487
21488
#: serverguide/C/dns.xml:40(para)
21489
msgid ""
21490
"There are many ways to configure <application>BIND9</application>. Some of "
21491
"the most common configurations are a caching nameserver, primary master, and "
21492
"as a secondary master."
21493
msgstr ""
21494
21495
#: serverguide/C/dns.xml:46(para)
21496
msgid ""
21497
"When configured as a caching nameserver BIND9 will find the answer to name "
21498
"queries and remember the answer when the domain is queried again."
21499
msgstr ""
21500
21501
#: serverguide/C/dns.xml:52(para)
21502
msgid ""
21503
"As a primary master server BIND9 reads the data for a zone from a file on "
21504
"it's host and is authoritative for that zone."
21505
msgstr ""
21506
21507
#: serverguide/C/dns.xml:57(para)
21508
msgid ""
21509
"In a secondary master configuration BIND9 gets the zone data from another "
21510
"nameserver authoritative for the zone."
21511
msgstr ""
21512
21513
#: serverguide/C/dns.xml:65(para)
21514
msgid ""
21515
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21516
"directory. The primary configuration file is "
21517
"<filename>/etc/bind/named.conf</filename>."
21518
msgstr ""
21519
21520
#: serverguide/C/dns.xml:72(para)
21521
msgid ""
21522
"The <emphasis>include</emphasis> line specifies the filename which contains "
21523
"the DNS options. The <emphasis>directory</emphasis> line in the "
21524
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21525
"look for files. All files BIND uses will be relative to this directory."
21526
msgstr ""
21527
21528
#: serverguide/C/dns.xml:80(para)
21529
msgid ""
21530
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21531
"nameservers in the world. The servers change over time, so the "
21532
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21533
"This is usually done as updates to the <application>bind9</application> "
21534
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21535
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21536
msgstr ""
21537
21538
#: serverguide/C/dns.xml:90(para)
21539
msgid ""
21540
"It is possible to configure the same server to be a caching name server, "
21541
"primary master, and secondary master. A server can be the Start of Authority "
21542
"(SOA) for one zone, while providing secondary service for another zone. All "
21543
"the while providing caching services for hosts on the local LAN."
21544
msgstr ""
21545
21546
#: serverguide/C/dns.xml:98(title)
21547
msgid "Caching Nameserver"
21548
msgstr ""
21549
21550
#: serverguide/C/dns.xml:99(para)
21551
msgid ""
21552
"The default configuration is setup to act as a caching server. All that is "
21553
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21554
"uncomment and edit the following in "
21555
"<filename>/etc/bind/named.conf.options</filename>:"
21556
msgstr ""
21557
21558
#: serverguide/C/dns.xml:103(programlisting)
21559
#, no-wrap
21560
msgid ""
21561
"\n"
21562
"forwarders {\n"
21563
" 1.2.3.4;\n"
21564
" 5.6.7.8;\n"
21565
" };\n"
21566
msgstr ""
21567
21568
#: serverguide/C/dns.xml:110(para)
21569
msgid ""
21570
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21571
"the IP Adresses of actual nameservers."
21572
msgstr ""
21573
21574
#: serverguide/C/dns.xml:114(para)
21575
msgid ""
21576
"Now restart the DNS server, to enable the new configuration. From a terminal "
21577
"prompt:"
21578
msgstr ""
21579
21580
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21581
msgid "sudo /etc/init.d/bind9 restart"
21582
msgstr ""
21583
21584
#: serverguide/C/dns.xml:120(para)
21585
msgid ""
21586
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21587
"DNS server."
21588
msgstr ""
21589
21590
#: serverguide/C/dns.xml:125(title)
21591
msgid "Primary Master"
21592
msgstr ""
21593
21594
#: serverguide/C/dns.xml:126(para)
21595
msgid ""
21596
"In this section <application>BIND9</application> will be configured as the "
21597
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21598
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21599
"(Fully Qualified Domain Name)."
21600
msgstr ""
21601
21602
#: serverguide/C/dns.xml:132(title)
21603
msgid "Forward Zone File"
21604
msgstr ""
21605
21606
#: serverguide/C/dns.xml:133(para)
21607
msgid ""
21608
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21609
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21610
msgstr ""
21611
21612
#: serverguide/C/dns.xml:137(programlisting)
21613
#, no-wrap
21614
msgid ""
21615
"\n"
21616
"zone \"example.com\" {\n"
21617
"\ttype master;\n"
21618
" file \"/etc/bind/db.example.com\";\n"
21619
"};\n"
21620
msgstr ""
21621
21622
#: serverguide/C/dns.xml:143(para)
21623
msgid ""
21624
"Now use an existing zone file as a template to create the "
21625
"<filename>/etc/bind/db.example.com</filename> file:"
21626
msgstr ""
21627
21628
#: serverguide/C/dns.xml:147(command)
21629
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21630
msgstr ""
21631
21632
#: serverguide/C/dns.xml:149(para)
21633
msgid ""
21634
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21635
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21636
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21637
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21638
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21639
"leaving the \".\" at the end."
21640
msgstr ""
21641
21642
#: serverguide/C/dns.xml:155(para)
21643
msgid ""
21644
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21645
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21646
msgstr ""
21647
21648
#: serverguide/C/dns.xml:159(programlisting)
21649
#, no-wrap
21650
msgid ""
21651
"\n"
21652
";\n"
21653
"; BIND data file for local loopback interface\n"
21654
";\n"
21655
"$TTL 604800\n"
21656
"@ IN SOA ns.example.com. root.example.com. (\n"
21657
" 2 ; Serial\n"
21658
" 604800 ; Refresh\n"
21659
" 86400 ; Retry\n"
21660
" 2419200 ; Expire\n"
21661
" 604800 ) ; Negative Cache TTL\n"
21662
";\n"
21663
"@ IN NS ns.example.com.\n"
21664
"@ IN A 127.0.0.1\n"
21665
"@ IN AAAA ::1\n"
21666
"ns IN A 192.168.1.10\n"
21667
msgstr ""
21668
21669
#: serverguide/C/dns.xml:176(para)
21670
msgid ""
21671
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21672
"make changes to the zone file. If you make multiple changes before "
21673
"restarting BIND9, simply increment the Serial once."
21674
msgstr ""
21675
21676
#: serverguide/C/dns.xml:180(para)
21677
msgid ""
21678
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21679
"linkend=\"dns-record-types\"/> for details."
21680
msgstr ""
21681
21682
#: serverguide/C/dns.xml:184(para)
21683
msgid ""
21684
"Many admins like to use the last date edited as the serial of a zone, such "
21685
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21686
"<emphasis>ss</emphasis> is the Serial Number)"
21687
msgstr ""
21688
21689
#: serverguide/C/dns.xml:189(para)
21690
msgid ""
21691
"Once you have made a change to the zone file "
21692
"<application>BIND9</application> will need to be restarted for the changes "
21693
"to take effect:"
21694
msgstr ""
21695
21696
#: serverguide/C/dns.xml:198(title)
21697
msgid "Reverse Zone File"
21698
msgstr ""
21699
21700
#: serverguide/C/dns.xml:199(para)
21701
msgid ""
21702
"Now that the zone is setup and resolving names to IP Adresses a "
21703
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21704
"DNS to resolve an address to a name."
21705
msgstr ""
21706
21707
#: serverguide/C/dns.xml:203(para)
21708
msgid "Edit /etc/bind/named.conf.local and add the following:"
21709
msgstr ""
21710
21711
#: serverguide/C/dns.xml:206(programlisting)
21712
#, no-wrap
21713
msgid ""
21714
"\n"
21715
"zone \"1.168.192.in-addr.arpa\" {\n"
21716
" type master;\n"
21717
" notify no;\n"
21718
" file \"/etc/bind/db.192\";\n"
21719
"};\n"
21720
msgstr ""
21721
21722
#: serverguide/C/dns.xml:214(para)
21723
msgid ""
21724
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21725
"whatever network you are using. Also, name the zone file "
21726
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21727
"first octet of your network."
21728
msgstr ""
21729
21730
#: serverguide/C/dns.xml:219(para)
21731
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21732
msgstr ""
21733
21734
#: serverguide/C/dns.xml:223(command)
21735
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21736
msgstr ""
21737
21738
#: serverguide/C/dns.xml:225(para)
21739
msgid ""
21740
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21741
"same options as <filename>/etc/bind/db.example.com</filename>:"
21742
msgstr ""
21743
21744
#: serverguide/C/dns.xml:229(programlisting)
21745
#, no-wrap
21746
msgid ""
21747
"\n"
21748
";\n"
21749
"; BIND reverse data file for local loopback interface\n"
21750
";\n"
21751
"$TTL 604800\n"
21752
"@ IN SOA ns.example.com. root.example.com. (\n"
21753
" 2 ; Serial\n"
21754
" 604800 ; Refresh\n"
21755
" 86400 ; Retry\n"
21756
" 2419200 ; Expire\n"
21757
" 604800 ) ; Negative Cache TTL\n"
21758
";\n"
21759
"@ IN NS ns.\n"
21760
"10 IN PTR ns.example.com.\n"
21761
msgstr ""
21762
21763
#: serverguide/C/dns.xml:244(para)
21764
msgid ""
21765
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21766
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21767
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21768
"create a <emphasis>PTR record</emphasis> in "
21769
"<filename>/etc/bind/db.192</filename>."
21770
msgstr ""
21771
21772
#: serverguide/C/dns.xml:249(para)
21773
msgid ""
21774
"After creating the reverse zone file restart "
21775
"<application>BIND9</application>:"
21776
msgstr ""
21777
21778
#: serverguide/C/dns.xml:258(title)
21779
msgid "Secondary Master"
21780
msgstr ""
21781
21782
#: serverguide/C/dns.xml:259(para)
21783
msgid ""
21784
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21785
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21786
"availability of the domain should the Primary become unavailable."
21787
msgstr ""
21788
21789
#: serverguide/C/dns.xml:263(para)
21790
msgid ""
21791
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21792
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21793
"and Reverse zone definitions in "
21794
"<filename>/etc/bind/named.conf.local</filename>:"
21795
msgstr ""
21796
21797
#: serverguide/C/dns.xml:267(programlisting)
21798
#, no-wrap
21799
msgid ""
21800
"\n"
21801
"zone \"example.com\" {\n"
21802
" type master;\n"
21803
"\tfile \"/etc/bind/db.example.com\";\n"
21804
" allow-transfer { 192.168.1.11; };\n"
21805
"};\n"
21806
"\n"
21807
"zone \"1.168.192.in-addr.arpa\" {\n"
21808
" type master;\n"
21809
" notify no;\n"
21810
" file \"/etc/bind/db.192\";\n"
21811
"\tallow-transfer { 192.168.1.11; };\n"
21812
"};\n"
21813
msgstr ""
21814
21815
#: serverguide/C/dns.xml:282(para)
21816
msgid ""
21817
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21818
"Secondary nameserver."
21819
msgstr ""
21820
21821
#: serverguide/C/dns.xml:286(para)
21822
msgid ""
21823
"Next, on the Secondary Master, install the <application>bind9</application> "
21824
"package the same way as on the Primary. Then edit the "
21825
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21826
"declarations for the Forward and Reverse zones:"
21827
msgstr ""
21828
21829
#: serverguide/C/dns.xml:290(programlisting)
21830
#, no-wrap
21831
msgid ""
21832
"\n"
21833
"zone \"example.com\" {\n"
21834
"\ttype slave;\n"
21835
" file \"/var/cache/bind/db.example.com\";\n"
21836
" masters { 192.168.1.10; };\n"
21837
"}; \n"
21838
" \n"
21839
"zone \"1.168.192.in-addr.arpa\" {\n"
21840
"\ttype slave;\n"
21841
" file \"/var/cache/bind/db.192\";\n"
21842
" masters { 192.168.1.10; };\n"
21843
"};\n"
21844
msgstr ""
21845
21846
#: serverguide/C/dns.xml:304(para)
21847
msgid ""
21848
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21849
"Primary nameserver."
21850
msgstr ""
21851
21852
#: serverguide/C/dns.xml:308(para)
21853
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21854
msgstr ""
21855
21856
#: serverguide/C/dns.xml:314(para)
21857
msgid ""
21858
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21859
msgstr ""
21860
21861
#: serverguide/C/dns.xml:317(programlisting)
21862
#, no-wrap
21863
msgid ""
21864
"\n"
21865
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21866
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21867
msgstr ""
21868
21869
#: serverguide/C/dns.xml:322(para)
21870
msgid ""
21871
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21872
"on the Primary is larger than the one on the Secondary."
21873
msgstr ""
21874
21875
#: serverguide/C/dns.xml:328(para)
21876
msgid ""
21877
"The default directory for non-authoritative zone files is "
21878
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21879
"<application>AppArmor</application> to allow the "
21880
"<application>named</application> daemon to write to it. For more information "
21881
"on AppArmor see <xref linkend=\"apparmor\"/>."
21882
msgstr ""
21883
21884
#: serverguide/C/dns.xml:339(para)
21885
msgid ""
21886
"This section covers ways to help determine the cause when problems happen "
21887
"with DNS and <application>BIND9</application>."
21888
msgstr ""
21889
21890
#: serverguide/C/dns.xml:345(title)
21891
msgid "resolv.conf"
21892
msgstr ""
21893
21894
#: serverguide/C/dns.xml:346(para)
21895
msgid ""
21896
"The first step in testing <application>BIND9</application> is to add the "
21897
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
21898
"be configured as well as another host to double check things. Simply edit "
21899
"<filename>/etc/resolv.conf</filename> and add the following:"
21900
msgstr ""
21901
21902
#: serverguide/C/dns.xml:351(programlisting)
21903
#, no-wrap
21904
msgid ""
21905
"\n"
21906
"nameserver\t192.168.1.10\n"
21907
"nameserver\t192.168.1.11\n"
21908
msgstr ""
21909
21910
#: serverguide/C/dns.xml:356(para)
21911
msgid ""
21912
"You should also add the IP Address of the Secondary nameserver in case the "
21913
"Primary becomes unavailable."
21914
msgstr ""
21915
21916
#: serverguide/C/dns.xml:362(title)
21917
msgid "dig"
21918
msgstr ""
21919
21920
#: serverguide/C/dns.xml:363(para)
21921
msgid ""
21922
"If you installed the <application>dnsutils</application> package you can "
21923
"test your setup using the DNS lookup utility <application>dig</application>:"
21924
msgstr ""
21925
21926
#: serverguide/C/dns.xml:369(para)
21927
msgid ""
21928
"After installing <application>BIND9</application> use "
21929
"<application>dig</application> against the loopback interface to make sure "
21930
"it is listening on port 53. From a terminal prompt:"
21931
msgstr ""
21932
21933
#: serverguide/C/dns.xml:374(command)
21934
msgid "dig -x 127.0.0.1"
21935
msgstr ""
21936
21937
#: serverguide/C/dns.xml:376(para)
21938
msgid "You should see lines similar to the following in the command output:"
21939
msgstr ""
21940
21941
#: serverguide/C/dns.xml:379(programlisting)
21942
#, no-wrap
21943
msgid ""
21944
"\n"
21945
";; Query time: 1 msec\n"
21946
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
21947
msgstr ""
21948
21949
#: serverguide/C/dns.xml:385(para)
21950
msgid ""
21951
"If you have configured <application>BIND9</application> as a "
21952
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
21953
"the query time:"
21954
msgstr ""
21955
21956
#: serverguide/C/dns.xml:390(command)
21957
msgid "dig ubuntu.com"
21958
msgstr ""
21959
21960
#: serverguide/C/dns.xml:392(para)
21961
msgid "Note the query time toward the end of the command output:"
21962
msgstr ""
21963
21964
#: serverguide/C/dns.xml:395(programlisting)
21965
#, no-wrap
21966
msgid ""
21967
"\n"
21968
";; Query time: 49 msec\n"
21969
msgstr ""
21970
21971
#: serverguide/C/dns.xml:398(para)
21972
msgid "After a second dig there should be improvement:"
21973
msgstr ""
21974
21975
#: serverguide/C/dns.xml:401(programlisting)
21976
#, no-wrap
21977
msgid ""
21978
"\n"
21979
";; Query time: 1 msec\n"
21980
msgstr ""
21981
21982
#: serverguide/C/dns.xml:408(title)
21983
msgid "ping"
21984
msgstr ""
21985
21986
#: serverguide/C/dns.xml:410(para)
21987
msgid ""
21988
"Now to demonstrate how applications make use of DNS to resolve a host name "
21989
"use the <application>ping</application> utility to send an ICMP echo "
21990
"request. From a terminal prompt enter:"
21991
msgstr ""
21992
21993
#: serverguide/C/dns.xml:416(command)
21994
msgid "ping example.com"
21995
msgstr ""
21996
21997
#: serverguide/C/dns.xml:418(para)
21998
msgid ""
21999
"This tests if the nameserver can resolve the name "
22000
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22001
"should resemble:"
22002
msgstr ""
22003
22004
#: serverguide/C/dns.xml:422(programlisting)
22005
#, no-wrap
22006
msgid ""
22007
"\n"
22008
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22009
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22010
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22011
msgstr ""
22012
22013
#: serverguide/C/dns.xml:429(title)
22014
msgid "named-checkzone"
22015
msgstr ""
22016
22017
#: serverguide/C/dns.xml:430(para)
22018
msgid ""
22019
"A great way to test your zone files is by using the <application>named-"
22020
"checkzone</application> utility installed with the "
22021
"<application>bind9</application> package. This utility allows you to make "
22022
"sure the configuration is correct before restarting "
22023
"<application>BIND9</application> and making the changes live."
22024
msgstr ""
22025
22026
#: serverguide/C/dns.xml:437(para)
22027
msgid ""
22028
"To test our example Forward zone file enter the following from a command "
22029
"prompt:"
22030
msgstr ""
22031
22032
#: serverguide/C/dns.xml:441(command)
22033
msgid "named-checkzone example.com /etc/bind/db.example.com"
22034
msgstr ""
22035
22036
#: serverguide/C/dns.xml:443(para)
22037
msgid ""
22038
"If everything is configured correctly you should see output similar to:"
22039
msgstr ""
22040
22041
#: serverguide/C/dns.xml:446(programlisting)
22042
#, no-wrap
22043
msgid ""
22044
"\n"
22045
"zone example.com/IN: loaded serial 6\n"
22046
"OK\n"
22047
msgstr ""
22048
22049
#: serverguide/C/dns.xml:452(para)
22050
msgid "Similarly, to test the Reverse zone file enter the following:"
22051
msgstr ""
22052
22053
#: serverguide/C/dns.xml:456(command)
22054
msgid "named-checkzone example.com /etc/bind/db.192"
22055
msgstr ""
22056
22057
#: serverguide/C/dns.xml:458(para)
22058
msgid "The output should be similar to:"
22059
msgstr ""
22060
22061
#: serverguide/C/dns.xml:461(programlisting)
22062
#, no-wrap
22063
msgid ""
22064
"\n"
22065
"zone example.com/IN: loaded serial 3\n"
22066
"OK\n"
22067
msgstr ""
22068
22069
#: serverguide/C/dns.xml:468(para)
22070
msgid ""
22071
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22072
"different."
22073
msgstr ""
22074
22075
#: serverguide/C/dns.xml:475(title)
22076
msgid "Logging"
22077
msgstr ""
22078
22079
#: serverguide/C/dns.xml:476(para)
22080
msgid ""
22081
"<application>BIND9</application> has a wide variety of logging configuration "
22082
"options available. There are two main options. The "
22083
"<emphasis>channel</emphasis> option configures where logs go, and the "
22084
"<emphasis>category</emphasis> option determines what information to log."
22085
msgstr ""
22086
22087
#: serverguide/C/dns.xml:480(para)
22088
msgid "If no logging option is configured the default option is:"
22089
msgstr ""
22090
22091
#: serverguide/C/dns.xml:483(programlisting)
22092
#, no-wrap
22093
msgid ""
22094
"\n"
22095
"logging {\n"
22096
" category default { default_syslog; default_debug; };\n"
22097
" category unmatched { null; };\n"
22098
"};\n"
22099
msgstr ""
22100
22101
#: serverguide/C/dns.xml:489(para)
22102
msgid ""
22103
"This section covers configuring <application>BIND9</application> to send "
22104
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22105
"file."
22106
msgstr ""
22107
22108
#: serverguide/C/dns.xml:494(para)
22109
msgid ""
22110
"First, we need to configure a channel to specify which file to send the "
22111
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22112
"the following:"
22113
msgstr ""
22114
22115
#: serverguide/C/dns.xml:498(programlisting)
22116
#, no-wrap
22117
msgid ""
22118
"\n"
22119
"logging {\n"
22120
" channel query.log { \n"
22121
" file \"/var/log/query.log\";\n"
22122
" severity debug 3; \n"
22123
" }; \n"
22124
"};\n"
22125
msgstr ""
22126
22127
#: serverguide/C/dns.xml:508(para)
22128
msgid "Next, configure a category to send all DNS queries to the query file:"
22129
msgstr ""
22130
22131
#: serverguide/C/dns.xml:511(programlisting)
22132
#, no-wrap
22133
msgid ""
22134
"\n"
22135
"logging {\n"
22136
" channel query.log { \n"
22137
" file \"/var/log/query.log\"; \n"
22138
" severity debug 3; \n"
22139
" }; \n"
22140
" <emphasis>category queries { query.log; };</emphasis> \n"
22141
"};\n"
22142
msgstr ""
22143
22144
#: serverguide/C/dns.xml:523(para)
22145
msgid ""
22146
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22147
"level isn't specified level 1 is the default."
22148
msgstr ""
22149
22150
#: serverguide/C/dns.xml:529(para)
22151
msgid ""
22152
"Since the <emphasis>named daemon</emphasis> runs as the "
22153
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22154
"file must be created and the ownership changed:"
22155
msgstr ""
22156
22157
#: serverguide/C/dns.xml:534(command)
22158
msgid "sudo touch /var/log/query.log"
22159
msgstr ""
22160
22161
#: serverguide/C/dns.xml:535(command)
22162
msgid "sudo chown bind /var/log/query.log"
22163
msgstr ""
22164
22165
#: serverguide/C/dns.xml:539(para)
22166
msgid ""
22167
"Before <application>named</application> daemon can write to the new log file "
22168
"the <application>AppArmor</application> profile must be updated. First, edit "
22169
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22170
msgstr ""
22171
22172
#: serverguide/C/dns.xml:543(programlisting)
22173
#, no-wrap
22174
msgid ""
22175
"\n"
22176
"/var/log/query.log w,\n"
22177
msgstr ""
22178
22179
#: serverguide/C/dns.xml:546(para)
22180
msgid "Next, reload the profile:"
22181
msgstr ""
22182
22183
#: serverguide/C/dns.xml:550(command)
22184
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22185
msgstr ""
22186
22187
#: serverguide/C/dns.xml:552(para)
22188
msgid ""
22189
"For more information on <application>AppArmor</application> see <xref "
22190
"linkend=\"apparmor\"/>"
22191
msgstr ""
22192
22193
#: serverguide/C/dns.xml:557(para)
22194
msgid ""
22195
"Now restart <application>BIND9</application> for the changes to take effect:"
22196
msgstr ""
22197
"ឥឡូវ ផ្តើមឡើងវិញ <application>BIND9</application> សំរាប់បំលាស់ប្តូរ ទទួលផល ៖"
22198
22199
#: serverguide/C/dns.xml:565(para)
22200
msgid ""
22201
"You should see the file <filename>/var/log/query.log</filename> fill with "
22202
"query information. This is a simple example of the "
22203
"<application>BIND9</application> logging options. For coverage of advanced "
22204
"options see <xref linkend=\"dns-more-info\"/>."
22205
msgstr ""
22206
22207
#: serverguide/C/dns.xml:574(title)
22208
msgid "Common Record Types"
22209
msgstr ""
22210
22211
#: serverguide/C/dns.xml:575(para)
22212
msgid "This section covers some of the most common DNS record types."
22213
msgstr ""
22214
22215
#: serverguide/C/dns.xml:580(para)
22216
msgid ""
22217
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22218
msgstr ""
22219
22220
#: serverguide/C/dns.xml:583(programlisting)
22221
#, no-wrap
22222
msgid ""
22223
"\n"
22224
"www IN A 192.168.1.12\n"
22225
msgstr ""
22226
22227
#: serverguide/C/dns.xml:588(para)
22228
msgid ""
22229
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22230
"record. You cannot create a CNAME record pointing to another CNAME record."
22231
msgstr ""
22232
22233
#: serverguide/C/dns.xml:591(programlisting)
22234
#, no-wrap
22235
msgid ""
22236
"\n"
22237
"web IN CNAME www\n"
22238
msgstr ""
22239
22240
#: serverguide/C/dns.xml:596(para)
22241
msgid ""
22242
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22243
"to. Must point to an A record, not a CNAME."
22244
msgstr ""
22245
22246
#: serverguide/C/dns.xml:599(programlisting)
22247
#, no-wrap
22248
msgid ""
22249
"\n"
22250
" IN MX 1 mail.example.com.\n"
22251
"mail IN A 192.168.1.13\n"
22252
msgstr ""
22253
22254
#: serverguide/C/dns.xml:605(para)
22255
msgid ""
22256
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22257
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22258
"Secondary servers are defined."
22259
msgstr ""
22260
22261
#: serverguide/C/dns.xml:609(programlisting)
22262
#, no-wrap
22263
msgid ""
22264
"\n"
22265
" IN NS ns.example.com.\n"
22266
"\tIN NS ns2.example.com.\n"
22267
"ns IN A 192.168.1.10\n"
22268
"ns2\tIN A\t 192.168.1.11\n"
22269
msgstr ""
22270
22271
#: serverguide/C/dns.xml:622(para)
22272
msgid ""
22273
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22274
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22275
msgstr ""
22276
22277
#: serverguide/C/dns.xml:627(para)
22278
msgid ""
22279
"For in depth coverage of <emphasis>DNS</emphasis> and "
22280
"<application>BIND9</application> see <ulink "
22281
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22282
msgstr ""
22283
22284
#: serverguide/C/dns.xml:632(para)
22285
msgid ""
22286
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22287
"BIND</ulink> is a popular book now in it's fifth edition."
22288
msgstr ""
22289
22290
#: serverguide/C/dns.xml:637(para)
22291
msgid ""
22292
"A great place to ask for <application>BIND9</application> assistance, and "
22293
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22294
"server</emphasis> IRC channel on <ulink "
22295
"url=\"http://freenode.net\">freenode</ulink>."
22296
msgstr ""
22297
22298
#: serverguide/C/dns.xml:643(para)
22299
msgid ""
22300
"Also, see the <ulink "
22301
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22302
"HOWTO</ulink> in the Ubuntu Wiki."
22303
msgstr ""
22304
22305
#: serverguide/C/databases.xml:13(title)
22306
msgid "Databases"
22307
msgstr ""
22308
22309
#: serverguide/C/databases.xml:14(para)
22310
msgid "Ubuntu provides two popular database servers. They are:"
22311
msgstr ""
22312
22313
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22314
msgid "PostgreSQL"
22315
msgstr ""
22316
22317
#: serverguide/C/databases.xml:25(para)
22318
msgid ""
22319
"They are available in the main repository. This section explains how to "
22320
"install and configure these database servers."
22321
msgstr ""
22322
22323
#: serverguide/C/databases.xml:32(para)
22324
msgid ""
22325
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22326
"It is intended for mission-critical, heavy-load production systems as well "
22327
"as for embedding into mass-deployed software."
22328
msgstr ""
22329
22330
#: serverguide/C/databases.xml:41(para)
22331
msgid "To install MySQL, run the following command from a terminal prompt:"
22332
msgstr ""
22333
22334
#: serverguide/C/databases.xml:46(command)
22335
msgid "sudo apt-get install mysql-server"
22336
msgstr ""
22337
22338
#: serverguide/C/databases.xml:48(para)
22339
msgid ""
22340
"During the installation process you will be prompted to enter a password for "
22341
"the <application>MySQL</application> root user."
22342
msgstr ""
22343
22344
#: serverguide/C/databases.xml:53(para)
22345
msgid ""
22346
"Once the installation is complete, the MySQL server should be started "
22347
"automatically. You can run the following command from a terminal prompt to "
22348
"check whether the MySQL server is running:"
22349
msgstr ""
22350
22351
#: serverguide/C/databases.xml:61(command)
22352
msgid "sudo netstat -tap | grep mysql"
22353
msgstr ""
22354
22355
#: serverguide/C/databases.xml:70(programlisting)
22356
#, no-wrap
22357
msgid ""
22358
"\n"
22359
"tcp 0 0 localhost:mysql *:* LISTEN "
22360
" 2556/mysqld\n"
22361
msgstr ""
22362
22363
#: serverguide/C/databases.xml:74(para)
22364
msgid ""
22365
"If the server is not running correctly, you can type the following command "
22366
"to start it:"
22367
msgstr ""
22368
22369
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22370
msgid "sudo /etc/init.d/mysql restart"
22371
msgstr ""
22372
22373
#: serverguide/C/databases.xml:85(para)
22374
msgid ""
22375
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22376
"the basic settings -- log file, port number, etc. For example, to configure "
22377
"<application>MySQL</application> to listen for connections from network "
22378
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22379
"server's IP address:"
22380
msgstr ""
22381
22382
#: serverguide/C/databases.xml:91(programlisting)
22383
#, no-wrap
22384
msgid ""
22385
"\n"
22386
"bind-address = 192.168.0.5\n"
22387
msgstr ""
22388
22389
#: serverguide/C/databases.xml:95(para)
22390
msgid "Replace 192.168.0.5 with the appropriate address."
22391
msgstr ""
22392
22393
#: serverguide/C/databases.xml:99(para)
22394
msgid ""
22395
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22396
"<application>mysql</application> daemon will need to be restarted:"
22397
msgstr ""
22398
22399
#: serverguide/C/databases.xml:107(para)
22400
msgid ""
22401
"If you would like to change the "
22402
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22403
"terminal enter:"
22404
msgstr ""
22405
22406
#: serverguide/C/databases.xml:113(command)
22407
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22408
msgstr ""
22409
22410
#: serverguide/C/databases.xml:116(para)
22411
msgid ""
22412
"The <application>mysql</application> daemon will be stopped, and you will be "
22413
"prompted to enter a new password."
22414
msgstr ""
22415
22416
#: serverguide/C/databases.xml:125(para)
22417
msgid ""
22418
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22419
"more information."
22420
msgstr ""
22421
22422
#: serverguide/C/databases.xml:130(para)
22423
msgid ""
22424
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22425
"<application>mysql-doc-5.0</application> package. To install the package "
22426
"enter the following in a terminal:"
22427
msgstr ""
22428
22429
#: serverguide/C/databases.xml:135(command)
22430
msgid "sudo apt-get install mysql-doc-5.0"
22431
msgstr ""
22432
22433
#: serverguide/C/databases.xml:137(para)
22434
msgid ""
22435
"The documentation is in HTML format, to view them enter "
22436
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22437
"chapter/index.html</command> in your browser's address bar."
22438
msgstr ""
22439
22440
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22441
msgid ""
22442
"For general SQL information see <ulink "
22443
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22444
"Special Edition</ulink> by Rafe Colburn."
22445
msgstr ""
22446
22447
#: serverguide/C/databases.xml:149(para)
22448
msgid ""
22449
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22450
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22451
msgstr ""
22452
22453
#: serverguide/C/databases.xml:158(para)
22454
msgid ""
22455
"PostgreSQL is an object-relational database system that has the features of "
22456
"traditional commercial database systems with enhancements to be found in "
22457
"next-generation DBMS systems."
22458
msgstr ""
22459
22460
#: serverguide/C/databases.xml:165(para)
22461
msgid ""
22462
"To install PostgreSQL, run the following command in the command prompt:"
22463
msgstr ""
22464
22465
#: serverguide/C/databases.xml:172(command)
22466
msgid "sudo apt-get install postgresql"
22467
msgstr ""
22468
22469
#: serverguide/C/databases.xml:176(para)
22470
msgid ""
22471
"Once the installation is complete, you should configure the PostgreSQL "
22472
"server based on your needs, although the default configuration is viable."
22473
msgstr ""
22474
22475
#: serverguide/C/databases.xml:184(para)
22476
msgid ""
22477
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22478
"client authentication methods. By default, IDENT authentication method is "
22479
"used for <application>postgres</application> and local users. Please refer "
22480
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22481
"PostgreSQL Administrator's Guide</ulink>."
22482
msgstr ""
22483
22484
#: serverguide/C/databases.xml:191(para)
22485
msgid ""
22486
"The following discussion assumes that you wish to enable TCP/IP connections "
22487
"and use the MD5 method for client authentication. PostgreSQL configuration "
22488
"files are stored in the "
22489
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22490
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22491
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22492
msgstr ""
22493
22494
#: serverguide/C/databases.xml:201(para)
22495
msgid ""
22496
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22497
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22498
msgstr ""
22499
22500
#: serverguide/C/databases.xml:208(para)
22501
msgid ""
22502
"To enable TCP/IP connections, edit the file "
22503
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22504
msgstr ""
22505
22506
#: serverguide/C/databases.xml:210(para)
22507
msgid ""
22508
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22509
"change it to:"
22510
msgstr ""
22511
22512
#: serverguide/C/databases.xml:213(programlisting)
22513
#, no-wrap
22514
msgid ""
22515
"\n"
22516
"listen_addresses = 'localhost'\n"
22517
msgstr ""
22518
22519
#: serverguide/C/databases.xml:217(para)
22520
msgid ""
22521
"To allow other computers to connect to your "
22522
"<application>PostgreSQL</application> server replace 'localhost' with the "
22523
"<emphasis>IP Address</emphasis> of your server."
22524
msgstr ""
22525
22526
#: serverguide/C/databases.xml:222(para)
22527
msgid ""
22528
"You may also edit all other parameters, if you know what you are doing! For "
22529
"details, refer to the configuration file or to the PostgreSQL documentation."
22530
msgstr ""
22531
22532
#: serverguide/C/databases.xml:227(para)
22533
msgid ""
22534
"Now that we can connect to our <application>PostgreSQL</application> server, "
22535
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22536
"user. Run the following command at a terminal prompt to connect to the "
22537
"default PostgreSQL template database:"
22538
msgstr ""
22539
22540
#: serverguide/C/databases.xml:234(command)
22541
msgid "sudo -u postgres psql template1"
22542
msgstr ""
22543
22544
#: serverguide/C/databases.xml:236(para)
22545
msgid ""
22546
"The above command connects to PostgreSQL database "
22547
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22548
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22549
"run the following SQL command at the <application>psql</application> prompt "
22550
"to configure the password for the user <emphasis "
22551
"role=\"italics\">postgres</emphasis>."
22552
msgstr ""
22553
22554
#: serverguide/C/databases.xml:244(command)
22555
msgid "ALTER USER postgres with encrypted password 'your_password';"
22556
msgstr ""
22557
22558
#: serverguide/C/databases.xml:246(para)
22559
msgid ""
22560
"After configuring the password, edit the file "
22561
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22562
"<emphasis>MD5</emphasis> authentication with the "
22563
"<emphasis>postgres</emphasis> user:"
22564
msgstr ""
22565
22566
#: serverguide/C/databases.xml:252(programlisting)
22567
#, no-wrap
22568
msgid ""
22569
"\n"
22570
"local all postgres md5\n"
22571
msgstr ""
22572
22573
#: serverguide/C/databases.xml:256(para)
22574
msgid ""
22575
"Finally, you should restart the <application>PostgreSQL</application> "
22576
"service to initialize the new configuration. From a terminal prompt enter "
22577
"the following to restart <application>PostgreSQL</application>:"
22578
msgstr ""
22579
22580
#: serverguide/C/databases.xml:262(command)
22581
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22582
msgstr ""
22583
22584
#: serverguide/C/databases.xml:265(para)
22585
msgid ""
22586
"The above configuration is not complete by any means. Please refer <ulink "
22587
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22588
"Administrator's Guide</ulink> to configure more parameters."
22589
msgstr ""
22590
22591
#: serverguide/C/databases.xml:276(para)
22592
msgid ""
22593
"As mentioned above the <ulink "
22594
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22595
"Guide</ulink> is an excellent resource. The guide is also available in the "
22596
"<application>postgresql-doc-8.4</application> package. Execute the following "
22597
"in a terminal to install the package:"
22598
msgstr ""
22599
22600
#: serverguide/C/databases.xml:282(command)
22601
msgid "sudo apt-get install postgresql-doc-8.4"
22602
msgstr ""
22603
22604
#: serverguide/C/databases.xml:284(para)
22605
msgid ""
22606
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22607
"8.4/html/index.html</command> into the address bar of your browser."
22608
msgstr ""
22609
22610
#: serverguide/C/databases.xml:296(para)
22611
msgid ""
22612
"Also, see the <ulink "
22613
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22614
"Wiki</ulink> page for more information."
22615
msgstr ""
22616
22617
#: serverguide/C/clustering.xml:13(title)
22618
msgid "Clustering"
22619
msgstr ""
22620
22621
#: serverguide/C/clustering.xml:16(title)
22622
msgid "DRBD"
22623
msgstr ""
22624
22625
#: serverguide/C/clustering.xml:18(para)
22626
msgid ""
22627
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22628
"multiple hosts. The replication is transparent to other applications on the "
22629
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22630
"volumes, etc can be mirrored."
22631
msgstr ""
22632
22633
#: serverguide/C/clustering.xml:24(para)
22634
msgid ""
22635
"To get started using <application>drbd</application>, first install the "
22636
"necessary packages. From a terminal enter:"
22637
msgstr ""
22638
22639
#: serverguide/C/clustering.xml:29(command)
22640
msgid "sudo apt-get install drbd8-utils"
22641
msgstr ""
22642
22643
#: serverguide/C/clustering.xml:33(para)
22644
msgid ""
22645
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22646
"virtual machine you will need to manually compile the "
22647
"<application>drbd</application> module. It may be easier to install the "
22648
"<application>linux-server</application> package inside the virtual machine."
22649
msgstr ""
22650
22651
#: serverguide/C/clustering.xml:40(para)
22652
msgid ""
22653
"This section covers setting up a <application>drbd</application> to "
22654
"replicate a separate <filename>/srv</filename> partition, with an "
22655
"<application>ext3</application> filesystem between two hosts. The partition "
22656
"size is not particularly relevant, but both partitions need to be the same "
22657
"size."
22658
msgstr ""
22659
22660
#: serverguide/C/clustering.xml:49(para)
22661
msgid ""
22662
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22663
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22664
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22665
"See <xref linkend=\"dns\"/> for details."
22666
msgstr ""
22667
22668
#: serverguide/C/clustering.xml:57(para)
22669
msgid ""
22670
"To configure <application>drbd</application>, on the first host edit "
22671
"<filename>/etc/drbd.conf</filename>:"
22672
msgstr ""
22673
22674
#: serverguide/C/clustering.xml:61(programlisting)
22675
#, no-wrap
22676
msgid ""
22677
"\n"
22678
"global { usage-count no; }\n"
22679
"common { syncer { rate 100M; } }\n"
22680
"resource r0 {\n"
22681
" protocol C;\n"
22682
" startup {\n"
22683
" wfc-timeout 15;\n"
22684
" degr-wfc-timeout 60;\n"
22685
" }\n"
22686
" net {\n"
22687
" cram-hmac-alg sha1;\n"
22688
" shared-secret \"secret\";\n"
22689
" }\n"
22690
" on drbd01 {\n"
22691
" device /dev/drbd0;\n"
22692
" disk /dev/sdb1;\n"
22693
" address 192.168.0.1:7788;\n"
22694
" meta-disk internal;\n"
22695
" }\n"
22696
" on drbd02 {\n"
22697
" device /dev/drbd0;\n"
22698
" disk /dev/sdb1;\n"
22699
" address 192.168.0.2:7788;\n"
22700
" meta-disk internal;\n"
22701
" }\n"
22702
"} \n"
22703
msgstr ""
22704
22705
#: serverguide/C/clustering.xml:90(para)
22706
msgid ""
22707
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22708
"this example their default values are fine."
22709
msgstr ""
22710
22711
#: serverguide/C/clustering.xml:98(para)
22712
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22713
msgstr ""
22714
22715
#: serverguide/C/clustering.xml:103(command)
22716
msgid "scp /etc/drbd.conf drbd02:~"
22717
msgstr ""
22718
22719
#: serverguide/C/clustering.xml:109(para)
22720
msgid ""
22721
"And, on <emphasis>drbd02</emphasis> move the file to "
22722
"<filename>/etc</filename>:"
22723
msgstr ""
22724
22725
#: serverguide/C/clustering.xml:114(command)
22726
msgid "sudo mv drbd.conf /etc/"
22727
msgstr ""
22728
22729
#: serverguide/C/clustering.xml:120(para)
22730
msgid ""
22731
"Next, on both hosts, start the <application>drbd</application> daemon:"
22732
msgstr ""
22733
22734
#: serverguide/C/clustering.xml:125(command)
22735
msgid "sudo /etc/init.d/drbd start"
22736
msgstr ""
22737
22738
#: serverguide/C/clustering.xml:131(para)
22739
msgid ""
22740
"Now using the <application>drbdadm</application> utility initialize the meta "
22741
"data storage. On each server execute:"
22742
msgstr ""
22743
22744
#: serverguide/C/clustering.xml:137(command)
22745
msgid "sudo drbdadm create-md r0"
22746
msgstr ""
22747
22748
#: serverguide/C/clustering.xml:143(para)
22749
msgid ""
22750
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22751
"primary, enter the following:"
22752
msgstr ""
22753
22754
#: serverguide/C/clustering.xml:148(command)
22755
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22756
msgstr ""
22757
22758
#: serverguide/C/clustering.xml:154(para)
22759
msgid ""
22760
"After executing the above command, the data will start syncing with the "
22761
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
22762
"the following:"
22763
msgstr ""
22764
22765
#: serverguide/C/clustering.xml:160(command)
22766
msgid "watch -n1 cat /proc/drbd"
22767
msgstr ""
22768
22769
#: serverguide/C/clustering.xml:163(para)
22770
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22771
msgstr ""
22772
22773
#: serverguide/C/clustering.xml:170(para)
22774
msgid ""
22775
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22776
msgstr ""
22777
22778
#: serverguide/C/clustering.xml:175(command)
22779
msgid "sudo mkfs.ext3 /dev/drbd0"
22780
msgstr ""
22781
22782
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22783
msgid "sudo mount /dev/drbd0 /srv"
22784
msgstr ""
22785
22786
#: serverguide/C/clustering.xml:186(para)
22787
msgid ""
22788
"To test that the data is actually syncing between the hosts copy some files "
22789
"on the <emphasis>drbd01</emphasis>, the primary, to "
22790
"<filename>/srv</filename>:"
22791
msgstr ""
22792
22793
#: serverguide/C/clustering.xml:195(para)
22794
msgid "Next, unmount <filename>/srv</filename>:"
22795
msgstr ""
22796
22797
#: serverguide/C/clustering.xml:203(para)
22798
msgid ""
22799
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22800
"<emphasis>secondary</emphasis> role:"
22801
msgstr ""
22802
22803
#: serverguide/C/clustering.xml:208(command)
22804
msgid "sudo drbdadm secondary r0"
22805
msgstr ""
22806
22807
#: serverguide/C/clustering.xml:211(para)
22808
msgid ""
22809
"Now on the <emphasis>secondary</emphasis> server "
22810
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22811
msgstr ""
22812
22813
#: serverguide/C/clustering.xml:216(command)
22814
msgid "sudo drbdadm primary r0"
22815
msgstr ""
22816
22817
#: serverguide/C/clustering.xml:219(para)
22818
msgid "Lastly, mount the partition:"
22819
msgstr ""
22820
22821
#: serverguide/C/clustering.xml:227(para)
22822
msgid ""
22823
"Using <emphasis>ls</emphasis> you should see "
22824
"<filename>/srv/default</filename> copied from the former "
22825
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22826
msgstr ""
22827
22828
#: serverguide/C/clustering.xml:238(para)
22829
msgid ""
22830
"For more information on <application>DRBD</application> see the <ulink "
22831
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22832
msgstr ""
22833
22834
#: serverguide/C/clustering.xml:243(para)
22835
msgid ""
22836
"The <ulink "
22837
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22838
">drbd.conf man page</ulink> contains details on the options not covered in "
22839
"this guide."
22840
msgstr ""
22841
22842
#: serverguide/C/clustering.xml:249(para)
22843
msgid ""
22844
"Also, see the <ulink "
22845
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22846
"rbdadm man page</ulink>."
22847
msgstr ""
22848
22849
#: serverguide/C/clustering.xml:254(para)
22850
msgid ""
22851
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22852
"Wiki</ulink> page also has more information."
22853
msgstr ""
22854
22855
#: serverguide/C/chat.xml:13(title)
22856
msgid "Chat Applications"
22857
msgstr ""
22858
22859
#: serverguide/C/chat.xml:19(para)
22860
msgid ""
22861
"In this section, we will discuss how to install and configure a IRC server, "
22862
"<application>ircd-irc2</application>. We will also discuss how to install "
22863
"and configure Jabber, an instance messaging server."
22864
msgstr ""
22865
22866
#: serverguide/C/chat.xml:28(title)
22867
msgid "IRC Server"
22868
msgstr ""
22869
22870
#: serverguide/C/chat.xml:30(para)
22871
msgid ""
22872
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22873
"explains how to install and configure the original IRC server "
22874
"<application>ircd-irc2</application>."
22875
msgstr ""
22876
22877
#: serverguide/C/chat.xml:39(para)
22878
msgid ""
22879
"To install <application>ircd-irc2</application>, run the following command "
22880
"in the command prompt:"
22881
msgstr ""
22882
22883
#: serverguide/C/chat.xml:45(command)
22884
msgid "sudo apt-get install ircd-irc2"
22885
msgstr ""
22886
22887
#: serverguide/C/chat.xml:48(para)
22888
msgid ""
22889
"The configuration files are stored in <filename>/etc/ircd</filename> "
22890
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
22891
"irc2</filename> directory."
22892
msgstr ""
22893
22894
#: serverguide/C/chat.xml:59(para)
22895
msgid ""
22896
"The IRC settings can be done in the configuration file "
22897
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
22898
"this file by editing the following line:"
22899
msgstr ""
22900
22901
#: serverguide/C/chat.xml:64(programlisting)
22902
#, no-wrap
22903
msgid ""
22904
"\n"
22905
"M:irc.localhost::Debian ircd default configuration::000A\n"
22906
msgstr ""
22907
22908
#: serverguide/C/chat.xml:68(para)
22909
msgid ""
22910
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
22911
"you set irc.livecipher.com as IRC host name, please make sure "
22912
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
22913
"name should not be same as the host name."
22914
msgstr ""
22915
22916
#: serverguide/C/chat.xml:75(para)
22917
msgid ""
22918
"The IRC admin details can be configured by editing the following line:"
22919
msgstr ""
22920
22921
#: serverguide/C/chat.xml:80(programlisting)
22922
#, no-wrap
22923
msgid ""
22924
"\n"
22925
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
22926
"Server::IRCnet:\n"
22927
msgstr ""
22928
22929
#: serverguide/C/chat.xml:84(para)
22930
msgid ""
22931
"You should add specific lines to configure the list of IRC ports to listen "
22932
"on, to configure Operator credentials, to configure client authentication, "
22933
"etc. For details, please refer to the example configuration file "
22934
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
22935
msgstr ""
22936
22937
#: serverguide/C/chat.xml:92(para)
22938
msgid ""
22939
"The IRC banner to be displayed in the IRC client, when the user connects to "
22940
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
22941
msgstr ""
22942
22943
#: serverguide/C/chat.xml:97(para)
22944
msgid ""
22945
"After making necessary changes to the configuration file, you can restart "
22946
"the IRC server using following command:"
22947
msgstr ""
22948
22949
#: serverguide/C/chat.xml:101(programlisting)
22950
#, no-wrap
22951
msgid ""
22952
"\n"
22953
"sudo /etc/init.d/ircd-irc2 restart\n"
22954
msgstr ""
22955
22956
#: serverguide/C/chat.xml:109(para)
22957
msgid ""
22958
"You may also be interested to take a look at other IRC servers available in "
22959
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
22960
"<application>ircd-hybrid</application>."
22961
msgstr ""
22962
22963
#: serverguide/C/chat.xml:117(para)
22964
msgid ""
22965
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
22966
"FAQ</ulink> for more details about the IRC Server."
22967
msgstr ""
22968
22969
#: serverguide/C/chat.xml:124(para)
22970
msgid ""
22971
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
22972
"IRCD</ulink> page has more information."
22973
msgstr ""
22974
22975
#: serverguide/C/chat.xml:132(title)
22976
msgid "Jabber Instant Messaging Server"
22977
msgstr ""
22978
22979
#: serverguide/C/chat.xml:134(para)
22980
msgid ""
22981
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
22982
"XMPP, an open standard for instant messaging, and used by many popular "
22983
"applications. This section covers setting up a <emphasis>Jabberd "
22984
"2</emphasis> server on a local LAN. This configuration can also be adapted "
22985
"to providing messaging services to users over the Internet."
22986
msgstr ""
22987
22988
#: serverguide/C/chat.xml:143(para)
22989
msgid "To install <application>jabberd2</application>, in a terminal enter:"
22990
msgstr ""
22991
22992
#: serverguide/C/chat.xml:148(command)
22993
msgid "sudo apt-get install jabberd2"
22994
msgstr ""
22995
22996
#: serverguide/C/chat.xml:155(para)
22997
msgid ""
22998
"A couple of XML configuration files will be used to configure "
22999
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23000
"authentication. This is a very simple form of authentication. However, "
23001
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23002
"Postgresql, etc for for user authentication."
23003
msgstr ""
23004
23005
#: serverguide/C/chat.xml:162(para)
23006
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23007
msgstr ""
23008
23009
#: serverguide/C/chat.xml:166(programlisting)
23010
#, no-wrap
23011
msgid ""
23012
"\n"
23013
" <id>jabber.example.com</id>\n"
23014
msgstr ""
23015
23016
#: serverguide/C/chat.xml:171(para)
23017
msgid ""
23018
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23019
"id, of your server."
23020
msgstr ""
23021
23022
#: serverguide/C/chat.xml:176(para)
23023
msgid "Now in the <storage> section change the <driver> to:"
23024
msgstr ""
23025
23026
#: serverguide/C/chat.xml:180(programlisting)
23027
#, no-wrap
23028
msgid ""
23029
"\n"
23030
" <driver>db</driver>\n"
23031
msgstr ""
23032
23033
#: serverguide/C/chat.xml:184(para)
23034
msgid ""
23035
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23036
"<emphasis><local></emphasis> section change:"
23037
msgstr ""
23038
23039
#: serverguide/C/chat.xml:188(programlisting)
23040
#, no-wrap
23041
msgid ""
23042
"\n"
23043
" <id>jabber.example.com</id>\n"
23044
msgstr ""
23045
23046
#: serverguide/C/chat.xml:192(para)
23047
msgid ""
23048
"And in the <authreg> section adjust the <module> section to:"
23049
msgstr ""
23050
23051
#: serverguide/C/chat.xml:196(programlisting)
23052
#, no-wrap
23053
msgid ""
23054
"\n"
23055
" <module>db</module>\n"
23056
msgstr ""
23057
23058
#: serverguide/C/chat.xml:200(para)
23059
msgid ""
23060
"Finally, restart <application>jabberd2</application> to enable the new "
23061
"settings:"
23062
msgstr ""
23063
23064
#: serverguide/C/chat.xml:205(command)
23065
msgid "sudo /etc/init.d/jabberd2 restart"
23066
msgstr ""
23067
23068
#: serverguide/C/chat.xml:208(para)
23069
msgid ""
23070
"You should now be able to connect to the server using a Jabber client like "
23071
"<application>Pidgin</application> for example."
23072
msgstr ""
23073
23074
#: serverguide/C/chat.xml:213(para)
23075
msgid ""
23076
"The advantage of using Berkeley DB for user data is that after being "
23077
"configured no additional maintenance is required. If you need more control "
23078
"over user accounts and credentials another authentication method is "
23079
"recommended."
23080
msgstr ""
23081
23082
#: serverguide/C/chat.xml:225(para)
23083
msgid ""
23084
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23085
"Site</ulink> contains more details on configuring "
23086
"<application>Jabberd2</application>."
23087
msgstr ""
23088
23089
#: serverguide/C/chat.xml:231(para)
23090
msgid ""
23091
"For more authentication options see the <ulink "
23092
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23093
"Guide</ulink>."
23094
msgstr ""
23095
23096
#: serverguide/C/chat.xml:236(para)
23097
msgid ""
23098
"Also, the <ulink "
23099
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23100
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23101
msgstr ""
23102
23103
#: serverguide/C/backups.xml:13(title)
23104
msgid "Backups"
23105
msgstr ""
23106
23107
#: serverguide/C/backups.xml:14(para)
23108
msgid ""
23109
"There are many ways to backup an Ubuntu installation. The most important "
23110
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23111
"consisting of what to backup, where to back it up to, and how to restore it."
23112
msgstr ""
23113
23114
#: serverguide/C/backups.xml:18(para)
23115
msgid ""
23116
"The following sections discuss various ways of accomplishing these tasks."
23117
msgstr ""
23118
23119
#: serverguide/C/backups.xml:22(title)
23120
msgid "Shell Scripts"
23121
msgstr ""
23122
23123
#: serverguide/C/backups.xml:23(para)
23124
msgid ""
23125
"One of the simplest ways to backup a system is using a <emphasis>shell "
23126
"script</emphasis>. For example, a script can be used to configure which "
23127
"directories to backup, and use those directories as arguments to the "
23128
"<application>tar</application> utility creating an archive file. The archive "
23129
"file can then be moved or copied to another location. The archive can also "
23130
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23131
msgstr ""
23132
23133
#: serverguide/C/backups.xml:29(para)
23134
msgid ""
23135
"The <application>tar</application> utility creates one archive file out of "
23136
"many files or directories. <application>tar</application> can also filter "
23137
"the files through compression utilities reducing the size of the archive "
23138
"file."
23139
msgstr ""
23140
23141
#: serverguide/C/backups.xml:35(title)
23142
msgid "Simple Shell Script"
23143
msgstr ""
23144
23145
#: serverguide/C/backups.xml:36(para)
23146
msgid ""
23147
"The following shell script uses <application>tar</application> to create an "
23148
"archive file on a remotely mounted NFS file system. The archive filename is "
23149
"determined using additional command line utilities."
23150
msgstr ""
23151
23152
#: serverguide/C/backups.xml:40(programlisting)
23153
#, no-wrap
23154
msgid ""
23155
"\n"
23156
"#!/bin/sh\n"
23157
"####################################\n"
23158
"#\n"
23159
"# Backup to NFS mount script.\n"
23160
"#\n"
23161
"####################################\n"
23162
"\n"
23163
"# What to backup. \n"
23164
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23165
"\n"
23166
"# Where to backup to.\n"
23167
"dest=\"/mnt/backup\"\n"
23168
"\n"
23169
"# Create archive filename.\n"
23170
"day=$(date +%A)\n"
23171
"hostname=$(hostname -s)\n"
23172
"archive_file=\"$hostname-$day.tgz\"\n"
23173
"\n"
23174
"# Print start status message.\n"
23175
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23176
"date\n"
23177
"echo\n"
23178
"\n"
23179
"# Backup the files using tar.\n"
23180
"tar czf $dest/$archive_file $backup_files\n"
23181
"\n"
23182
"# Print end status message.\n"
23183
"echo\n"
23184
"echo \"Backup finished\"\n"
23185
"date\n"
23186
"\n"
23187
"# Long listing of files in $dest to check file sizes.\n"
23188
"ls -lh $dest\n"
23189
msgstr ""
23190
23191
#: serverguide/C/backups.xml:77(para)
23192
msgid ""
23193
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23194
"would like to backup. The list should be customized to fit your needs."
23195
msgstr ""
23196
23197
#: serverguide/C/backups.xml:83(para)
23198
msgid ""
23199
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23200
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23201
"day of the week, giving a backup history of seven days. There are other ways "
23202
"to accomplish this including other ways using the "
23203
"<application>date</application> utility."
23204
msgstr ""
23205
23206
#: serverguide/C/backups.xml:90(para)
23207
msgid ""
23208
"<emphasis>$hostname:</emphasis> variable containing the "
23209
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23210
"archive filename gives you the option of placing daily archive files from "
23211
"multiple systems in the same directory."
23212
msgstr ""
23213
23214
#: serverguide/C/backups.xml:97(para)
23215
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23216
msgstr ""
23217
23218
#: serverguide/C/backups.xml:102(para)
23219
msgid ""
23220
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23221
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23222
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23223
"details using <emphasis>NFS</emphasis>."
23224
msgstr ""
23225
23226
#: serverguide/C/backups.xml:109(para)
23227
msgid ""
23228
"<emphasis>status messages:</emphasis> optional messages printed to the "
23229
"console using the <application>echo</application> utility."
23230
msgstr ""
23231
23232
#: serverguide/C/backups.xml:115(para)
23233
msgid ""
23234
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23235
"<application>tar</application> command used to create the archive file."
23236
msgstr ""
23237
23238
#: serverguide/C/backups.xml:121(para)
23239
msgid "<emphasis>c:</emphasis> creates an archive."
23240
msgstr ""
23241
23242
#: serverguide/C/backups.xml:126(para)
23243
msgid ""
23244
"<emphasis>z:</emphasis> filter the archive through the "
23245
"<application>gzip</application> utility compressing the archive."
23246
msgstr ""
23247
23248
#: serverguide/C/backups.xml:131(para)
23249
msgid ""
23250
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23251
"<application>tar</application> output will be sent to STDOUT."
23252
msgstr ""
23253
23254
#: serverguide/C/backups.xml:138(para)
23255
msgid ""
23256
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23257
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23258
"of the destination directory. This is useful for a quick file size check of "
23259
"the archive file. This check should not replace testing the archive file."
23260
msgstr ""
23261
23262
#: serverguide/C/backups.xml:145(para)
23263
msgid ""
23264
"This is a simple example of a backup shell script. There are large amount of "
23265
"options that can be included in a backup script. See <xref linkend=\"backup-"
23266
"shellscript-references\"/> for links to resources providing more in depth "
23267
"shell scripting information."
23268
msgstr ""
23269
23270
#: serverguide/C/backups.xml:152(title)
23271
msgid "Executing the Script"
23272
msgstr ""
23273
23274
#: serverguide/C/backups.xml:154(title)
23275
msgid "Executing from a Terminal"
23276
msgstr ""
23277
23278
#: serverguide/C/backups.xml:155(para)
23279
msgid ""
23280
"The simplest way of executing the above backup script is to copy and paste "
23281
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23282
"from a terminal prompt:"
23283
msgstr ""
23284
23285
#: serverguide/C/backups.xml:160(command)
23286
msgid "sudo bash backup.sh"
23287
msgstr ""
23288
23289
#: serverguide/C/backups.xml:162(para)
23290
msgid ""
23291
"This is a great way to test the script to make sure everything works as "
23292
"expected."
23293
msgstr ""
23294
23295
#: serverguide/C/backups.xml:167(title)
23296
msgid "Executing with cron"
23297
msgstr ""
23298
23299
#: serverguide/C/backups.xml:168(para)
23300
msgid ""
23301
"The <application>cron</application> utility can be used to automate the "
23302
"script execution. The <application>cron</application> daemon allows the "
23303
"execution of scripts, or commands, at a specified time and date."
23304
msgstr ""
23305
23306
#: serverguide/C/backups.xml:172(para)
23307
msgid ""
23308
"<application>cron</application> is configured through entries in a "
23309
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23310
"separated into fields:"
23311
msgstr ""
23312
23313
#: serverguide/C/backups.xml:176(programlisting)
23314
#, no-wrap
23315
msgid ""
23316
"\n"
23317
"# m h dom mon dow command\n"
23318
msgstr ""
23319
23320
#: serverguide/C/backups.xml:181(para)
23321
msgid ""
23322
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23323
msgstr ""
23324
23325
#: serverguide/C/backups.xml:186(para)
23326
msgid ""
23327
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23328
msgstr ""
23329
23330
#: serverguide/C/backups.xml:191(para)
23331
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23332
msgstr ""
23333
23334
#: serverguide/C/backups.xml:196(para)
23335
msgid ""
23336
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23337
msgstr ""
23338
23339
#: serverguide/C/backups.xml:201(para)
23340
msgid ""
23341
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23342
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23343
"valid."
23344
msgstr ""
23345
23346
#: serverguide/C/backups.xml:206(para)
23347
msgid "<emphasis>command:</emphasis> the command to execute."
23348
msgstr ""
23349
23350
#: serverguide/C/backups.xml:211(para)
23351
msgid ""
23352
"To add or change entries in a <filename>crontab</filename> file the "
23353
"<application>crontab -e</application> command should be used. Also, the "
23354
"contents of a <filename>crontab</filename> file can be viewed using the "
23355
"<application>crontab -l</application> command."
23356
msgstr ""
23357
23358
#: serverguide/C/backups.xml:215(para)
23359
msgid ""
23360
"To execute the <application>backup.sh</application> script listed above "
23361
"using <application>cron</application>. Enter the following from a terminal "
23362
"prompt:"
23363
msgstr ""
23364
23365
#: serverguide/C/backups.xml:220(command)
23366
msgid "sudo crontab -e"
23367
msgstr ""
23368
23369
#: serverguide/C/backups.xml:223(para)
23370
msgid ""
23371
"Using <application>sudo</application> with the <application>crontab -"
23372
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23373
"This is necessary if you are backing up directories only the root user has "
23374
"access to."
23375
msgstr ""
23376
23377
#: serverguide/C/backups.xml:228(para)
23378
msgid "Add the following entry to the <filename>crontab</filename> file:"
23379
msgstr ""
23380
23381
#: serverguide/C/backups.xml:231(programlisting)
23382
#, no-wrap
23383
msgid ""
23384
"\n"
23385
"# m h dom mon dow command\n"
23386
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23387
msgstr ""
23388
23389
#: serverguide/C/backups.xml:235(para)
23390
msgid ""
23391
"The <application>backup.sh</application> script will now be executed every "
23392
"day at 12:00 am."
23393
msgstr ""
23394
23395
#: serverguide/C/backups.xml:239(para)
23396
msgid ""
23397
"The <application>backup.sh</application> script will need to be copied to "
23398
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23399
"to execute properly. The script can reside anywhere on the file system "
23400
"simply change the script path appropriately."
23401
msgstr ""
23402
23403
#: serverguide/C/backups.xml:244(para)
23404
msgid ""
23405
"For more in depth <application>crontab</application> options see <xref "
23406
"linkend=\"backup-shellscript-references\"/>."
23407
msgstr ""
23408
23409
#: serverguide/C/backups.xml:250(title)
23410
msgid "Restoring from the Archive"
23411
msgstr ""
23412
23413
#: serverguide/C/backups.xml:251(para)
23414
msgid ""
23415
"Once an archive has been created it is important to test the archive. The "
23416
"archive can be tested by listing the files it contains, but the best test is "
23417
"to <emphasis>restore</emphasis> a file from the archive."
23418
msgstr ""
23419
23420
#: serverguide/C/backups.xml:257(para)
23421
msgid "To see a listing of the archive contents. From a terminal prompt:"
23422
msgstr ""
23423
23424
#: serverguide/C/backups.xml:261(command)
23425
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23426
msgstr ""
23427
23428
#: serverguide/C/backups.xml:265(para)
23429
msgid "To restore a file from the archive to a different directory enter:"
23430
msgstr ""
23431
23432
#: serverguide/C/backups.xml:269(command)
23433
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23434
msgstr ""
23435
23436
#: serverguide/C/backups.xml:271(para)
23437
msgid ""
23438
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23439
"redirects the extracted files to the specified directory. The above example "
23440
"will extract the <filename>/etc/hosts</filename> file to "
23441
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23442
"recreates the directory structure that it contains."
23443
msgstr ""
23444
23445
#: serverguide/C/backups.xml:276(para)
23446
msgid ""
23447
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23448
"the file to restore."
23449
msgstr ""
23450
23451
#: serverguide/C/backups.xml:281(para)
23452
msgid "To restore all files in the archive enter the following:"
23453
msgstr ""
23454
23455
#: serverguide/C/backups.xml:285(command)
23456
msgid "cd /"
23457
msgstr ""
23458
23459
#: serverguide/C/backups.xml:286(command)
23460
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23461
msgstr ""
23462
23463
#: serverguide/C/backups.xml:291(para)
23464
msgid "This will overwrite the files currently on the file system."
23465
msgstr ""
23466
23467
#: serverguide/C/backups.xml:300(para)
23468
msgid ""
23469
"For more information on shell scripting see the <ulink "
23470
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23471
msgstr ""
23472
23473
#: serverguide/C/backups.xml:305(para)
23474
msgid ""
23475
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23476
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23477
"great resource for shell scripting."
23478
msgstr ""
23479
23480
#: serverguide/C/backups.xml:311(para)
23481
msgid ""
23482
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23483
"Wiki Page</ulink> contains details on advanced "
23484
"<application>cron</application> options."
23485
msgstr ""
23486
23487
#: serverguide/C/backups.xml:318(para)
23488
msgid ""
23489
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23490
"tar Manual</ulink> for more <application>tar</application> options."
23491
msgstr ""
23492
23493
#: serverguide/C/backups.xml:324(para)
23494
msgid ""
23495
"The Wikipedia <ulink "
23496
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23497
"Scheme</ulink> article contains information on other backup rotation schemes."
23498
msgstr ""
23499
23500
#: serverguide/C/backups.xml:330(para)
23501
msgid ""
23502
"The shell script uses <application>tar</application> to create the archive, "
23503
"but there many other command line utilities that can be used. For example:"
23504
msgstr ""
23505
23506
#: serverguide/C/backups.xml:336(para)
23507
msgid ""
23508
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23509
"files to and from archives."
23510
msgstr ""
23511
23512
#: serverguide/C/backups.xml:341(para)
23513
msgid ""
23514
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23515
"the <application>coreutils</application> package. A low level utility that "
23516
"can copy data from one format to another"
23517
msgstr ""
23518
23519
#: serverguide/C/backups.xml:347(para)
23520
msgid ""
23521
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23522
"snap shot utility used to create copies of an entire file system."
23523
msgstr ""
23524
23525
#: serverguide/C/backups.xml:358(title)
23526
msgid "Archive Rotation"
23527
msgstr ""
23528
23529
#: serverguide/C/backups.xml:359(para)
23530
msgid ""
23531
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23532
"allows for seven different archives. For a server whose data doesn't change "
23533
"often this may be enough. If the server has a large amount of data a more "
23534
"robust rotation scheme should be used."
23535
msgstr ""
23536
23537
#: serverguide/C/backups.xml:365(title)
23538
msgid "Rotating NFS Archives"
23539
msgstr ""
23540
23541
#: serverguide/C/backups.xml:366(para)
23542
msgid ""
23543
"In this section the shell script will be slightly modified to implement a "
23544
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23545
msgstr ""
23546
23547
#: serverguide/C/backups.xml:372(para)
23548
msgid ""
23549
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23550
"Friday."
23551
msgstr ""
23552
23553
#: serverguide/C/backups.xml:377(para)
23554
msgid ""
23555
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23556
"weekly backups a month."
23557
msgstr ""
23558
23559
#: serverguide/C/backups.xml:382(para)
23560
msgid ""
23561
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23562
"rotating two monthly backups based on if the month is odd or even."
23563
msgstr ""
23564
23565
#: serverguide/C/backups.xml:388(para)
23566
msgid "Here is the new script:"
23567
msgstr ""
23568
23569
#: serverguide/C/backups.xml:391(programlisting)
23570
#, no-wrap
23571
msgid ""
23572
"\n"
23573
"#!/bin/bash\n"
23574
"####################################\n"
23575
"#\n"
23576
"# Backup to NFS mount script with\n"
23577
"# grandfather-father-son rotation.\n"
23578
"#\n"
23579
"####################################\n"
23580
"\n"
23581
"# What to backup. \n"
23582
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23583
"\n"
23584
"# Where to backup to.\n"
23585
"dest=\"/mnt/backup\"\n"
23586
"\n"
23587
"# Setup variables for the archive filename.\n"
23588
"day=$(date +%A)\n"
23589
"hostname=$(hostname -s)\n"
23590
"\n"
23591
"# Find which week of the month 1-4 it is.\n"
23592
"day_num=$(date +%d)\n"
23593
"if (( $day_num <= 7 )); then\n"
23594
" week_file=\"$hostname-week1.tgz\"\n"
23595
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23596
" week_file=\"$hostname-week2.tgz\"\n"
23597
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23598
" week_file=\"$hostname-week3.tgz\"\n"
23599
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23600
" week_file=\"$hostname-week4.tgz\"\n"
23601
"fi\n"
23602
"\n"
23603
"# Find if the Month is odd or even.\n"
23604
"month_num=$(date +%m)\n"
23605
"month=$(expr $month_num % 2)\n"
23606
"if [ $month -eq 0 ]; then\n"
23607
" month_file=\"$hostname-month2.tgz\"\n"
23608
"else\n"
23609
" month_file=\"$hostname-month1.tgz\"\n"
23610
"fi\n"
23611
"\n"
23612
"# Create archive filename.\n"
23613
"if [ $day_num == 1 ]; then\n"
23614
"\tarchive_file=$month_file\n"
23615
"elif [ $day != \"Saturday\" ]; then\n"
23616
" archive_file=\"$hostname-$day.tgz\"\n"
23617
"else \n"
23618
"\tarchive_file=$week_file\n"
23619
"fi\n"
23620
"\n"
23621
"# Print start status message.\n"
23622
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23623
"date\n"
23624
"echo\n"
23625
"\n"
23626
"# Backup the files using tar.\n"
23627
"tar czf $dest/$archive_file $backup_files\n"
23628
"\n"
23629
"# Print end status message.\n"
23630
"echo\n"
23631
"echo \"Backup finished\"\n"
23632
"date\n"
23633
"\n"
23634
"# Long listing of files in $dest to check file sizes.\n"
23635
"ls -lh $dest/\n"
23636
msgstr ""
23637
23638
#: serverguide/C/backups.xml:456(para)
23639
msgid ""
23640
"The script can be executed using the same methods as in <xref "
23641
"linkend=\"backup-executing-shellscript\"/>."
23642
msgstr ""
23643
23644
#: serverguide/C/backups.xml:459(para)
23645
msgid ""
23646
"It is good practice to take backup media off site in case of a disaster. In "
23647
"the shell script example the backup media is another server providing an NFS "
23648
"share. In all likelihood taking the NFS server to another location would not "
23649
"be practical. Depending upon connection speeds it may be an option to copy "
23650
"the archive file over a WAN link to a server in another location."
23651
msgstr ""
23652
23653
#: serverguide/C/backups.xml:465(para)
23654
msgid ""
23655
"Another option is to copy the archive file to an external hard drive which "
23656
"can then be taken off site. Since the price of external hard drives continue "
23657
"to decrease it may be cost-effective to use two drives for each archive "
23658
"level. This would allow you to have one external drive attached to the "
23659
"backup server and one in another location."
23660
msgstr ""
23661
23662
#: serverguide/C/backups.xml:472(title)
23663
msgid "Tape Drives"
23664
msgstr ""
23665
23666
#: serverguide/C/backups.xml:473(para)
23667
msgid ""
23668
"A tape drive attached to the server can be used instead of a NFS share. "
23669
"Using a tape drive simplifies archive rotation, and taking the media off "
23670
"site as well."
23671
msgstr ""
23672
23673
#: serverguide/C/backups.xml:477(para)
23674
msgid ""
23675
"When using a tape drive the filename portions of the script aren't needed "
23676
"because the date is sent directly to the tape device. Some commands to "
23677
"manipulate the tape are needed. This is accomplished using "
23678
"<application>mt</application>, a magnetic tape control utility part of the "
23679
"<application>cpio</application> package."
23680
msgstr ""
23681
23682
#: serverguide/C/backups.xml:482(para)
23683
msgid "Here is the shell script modified to use a tape drive:"
23684
msgstr ""
23685
23686
#: serverguide/C/backups.xml:485(programlisting)
23687
#, no-wrap
23688
msgid ""
23689
"\n"
23690
"#!/bin/bash\n"
23691
"####################################\n"
23692
"#\n"
23693
"# Backup to tape drive script.\n"
23694
"#\n"
23695
"####################################\n"
23696
"\n"
23697
"# What to backup. \n"
23698
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23699
"\n"
23700
"# Where to backup to.\n"
23701
"dest=\"/dev/st0\"\n"
23702
"\n"
23703
"# Print start status message.\n"
23704
"echo \"Backing up $backup_files to $dest\"\n"
23705
"date\n"
23706
"echo\n"
23707
"\n"
23708
"# Make sure the tape is rewound.\n"
23709
"mt -f $dest rewind\n"
23710
"\n"
23711
"# Backup the files using tar.\n"
23712
"tar czf $dest $backup_files\n"
23713
"\n"
23714
"# Rewind and eject the tape.\n"
23715
"mt -f $dest rewoffl\n"
23716
"\n"
23717
"# Print end status message.\n"
23718
"echo\n"
23719
"echo \"Backup finished\"\n"
23720
"date\n"
23721
msgstr ""
23722
23723
#: serverguide/C/backups.xml:519(para)
23724
msgid ""
23725
"The default device name for a SCSI tape drive is "
23726
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23727
"system."
23728
msgstr ""
23729
23730
#: serverguide/C/backups.xml:524(para)
23731
msgid ""
23732
"Restoring from a tape drive is basically the same as restoring from a file. "
23733
"Simply rewind the tape and use the device path instead of a file path. For "
23734
"example to restore the <filename>/etc/hosts</filename> file to "
23735
"<filename>/tmp/etc/hosts</filename>:"
23736
msgstr ""
23737
23738
#: serverguide/C/backups.xml:529(command)
23739
msgid "mt -f /dev/st0 rewind"
23740
msgstr ""
23741
23742
#: serverguide/C/backups.xml:530(command)
23743
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23744
msgstr ""
23745
23746
#: serverguide/C/backups.xml:535(title)
23747
msgid "Bacula"
23748
msgstr ""
23749
23750
#: serverguide/C/backups.xml:536(para)
23751
msgid ""
23752
"<application>Bacula</application> is a backup program enabling you to "
23753
"backup, restore, and verify data across your network. There are Bacula "
23754
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23755
"wide solution."
23756
msgstr ""
23757
23758
#: serverguide/C/backups.xml:542(para)
23759
msgid ""
23760
"<application>Bacula</application> is made up of several components and "
23761
"services used to manage which files to backup and where to back them up to:"
23762
msgstr ""
23763
23764
#: serverguide/C/backups.xml:548(para)
23765
msgid ""
23766
"<application>Bacula Director:</application> a service that controls all "
23767
"backup, restore, verify, and archive operations."
23768
msgstr ""
23769
23770
#: serverguide/C/backups.xml:553(para)
23771
msgid ""
23772
"<application>Bacula Console:</application> an application allowing "
23773
"communication with the Director. There are three versions of the Console:"
23774
msgstr ""
23775
23776
#: serverguide/C/backups.xml:558(para)
23777
msgid "Text based command line version."
23778
msgstr ""
23779
23780
#: serverguide/C/backups.xml:559(para)
23781
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23782
msgstr ""
23783
23784
#: serverguide/C/backups.xml:560(para)
23785
msgid "wxWidgets GUI interface."
23786
msgstr ""
23787
23788
#: serverguide/C/backups.xml:564(para)
23789
msgid ""
23790
"<application>Bacula File:</application> also known as the "
23791
"<application>Bacula Client</application> program. This application is "
23792
"installed on machines to be backed up, and is responsible for the data "
23793
"requested by the Director."
23794
msgstr ""
23795
23796
#: serverguide/C/backups.xml:570(para)
23797
msgid ""
23798
"<application>Bacula Storage:</application> the programs that perform the "
23799
"storage and recovery of data to the physical media."
23800
msgstr ""
23801
23802
#: serverguide/C/backups.xml:575(para)
23803
msgid ""
23804
"<application>Bacula Catalog:</application> is responsible for maintaining "
23805
"the file indexes and volume databases for all files backed up, enabling "
23806
"quick location and restoration of archived files. The Catalog supports three "
23807
"different databases MySQL, PostgreSQL, and SQLite."
23808
msgstr ""
23809
23810
#: serverguide/C/backups.xml:581(para)
23811
msgid ""
23812
"<application>Bacula Monitor:</application> allows the monitoring of the "
23813
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23814
"available as a GTK+ GUI application."
23815
msgstr ""
23816
23817
#: serverguide/C/backups.xml:587(para)
23818
msgid ""
23819
"These services and applications can be run on multiple servers and clients, "
23820
"or they can be installed on one machine if backing up a single disk or "
23821
"volume."
23822
msgstr ""
23823
23824
#: serverguide/C/backups.xml:594(para)
23825
msgid ""
23826
"There are multiple packages containing the different "
23827
"<application>Bacula</application> components. To install Bacula, from a "
23828
"terminal prompt enter:"
23829
msgstr ""
23830
23831
#: serverguide/C/backups.xml:599(command)
23832
msgid "sudo apt-get install bacula"
23833
msgstr ""
23834
23835
#: serverguide/C/backups.xml:601(para)
23836
msgid ""
23837
"By default installing the <application>bacula</application> package will use "
23838
"a <application>MySQL</application> database for the Catalog. If you want to "
23839
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23840
"director-sqlite3</application> or <application>bacula-director-"
23841
"pgsql</application> respectively."
23842
msgstr ""
23843
23844
#: serverguide/C/backups.xml:607(para)
23845
msgid ""
23846
"During the install process you will be asked to supply credentials for the "
23847
"database <emphasis>administrator</emphasis> and the "
23848
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23849
"database administrator will need to have the appropriate rights to create a "
23850
"database, see <xref linkend=\"mysql\"/> for more information."
23851
msgstr ""
23852
23853
#: serverguide/C/backups.xml:617(para)
23854
msgid ""
23855
"<application>Bacula</application> configuration files are formatted based on "
23856
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23857
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23858
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23859
"directory."
23860
msgstr ""
23861
23862
#: serverguide/C/backups.xml:622(para)
23863
msgid ""
23864
"The various <application>Bacula</application> components must authorize "
23865
"themselves to each other. This is accomplished using the "
23866
"<emphasis>password</emphasis> directive. For example, the "
23867
"<emphasis>Storage</emphasis> resource password in the "
23868
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23869
"<emphasis>Director</emphasis> resource password in "
23870
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23871
msgstr ""
23872
23873
#: serverguide/C/backups.xml:628(para)
23874
msgid ""
23875
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23876
"to archive the <application>Bacula</application> Catalog. If you plan on "
23877
"using the server to backup more than one client you should change the name "
23878
"of this job to something more descriptive. To change the name edit "
23879
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23880
msgstr ""
23881
23882
#: serverguide/C/backups.xml:633(programlisting)
23883
#, no-wrap
23884
msgid ""
23885
"\n"
23886
"#\n"
23887
"# Define the main nightly save backup job\n"
23888
"# By default, this job will back up to disk in \n"
23889
"Job {\n"
23890
" Name = \"BackupServer\"\n"
23891
" JobDefs = \"DefaultJob\"\n"
23892
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
23893
"}\n"
23894
msgstr ""
23895
23896
#: serverguide/C/backups.xml:644(para)
23897
msgid ""
23898
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
23899
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
23900
"your appropriate hostname, or other descriptive name."
23901
msgstr ""
23902
23903
#: serverguide/C/backups.xml:649(para)
23904
msgid ""
23905
"The <emphasis>Console</emphasis> can be used to query the "
23906
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
23907
"<emphasis>non-root</emphasis> user, the user needs to be in the "
23908
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
23909
"the following from a terminal:"
23910
msgstr ""
23911
23912
#: serverguide/C/backups.xml:655(command)
23913
msgid "sudo adduser $username bacula"
23914
msgstr ""
23915
23916
#: serverguide/C/backups.xml:658(para)
23917
msgid ""
23918
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
23919
"you are adding the current user to the group you should log out and back in "
23920
"for the new permissions to take effect."
23921
msgstr ""
23922
23923
#: serverguide/C/backups.xml:665(title)
23924
msgid "Localhost Backup"
23925
msgstr ""
23926
23927
#: serverguide/C/backups.xml:666(para)
23928
msgid ""
23929
"This section describes how to backup specified directories on a single host "
23930
"to a local tape drive."
23931
msgstr ""
23932
23933
#: serverguide/C/backups.xml:671(para)
23934
msgid ""
23935
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
23936
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
23937
msgstr ""
23938
23939
#: serverguide/C/backups.xml:674(programlisting)
23940
#, no-wrap
23941
msgid ""
23942
"\n"
23943
"Device {\n"
23944
" Name = \"Tape Drive\"\n"
23945
" Device Type = tape\n"
23946
" Media Type = DDS-4\n"
23947
" Archive Device = /dev/st0\n"
23948
" Hardware end of medium = No;\n"
23949
" AutomaticMount = yes; # when device opened, read it\n"
23950
" AlwaysOpen = Yes;\n"
23951
" RemovableMedia = yes;\n"
23952
" RandomAccess = no;\n"
23953
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
23954
"}\n"
23955
msgstr ""
23956
23957
#: serverguide/C/backups.xml:688(para)
23958
msgid ""
23959
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
23960
"Type and Archive Device to match your hardware."
23961
msgstr ""
23962
23963
#: serverguide/C/backups.xml:691(para)
23964
msgid "You could also uncomment one of the other examples in the file."
23965
msgstr ""
23966
23967
#: serverguide/C/backups.xml:696(para)
23968
msgid ""
23969
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
23970
"<application>Storage</application> daemon will need to be restarted:"
23971
msgstr ""
23972
23973
#: serverguide/C/backups.xml:701(command)
23974
msgid "sudo /etc/init.d/bacula-sd restart"
23975
msgstr ""
23976
23977
#: serverguide/C/backups.xml:705(para)
23978
msgid ""
23979
"Now add a <emphasis>Storage</emphasis> resource in "
23980
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
23981
msgstr ""
23982
23983
#: serverguide/C/backups.xml:708(programlisting)
23984
#, no-wrap
23985
msgid ""
23986
"\n"
23987
"# Definition of \"Tape Drive\" storage device\n"
23988
"Storage {\n"
23989
" Name = TapeDrive\n"
23990
" # Do not use \"localhost\" here \n"
23991
" Address = backupserver # N.B. Use a fully qualified name "
23992
"here\n"
23993
" SDPort = 9103\n"
23994
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
23995
" Device = \"Tape Drive\"\n"
23996
" Media Type = tape\n"
23997
"}\n"
23998
msgstr ""
23999
24000
#: serverguide/C/backups.xml:720(para)
24001
msgid ""
24002
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24003
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24004
"to the actual host name."
24005
msgstr ""
24006
24007
#: serverguide/C/backups.xml:724(para)
24008
msgid ""
24009
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24010
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24011
msgstr ""
24012
24013
#: serverguide/C/backups.xml:730(para)
24014
msgid ""
24015
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24016
"directories to backup, by adding:"
24017
msgstr ""
24018
24019
#: serverguide/C/backups.xml:733(programlisting)
24020
#, no-wrap
24021
msgid ""
24022
"\n"
24023
"# LocalhostBacup FileSet.\n"
24024
"FileSet {\n"
24025
" Name = \"LocalhostFiles\"\n"
24026
" Include {\n"
24027
" Options {\n"
24028
" signature = MD5\n"
24029
" compression=GZIP\n"
24030
" }\n"
24031
" File = /etc\n"
24032
" File = /home\n"
24033
" }\n"
24034
"}\n"
24035
msgstr ""
24036
24037
#: serverguide/C/backups.xml:747(para)
24038
msgid ""
24039
"This <emphasis>FileSet</emphasis> will backup the <filename "
24040
"role=\"directory\">/etc</filename> and <filename "
24041
"role=\"directory\">/home</filename> directories. The "
24042
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24043
"create a MD5 signature for each file backed up, and to compress the files "
24044
"using GZIP."
24045
msgstr ""
24046
24047
#: serverguide/C/backups.xml:754(para)
24048
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24049
msgstr ""
24050
24051
#: serverguide/C/backups.xml:757(programlisting)
24052
#, no-wrap
24053
msgid ""
24054
"\n"
24055
"# LocalhostBackup Schedule -- Daily.\n"
24056
"Schedule {\n"
24057
" Name = \"LocalhostDaily\"\n"
24058
" Run = Full daily at 00:01\n"
24059
"}\n"
24060
msgstr ""
24061
24062
#: serverguide/C/backups.xml:764(para)
24063
msgid ""
24064
"The job will run every day at 00:01 or 12:01 am. There are many other "
24065
"scheduling options available."
24066
msgstr ""
24067
24068
#: serverguide/C/backups.xml:769(para)
24069
msgid "Finally create the <emphasis>Job</emphasis>:"
24070
msgstr ""
24071
24072
#: serverguide/C/backups.xml:772(programlisting)
24073
#, no-wrap
24074
msgid ""
24075
"\n"
24076
"# Localhost backup.\n"
24077
"Job {\n"
24078
" Name = \"LocalhostBackup\"\n"
24079
" JobDefs = \"DefaultJob\"\n"
24080
" Enabled = yes\n"
24081
" Level = Full\n"
24082
" FileSet = \"LocalhostFiles\"\n"
24083
" Schedule = \"LocalhostDaily\"\n"
24084
" Storage = TapeDrive\n"
24085
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24086
"} \n"
24087
msgstr ""
24088
24089
#: serverguide/C/backups.xml:785(para)
24090
msgid ""
24091
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24092
"drive."
24093
msgstr ""
24094
24095
#: serverguide/C/backups.xml:790(para)
24096
msgid ""
24097
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24098
"current tape does not have a label <application>Bacula</application> will "
24099
"send an email letting you know. To label a tape using the "
24100
"<application>Console</application> enter the following from a terminal:"
24101
msgstr ""
24102
24103
#: serverguide/C/backups.xml:796(command)
24104
msgid "bconsole"
24105
msgstr ""
24106
24107
#: serverguide/C/backups.xml:800(para)
24108
msgid "At the Bacula Console prompt enter:"
24109
msgstr ""
24110
24111
#: serverguide/C/backups.xml:804(command)
24112
msgid "label"
24113
msgstr "ប្លាកសញ្ញា"
24114
24115
#: serverguide/C/backups.xml:808(para)
24116
msgid ""
24117
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24118
msgstr ""
24119
24120
#: serverguide/C/backups.xml:818(userinput)
24121
#, no-wrap
24122
msgid "2"
24123
msgstr ""
24124
24125
#: serverguide/C/backups.xml:812(computeroutput)
24126
#, no-wrap
24127
msgid ""
24128
"\n"
24129
"Automatically selected Catalog: MyCatalog\n"
24130
"Using Catalog \"MyCatalog\"\n"
24131
"The defined Storage resources are:\n"
24132
" 1: File\n"
24133
" 2: TapeDrive\n"
24134
"Select Storage resource (1-2):<placeholder-1/>\n"
24135
msgstr ""
24136
24137
#: serverguide/C/backups.xml:823(para)
24138
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24139
msgstr ""
24140
24141
#: serverguide/C/backups.xml:828(userinput)
24142
#, no-wrap
24143
msgid "Sunday"
24144
msgstr "ថ្ងៃ អាទិត្យ"
24145
24146
#: serverguide/C/backups.xml:827(computeroutput)
24147
#, no-wrap
24148
msgid ""
24149
"\n"
24150
"Enter new Volume name: <placeholder-1/>\n"
24151
"Defined Pools:\n"
24152
" 1: Default\n"
24153
" 2: Scratch"
24154
msgstr ""
24155
24156
#: serverguide/C/backups.xml:833(para)
24157
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24158
msgstr ""
24159
24160
#: serverguide/C/backups.xml:838(para)
24161
msgid "Now, select the <emphasis>Pool</emphasis>:"
24162
msgstr ""
24163
24164
#: serverguide/C/backups.xml:843(userinput)
24165
#, no-wrap
24166
msgid "1"
24167
msgstr ""
24168
24169
#: serverguide/C/backups.xml:842(computeroutput)
24170
#, no-wrap
24171
msgid ""
24172
"\n"
24173
"Select the Pool (1-2): <placeholder-1/>\n"
24174
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24175
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24176
msgstr ""
24177
24178
#: serverguide/C/backups.xml:850(para)
24179
msgid ""
24180
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24181
"backup the localhost to an attached tape drive."
24182
msgstr ""
24183
24184
#: serverguide/C/backups.xml:858(para)
24185
msgid ""
24186
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24187
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24188
"Manual</ulink>"
24189
msgstr ""
24190
24191
#: serverguide/C/backups.xml:864(para)
24192
msgid ""
24193
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24194
"the latest Bacula news and developments."
24195
msgstr ""
24196
24197
#: serverguide/C/backups.xml:869(para)
24198
msgid ""
24199
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24200
"Ubuntu Wiki</ulink> page."
24201
msgstr ""
24202
24203
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24204
#: serverguide/C/backups.xml:0(None)
24205
msgid "translator-credits"
24206
msgstr ""
24207
"Launchpad Contributions:\n"
24208
" chhorran https://launchpad.net/~khmeritforyou"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1